search

neilpeterson / azure-blueprints-pipeline-tasks

MIT License
17 stars 16 forks source link

Feature: Can I hide the subscription field on assignment when scoped to a subscription #10

Closed neilpeterson closed 5 years ago

neilpeterson commented 5 years ago

The field is here.

I've tried the following visibility rule, however, it seems visibility is based on values from other inputs.

"ScopeLevel == ManagementGroup"
SebastianSchuetze commented 5 years ago

Hi, I used this one in my Azure Policy task as well. And it works like the following

  {
            "name": "SubscriptionID",
            "type": "string",
            "label": "Subscription ID for assignment.",
            "defaultValue": "",
            "required": true,
            "helpMarkDown": "Subscription ID for assignment.",
                        "properties": {
                              "EndpointFilterRule": "ScopeLevel == ManagementGroup"
                        }
}

You can find an example here: https://github.com/RazorSPoint/azure-devops-azure-policy-extension/blob/master/src/AzurePolicy/AzurePolicyV1/task.json#L48

With this only service endpoint of type AzureRM with the scope "Management Group" will then show only those. Which of course makes sense, since this not connected to just one Subscription. It is nowhere documented, but I could find this in the Azure PowerShell task.

SebastianSchuetze commented 5 years ago

@neilpeterson should I add this? My current suggestion would only show Management Group scoped connections. But I can change it so that Both connection types are shown.

neilpeterson commented 5 years ago

@SebastianSchuetze thanks for looking at this. I think I am looking for a solution to a different problem but would love it if you wanted to take a look.

I am using the EndpointFilterRule to enable management group scoped service connections. This can be seen here and here.

The issue is that a blueprint can only be assigned to a subscription. However, when it is created at a management group, we need the management group id (to get the blueprint id) plus the subscription Id at which we want to assign it.

I've currently implemented like this:

image

However, if the blueprint has been created at a subscription, we only need the subscription Id. So I would like to grab the Id from service connection and then not show the second subscription input.

image

I've tried "visibleRule": "ScopeLevel == ManagementGroup" on the second input, but this does not seem to work.

In any regard, if you've got any suggestions or alternate ways to implement, happy to take them.

Thanks

neilpeterson commented 5 years ago

After talking with Alex, we want to retain the ability to assign to multiple subscriptions with only one service connection, so will want to retain this field.

Closing this issue.