Azure-pipelines-tasks: Unable to specify managementgroupid in AzureResourceManagerTemplateDeployment@3

Created on 22 Jan 2020  路  4Comments  路  Source: microsoft/azure-pipelines-tasks

I am trying to deploy policies at management group level using azure devops AzureResourceManagerTemplateDeployment@3 task . But the task always deploys to root tenant management group. not the sub group. I couldn't find a documentation which speicifies where to specify managementGroupId


          - task: AzureResourceManagerTemplateDeployment@3
            inputs:
              deploymentScope: Management Group
              azureResourceManagerConnection: myspn_service_connection
              location: North Europe
              templateLocation: Linked artifact
              managementGroupId: mymgmtgroup-nonprod
              csmFile: $(System.DefaultWorkingDirectory)/arm-templates/policies_definition_managent_group_level.json
              deploymentMode: 'Incremental'
Release question
Source
picture yesoreyeram

All 4 comments

Hi @yesoreyeram ,
The management group id is fetched from the service connection used in the task. You might have specified the root management group id while creating the service connection(viz. myspn_service_connection), so the task could be deploying to it. If you specify a sub group while creating the service connection, then the task will deploy to that group. There is no input parameter named _managementGroupId_ in the task.

This behavior is different than the cases when the deployment scope is subscription, or resource group. We will update the task documentation explicitly mentioning this.

tejasd1990 picture tejasd1990 on 23 Jan 2020
👍1

Thanks for the clarification.

As the service connection have top level MG access, it will also have child access. So definitely there should be a option to specify management group. Otherwise we will end up creating too many service connections.

yesoreyeram picture yesoreyeram on 23 Jan 2020

@yesoreyeram Its a known thing and I agree with you that user might end up creating too many service connections as per current functionality. Its in our plan to add support to specify management group but given that there is very less usage of Management Group deployments this plan is of lower priority.

vinodkumar3 picture vinodkumar3 on 27 Jan 2020
👍1

Closing this for now. Feel free to reopen/create a new issue for further queries.

jalajmsft picture jalajmsft on 27 Jan 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

alexszilagyi picture alexszilagyi  路  3Comments
pharring picture pharring  路  3Comments
fedemkr picture fedemkr  路  3Comments
timfish picture timfish  路  3Comments
richard-ob picture richard-ob  路  3Comments