Special characters (" and ^) are removed when passing environment variables via Azure CLI (PowerShell) #32899
Description
Describe the bug
Hello everyone,
I'm having issues setting environment variables in an Azure Container Instance while using Azure CLI with PowerShell inside an Azure DevOps release task.
I'm using the following command:
az container create `
...
--resource-group "$(RESOURCE_GROUP)" `
--environment-variables `
"BLOBSTORAGE_EMAIL_CONTAINER=`"$(BLOBSTORAGE_EMAIL_CONTAINER)`"" `
"APP_DB_PASSWORD=`"$(APP_DB_PASSWORD)`""
Problem
BLOBSTORAGE_EMAIL_CONTAINER works correctly even though it contains special characters like:
wadwad&asda=asd-as:a%
Characters included:
& = - : %
Using the format:
"VAR=`"$(VAR)`""
works fine for this variable.
However, APP_DB_PASSWORD contains:
wada"wada^
When using the same format:
"APP_DB_PASSWORD=`"$(APP_DB_PASSWORD)`""
I get a parsing error.
If I try:
'$(APP_DB_PASSWORD)'
it does not throw an error, but the value loses the special characters (" and ^) when passed to the container.
Additional Info
Variables are stored in an Azure DevOps Variable Group
The task type is Azure CLI
Script type: PowerShell
The issue only happens when the value contains " or ^
Debug logs show the characters are removed before reaching Azure
I’ve tried:
Using $env:APP_DB_PASSWORD
Passing values via JSON
Different quoting/escaping approaches
But I haven't found a reliable solution.
Has anyone experienced this or found a safe way to pass environment variables containing " and ^ via Azure CLI in a PowerShell release task?
Thank you.
Related command
az container create --resource-group
--name --image
--registry-login-server --registry-username
--registry-password --ip-address Public
--ports --cpu
--memory --os-type
--restart-policy --location
--no-wait --debug
--environment-variables
Errors
Code:
--environment-variables APP_DB_PASSWORD='$(APP_DB_PASSWORD)'
Error:
Incomplete string token.
Code:
"APP_DB_PASSWORD=`"$(APP_DB_PASSWORD)`""
Error:
The string is missing the terminator: ".
Issue script & Debug output
DEBUG: cli.azure.cli.core.sdk.policies: {"properties": {"containers": [{"name": "email-service-prod", "properties": {"image": "xxxxxxxxx", "ports": [{"protocol": "TCP", "port": 80}], "environmentVariables": [{"name": "SMTP_HOST", "value": "xxxxxxxxx"}, {"name": "SMTP_PORT", "value": "xxxxxxxxx"}, {"name": "SMTP_USER", "value": "xxxxxxxxx"}, {"name": "SMTP_PASSWORD", "value": "xxxxxxxxx"}, {"name": "SMTP_SSL", "value": "true"}, {"name": "FROM_EMAIL", "value": "xxxxxxxxx"}, {"name": "FROM_NAME", "value": "xxxxxxxxx"}, {"name": "BLOBSTORAGE_ACCOUNT_NAME", "value": "xxxxxxxxx"}, {"name": "BLOBSTORAGE_EMAIL_SASTOKEN", "value": "wadwad&asda=asd-as:a%"}, {"name": "BLOBSTORAGE_EMAIL_CONTAINER", "value": "email-template"}, {"name": "APP_DB_HOST", "value": "xxxxxxxxx"}, {"name": "APP_DB_PORT", "value": "xxxxxxxxx"}, {"name": "APP_DB_USER", "value": "xxxxxxxxx"}, {"name": "APP_DB_NAME", "value": "app-prod"}, {"name": "APP_SSL_MODE", "value": "require"}, {"name": "EVENT_DB_HOST", "value": "xxxxxxxxx"}, {"name": "EVENT_DB_PORT", "value": "xxxxxxxxx"}, {"name": "EVENT_DB_NAMESPACE", "value": "xxxxxxxxx"}, {"name": "EVENT_DB_USER", "value": "xxxxxxxxx"}, {"name": "EVENT_DB_PASSWORD", "value": ""}, {"name": "APP_DB_PASSWORD", "value": "wada"wada^"}], "resources": {"requests": {"memoryInGB": 1.5, "cpu": 1.0}}, "configMap": {"keyValuePairs": {}}}}], "imageRegistryCredentials": [{"server": "xxxxxxxxx", "username": "xxxxxxxxx", "password": ""}], "restartPolicy": "OnFailure", "ipAddress": {"ports": [{"protocol": "TCP", "port": 80}], "type": "Public", "autoGeneratedDomainNameLabelScope": "Unsecure"}, "osType": "Linux"}, "location": "westeurope", "tags": {}}
Expected behavior
The container instance Environment variable be the same as in the variable group
Environment Summary
"azure-cli": "2.75.0",
"azure-cli-core": "2.75.0",
"azure-cli-telemetry": "1.1.0",
"extensions": {}
Additional context
No response