Azure DevOps Pipeline：无法动态设置订阅

我有以下管道，基于这个问题answer;

parameters:
  - name: stages
    type: object
    default:
      - stage: sandbox
        variableGroup: ApiLinter-terraform-variables-sandbox

stages:
  - ${{ each stage in parameters.stages }} :
      - stage: Deploy${{ stage.stage }}
        displayName: Deploy ${{ stage.stage }} Environment
        dependsOn: ${{ stage.dependsOn }}
        variables:
          - group: ${{ stage.variableGroup }}
        jobs:
          - job:
            displayName: "${{ stage.stage }}"
            steps:
              - task: Bash@3
                inputs:
                  targetType: 'inline'
                  script: 'env | sort'
              - task: Bash@3
                inputs:
                  targetType: 'inline'
                  script: 'echo "ENVIRONMENTSERVICENAMEAZURERM: $(ENVIRONMENTSERVICENAMEAZURERM)"'
              - task: AzureCLI@2
                displayName: Fetch credentials for azure
                inputs:
                  azureSubscription: '$(ENVIRONMENTSERVICENAMEAZURERM)'
                  scriptType: bash
                  addSpnToEnvironment: true # this will add the required credentials to env vars
                  useGlobalConfig: true
                  scriptLocation: inlineScript
                  inlineScript: |
                    echo "##vso[task.setvariable variable=ARM_TENANT_ID;]$tenantId"
                    echo "##vso[task.setvariable variable=ARM_CLIENT_ID;]$servicePrincipalId"
                    echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET;]$servicePrincipalKey"

问题是，当我删除/注释掉 AzureCLI@2 任务时，Bash 脚本显示变量 ENVIRONMENTSERVICENAMEAZURERM 具有有效值：

但是当我包含 AzureCLI2 任务时，出现以下错误： 存在资源授权问题：“管道无效。作业 Job1：步骤 AzureCLI 输入connectedServiceNameARM 引用无法找到的服务连接 $(ENVIRONMENTSERVICENAMEAZURERM)。服务连接不存在、已被禁用或尚未获得授权使用。授权详情请参考https://aka.ms/yamlauthz。”

我 100% 确定授权设置得很好，因为当我对值进行硬编码时，它工作得很好。任何想法将不胜感激！