<policies> | |
<inbound> | |
<!-- check the cache for secret first --> | |
<cache-lookup-value key="mysecret" variable-name="keyvaultsecretResponse" /> | |
<!-- call Key Vault if not found in cache --> | |
<choose> | |
<when condition="@(!context.Variables.ContainsKey("keyvaultsecretResponse"))"> | |
<send-request mode="new" response-variable-name="keyvaultsecret" timeout="20" ignore-error="false"> | |
<set-url>https://msikvtest.vault.azure.net/secrets/mysecret/?api-version=7.0</set-url> | |
<set-method>GET</set-method> | |
<authentication-managed-identity resource="https://vault.azure.net" /> | |
</send-request> | |
<!-- transform response to string and store in cache --> | |
<set-variable name="keyvaultsecretResponse" value="@(((IResponse)context.Variables["keyvaultsecret"]).Body.As<string>())" /> | |
<cache-store-value key="mysecret" value="@((string)context.Variables["keyvaultsecretResponse"])" duration="3600" /> | |
</when> | |
</choose> | |
<return-response> | |
<set-status code="200" reason="Done" /> | |
<set-header name="content-type" exists-action="override"> | |
<value>application/json</value> | |
</set-header> | |
<set-body>@((string)context.Variables["keyvaultsecretResponse"])</set-body> | |
</return-response> | |
<base /> | |
</inbound> | |
<backend> | |
<base /> | |
</backend> | |
<outbound> | |
<base /> | |
</outbound> | |
<on-error> | |
<base /> | |
</on-error> | |
</policies> |
Wednesday, October 27, 2021
Authenticate Azure APIM using Managed Identity to access Storage Account
Monday, October 25, 2021
Azure Devops- Code Coverage report for typescript
For running unit test, you can use Jasmine and the coverage report can be generated with nyc and report type as cobertura, which is supported in Azure DevOps.
Jasmine.json
Tuesday, October 19, 2021
Azure Runbook to add VMMS ID to KeyVault access policy
#Comment: Make sure you are not using Application ID parameter while adding access policy as it will add the identity as on behalf of.
# PowerShell code
########################################################
# Parameters
########################################################
[CmdletBinding()]
param(
[Parameter(Mandatory=$True,Position=0)]
[string]$NPResourceGroupName,
[Parameter(Mandatory=$True,Position=1)]
[string]$NPWebVmssID,
[Parameter(Mandatory=$True,Position=2)]
[string]$NPEngVmssID,
[Parameter(Mandatory=$False,Position=3)]
[string]$NPPayVmssID,
[Parameter(Mandatory=$False,Position=4)]
[string]$NPMasterKeyvaultName,
[Parameter(Mandatory=$False,Position=5)]
[string]$NPWebKeyvaultName
)
# Keep track of time
$StartDate=(GET-DATE)
########################################################
# Log in to Azure with AZ (standard code)
########################################################
Write-Verbose -Message 'Connecting to Azure'
# Name of the Azure Run As connection
$ConnectionName = 'AzureRunAsConnection'
try
{
# Get the connection properties
$ServicePrincipalConnection = Get-AutomationConnection -Name $ConnectionName
'Log in to Azure...'
$null = Connect-AzAccount `
-ServicePrincipal `
-TenantId $ServicePrincipalConnection.TenantId `
-ApplicationId $ServicePrincipalConnection.ApplicationId `
-CertificateThumbprint $ServicePrincipalConnection.CertificateThumbprint
}
catch
{
if (!$ServicePrincipalConnection)
{
# You forgot to turn on 'Create Azure Run As account'
$ErrorMessage = "Connection $ConnectionName not found."
throw $ErrorMessage
}
else
{
# Something else went wrong
Write-Error -Message $_.Exception.Message
throw $_.Exception
}
}
try
{
#Adding to master keyvault
Write-Verbose -Message 'Adding to master keyvault'
# Web vmss
$identityWeb = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPWebVmssID
Write-Verbose -Message 'Adding webvmssid'
'Adding webvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPMasterKeyvaultName -ObjectId $identityWeb.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
# Eng vmss
$identityEng = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPEngVmssID
Write-Verbose -Message 'Adding engvmssid'
'Adding engvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPMasterKeyvaultName -ObjectId $identityEng.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
# Pay vmss
$identityPay = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPPayVmssID
Write-Verbose -Message 'Adding payvmssid'
'Adding payvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPMasterKeyvaultName -ObjectId $identityPay.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
#Adding to web keyvault
Write-Verbose -Message 'Adding to master keyvault'
# Web vmss
#$identityWeb = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPWebVmssID
Write-Verbose -Message 'Adding webvmssid'
'Adding webvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPWebKeyvaultName -ObjectId $identityWeb.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
# Eng vmss
#$identityEng = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPEngVmssID
Write-Verbose -Message 'Adding engvmssid'
'Adding engvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPWebKeyvaultName -ObjectId $identityEng.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
# Pay vmss
#$identityPay = Get-AzUserAssignedIdentity -ResourceGroupName $NPResourceGroupName -Name $NPPayVmssID
Write-Verbose -Message 'Adding payvmssid'
'Adding payvmssid'
Set-AzKeyVaultAccessPolicy `
-ResourceGroupName $NPResourceGroupName -VaultName $NPWebKeyvaultName -ObjectId $identityPay.PrincipalId `
-PermissionsToKeys get,list,unwrapKey,wrapKey `
-PermissionsToSecrets get -PermissionsToCertificates get,list,delete,create -BypassObjectIdValidation
}
catch
{
Write-Error -Message $_.Exception.Message
throw $_.Exception
}
Sunday, October 17, 2021
Powershell to update Azure DevOps pipeline variables automatically during the execution
Sometimes we have a scenario to update the devops pipeline variables dynamically during the task execution without having to update manually and create new release. you can use the below approach by adding Powershell task to the pipeline.
# Write your PowerShell commands here.
$cosmosconnstr = "$(cosmosconnstring)"
if("$(cosmosconnstring)".Chars("$(cosmosconnstring)".Length - 1) -eq ';')
{
$cosmosconnstr = "$(cosmosconnstring)".TrimEnd(';')
}
Write-Output("##vso[task.setvariable variable=ApplicationSettings.CacheConnection;]$cosmosconnstr")
#End
#Run the below script in another stage to make sure you get the updated value
Write-host "CacheConnection Variable in previous task is: $(ApplicationSettings.CacheConnection)"
Azure Monitoring Agent extension for VMSS- Updating through ARM template
You can add multiple extensions to Azure VMSS through the extensionProfile of ARM template. The below script shows the extension configuration and mapping workspaceId to collect custom logs from VMSS instances.
Wednesday, October 13, 2021
Custom dimensions and measurements - Azure Application Insights Query
n App Analytics you can slice and dice on your App Insights custom dimensions and measurements just as easily as any of the so-called “standard” properties.
The only thing that’s a little bit tricky is extracting them first.
It’s tricky because of 2 things:
- You have to explicitly set the type of the measurement/dimension after you extract it.
- Extracting properties that contain spaces and special characters is a little bit of a hassle.