Tag Archives: fujuTE

A user delegation SAS for blob with the Azure CLI & azcopy

Azure,

Sample of using A user delegation SAS for blob with the Azure CLI and copy the blob file via azcopy with the SAS token

MY_RG=11-11RG
SUB_ID=<SUBID>
MY_SCOPES="/subscriptions/$SUB_ID/resourceGroups/$MY_RG/providers/Microsoft.Storage/storageAccounts/m14storage"
RG_ID=$(az group create --name $MY_RG  --location southeastasia --query "id" --output tsv)
SERVICE_PRINCIPAL_NAME=Exzilla-sp-14032022
PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --role "Storage Blob Data Contributor" --scopes $MY_SCOPES  --query "password" --output tsv)
USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)

az login --service-principal -u $USER_NAME -p $PASSWORD --tenant <mytenant>.onmicrosoft.com

END=$(date -u -d "30 minutes" '+%Y-%m-%dT%H:%MZ')
SAS4BLOB=$(az storage blob generate-sas \
    --account-name m14storage \
    --container-name data0314 \
    --name "kblob-file-001.txt" \
    --permissions acdrw \
    --expiry $END \
    --auth-mode login \
    --as-user \
    --full-uri )
	
azcopy copy $SAS4BLOB  .

See Also:

Questions:

  • SP’s Password protection ?

Connect to SQL Database from App Service by using a managed identity – System-assigned.

Azure

Running App Service with Azure SQL based

Fix list:
The steps in this guide has been tested with “.NET 6.0”

dotnet tool install -g dotnet-ef
dotnet ef migrations add InitialCreate
dotnet ef database update
dotnet add package Microsoft.Data.SqlClient --version 4.0.1
dotnet add package Azure.Identity --version 1.5.0

appsettings.json : 

{
  "Logging": {
    "LogLevel": {
      "Default": "Information"
    }
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "CoredBConnection": "Server=tcp:mydatabase-server-sqlsrv.database.windows.net;Authentication=Active Directory Default; Database=CoredB;"
  }
} 
az webapp identity assign --resource-group my-002-rg --name webapp-core-sql-018
CREATE USER [webapp-core-sql-018] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [webapp-core-sql-018];
ALTER ROLE db_datawriter ADD MEMBER [webapp-core-sql-018];
ALTER ROLE db_ddladmin ADD MEMBER [webapp-core-sql-018];
GO

Program.cs :

public void ConfigureServices(IServiceCollection services)
{
   services.AddControllersWithViews();
   services.AddDbContext<MyDatabaseContext>(options =>
            options.UseSqlServer(Configuration.GetConnectionString("CoredBConnection")));
}

See Also:

Web App & Azure SQL Templates:

  • https://docs.microsoft.com/en-us/azure/azure-sql/database/arm-templates-content-guide?tabs=single-database
  • https://docs.microsoft.com/en-us/azure/app-service/samples-resource-manager-templates
  • https://azure.microsoft.com/en-au/resources/templates/web-app-sql-database/

Azure Web App for Containers & Github Action

Azure, Fun Part

RESOURCES ” ( The journey through Azure Web Apps | Meetup – 08-March-2021)

Github Workflow:

  • https://docs.microsoft.com/en-us/azure/app-service/deploy-container-github-action?tabs=publish-profile

Configure continuous deployment – Azure App Service | Microsoft Docs

  • https://github.com/Azure/actions-workflow-samples/blob/master/assets/create-secrets-for-GitHub-workflows.md
  • https://github.com/Azure/actions-workflow-samples

App Service & Deployment:

  • https://docs.microsoft.com/en-us/azure/app-service/deploy-best-practices
  • https://docs.microsoft.com/en-us/azure/developer/terraform/provision-infrastructure-using-azure-deployment-slots

Tutorial App Service & Container App:

  • https://docs.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/
  • https://docs.microsoft.com/en-us/azure/app-service/tutorial-multi-container-app
  • https://docs.microsoft.com/en-us/azure/app-service/tutorial-custom-container?pivots=container-linux
  • https://code.visualstudio.com/docs/containers/app-service
  • https://docs.microsoft.com/en-us/azure/devops-project/devops-starter-gh-web-app
  • https://github-actions-hero.now.sh

Reference:

  • https://azure.microsoft.com/en-us/services/app-service/containers/#features
  • https://docs.microsoft.com/en-us/azure/architecture/solution-ideas/articles/dev-test-paas
  • https://docs.microsoft.com/en-us/learn/modules/stage-deploy-app-service-deployment-slots/1-introduction
  • https://docs.microsoft.com/en-us/learn/modules/deploy-run-container-app-service/
  • https://azure.microsoft.com/en-us/services/app-service/containers/


FAQ:

  • https://docs.github.com/en/actions/reference/usage-limits-billing-and-administration
  • https://docs.microsoft.com/en-us/azure/cosmos-db/local-emulator