GeralexGR

Posted on May 25, 2023May 25, 2023 by geralexgr — Leave a comment

ListBlob data from Storage account with Managed Identity – SDK for NET

There are many way to interact with a storage account in Azure. The first and easiest way would be to use a connection string which acts as credentials. However this approach does not follow best practices as you will need to hard code credentials or pass them as a parameter in your application. Based on the well architected framework the most reliable and secure way to communicate between resources in Azure would be the managed Identity and you can read more about how it works in the below URL.

Managed identities for Azure resources – Microsoft Entra | Microsoft Learn

The code provided in this article can be used to authenticate with Managed Identity in a storage account. Given that you have already provided the necessary RBAC between your services, you can use the below example code to list blobs in a storage account.

private static async Task ListBlobsFlatListing(BlobContainerClient blobContainerClient, 
                                               int? segmentSize)
{
    try
    {
        // Call the listing operation and return pages of the specified size.
        var resultSegment = blobContainerClient.GetBlobsAsync()
            .AsPages(default, segmentSize);

        // Enumerate the blobs returned for each page.
        await foreach (Page<BlobItem> blobPage in resultSegment)
        {
            foreach (BlobItem blobItem in blobPage.Values)
            {
                Console.WriteLine("Blob name: {0}", blobItem.Name);
            }

            Console.WriteLine();
        }
    }
    catch (RequestFailedException e)
    {
        Console.WriteLine(e.Message);
        Console.ReadLine();
        throw;
    }
}

https://learn.microsoft.com/en-us/azure/storage/blobs /storage-blobs-list

In order to authenticate with MI you will need to create a new BlobContainerClient with your storage-account-name and pass in the parameters the ManagedIdentity as the credentials method. Then you will be able to use your ListBlob function that is provided from Microsoft using the client previously created.

         BlobContainerClient client = new BlobContainerClient(new Uri($"https://storage-account-name.blob.core.windows.net/testing"), new ManagedIdentityCredential());

ListBlobsFlatListing(client, 1).GetAwaiter().GetResult();

After these steps you will be able to fetch data using Managed identity instead of classic authentication.

Posted on May 22, 2023May 22, 2023 by geralexgr — Leave a comment

Azure policy require specific tags on resources

Azure policies can help you control your azure management especially when it comes to best practices. A nice to have policy for your setup would be to require tags on specific resources in order to organize better your infrastructure.

Tag resources, resource groups, and subscriptions for logical organization – Azure Resource Manager | Microsoft Learn

First you will need to create your policy. By searching for Policy on Azure you should select Definitions and then Add policy definition.

In this scenario we will examine how we can request for specific tags on resource creation. The policy uses anyOf keyword which means that if any of the tags are not set then the effect will be deny. The tags that I request are: created-by, Team, Application, TBD. All those tags should be set before creating the resource. The tag should be spelled correctly and policy will not work for different deviations of the worlds. For example createdBy is different from created-by.

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "anyOf": [
        {
          "field": "[concat('tags[', parameters('tag_createdBy'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_team'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_tbd'), ']')]",
          "exists": "false"
        },
        {
          "field": "[concat('tags[', parameters('tag_application'), ']')]",
          "exists": "false"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  },
  "parameters": {
    "tag_createdBy": {
      "type": "String",
      "metadata": {
        "displayName": "created-by",
        "description": "example: Gerasimos Alexiou"
      }
    },
    "tag_team": {
      "type": "String",
      "metadata": {
        "displayName": "Team",
        "description": "example: DevOps"
      }
    },
    "tag_tbd": {
      "type": "String",
      "metadata": {
        "displayName": "TBD",
        "description": "example: (to be deleted) true or false"
      }
    },
    "tag_application": {
      "type": "String",
      "metadata": {
        "displayName": "Application",
        "description": "example: Grafana,Teamcity"
      }
    }
  }
}

After the creation of the policy you will need to assign it on a specific location/resource-group/subscription. In the parameters dialog you will need to provide the evaluation parameters. For the sake of simplicity I provided the same name for policy parameters and azure parameters. In the end Azure will request from the user the specific parameters, created-by, Team, TBD, Application.

We can test the behavior by creating a new resource with missing tags.

When TBD tag is missing, the validation will fail and the deployment cannot start until the tags are created.

After providing all the tags

The validation will pass and the deployment will be successful.

Posted on May 18, 2023May 18, 2023 by geralexgr — Leave a comment

error NETSDK1127: The targeting pack Microsoft.NETCore.App is not installed. Please restore and try again

When you try to build a .NET6 solution using .NET7 as the latest installed version of SDK you may notice the below issue.

C:\Program Files\dotnet\sdk\7.0.302\Sdks\Microsoft.NET.Sdk\targets\Microsoft.NET.Sdk.FrameworkReferenceResolution.targets(376,5): error NETSDK1127: The targeting pack Microsoft.NETCore.App is not installed. Please restore and try again.

This issue is related to some variables that are not set properly and the right location for the tools cannot be determined although they are installed inside the operating system.

The task is using the default .NET runner of Teamcity and the default MSbuild version is set to Cross-platform MSBuild.

Switch to another version of MSBuild will most probably resolve the issue. For example in the setup I was working switching to MSBuild Tools 2022 removed the issue and build could be performed successfully.

Posted on May 10, 2023May 10, 2023 by geralexgr — Leave a comment

npm ERR! ERESOLVE could not resolve dependency

I was working on a project which had a node install task as a part of a docker file build. The build was not successful due to the error shown below. This is a dependency error and can be solved by choosing the right versions on your package-lock.json.

package-lock.json is automatically generated for any operations where npm modifies either the node_modules tree, or package.json. It describes the exact tree that was generated, such that subsequent installs are able to generate identical trees, regardless of intermediate dependency updates.

However there is also another way you can get rid of such cases. If you do have specific dependencies inside your package-lock.json you can proceed with the following steps.

Remove package-lock.json from your project
Remove node_modules folder 
Run npm install