GeralexGR

Posted on October 6, 2022October 10, 2022 by geralexgr — Leave a comment

##[error]Error: An unexpected error occurred while trying to push the package with VstsNuGetPush.exe – You need to have ‘ReadPackages’

When you try to push a nuget package from a DevOps pipeline on Artifacts feed you may face the below error.

##[error]Error: An unexpected error occurred while trying to push the package with VstsNuGetPush.exe. Exit code(1) and error(Error:
Microsoft.VisualStudio.Services.Common.VssServiceException: User 'xxx' lacks permission to complete this action. You need to have 'ReadPackages'

This error could be resolved by editing the settings of the feed.

In more detail under permissions you can find which users or service account can perform actions based on their role.

By default I could locate the Project Collection Build Service (Organization) with the Contributor permissions but did not work. As a solution I removed that and added "Project Name" Build Service (Organization). This is the build service for the project on which I have created the pipeline specifically.

Posted on October 3, 2022October 3, 2022 by geralexgr — Leave a comment

Starting template for Azure devops pipeline

The below code can be used as a starter entry point for your DevOps pipelines. It is designed with best practices in mind with stages and jobs in order to isolate different functionalities and make it modular. You can include more stages,jobs,tasks by copy and pasting the code.

trigger:
- none

pool:
  vmImage: ubuntu-latest

stages:
- stage: stage1
  displayName: display name for your stage
  jobs:
  - job: job1
    displayName: display name for job1
    steps:
    - script: echo job1.task1
      displayName: running job1.task1

  - job: job2
    displayName: display name for job2
    steps:
    - script: echo job2.task1
      displayName: running job2.task1

The result is shown below

Posted on September 26, 2022September 26, 2022 by geralexgr — Leave a comment

Structure python code with packages – import functions from different files

A modular application is an application composed of loosely coupled, functional units called modules, and these modules can be linked together to form a larger application. When you implement your python applications you should create such structures instead of big monoliths.

In this guide I will demonstrate how you can call python function from different folders and files (called packages). I have created a flask application which has as entrypoint the app.py file.

The solution is structured as shown below. The app folder is the root folder which contains all the code for the application. In the root hierarchy the app.py is placed along with other folders as templates, static and helpers.

As I need to create a helper function that will request data from an external API I created a file named github inside my helpers folder and I defined a function within it.

The function is very simple and returns a simple message. Code for github.py can be found below.

def my_function():
  return "Hello from function"

In order to call your helper functions from your main app or from another python package you should first import package

from helpers import github

and then use the function.

@app.route("/")
def home():
    return github.my_function()

This code will display on my flask main page the message of the function.

You can perform in such way any other activities by specifying your python file and then the function.

pythonFile.Function()

Posted on September 19, 2022September 19, 2022 by geralexgr — Leave a comment

Connect Azure Web app container to Keyvault using Managed identity

Following the article on which I described how you can connect to Azure resources through Managed Identity, I will showcase how one can connect through a container running on an App Service (web app) to a keyvault in order to gather secrets from it.

Connect to Azure resources with Managed Identity – Azure Web app container example

The main two components that are required for this demo will be an app service and a keyvault.

First things first we will need some secrets in order to gather through the hosted application. The dbpassword that is shown below will be retrieved and used from the web app running on the container.

As examined in the article mentioned above, we should construct the appropriate URL in order to retrieve the access_token.

$kati = Invoke-WebRequest -Uri $env:MSI_ENDPOINT"?resource=https://vault.azure.net&api-version=2017-09-01" -Headers @{Secret=$env:MSI_SECRET} -UseBasicParsing | ConvertFrom-Json

Store the access_token on a separate variable (as it sometimes is not parsed correctly from powershell)

and perform an API call on your keyvault using as Authorization the token that we retrieved earlier.

Invoke-WebRequest -Uri "https://spfykey.vault.azure.net/secrets/dbpassword/4f371b23cf244717a585e12af9846dec?api-version=7.3" -Headers @{Authorization = "Bearer $metavliti"} -UseBasicParsing

As a result we sucessfully retrieved the password for the secret which is 123456 by performing a rest api call through the web app using the Managed Identity of the app service.

References:

https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults