Azure Archives - Page 8 of 18

Posted on November 9, 2022November 9, 2022 by geralexgr — Leave a comment

Azure DevOps inventory – export data for devops organization

Inventory is necessary for many organizations when it comes to technology tools and services. As Azure devops is a complex tool which includes many services such as Repositories, Pipelines, Test Runs and more, you may want some times to export a dump of the created assets inside your DevOps account.

Using the below powershell script, you can export

Agent pools
Agents
Repositories
Projects
Pipelines

https://github.com/geralexgr/azure-devops-inventory

The first version of the tool will display all the information gathered through Azure DevOps REST API on the output console. On future versions I will improve the output and also the gathered information.

You can execute the inventory script by following the instructions on Github. The only thing that you will need to provide is a PAT token inside the $organizations hashtable.

$organizations= @(
    @{name="ORG_NAME";token="TOKEN"},
    @{name="ORG2";token="TOKEN2"}
)

After the execution you will get the information in the console output.

Posted on October 25, 2022October 25, 2022 by geralexgr — Leave a comment

Manual user approval for pipeline execution

In Azure DevOps pipelines you can use approvals in order to allow or not the deployment based on user input on a pipeline.

Find my article on how to create approvals on build and release pipelines below.

Create approvals on build and release Azure DevOps pipelines

But what happens if you want to run some tasks, get user input and then continue with some other tasks? For this reason you could use the Manual Validation task. As the name indicates, you can validate the user input and perform actions based on this input.

If you approve the execution then the pipeline will continue and if not the pipeline will stop.

You can then use the result of the previous job in order to perform other actions with succeeded() or failed() conditions.

An example of the Validation Task is shown below:

trigger:
- none

pool:
  vmImage: ubuntu-latest

jobs:
- job: job1
  pool: server
  steps:
  - task: ManualValidation@0
    inputs:
      notifyUsers: 'someone@kati.com'
      instructions: 'continue?'

- job: job2
  dependsOn: job1
  steps:
  - script: echo Hello, world!
    displayName: 'Run a one-line script'

The ManualValidation should be used mandatory with pool:server as shown above because it is an agentless job and cannot be run on the standard agent pools.

The job2 as it depends from job1 will run only if the approval is not rejected from the user.

Posted on September 19, 2022September 19, 2022 by geralexgr — Leave a comment

Connect Azure Web app container to Keyvault using Managed identity

Following the article on which I described how you can connect to Azure resources through Managed Identity, I will showcase how one can connect through a container running on an App Service (web app) to a keyvault in order to gather secrets from it.

Connect to Azure resources with Managed Identity – Azure Web app container example

The main two components that are required for this demo will be an app service and a keyvault.

First things first we will need some secrets in order to gather through the hosted application. The dbpassword that is shown below will be retrieved and used from the web app running on the container.

As examined in the article mentioned above, we should construct the appropriate URL in order to retrieve the access_token.

$kati = Invoke-WebRequest -Uri $env:MSI_ENDPOINT"?resource=https://vault.azure.net&api-version=2017-09-01" -Headers @{Secret=$env:MSI_SECRET} -UseBasicParsing | ConvertFrom-Json

Store the access_token on a separate variable (as it sometimes is not parsed correctly from powershell)

and perform an API call on your keyvault using as Authorization the token that we retrieved earlier.

Invoke-WebRequest -Uri "https://spfykey.vault.azure.net/secrets/dbpassword/4f371b23cf244717a585e12af9846dec?api-version=7.3" -Headers @{Authorization = "Bearer $metavliti"} -UseBasicParsing

As a result we sucessfully retrieved the password for the secret which is 123456 by performing a rest api call through the web app using the Managed Identity of the app service.

References:

https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults

Posted on August 22, 2022August 22, 2022 by geralexgr — Leave a comment

Execute powershell command without username password on Azure virtual machine

You can use az cli task on Azure devops in order to execute a powershell command inside a virtual machine without having to connect on it with username and password. In order to do that you have to use AzureCLI task and invoke a RunPowerShellScript.

    - task: AzureCLI@2
      displayName: execute command inside vm
      inputs:
        azureSubscription: 'subscription'
        scriptType: 'ps'
        scriptLocation: 'inlineScript'
        inlineScript: 'az vm run-command invoke --command-id RunPowerShellScript --name $(vm_name) -g $(vnet_rg_name) --scripts "hostname"'

You should use your own variables regarding the vm_name and rg_name. This task will execute on a windows-latest machine and will output the hostname of the machine that is given as input with the variables.