chgeuer

Gitlab using managed identity to access Azure

In #GitLab, you don't need to request a GitLab-issued token from some token endpoint. Instead, you just specify in your id_tokens section that you want a token for a certain audience, and GitLab hosts the #JWT token in the environment variable you specify.

In this example, GitLab issues a token for the audience api://AzureADTokenExchange and makes it available in the environment variable ID_TOKEN_FOR_AZURE.

Demo how to access an Azure resource, in this example read a secret from KeyVault (az keyvault secret show).

chgeuer

Azure Resource Manager (ARM) and ARM Templates

Summary for teacher

• Walked through slides 26 and 27 of the presentation AZ-900T00A-ENU-PowerPoint-03.pptx.

Session notes

chgeuer

Token authentication with Azure Verizon Premium walkthrough

Check the most recent version here: https://cookbook.geuer-pollmann.de/azure/azure-premium-verizon-cdn

chgeuer

chgeuer

• Links for .NET memory management
  • Advanced .NET debugging - Tess Ferrandez-Norlander - NDC London 2022
  • Enable diagnostics logging for apps in Azure App Service
  • Application performance FAQs for Web Apps in Azure
  • Collect memory dump for App Service (Windows only)
  • How to debug a managed memory dump with .NET Diagnostic Analyzers
  • Dump files in the Visual Studio debugger

chgeuer

@description('The secret')
@secure()
param secretValue string

var names = {
  identity: {
    setup: 'uami-setup'
    runtime: 'uami-runtime'
  }
  runtimeKeyVault: {

chgeuer

#!/bin/bash

access_token="$( az account get-access-token --resource-type arm | jq -r '.accessToken' )"

# echo "${access_token}" | jq -R 'split(".")|.[1]|@base64d|fromjson' 

subscriptionId="706df49f-998b-40ec-aed3-7f0ce9c67759"

# IFS='' read -r -d '' azureResourceGraphQuery <<'EOF'
# SpotResources 

chgeuer

incoming comments

• Eleanore
  • Summary and decision matrix?
• Julie NG
  • Code Reuse bzw. Modules (Knowledge Sharing im Org) fehlen.
  • Anderer Use Case is das manche "Best Practices" v.a. globally unique names finde ich 1000x leichter mit TF oder Pulumi. Deshalb braucht man crazy Bash Scripten mit ARM/Bicep
  • Discuss "mix" scenario. Multiple times damaged an AKS cluster, when Terraform aggresively prefered to delete and re-create infrastructure
  • Clean Up is simpler with Terraform statefiles. Check out https://julie.io/writing/arm-terraform-pulumi-infra-as-code/
• Laura Nicolas

chgeuer

https://hashcat.net/hashcat/

```cmd
hashcat-6.2.5\hashcat.exe --hash-type 100 --attack-mode 3 --backend-devices 1,2 "sha1.txt" ?a?a?a?a?a?a

```
0f4ef7cba35ade6bd6f34ed974f22de895f0e2cd
0099069d526352ab79023de2daeda7a786414d65

chgeuer

Sequence Diagram Comparison

MermaidJS

```mermaid
sequenceDiagram
    Alice->>John: Hello John, how are you?
 John-->>Alice: Great!