I can't find the example of how to use Azure Keyvault with Mozilla SOPS in .sops.yaml.
All examples I saw in the WEB and provided here https://github.com/mozilla/sops#211using-sopsyaml-conf-to-select-kmspgp-for-new-files for AWS. Anyone saw Azure Key Vault example?
TL;DR
Use azure_keyvault to configure AKV in .sops.yaml.
The official documentation lacks a clear description for that and actually can be a bit misleading. While the section Using .sops.yaml conf to select KMS/PGP for new files shows the --gcp-kms flag being mapped to gcp_kms in the .sops.yaml file, the --azure-kv flag doesn't map to azure_kv, but instead azure_keyvault.
This specific detail can be found in the source code.
Credits to #feniix who pointed this out in a GitHub issue.
Related
How do you restore an azure sql database using terraform on another server from a backup?
Terraform docs talk about a create mode "RestoreExternalBackup". How could one use that?
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_database
I researched this issue and found it to be a discrepancy between the Terraform and Azure documentation. I also opened an issue on the GitHub repo with this info.
RestoreExternalBackup is listed as a possible value for CreateMode in the Azure API documentation for databases. However, the create mode documentation doesn't describe how to use it. This option should not be available.
Looking at the Managed Database documentation, it clearly defines how to use the RestoreExternalBackup option. Oddly enough the Terraform documentation doesnt list any create modes for managed databases. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/mssql_managed_database
When trying to use RestoreExternalBackup to create a database the error indicates that option requires a pointer to a storage account with the message "Missing storage container URI". Storage account information is not a valid property when creating a database resource, only for a managed database resource.
Database = https://learn.microsoft.com/en-us/rest/api/sql/2022-05-01-preview/databases/create-or-update?tabs=HTTP
Managed Database Docs = https://learn.microsoft.com/en-us/rest/api/sql/2022-05-01-preview/managed-databases/create-or-update?tabs=HTTP
I have a confusion about the --put-md5 parameter. When I use azcopy command to upload a file to my Azure Storage account without --put-md5 parameter, the uploaded blob's Content-MD5 property seem to be created defaultly. However, the AzCopyV10.0.9 Preview Release illustrates that "as of version 10.0.9, MD5 hashes are NOT created by default". Could you please help to check it? See the screenshots:
CMD
Portal
Thanks.
I tested on my side and got same result.MD5 hash is calculated and stored automatically.
This seems to be an azcopy bug.
Here is an opened issue in Microsoft Github azcopy repository.
https://github.com/Azure/azure-storage-azcopy/issues/1315
Reply from Microsoft
For smaller blobs (<256MB IIRC), the service computes it automatically for you.
I was trying to get the connection string from the azure key vault for azure functions. These are the steps I did,
Created a managed identity(System assigned) in the azure functions
Create a secret in an azure key vault
Add access policies to give permission to the azure function app
Added an entry in the app settings for connection string where the value was #Microsoft.KeyVault(SecretUri=SECRETURLOFKEYVAULT)
But when I run the azure function I am getting below error,
"Keyword not supported: #microsoft.keyvault(secreturi....."
This is how I have enabled managed identity,
And my access policy looks like below,
Any help would be much appreciated
I ran into a similar problem by following the tutorial. My remedy was a restart of the function app. Saving of the app setting was not enough for the Function App to start using the Key Vault secret provider correctly.
According to the steps you provided, it have no problem to work well. Here is the tutorial about get key vault secrets in Azure Function you could refer to.
Note: Add access policies to the azure function app with the Get permission on secrets and that was enough.
Also, here is a similar issue that get same error like you which is due to IP Address restriction blocking it.
This issue occurred while testing on local. It was resolved after doing an az login.
So I am trying to get Let's Encrypt working on Windows Azure through the web extension but I am getting a error that I cannot solve or find any information about.
I am following this tutorial on how to set ut Let's Encrypt on Azure:
https://github.com/sjkp/letsencrypt-siteextension/wiki/How-to-install#create-a-service-principal
When I use the extension wizard, fill in all the fields and press next this is the error I get:
My resourcegroup:
My serviceplan inside my resourcegroup (+ storage and app service):
My ClientID (application id):
My secret is also set, saved the value and pasted it into the wizard:
My connection strings are set (in the format mentioned in the tutorial/setup):
There is a webjob running, I did not create this, I think it was created by the wizard in some way(?):
And at last:
It seems to me that I have done everything the tutorial has asked me to do, I don't know why I get the error, I also don't understand the reference to "00000000-0000-0000-0000-000000000000". Does anyone know what I did wrong and how to solve this error?
Thanks in advance.
The checkbox "Update Application Settings" must be checked if you want to modify the settings from the Let's Encrypt extension's pages.
If you hate the idea of an azure webjob swallowing valuable system resources of your azure app service then there is now an alternative solution which uses Azure Automation;
https://www.powershellgallery.com/packages/GetSSL-LetsEncrypt
Documentation # https://w.itpro.es/ssl-eng
I'm trying to build a small program to change the autoscale settings for our Azure WebApps, using the Microsoft.WindowsAzure.Management.Monitoring and Microsoft.WindowsAzure.Management.WebSites NuGet packages.
I have been roughly following the guide here.
However, we are interested in scaling WebApps / App Services rather than Cloud Services, so I am trying to use the same code to read the autoscale settings but providing a resource ID for our WebApp. I have already got the credentials required for making a connection (using a browser window popup for Active Directory authentication, but I understand we can use X.509 management certificates for non-interactive programs).
This is the request I'm trying to make. Credentials already established, and an exception is thrown earlier if they're not valid.
AutoscaleClient autoscaleClient = new AutoscaleClient(credentials);
var resourceId = AutoscaleResourceIdBuilder.BuildWebSiteResourceId(webspaceName: WebSpaceNames.NorthEuropeWebSpace, serverFarmName: "Default2");
AutoscaleSettingGetResponse get = autoscaleClient.Settings.Get(resourceId); // exception here
The WebApp (let's call it "MyWebApp") is part of an App Service Plan called "Default2" (Standard: 1 small), in a Resource Group called "WebDevResources", in the North Europe region. I expect that my problem is that I am using the wrong names to build the resourceId in the code - the naming conventions in the library don't map well onto what I can see in the Azure Portal.
I'm assuming that BuildWebSiteResourceId is the correct method to call, see MSDN documentation here.
However the two parameters it takes are webspaceName and serverFarmName, neither of which match anything in the Azure portal (or Google). I found another example which seemed to be using the WebApp's geo region for webSpaceName, so I've used the predefined value for North Europe where our app is hosted.
While trying to find the correct value for serverFarmName in the Azure Portal, I found the Resource ID for the App Service Plan, which looks like this:
/subscriptions/{subscription-guid}/resourceGroups/WebDevResources/providers/Microsoft.Web/serverfarms/Default2
That resource ID isn't valid for the call I'm trying to make, but it does support the idea that a 'serverfarm' is the same as an App Service Plan.
When I run the code, regardless of whether the resourceId parameters seem to be correct or garbage, I get this error response:
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
{"Code":"SettingNotFound","Message":"Could not find the autoscale settings."}
</string>
So, how can I construct the correct resource ID for my WebApp or App Service Plan? Or alternatively, is there a different tree I should be barking up to programatially manage WebApp scaling?
Update:
The solution below got the info I wanted. I also found the Azure resource explorer at resources.azure.com extremely useful to browse existing resources and find the correct names. For example, the name for my autoscale settings is actually "Default2-WebDevResources", i.e. "{AppServicePlan}-{ResourceGroup}" which I wouldn't have expected.
There is a preview service https://resources.azure.com/ where you can inspect all your resources easily. If you search for autoscale in the UI you will easily find the settings for your resource. It will also show you how to call the relevant REST Api endpoint to read or update that resorce.
It's a great tool for revealing a lot of details for your deployed resources and it will actually give you an ARM template stub for the resource you are looking at.
And to answer your question, you could programmatically call the REST API from a client with updated settings for autoscale. The REST API is one way of doing this, the SDK another and PowerShell a third.
The guide which you're following is based on the Azure Service Management model, aka Classic mode, which is deprecated and only exists mainly for backward compatibility support.
You should use the latest
Microsoft.Azure.Insights nuget package for getting the autoscale settings.
Sample code using the nuget above is as below:
using Microsoft.Azure.Management.Insights;
using Microsoft.Rest;
//... Get necessary values for the required parameters
var client = new InsightsManagementClient(new TokenCredentials(token));
client.AutoscaleSettings.Get(resourceGroupName, autoScaleSettingName);
Besides, the autoscalesettings is a resource under the "Microsoft.Insights" provider and not under the "Microsoft.Web" provider, which explains why you are not able to find it with your serverfarm resourceId.
See the REST API Reference below for getting the autoscale settings.
GET
https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/microsoft.insights/autoscaleSettings/{autoscale-setting-name}?api-version={api-version}