Merge pull request #122 from arambazamba:arambazamba/issue116

Arambazamba/issue116

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "appService.defaultWebAppToDeploy": "None"
+}

demos/01-appservices/demo-01/create-webapps.azcli

@@ -1,22 +1,22 @@
-rnd=$RANDOM
-grp=az204-m01-appservices-$rnd
+env=$RANDOM
+grp=az204-m01-appservices-$env
 loc=westeurope
-appPlan=appservices-$rnd
-mvcapp=mvcapp-$rnd
+plan=appservices-$env
+mvcapp=mvcapp-$env
 
 # create a resource group
 az group create -n $grp -l $loc
 
 # create an App Service plan
-az appservice plan create -n $appPlan -g $grp --sku S1
+az appservice plan create -n $plan -g $grp --sku S1
 
 # create cliapp
-az webapp create -n cli-api-$rnd -g $grp --plan $appPlan --runtime "DOTNET|6.0"
+az webapp create -n cli-api-$env -g $grp --plan $plan --runtime "DOTNET|6.0"
 
 # create mvcapp
-az webapp create -n $mvcapp -g $grp --plan $appPlan --runtime "DOTNET|6.0"
+az webapp create -n $mvcapp -g $grp --plan $plan --runtime "DOTNET|6.0"
 
 # create and upload mvcapp app using az webapp up
 cd mvc-app
-az webapp up -n $mvcapp -g $grp -p $appPlan --sku F1 -l $loc -r "DOTNET|6.0"
+az webapp up -n $mvcapp -g $grp -p $plan --sku F1 -l $loc -r "DOTNET|6.0"
 cd ..

demos/01-appservices/demo-01/mvc-app/.azure/config

@@ -0,0 +1,7 @@
+[defaults]
+group = az204-m01-appservices-15443
+sku = F1
+appserviceplan = appservices-15443
+location = westeurope
+web = mvcapp-15443
+

demos/01-appservices/demo-01/readme.md

@@ -11,7 +11,7 @@ Use [.NET Core CLI](https://docs.microsoft.com/en-us/dotnet/core/tools/).
 Scaffold and run App:
 
 ```bash
-dotnet new api -n cli-api
+dotnet new webapi -n cli-api --framework net6.0
 dotnet run
 ```
 

demos/01-appservices/demo-02/deploy-using-git.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
-grp=az204-m01-gitdeploy-$rnd
-appPlan=gitdeploy-$rnd
-app=gitdeploy-website-$rnd
+env=$RANDOM
+grp=az204-m01-gitdeploy-$env
+appPlan=gitdeploy-$env
+app=gitdeploy-website-$env
 gitrepo="https://github.com/arambazamba/git-deploy-app"
 
 az group create -n $grp -l westeurope

demos/01-appservices/demo-03/create-webapp.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
-grp=az204-m01-appsettings-$rnd
-plan=appsettings-$rnd
-app=settings-api-$rnd
+env=$RANDOM
+grp=az204-m01-appsettings-$env
+plan=appsettings-$env
+app=settings-api-$env
 loc=westeurope
 
 az group create -n $grp -l $loc

demos/01-appservices/demo-04/deploy-easy-auth.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
-grp=az204-m01-easy-auth-$rnd
-appPlan=easyauth-$rnd
-app=easyauth-website-$rnd
+env=$RANDOM
+grp=az204-m01-easy-auth-$env
+appPlan=easyauth-$env
+app=easyauth-website-$env
 appregName=easyauth-app
 gitrepo="https://github.com/arambazamba/git-deploy-app"
 tenantID=d92b247e-90e0-4469-a129-6a32866c0d0a

demos/01-appservices/demo-05/create-webapp-slots.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
-grp=az204-m01-deployment-slots-$rnd
-appPlan=deployment-slots-$rnd
-app=deployment-slots-app-$rnd
+env=$RANDOM
+grp=az204-m01-deployment-slots-$env
+appPlan=deployment-slots-$env
+app=deployment-slots-app-$env
 loc=westeurope
 slot=staging
 

demos/01-appservices/demo-06/traffic-manager.azcli

@@ -1,8 +1,8 @@
-rnd=$RANDOM
-eugrp=az204-tm-eu-$rnd
-usgrp=az204-tm-us-$rnd
-euplan=tm-westeur-$rnd
-usplan=tm-eastus-$rnd
+env=$RANDOM
+eugrp=az204-tm-eu-$env
+usgrp=az204-tm-us-$env
+euplan=tm-westeur-$env
+usplan=tm-eastus-$env
 gitrepo="https://github.com/arambazamba/git-deploy-app"
 user=labadmin
 pwd=Pa$$w0rd1234!
@@ -22,13 +22,13 @@ az webapp deployment source config -n tmapp-$usplan -g $usgrp -u $gitrepo --bran
 usid=$(az webapp show -n tmapp-$usplan -g $usgrp --query id -o tsv)
 
 # Create TM Profile & Add Endpoints  
-az network traffic-manager profile create -g $eugrp -n tmprofile$rnd --routing-method Geographic \
-    --unique-dns-name tmapp-$rnd --ttl 30 --protocol HTTP --port 80 --path "/"
+az network traffic-manager profile create -g $eugrp -n tmprofile$env --routing-method Geographic \
+    --unique-dns-name tmapp-$env --ttl 30 --protocol HTTP --port 80 --path "/"
 
-az network traffic-manager endpoint create --name ep-$euplan -g $eugrp  --profile-name tmprofile$rnd  --geo-mapping GEO-EU \
+az network traffic-manager endpoint create --name ep-$euplan -g $eugrp  --profile-name tmprofile$env  --geo-mapping GEO-EU \
     --type azureEndpoints --target-resource-id $euid --endpoint-status Enabled 
 
-az network traffic-manager endpoint create --name ep-$usplan -g $eugrp  --profile-name tmprofile$rnd  --geo-mapping GEO-NA \
+az network traffic-manager endpoint create --name ep-$usplan -g $eugrp  --profile-name tmprofile$env  --geo-mapping GEO-NA \
     --type azureEndpoints --target-resource-id $usid --endpoint-status Enabled 
 
 # Create a vm in the US to access the webapp with an us ip address

demos/02-blob-storage/demo-01/create-blob-app.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
-grp=az204-m02-foodpics-$rnd
+env=$RANDOM
+grp=az204-m02-foodpics-$env
 loc=westeurope
-acct=foodpics$rnd
+acct=foodpics$env
 container="food"
 blob_name=shrimp-vindaloo.jpg
 file_to_upload="./food-pics/shrimp-vindaloo.jpg"

demos/02-blob-storage/demo-02/creata-sas-app.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
+env=$RANDOM
 loc=westeurope
-grp=az204-m02-sas-$rnd
-acct=medicalrecords$rnd
+grp=az204-m02-sas-$env
+acct=medicalrecords$env
 container="patient-images"
 path="./patient-images/"
 blob="patient-32589.jpg"

demos/02-blob-storage/demo-03/create-fileshare.azcli

@@ -1,7 +1,7 @@
-rnd=$RANDOM
+env=$RANDOM
 grp=az-lab
 loc=westeurope
-acct=labvm$rnd
+acct=labvm$env
 
 az group create -n $grp -l $loc
 

demos/07-secure-solutions/01-key-vault/create-db.azcli

@@ -1,9 +1,9 @@
-rnd=dev
-grp=az204-m07-secure-solutions-$rnd
+env=dev
+grp=az204-m07-secure-solutions-$env
 loc=westeurope
-server=foodserver$rnd
-db=foodb$rnd
-vault=foodvault-$rnd
+server=foodserver$env
+db=foodb$env
+vault=foodvault-$env
 
 user=$(az keyvault secret show --name "DBUser" --vault-name $vault --query value -o tsv)
 pwd=$(az keyvault secret show --name "DBPassword" --vault-name $vault --query value -o tsv)

demos/07-secure-solutions/01-key-vault/create-vault.azcli

@@ -1,7 +1,7 @@
-rnd=dev
-grp=az204-m07-secure-solutions-$rnd
+env=dev
+grp=az204-m07-secure-solutions-$env
 loc=westeurope
-vault=foodvault-$rnd
+vault=foodvault-$env
 
 az group create -n $grp -l $loc
 
@@ -16,6 +16,9 @@ az keyvault secret set --vault-name $vault --name "DBPassword" --value "Lab@dmin
 az keyvault secret show --vault-name $vault --name "DBUser" 
 
 user=$(az keyvault secret show --vault-name $vault --name "DBUser" --query value)
+pwd=$(az keyvault secret show --vault-name $vault --name "DBPassword" --query value -o tsv)
+
+az keyvault secret set --vault-name $vault --name "conSQLServer" --value "Server=tcp:$server.database.windows.net,1433;Database=$db;User ID=$user;Password='$pwd';Encrypt=true;Connection Timeout=30;"
 
 az keyvault secret list --vault-name $vault -o table
 

demos/07-secure-solutions/02-managed-identity/demo-01/appservice-use-mi.azcli

@@ -1,9 +1,9 @@
-rnd=dev
-grp=az204-m07-secure-solutions-$rnd
+env=dev
+grp=az204-m07-secure-solutions-$env
 loc=westeurope
-vault=foodvault-$rnd
-plan=foodplan-$rnd
-app=foodapi-$rnd
+vault=foodvault-$env
+plan=foodplan-$env
+app=foodapi-$env
 
 cd food-api-mi
 az webapp up -n $app -g $grp -p $plan -l $loc --sku Free -r "DOTNET|6.0" 

demos/07-secure-solutions/02-managed-identity/demo-01/food-api-mi/.gitignore

@@ -6,6 +6,8 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+.azure/
+
 # Database
 *.db
 

demos/07-secure-solutions/02-managed-identity/demo-01/food-api-mi/Startup.cs

@@ -2,11 +2,10 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
-using Microsoft.AspNetCore.HttpsPolicy;
-using Microsoft.Azure.KeyVault;
-using Microsoft.Azure.Services.AppAuthentication;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -31,13 +30,12 @@ public void ConfigureServices (IServiceCollection services) {
 
             //Use MI to get DB Con Str
             Console.WriteLine($"Using KeyVault: {cfg.Azure.KevVault}");            
-            var azureServiceTokenProvider = new AzureServiceTokenProvider();
-            var kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));            
-            string dbconstring = (kvClient.GetSecretAsync($"https://{cfg.Azure.KevVault}", "conSQLite").Result).Value;
-            Console.WriteLine($"dbconstring from vault: {dbconstring}");           
+            var client = new SecretClient(new Uri($"https://{cfg.Azure.KevVault}"), new DefaultAzureCredential());
+            var secret = client.GetSecret("conSQLite").Value;     
+            Console.WriteLine($"dbconstring from vault: {secret.Value}");           
 
             //EF
-            services.AddDbContext<FoodDBContext> (options => options.UseSqlite (cfg.ConnectionStrings.SqLiteDbConnection));
+            services.AddDbContext<FoodDBContext> (options => options.UseSqlite (secret.Value));
 
             //Swagger
             services.AddSwaggerGen (c => {

demos/07-secure-solutions/02-managed-identity/demo-01/food-api-mi/food-api.csproj

@@ -3,11 +3,11 @@
 		<TargetFramework>net6.0</TargetFramework>
 	</PropertyGroup>
 	<ItemGroup>
-		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.20.0"/>
-		<PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.1"/>
-		<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.1"/>
-		<PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5"/>
-		<PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.6.2"/>		
-		<PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3"/>
+		<PackageReference Include="Azure.Identity" Version="1.8.1" />
+		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
+		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.20.0" />
+		<PackageReference Include="Microsoft.EntityFrameworkCore" Version="6.0.1" />
+		<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.1" />
+		<PackageReference Include="Swashbuckle.AspNetCore" Version="6.2.3" />
 	</ItemGroup>
 </Project>

demos/07-secure-solutions/02-managed-identity/demo-02/vm-mi.azcli

@@ -1,10 +1,10 @@
-rnd=dev
-grp=az204-m07-secure-solutions-$rnd
+env=dev
+grp=az204-m07-secure-solutions-$env
 loc=westeurope
-identity=ua-identity-$rnd
-vm=identityvm-$rnd
+identity=ua-identity-$env
+vm=identityvm-$env
 admin=az204admin
-vault=foodvault-$rnd
+vault=foodvault-$env
 
 az group create -n $grp -l $loc
 

demos/07-secure-solutions/02-managed-identity/demo-03/mi-func/.gitignore

@@ -2,7 +2,7 @@
 ## files generated by popular Visual Studio add-ons.
 
 # Azure Functions localsettings file
-local.settings.json
+# local.settings.json
 
 # User-specific files
 *.suo

demos/07-secure-solutions/02-managed-identity/demo-03/mi-func/getSecret.cs

@@ -7,10 +7,9 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Newtonsoft.Json;
-using Microsoft.Azure.Services.AppAuthentication;
-using Microsoft.Azure.KeyVault;
 using Microsoft.Extensions.Configuration;
-
+using Azure.Security.KeyVault.Secrets;
+using Azure.Identity;
 
 namespace Company.Function
 {
@@ -34,13 +33,12 @@ public static async Task<IActionResult> Run(
                 .Build();
 
                 var kvName = config["KeyVaultName"];
-                var kvUri = $"https://{kvName}.vault.azure.net/";
 
-                log.LogInformation($"Obtaining secret {secret} from {kvUri}");
+                log.LogInformation($"Obtaining secret {secret} from {kvName}");
 
-                var serviceTokenProvider = new AzureServiceTokenProvider();
-                var keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(serviceTokenProvider.KeyVaultTokenCallback));
-                dbconstring = (keyVaultClient.GetSecretAsync(kvUri, secret).Result).Value;
+                var client = new SecretClient(new Uri($"https://{kvName}.vault.azure.net/"), new DefaultAzureCredential());
+                var response = await client.GetSecretAsync("conSQLite");     
+                dbconstring = response.Value.Value;
             }
 
             string responseMessage = string.IsNullOrEmpty(secret)

demos/07-secure-solutions/02-managed-identity/demo-03/mi-func/local.settings.json

@@ -0,0 +1,7 @@
+{
+  "IsEncrypted": false,
+  "Values": {
+    "FUNCTIONS_WORKER_RUNTIME": "dotnet",
+    "KeyVaultName": "foodvault-dev"
+  }
+}

demos/07-secure-solutions/02-managed-identity/demo-03/mi-func/mi-func.csproj

@@ -6,8 +6,8 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Sdk.Functions" Version="4.1.3" />
-    <PackageReference Include="Microsoft.Azure.Services.AppAuthentication" Version="1.6.2" />
-    <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.5" />
+		<PackageReference Include="Azure.Identity" Version="1.8.1" />
+		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.4.0" />
   </ItemGroup>
   <ItemGroup>
     <None Update="host.json">