Bitbucket- Pipelines -Terraform - Private Modules

So you’ve started using terraform

You’ve progressed to creating terraform modules

You’ve put your module in a private bitbucket repo

Now you want to access it from a bitbucket build pipeline and you see the following

Solution

In my case I reached out to one of my friendly devops colleagues  @BlnaryMlke who showed me how ssh keys and git hang together, I don’t know if i should be ashamed to say I’ve never used git with ssh keys until today.

Armed with this new knowledge I set off to do the same in my bitbucket pipeline only to discover that Bitbucket has some primary support for this scenario!

What follows are the steps required in a bitbucket pipeline in order to to use a private git bitbucket repo that contains a terraform module

Show me

1) First create a new key in the the project that contains your pipeline (i.e. the project that is including the terraform module), you’ll find this option under project settings, pipelines/ssh keys

Image shows that I’ve added a new Key and then added bitbucket.org (fetch gets the fingerprint)

2) Now add the public key to your bitbucket git repo that contains the terraform module, to do this you go to the project settings and choose access keys then add

3) Lastly, you’ll need to configure your terraform module source with the following format

That’s it, huge thanks again to @BlnaryMlke for setting me on the right path

4) Bonus Step: If you wish to work outside the bitbucket pipeline and don’t want to use ssh keys but rather your OAuth token you can configure git insteadof to automagically redirect ssh to http

Azure Key Vault References

In this video I show you how move application secrets into Azure Key Vault without any code changes.I do this by using a vault access policy.

Note: You'll have to ignore my managed identity references in this video I didn't use them.

Azure Managed Identities

In this video I show you how to leverage Azure Managed Identities to allow access between Azure resources.

(excuse the audio quality.. i need to improve on this)

Flexing those Java generic PECS

I believe I’ve previously covered c# generics covariance and contravariance in the past, now it’s javas turn

As you may or may not know

The term PECS stands for “Producer Extends, Consumer Super,” which is an odd acronym coined by Joshua Block in his Effective Java book, but provides a mnemonic on what to do. It means that if a parameterized type represents a producer, use extends. If it represents a consumer, use super. If the parameter is both, don’t use wildcards at all—the only type that satisfies both requirements is the explicit type itself.

Covariance in java uses the extends keyword (yes even with interfaces), e.g. List<? extends Number> accommodates all types that derive from Number


Contravariance on the other hand uses the super keyword e.g. List<? super Number> accommodates all the types that Number derives from and of course number itself.

So what exactly is PECS recommending we do?

  • Use extends when you only get values out of a data structure
  • Use super when you only put values into a data structure
  • Use the exact type when you plan on doing both

VS2019 Docker ASP Core Environment Vars

Tip

If you are debugging with VS2017/9 and want to pass environment variables to your container then read this post, if you are looking for picture of cats then sorry but leave a comment how you got here

 

Step 1

Create a new text file, the name doesn’t matter, but i called mine Dockerfile.env

image
image

 

Step 2

Add this file to your .csproj file.

image

Step 3

Not really a step but you you can simply query your Environment variable in the usual fashion (Environment.GetEnvironmentVariable())

image

 

Note:

Needless to say when you run in production you’ll need to pass the Environment variable according to Docker documentation which I don’t cover here

Azure AD Angular7 .net Core 2.2 ADAL

Hi Everyone,

I thought it worth sharing how to configure Azure Active Directory to work with a .net core 2.2 webapi backend and an angular7 front end that uses ADAL (i.e. v1 of Azure AD)

AD Versions

As you may or may not be aware, Azure AD has two implementations of security protocols, v1 is the common one but v2 is becoming more popular. From an Angular point of view you will pull in either the ADAL library for v1 or the MSAL library for v2, I’m not going to dwell on what the differences are or why to use either, in a recent project I was working on we found that there was no Java springboot support for v2 at the time, so went with the v1 endpoints to get our POC up and running quickly.

Asp Web Api

To configure Asp.net core 2.2 for use with v1 you’ll need a jwt token

Angular 7

For angular7 I used the adal-angular4 library (this is an unfortunate name as it is not limited to v4)

The application settings are configured in the environment

The module then adds adal and interceptors via the providers statement

Now when you make a http request the bearer token will be added by the angular interceptor and recognised by the webapi

Setting your C# language level

The C# compiler defaults to the latest major version of the language that has been released. You may choose to compile any project using a new point release of the language. Choosing a newer version of the language enables your project to make use of the latest language features. In other scenarios, you may need to validate that a project compiles cleanly when using an older version of the language.

This capability decouples the decision to install new versions of the SDK and tools in your development environment from the decision to incorporate new language features in a project. You can install the latest SDK and tools on your build machine. Each project can be configured to use a specific version of the language for its build

Screenshot shows me selecting C# 7.2 for a .net core 2.1 application by changing the advanced options of the project properties build pane

C# Concurrency lesson–Barrier to entry

Imagine the scenario you are on a team race, there are a number of stages along the route however only once all you teammates have gotten the the end of a stage can anyone proceed to the next stage.

Now imagine the competitors are threads/tasks and that you had to write this code…. with the .net Barrier class this is quite trivial.

The result looks like this:

C# Concurrency lesson–SemaphoreSlim

In windows we have two types of semaphores, local and named system semaphores.

You can think of a semaphore as a bounder in a nightclub, the responsibility is to only allow a number of people into the club at any one time.

.net has a lightweight semaphore, ‘SemaphoreSlim’ that can be used for local communication (that is to say, system synchronization is not supported)

If you run the code above (e.g. in .net core 2.1 project) you will be presented with the following result

What is happening is that all the tasks try get access to the semaphore, they are all initially blocked until

semaphore.Release(3);

is called which allows 3 tasks to enter at any one time.