Skip to content

Instantly share code, notes, and snippets.

View chgeuer's full-sized avatar
🏠
Working from Düsseldorf

Dr. Christian Geuer-Pollmann chgeuer

🏠
Working from Düsseldorf
128 followers · 14 following
View GitHub Profile
@chgeuer
chgeuer / domain_discovery.livemd
Last active January 24, 2024 15:48

Entra Domain Discovery

Mix.install([
  # {:ex_token_toys, path: "C:\\github\\chgeuer\\ex_token_toys"}
  {:ex_token_toys, github: "chgeuer/ex_token_toys"}, 
  {:kino, "~> 0.12.3"}
])
@chgeuer
chgeuer / req_streaming.livemd
Last active January 13, 2024 17:15

Sample integrating Bandit and Req/Finch

Mix.install([
  {:finch, "~> 0.17.0"},
  {:req, "~> 0.4.8"},
  {:bandit, "~> 1.1"}
])
@chgeuer
chgeuer / msal_playground.livemd
Created December 18, 2023 21:30

A notebook to use the local MSAL cache to talk to Azure

Mix.install([
  {:jason, "~> 1.4"},
  {:jsonrs, "~> 0.3.3"},
  {:req, "~> 0.4.8"},
  {:jose, "~> 1.11"},
  {:jose_utils, "~> 0.4.0"},
  {:explorer, "~> 0.7.2"},
@chgeuer
chgeuer / floats_as_bytes.cs
Created September 19, 2023 08:23
unsafe static byte[] DoublesToBytes(double[] value)
{
var bytes = new byte[8*value.Length];
fixed (byte* b = bytes)
{
for (int i = 0; i < value.Length; i++)
{
var v = value[i];
*((int*)(b + 8*i)) = *(int*)&v;
*((int*)(b + 8*i+4)) = *(((int*)&v) + 1);
@chgeuer
chgeuer / kita.md
Last active August 21, 2023 17:28
@chgeuer
chgeuer / bios.md
Last active August 15, 2023 09:24
@chgeuer
chgeuer / data-plane-access-customer-with-multi-tenant-app.md
Created August 11, 2023 08:15

Access KeyVault on customer side with a service principal

#!/bin/bash

# ISV side
app_id_in_isv_tenant="9eb849dd-f1fd-47fc-a3b0-de6a11148049"
client_secret="..."
@chgeuer
chgeuer / DownloadAzureAppService.cs
Last active July 5, 2023 13:28
namespace Downloader
{
using System;
using System.IO;
using System.IO.Compression;
using System.Net.Http.Json;
using System.Text;
using System.Text.Json.Nodes;
using Azure.Core;
using Azure.Identity; // <PackageReference Include="Azure.Identity" Version="1.9.0" />
@chgeuer
chgeuer / ci-cd-federated-credential-azure.md
Last active June 28, 2023 07:40

Azure access without secrets from GitHub and GitLab using federated identity credentials

header

tl;dr

  • Federated credentials / workload identity federation allows your CI/CD pipelines in GitHub and GitLab to access your Azure subscription without any secrets stored in the pipeline config.
  • GitHub's azure/login@1 task handles this transparently, but I also explain how it works under the hood. GitLab supplies the necessary token directly to your pipeline run.
  • Both GitHub and GitLab are easy to setup and federate securely with your Azure subscription.
  • BitBucket can't be setup that way, because tokens issued by BitBucket don't have a predicable subject identifier.
@chgeuer
chgeuer / gitlab.md
Created June 26, 2023 15:56

Gitlab using managed identity to access Azure

In #GitLab, you don't need to request a GitLab-issued token from some token endpoint. Instead, you just specify in your id_tokens section that you want a token for a certain audience, and GitLab hosts the #JWT token in the environment variable you specify.

In this example, GitLab issues a token for the audience api://AzureADTokenExchange and makes it available in the environment variable ID_TOKEN_FOR_AZURE.

image-20230522090952500

Demo how to access an Azure resource, in this example read a secret from KeyVault (az keyvault secret show).