mitzen

It is a common frustration because we need to federate our app registration credential everytime we are trying to create a branch and do a build. Now we have Azure Flexible federated credential enabled for only App Registrations.   Let's say you an existing app registration we can federate it easily using the following command:-  az rest --method post --url https://graph.microsoft.com/beta/applications/your-app-registration-client-id/federatedIdentityCredentials --body "{'name': 'FlexFic1', 'issuer': 'https://token.actions.githubusercontent.com', 'audiences': [ 'api://AzureADTokenExchange' ] ,'claimsMatchingExpression': {'value': 'claims[\'sub\'] matches \'  repo:kepungnzai/dot-net-gw:ref:refs/heads/*\'','languageVersion': 1}}"  This will create the necessary federated credentials as shown here:-  And in your pipeline    name : ' Login to Azure '         uses : azure/...

We can federate our managed identity in a more flexible manner especially when we need to use it against github and allows our build against different branch without 20 federated credential limits.  Here is an example of how we can federate our managed identity   az identity federated-credential create  --name "github-actions-main"  --identity-name %IDENTITY_NAME%  --resource-group %RG_NAME% --issuer "https://token.actions.githubusercontent.com"   --subject "claims['sub'] matches 'repo:%REPO%:ref:refs/heads/*'"  --audience "api://AzureADTokenExchange" Validating that against our Azure portal, we can get more information here However trying to run this in github, I am still not able to get it to run successfully. That's for a good reason.  The reason I am getting the AADSTS700213 error is because User-Assigned Managed Identities do not yet support wildcard matching for OIDC subjects. Azure recently introduced "Flexible fe...

  Flexible federated identity credentials (preview) https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-flexible-federated-identity-credentials?tabs=github

Bump into this error here  Error: Please make sure to give write permissions to id-token in the workflow. Error: Login failed with Error: Error message: Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.  ` And the fix is adding back id-token jobs :   build-and-deploy :     runs-on : ubuntu-latest     permissions :       id-token : write

This is a quick an dirty way to setup managed identiy and federation github repo   SET RESOURCE_GROUP="github-rg" SET RG_NAME="github-rg" SET LOCATION="australiaeast" SET IDENTITY_NAME="github-aue-dev-mi" SET SUBSCRIPTION_ID=subscription-id SET REPO="kepungnzai/dot-net-gw" set IDENTITY_PRINCIPAL_ID=acf61232-246e-4782-9234-919307693969 And to federate it  az identity federated-credential create  --name "github-actions-main"  --identity-name %IDENTITY_NAME%   --resource-group %RG_NAME% --issuer "https://token.actions.githubusercontent.com"   --subject "repo:%REPO%:ref:refs/heads/*" --audience "api://AzureADTokenExchange"

 Getting github error message and this reall "shed" light into the error :D denied: permission_denied: write_package Then i notice the build pipeline using this docker image and hence the error.   #18 naming to ghcr.io/kepungnzai/dot-net-gw:dac4bad done So github is actually expecting ghrc + user name + repository name + your image name  Example of pipeline  name : Build and Deploy Azure Function on :   push :     branches :       - main   workflow_dispatch : env :   AZURE_FUNCTIONAPP_NAME : ' your-function-app-name '   # set this to your function app name on Azure   CONTAINER_REGISTRY : ghcr.io   IMAGE_NAME : ${{ github.repository }}/dotnetgw jobs :   build-and-deploy :     runs-on : ubuntu-latest     permissions :       contents : read       packages : write     steps :       - name : ' Checkout GitHub Action ' ...

Let's say we would like to make a payment and to add abit of security to this, we will trigger a biometric to ensure a legit user is authorizing a payment.  To start implementing,  app/build.gradle.kts dependencies { implementation ( libs . androidx . biometric ) And then we will update our MainActivity.kt with this before passing it to our Composable. This onAuthenticate is being passed down all the way to our composable and finally to our button click command  @dagger.hilt.android.AndroidEntryPoint class MainActivity : FragmentActivity() { private val viewModel : HomeViewModel by viewModels () private lateinit var biometricHelper : BiometricHelper override fun onCreate ( savedInstanceState : Bundle ?) { super .onCreate( savedInstanceState ) enableEdgeToEdge () biometricHelper = BiometricHelper( this ) setContent { GetMyHomeTheme { GetMyHomeApp ( viewModel = viewModel , ...

 Kotlin launch is a co-routine operating under the model 'fire-and-forget'. It returns a Job object that we can use to see if it is active or cancel it. It is also non-blocking.  import kotlinx.coroutines.* fun main () = runBlocking {     // Launch a background coroutine     val job = launch {         delay ( 1000L )         println ( " World! " )     }         println ( " Hello, " ) // This prints immediately while 'World!' is waiting     job . join ()         // (Optional) Wait for the launch block to finish } If you want to fetch user data from a network API and use that data, launch won't cut it because it can't return the data. You must use async , which is where await() comes into play: This is a good example of launch use-case  class ProfileViewModel : ViewModel () {     // viewModelScope automatically cancels the launch if ...

When we create a function we generally allow user to pass in parameter. Sometimes this parameter can be a simple integer or it can be a function. In this implementation we are going to look at passing it as a function.  This is our sample function  fun calculate ( a : Int , b : Int , operation : ( Int , Int ) -> Int ): Int {       return operation(a, b) // Call it like a regular function   } In order to pass in our function, we use the ::  (double colon) operator  fun existing_calculate ( x : Int , y : Int ) = x + y  val result = calculate( 10 , 5 , ::existing_calculate)

How do you get all the permission granted to an AWS resources for example a storage s3 bucket? We can use the following commands. For the ACL, it asks AWS to tell you the legacy permissions attached directly to that bucket. It shows who owns the bucket and which AWS accounts or public groups have been granted specific read or write permissions via the ACL system. // To get bucket access control list aws s3api get-bucket-acl --bucket appjerwo-demo-test aws s3api get-bucket-policy --bucket appjerwo-demo-test This is an example of the bucket policy :- Unfortunately there is no clean way of reusing the command across different resources such as SQS.  So for sqs you probably need to use  aws sqs get-queue-attributes  --queue-url https://sqs.ap-southeast-2.amazonaws.com/xxxxxxxxxxxx/mytestsqs --attribute-names Policy  --query Attributes.Policy     --output text --region ap-southeast-2

Sometimes i think we type too much to get the same info again and again. Here are some shortcust whenever we are working with flux resources.  Full Resource Kind kubectl Shortcut Example Command Kustomization ks kubectl get ks -n flux-system HelmRelease hr kubectl get hr -n cert-manager HelmChart (Internal) hc kubectl get hc -n flux-system  And if you're keep to know more about other resources, run this command :-  kubectl api-resources | grep source.toolkit.fluxcd.io

How to create oauth 2.0 client for signing into google. You have to login to https://console.cloud.google.com/ and the go under API & Services . Then you will need to click on " Create credentials " as shown here.  And the next steps are pretty straight forward. Please download and copy your google-service.json file to your android app folder. Using the Android studio to paste this in to ensure Android studio is able to recognized your new file. 

The by keyword, however, is a native feature built directly into core Kotlin . It is called Property Delegation , and its main job is to let you hand over the responsibility of reading and writing a variable to a helper class. Here is a simple, real-world example of how by can be used to automatically format a string (like capitalizing a user's name) every time you save a value to it. import kotlin.reflect. KProperty // 1. Create the Delegate class that handles the background work class CapitalizeDelegate { private var actualValue : String = "" // Intercepts whenever someone reads the variable: "println(name)" operator fun getValue ( thisRef : Any ?, property : KProperty <*>): String { return actualValue } // Intercepts whenever someone updates the variable: "name = 'alex'" operator fun setValue ( thisRef : Any ?, property : KProperty <*>, newValue : String ) { // Automatically capitalize th...