azure devops calling rest api using workload identity

In this setup we are  trying to call Azure Devops endpoint to files in a repository or get a file content using REST API without using a PAT token. Instead we are fully relying on using workload identity and use Bear authorization. Let's see how we can do that. 

Before starting we need to ensure 

1. your pod is running on a specific managed identity (workload identity)

2. you have granted permission for this managed identity to access your Azure Devops  repositories / project



$AzureDevopsApplicationId = "499b84ac-1321-427f-aa17-267ca6975798"
# we are using az cli to get us the acces token
$token = az account get-access-token --resource $AzureDevopsApplicationId | ConvertFrom-Json
$headers = SetupAuthorizationHeader $token.accessToken

function SetupAuthorizationHeader($usertoken)
{        
  Write-Host("SetupAuthorizationHeader function/module")
  Write-Host($usertoken)
  $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
  $headers.Add("Authorization", "Bearer $usertoken")
  $headers.Add("Content-Type", "application/json")
  return $headers
}

So we are using az cli to get the require token. 

Next, under setup AuthorizationHeader method, we are using that token to setup Bear authorization header which we will pass along in our requests. 





Comments

Post a Comment

Popular posts from this blog

gemini cli getting file not defined error

Image
 While trying to run gemini cli on my windows linux subsystem, i bump into this error here - "/Roaming/npm/node_modules/@google/gemini-cli/node_modules/undici/lib/web/webidl/index.js:512 webidl.is.File = webidl.util.MakeTypeAssertion(File)"  "ReferenceError: File is not defined" In Node.js, there’s no built-in File (until very recent Node 20+ with experimental WHATWG APIs). So, unless polyfilled, File is undefined, leading to the ReferenceError. And to resolve this, I had to upgrade to node 22 (might work for node 20) and then I was able to run it.
Read more

NodeJS: Error: spawn EINVAL in window for node version 20.20 and 18.20

Encounter this issue when running autorest (that uses nodejs).  I am using node version:  v18.20.2 After i revert to use node v18.12.0, then i was able to get my app to run without this error. Since i am working with Azure devops yaml, i was able to use the following to resolve my issue.  - task : NodeTool@0   inputs :     versionSource : 'spec'     versionSpec : '18.18.0'
Read more

vllm : Failed to infer device type

Trying to run vllm without gpu will typicaly lands you into this issue. To resolve this issue: we can use set these both. Setting one does not work for me. So i had to configure both settings below:- 1.  environment variable CUDA_VISIBLE_DEVICES = "" 2. in the command line, change to use device cpu and remove  tensor-parallel-size. For example, python3 -m vllm.entrypoints.openai.api_server --port 8080 --model deepseek-ai/DeepSeek-R1 --device cpu --trust-remote-code --max-model-len 4096" References https://docs.vllm.ai/en/latest/getting_started/troubleshooting.html#failed-to-infer-device-type
Read more