Problem Space Over the years of developing Infrastructure as Code (IaC) with either ARM templates or Bicep (since it was released in 2020), I have made it my best practice where possible to use well-defined base type parameters (Strings | Integers | Booleans) so that the templates are usable and maintainable by …
Read MoreBicep is a great improvement over ARM Templates but doesn’t remove the need to validate our code at build time. I could continue to use the ARM-TTK and validate the generated template, but bicep has it’s own built in rules. Getting build errors in a way that can provide meaningful information in my CI/CD tooling is an …
Read MoreIssue Many development tools rely on the fact that git.exe is installed to perform source control operations e.g. VSCode. However, a common problem I have seen is that security settings on many corporate Windows devices do not allow the installation of git CLI using an MSI file by the user. VSCode is an approved …
Read MoreOverview After setting up a Logic App (Standard) Backend in Azure API Management (APIM) in my last post, I wanted to try and see if I could create a Swagger definition from a Standard Logic App which could then be used to simplify the API authoring process in APIM. This post shows my methods of doing so. If you …
Read MoreOverview Updated [31/01/2024]: See New Post showing methods of linking a Logic App Standard as a Backend to APIM through a Swagger Definition. I have recently been reviewing the method in which a Logic App (Standard) workflow would be setup as an API in API Management. My aim is to overcome and simplify the limitation …
Read MoreBackground I have recently hit a problem whilst developing some training material on Single Sign on (SSO) in GitHub Enterprise. This training is to be delivered in a training instance of GHE that is configured to use a training instance of Azure Entra ID as the SAML identity provider. To make my life easier, so I am …
Read MoreBackground On some projects we use Jeremy Long's DependencyCheck tool, via the Azure DevOps task, to scan our code for known vulnerabilities. This tool uses the National Vulnerability Database (NVD) to get its data. This data is downloaded on demand from the NVD site but the DependencyCheck tool. Since the recent API …
Read MoreIf you haven’t already, placing a customisation on your command prompt for PowerShell is a great way to gain extra context in given activities. For example, if you would like to have a comprehensive overview of your Git status summary information, then posh-git is for you. Be Careful: Adding customisations will …
Read MoreBackground Azure role-based access control (Azure RBAC) provides fine grained control over access to Azure resources. Azure RBAC is founded on top of the Azure Resource Manager which allows us to provide access authorisation at differing scope levels ranging from the Management Group through to individual resources. …
Read MoreProblem Space There is a potential unintentional side effect when you add a APIM subscription key as a header to an inbound request. The header is not stripped from the request prior to being sent to the configured backend service. Rather it is retained. If you manage the backing service and are not concerned with the …
Read More