mspnp / cloud-design-patterns Goto Github PK

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

I am following instructions for the Valet Key Pattern sample at https://github.com/mspnp/cloud-design-patterns/tree/main/valet-key,
I run the web application, then run the client, SAS is generated but in the client terminal I get

Press any key to run the sample...
Write operation failed for SAS https://valetkeypatternsierac.blob.core.windows.net:443/valetkeysample/d07801e1-cc87-4f60-8f9c-4be2d1471562?skoid=8ef0c0eb-860b-47a4-8ae8-8dcb7463dd20&sktid=6799c70e-3ceb-4e88-af13-8f6c565fd4a5&skt=2024-01-23T14%3A46%3A34Z&ske=2024-01-24T14%3A46%3A34Z&sks=b&skv=2023-01-03&sv=2023-01-03&st=2024-01-23T14%3A41%3A49Z&se=2024-01-23T14%3A51%3A49Z&sr=b&sp=w&sig=qZEVi6KsQCLs3gcDwe3VyR2PlbPfTfHvRFdXZA55uug%3D
Additional error information: This request is not authorized to perform this operation using this permission.
RequestId:f14b5518-001e-0000-6b0a-4ecd6f000000
Time:2024-01-23T14:46:49.8926542Z
Status: 403 (This request is not authorized to perform this operation using this permission.)
ErrorCode: AuthorizationPermissionMismatch

Content:
?<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:f14b5518-001e-0000-6b0a-4ecd6f000000
Time:2024-01-23T14:46:49.8926542Z</Message></Error>

Headers:
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: f14b5518-001e-0000-6b0a-4ecd6f000000
x-ms-client-request-id: afc67a89-c3ed-4544-949f-490f8c40f034
x-ms-version: 2023-01-03
x-ms-error-code: AuthorizationPermissionMismatch
Date: Tue, 23 Jan 2024 14:46:49 GMT
Content-Length: 279
Content-Type: application/xml

Done. Press any key to exit...

As you can notice, here is the ouput in the web app terminal

Building...
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: http://localhost:10194
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\Projects\AzureDevOpsProjects\DesignPatternsAzure\cloud-design-patterns\valet-key\ValetKey.Web
info: ValetKey.Web.Controllers.SasController[0]
      Blob Uri: https://valetkeypatternsierac.blob.core.windows.net/valetkeysample/6f9958d3-XXXXXXXXXXXXX- Shared Access Signature: skoid=8ef0c0eb-860b-47a4-8ae8-8dcb7463dd20&sktid=6799c70e-3ceb-4e88-af13-8f6c565fd4a5&skt=XXXXXXX6%3A50Z&ske=2024-01-24T14%3A36%3A50Z&sks=b&skv=2023-01-03&sv=2023-01-03&st=2024-01-23T14%3A32%3A04Z&se=2024-01-23T14%3A42%3A04Z&sr=b&sp=w&sig=lEAxJtxLrNGSxWwISiusKJ01NpZ9Hxc7Tf0IRSdHwjw%3D

So why it is not allowing and says AuthorizationPermissionMismatch: This request is not authorized to perform this operation using this permission

Would be interested in a static content hosting pattern that is non Microsoft specific for hosting web component files and folders

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

Very nice stuff, thank you!

The image is wrong for the circuit breaker, it should be the following:
https://github.com/mspnp/cloud-design-patterns/blob/master/docs/circuit-breaker.md

Running into the following error using the sample-1 script.

How to get around it?

az eventgrid event-subscription create --name "function" --included-event-types "Microsoft.Storage.BlobCreated" --endpoint "https://${PREFIX}functionapp.azurewebsites.net/api/ClaimCheck" --endpoint-type "webhook" --source-resource-id "${SID}" -o json >> azcli-execution.log

WARNING: If you are creating an event subscription from a topic that has Azure as the value for its kind property, you must validate your webhook endpoint by following the steps described in https://aka.ms/eg-webhook-endpoint-validation.
**ERROR: Operation returned an invalid status 'Bad Request'**

I'm running the Azure emulator on my local PC. After about 30 seconds of no apparent activity in Visual Studio 2017, QueueManager.Setup() { if (!namespacemanager.TopicExists( this.topicName )) causes an Exception:
"System.UnauthorizedAccessException occurred
HResult=0x80070005
Message=The token provider was unable to provide a security token while accessing 'https://ckdemo-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The remote name could not be resolved: 'ckdemo-sb.accesscontrol.windows.net''.
Source=Microsoft.ServiceBus
StackTrace:
at Microsoft.ServiceBus.TokenProviderUtility.GetMessagingWebToken(TokenProvider tokenProvider, Uri namespaceAddress, String appliesTo, String action, Boolean bypassCache, TimeSpan timeout)
at Microsoft.ServiceBus.Messaging.HttpWebRequestExtensions.AddAuthorizationHeader(HttpWebRequest request, TokenProvider tokenProvider, Uri namespaceAddress, String action)
at Microsoft.ServiceBus.Messaging.ServiceBusResourceOperations.GetAsyncResult1.<GetAsyncSteps>d__22.MoveNext() at Microsoft.ServiceBus.Messaging.IteratorAsyncResult1.EnumerateSteps(CurrentThreadType state)
at Microsoft.ServiceBus.Messaging.IteratorAsyncResult`1.Start()
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.ServiceBus.Common.AsyncResult.End[TAsyncResult](IAsyncResult result)
at Microsoft.ServiceBus.NamespaceManager.EndTopicExists(IAsyncResult result)
at PriorityQueue.Shared.QueueManager.Setup(String subscription, String priority) in C:\Users\tim\Documents\Visual Studio 2017\Projects\cloud-design-patterns-master\priority-queue\PriorityQueue.Shared\QueueManager.cs:line 63
at PriorityQueue.Shared.PriorityWorkerRole.OnStart() in C:\Users\tim\Documents\Visual Studio 2017\Projects\cloud-design-patterns-master\priority-queue\PriorityQueue.Shared\PriorityWorkerRole.cs:line 40
at Microsoft.WindowsAzure.ServiceRuntime.RoleEnvironment.InitializeRoleInternal(RoleType roleTypeEnum)
at Microsoft.WindowsAzure.ServiceRuntime.Implementation.Loader.RoleRuntimeBridge.b__0()

Inner Exception 1:
SecurityTokenException: The token provider was unable to provide a security token while accessing 'https://ckdemo-sb.accesscontrol.windows.net/WRAPv0.9/'. Token provider returned message: 'The remote name could not be resolved: 'ckdemo-sb.accesscontrol.windows.net''.

Inner Exception 2:
WebException: The remote name could not be resolved: 'ckdemo-sb.accesscontrol.windows.net' "

Also, where are the Trace Log files? I am unable to find them, nor find any reputable source who has the answer (i.e. C:\somefolder\subfolder\somefilename.svclog)

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

Hello, I have a private container and I am trying to reach the files. For that I am using this method:

 public static string GetBlobSasUri(string containerLocation, string blobName, string policyName = null)
        {
            string sasBlobToken;

            // Get a reference to a blob within the container.
            // Note that the blob may not exist yet, but a SAS can still be created for it.
            CloudStorageAccount storageAccount = CloudStorageAccount.Parse(ConfigurationManager.
             ConnectionStrings["AzureConnection"].ConnectionString);
            CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
            CloudBlobContainer container = blobClient.GetContainerReference(containerLocation);
            CloudBlockBlob blob = container.GetBlockBlobReference(blobName);

            if (policyName == null)
            {
                // Create a new access policy and define its constraints.
                // Note that the SharedAccessBlobPolicy class is used both to define the parameters of an ad-hoc SAS, and
                // to construct a shared access policy that is saved to the container's shared access policies.
                SharedAccessBlobPolicy adHocSAS = new SharedAccessBlobPolicy()
                {
                    // When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request.
                    // Omitting the start time for a SAS that is effective immediately helps to avoid clock skew.
                    SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
                    Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create
                };

                // Generate the shared access signature on the blob, setting the constraints directly on the signature.
                sasBlobToken = blob.GetSharedAccessSignature(adHocSAS);

                Console.WriteLine("SAS for blob (ad hoc): {0}", sasBlobToken);
                Console.WriteLine();
            }
            else
            {
                // Generate the shared access signature on the blob. In this case, all of the constraints for the
                // shared access signature are specified on the container's stored access policy.
                sasBlobToken = blob.GetSharedAccessSignature(null, policyName);

                Console.WriteLine("SAS for blob (stored access policy): {0}", sasBlobToken);
                Console.WriteLine();
            }

            // Return the URI string for the container, including the SAS token.
            return blob.Uri + sasBlobToken;
        }

But then when I try to past the final URI in my browser I always get this error:

<Error>
<Code>AuthenticationFailed</Code>
<Message>
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:96d18e26-0001-008e-7eb3-c88fcd000000 Time:2017-05-09T11:01:24.9128128Z
</Message>
<AuthenticationErrorDetail>
Signature did not match. String to sign used was rcw 2017-05-10T11:01:06Z /blob/mystorage/profiles/317ce29e-86c9-46d8-8579-8cbdaf385971pic.png 2016-05-31
</AuthenticationErrorDetail>
</Error>

Any ideia why?

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

Hi, I ran the
./sample-1-azure-setup.sh uniqname
(I changed the location to francecentral) It created some resources as fllows

but errored as follows

create: functionapp checkgccfunctionapp
WARNING: No functions version specified so defaulting to 3. In the future, specifying a version will be required. To create a 3.x function you would pass in the flag --functions-version 3
ERROR: Could not find a runtime version for runtime {} with functions version {} and os {}Run 'az functionapp list-runtimes' for more details on supported runtimes.

I added -functions-version 3 as follows

az functionapp create --name "${PREFIX}functionapp" --plan "${PREFIX}plan" --resource-group "${RG}" --storage-account "${PREFIX}storage" --functions-version 3 -o json >> azcli-execution.log

it errored again

create: functionapp checkgccfunctionapp
ERROR: Could not find a runtime version for runtime {} with functions version {} and os {}Run 'az functionapp list-runtimes' for more details on supported runtimes.

Thanks for your help

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform

$ az deployment group create --resource-group $RESOURCE_GROUP --template-file deploy.json --parameters appName=$APP_NAME
ERROR: {"error":{"code":"InvalidTemplateDeployment","message":"The template deployment 'deploy' is not valid according to the validation procedure. The tracking id is 'f9fd88a9-1f32-4f7f-8d60-78c7ce8accb1'. See inner errors for details.","details":[{"code":"PreflightValidationCheckFailed","message":"Preflight validation failed. Please refer to the details for the specific errors.","details":[{"code":"AccountNameInvalid","target":"ra-arrmn4jurgdwz63y","message":"ra-arrmn4jurgdwz63y is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only."},{"code":"AccountNameInvalid","target":"ra-arrdatamn4jurgdwz63y","message":"ra-arrdatamn4jurgdwz63y is not a valid storage account name. Storage account name must be between 3 and 24 characters in length and use numbers and lower-case letters only."}]}]}}

Review for refactoring:

• ASM to ARM
• Azure services to demo pattern
• Or is this now a code snippet with the pattern built in-to an Azure service/platform