Azure - Davz33/tutorials GitHub Wiki
IAM & access control
Azure Active Directory (AAD)
note: below are azure cli commands
List users
az ad user list
Create User
az ad user create --display-name
--password
--user-principal-name
[--force-change-password-next-sign-in {false, true}]
[--immutable-id]
[--mail-nickname]
Storage
Blobs
Add permissions for container
First, list all storage accounts. Thereof, we are interested in the scope, namely what comes after "id" elements.
az storage account list | grep id
you'll get something as:
/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>
Having identified the scope, and knowing your container name you can now:
az role assignment create \ --role "Owner" \ --assignee <your-id> \ --scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>/blobServices/default/containers/<container>"
Copy to azure blob via azcopy
logging in via AAD
After having assigned the roles for access appropriately, you need to install azcopy on the machine where you'll copy from.
azcopy login --tenant-id=<AAD-tenant-id>
copy
single file
az copy "[path-to-file]" "https://[account].blob.core.windows.net/[container]/[path/to/container-directory]"
directory
az copy "[path-to-file]" "https://[account].blob.core.windows.net/[container]/[path/to/container-directory]" --recursive=true
Dev-Ops
Create and push local image to Azure Container Registry
After creating your container registry, you can spawn an admin user and (2) passwords. This practice is not avised unless temporarily for pushing your image. You should deactivate your admin credentials in the end. Alternatively, you can assign pull/push roles to an azure server principal.
read -sp "Continer Registry Admin Credentials: " SP_PASSWD && echo && docker login <registryname>.azurecr.io --username <admin-usr> --password $SP_PASSWD
docer images
docker tag <your-image-id> <registryname>.azurecr.io/<tag>
docker push <registryname>.azurecr.io/<tag>```