Skip to content
This repository has been archived by the owner on Nov 10, 2019. It is now read-only.

Latest commit

 

History

History
134 lines (91 loc) · 5.98 KB

exercise02.md

File metadata and controls

134 lines (91 loc) · 5.98 KB

Exercise 2

Learnings

  1. Access Azure using Visual Studio's Cloud Explorer
  2. Basics about Shared Access Signatures
  3. Use PowerShell to administrate Azure

Create Azure Storage for Development

  1. Open Azure Portal and sign in.

  2. Discussion points:

    • If some attendees are completely new to Azure, demonstrate the features of the portal
    • Talk about security aspects of Azure administration

  3. Create a new Resource group named PracticalDevOps-Dev

  4. Discussion points:

    • Describe the importance of resource groups
    • Talk about RBAC and resource groups

  5. Add a Storage account named books<yourname>dev (replace <yourname> with your name to get a globally unique storage account name).
    Dev Storage Account

  6. Discussion points:

    • Brief overview about different storage offerings in Azure (PaaS, IaaS)
    • Short introduction into the features of blob storage (access via HTTPS, redunancy options, account name/key, private vs. public containers, etc.)

  7. In Visual Studio, add your Azure account to your profile.
    Edit profile

  8. Use Cloud Explorer in Visual Studio to connect to your storage account.
    Cloud Explorer

  9. Use Cloud Explorer to create a new Blob Container named booknametokens.

  10. Upload BookNameTokens.txt into the new container.

  11. Copy blob URL using Cloud Explorer.
    Copy Blob URL

  12. Try to open blob using a browser. It must not work as the blob is private!

Create Shared Access Signature

  1. Open PowerShell with Azure PowerShell installed.

  2. Discussion points:

    • PowerShell vs. Azure CLI

  3. Use the following script to create a Shared Access Signature (SAS) for the uploaded blob (note that you have to replace <yourname> accordingly). If you want, experiment with the Azure PowerShell commands.

    # Set various names
$resourceGroupName = "PracticalDevOps-Dev"
$storageAccountName = "books<yourname>dev"
$containerName = "booknametokens"
$policyName = "BookNameTokens Policy 2"

# Sign-in
Login-AzureRmAccount

# Optionally: If you have mulitple subscriptions, select the one you want to use
# Get-AzureRmSubscription
# Select-AzureRmSubscription -SubscriptionId ...

$accountKeys = Get-AzureRmStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName
$storageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $accountKeys.Key1

$container = Get-AzureStorageContainer -Context $storageContext -Name $containerName
$cbc = $container.CloudBlobContainer

$permissions = $cbc.GetPermissions();
$policy = new-object 'Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPolicy'
$policy.SharedAccessStartTime = $(Get-Date).ToUniversalTime().AddMinutes(-5)
$policy.SharedAccessExpiryTime = $(Get-Date).ToUniversalTime().AddYears(1)
$policy.Permissions = "Read"
$permissions.SharedAccessPolicies.Add($policyName, $policy)
$cbc.SetPermissions($permissions);

$policy = new-object 'Microsoft.WindowsAzure.Storage.Blob.SharedAccessBlobPolicy'
$sas = $cbc.GetSharedAccessSignature($policy, $policyName)
Write-Host $sas

  4. Copy the ouput of the script (a Shared Access Signature) to the clipboard. It should look something like this: ?sv=2015-04-05&sr=c&si=BookNameTokens%20Policy%202&sig=hRQlxasvNZKX3voV%2FEsdf12sdf1MBmmDWRZsJ46bOYo%4X

  5. Discussion points:

    • Code walkthrough for PowerShell script
    • Structure of a SAS

  6. Copy blob URL using Cloud Explorer.
    Copy Blob URL

  7. Try to open blob using a browser, but this time append the SAS. Your URL should look something like this: https://bookrainerdev.blob.core.windows.net/booknametokens/BookNameTokens.txt?sv=2015-04-05&sr=c&si=BookNameTokens%20Policy%202&sig=hRQlxasvNZKX3voV%2FEsdf12sdf1MBmmDWRZsJ46bOYo%4X. This time you should be able to download the blob.

Change Web API

  1. Add the BookNameTokenUrl setting to your web.config file. It contains the URL with the SAS. Note that you have to replace & characters with &amp; as web.config is an XML file.

     <?xml version="1.0" encoding="utf-8"?>
 ...
 <configuration>
     <appSettings>
         <add key="MinimumNumberOfBooks" value="1"/>
         <add key="MaximumNumberOfBooks" value="5"/>
         <add key="BookNameTokenUrl" value="https://bookrainerdev.blob.core.windows.net/booknametokens/BookNameTokens.txt?sv=2015-04-05&sr=c&si=BookNameTokens%20Policy%202&sig=hRQlxasvNZKX3voV%2FEsdf12sdf1MBmmDWRZsJ46bOYo%4X"/>
     </appSettings>
     ...
 </configuration>

  2. Search for the following line in Services/NameGenerator.cs: var bookNameTokens = await Task.FromResult(bookNameTokensDummy);. Describe that we have to replace the static book name tokens with a call to Blob Storage.

  3. Replace Services/NameGenerator.cs with the implementation from Exercise-2-Service-Implementation.

  4. Discussion points:

    • Demonstrate downloading of book name tokens from Blob Storage in the debugger
    • Point out that it is inefficient to download the tokens whenever a book title is generated. However, this "bug" is in the sample by design as we can later "find" this potential for optimization using telementry data.

  5. Run your Web Api http://localhost:2690/api/books using a browser or Postman and note how the book names are now generated based on data from Azure Storage.

Further Ideas

If you have time left, you could additionally cover topics like:

  • Show demo for creating artifacts in Azure using Azure CLI
  • Show blob storage client tools you use in practise
  • Speak about how Azure Search can be used on top of different storage offerings to add full-text search