Friday, April 3, 2020

Azure Hybrid Connection

In the current project, we had to work around some temporary network restrictions to continue with the release. For a first test period, an endpoint had to be called from an Azure Function, which was not yet available on a public server and also this endpoint was not in the hands of our team. Calling it from our dev/test network worked fine.


To sort that out, we just enabled for a few weeks a Hybrid Connection at the required Azure Function and installed the Hybrid Connection Manager on a Machine in our dev/test network. The result is, that for the Function, the endpoint URL is reachable as it would be with a direct call. Behind the scenes, the Request is processed by an Azure Relay/Service Bus From Azure to our Test Server and from there, the request is triggered to the specific endpoint. The response is routed back the same channel so from a caller point of view, it behaves completely like calling a synchronous endpoint.

The important fact is, that there is no active call into the network but the Hybrid Connection Manager is recognizing the activity (call) to the Relay and is processing it in nearly realtime.

Since this was done in 10 minutes, it saved us a lot of time and also avoided any mocking for this endpoint.

Cheers

Monday, March 23, 2020

Get-AzKeyVaultSecret failing with 'Forbidden'

While preparing the pipeline scripts for the current project, I was not able to fetch the secrets form our KeyVault via Powershell using Get-AzKeyVaultSecret.

The Access Policies have been configured correctly and I was owner of the subscription.

Unfortunately, the KeyVault requires explicit 'owner' permissions on KeyVault level to make this work.



Error
Get-AzKeyVaultSecret : Operation returned an invalid status code 'Forbidden'

Solution
Grant owner permissions (temporarily) to your AD-User on KV-Level.

Cheers