Use GitHub Super Linter in Azure Pipelines

Recently, GitHub has released an open-sourced tool called Super Linter (Blog, Repo). It’s basically a swiss army knife of linters for a collection of languages. This is really cool since I can replace many language-specific tests with a single tool. At the time of writing this article, it already supports many popular languages such as Dockerfile, Golang, JavaScript, JSON, Markdown, YAML, Python3, PHP, Terraform, PowerShell, bash, and many more. The full list is documented on the README file on the GitHub repo. Although the GitHub Super Linter is designed to be used in GitHub Actions, it runs on a container

Continue reading

OMSDataInjection PowerShell Module Updated

I’ve just pushed a small update to my old OMSDataInection PowerShell module. This module is designed to send custom logs to a Log Analytics workspace via its HTTP Data Collector API. The last update was back in 2016, when it was still called OMS. In this version (v1.3.0), I’ve added an additional optional input parameter to allow users to add an Azure Resource Id to the log entry. This is required when the workspace is configured to use resource-context RBAC model. By specifying a valid Azure Resource Id, the user can control who has access to the log entry. This

Continue reading

Deploying Containerized Socks5 Proxy Server Using ACR, ACI and Azure DevOps

Background In certain parts of the world, some of the popular apps and services that I use daily are blocked by state-owned firewalls. Couple of years ago, before we went to that part of the world for family holiday, I looked into setting up proxy servers on the public cloud so we can actually use our Android phones when we are over there. One of my high school friends told me he’s using a popular Socks5 proxy server called Shadowsocks hosted on a GCP VM instance. Shadowsocks is a Linux based server, it is extremely easy to setup, and it

Continue reading

Validating ARM Templates with ARM What-if Operations

The ARM template deployment What-if API was firstly announced to the general public at Ignite last year. It has finally been made available for public preview not long ago. This is a feature that I’ve been keeping close eye on ever since I heard about way before Ignite, when it was still under NDA. In a nutshell, comparing to the existing ARM template validation capability (Test-AzResourceGroupDeployment, Test-AzDeployment, etc.), the what-if API provides additional capability that provides you an overview on if your template is deployed, what resources will be created / deleted and modified. Although the what-if API is still

Continue reading

Inside Azure Management Book v4 Is Being Released for Preview

Few years ago, few of us started a book authoring project for then-called Microsoft Operations Management Suite (OMS). Since the technology is constantly evolving, we have renamed the book to Inside Azure Management on version 3 last year. We have started working on version 4 of the Inside Azure Management book couple of months ago.This time, we have sourced few additional talented authors to help out. Given the challenging time we are all facing right now, we are a little bit behind the original schedule. However, we are expecting to have the book released no later than 15th of May

Continue reading

Managing Azure Resource Tags using Azure Policy Modify Effect

The new Modify effect for Azure Policy was introduced few months ago. I was really excited about this new addition, but unfortunately I haven’t had time to write this post until today. The Modify effect is designed SPECIFICALLY for managing resource tags. You can use it to add / update / remove tags during resource creation or update (basically for both new and existing resources). Problem we had… Before the Modify effect was introduced, we were managing the tags using the “Deny” and “Append” effects: Deny: “Require tag and its value” policy “Require tag and its value on resource groups”

Continue reading

Puppet Facts Detecting Cloud Providers for Windows VMs

I’m currently working on a Puppet Module for Windows Server. This module needs to detect which public cloud platform is the Windows server running on. More specifically, Azure, or GCP or AWS. To do so, I can either write a custom Puppet fact in Ruby, or an external fact (i.e. in PowerShell). So I’ve written both. The custom fact (cloud.rb) is placed in the lib/facter folder in the module. The external fact (cloud.ps1) is placed in the facts.d folder in the module. Custom Fact: View the code on Gist. External Fact: View the code on Gist. To test, you can

Continue reading

Updated Azure Policy Definitions for Azure Diagnostics Settings Again

I firstly published a set of policy definitions for configuring Azure resource diagnostics settings last year. You can find the original post here: https://blog.tyang.org/2018/11/19/configuring-azure-resources-diagnostic-log-settings-using-azure-policy/. I have been keeping them up-to-date since then. I’ve updated the Policy Definitions for the resource Diagnostic Settings again today with the following updates: New Policies added: Azure Bastion Hosts Azure AD Domain Services Existing Policy Updated: Azure App Service – with the support for the additional logs announced at Ignite 2019. Also the name of the policy file has changed. Removed (since they were incorrectly written in the first place and never worked): VM VMSS

Continue reading

100 Days of Infrastructure as Code in Azure

I have been asked to contribute to the 100 Days of IaC in Azure project started by Ryan Irujo (@reirujo) and Pete Zerger (@pzerger). I accepted the invitation and have already contributed 4 articles for this project. Right now we are not even half way through the 100 articles yet, I’m planning to continue contributing in the coming weeks. Both Pete and Ryan are extremely talented in this field, I am very pleased to be part of this awesome project. If you are focusing on Azure, Infrastructure as Code or DevOps, I strongly recommend you to check this out: https://bit.ly/100DaysOfIaC.

Continue reading

Deploying Management Group Level Custom RBAC Role Using ARM Templates

Although custom RBAC roles can be deployed using subscription-level ARM templates, they are actually tenant level resources. When you deploy a custom RBAC role using a subscription-level template for the first time, it will work, but if you deploy the same custom role again to another subscription within the same tenant, the deployment will fail because the role already exists. To make the role available in additional subscriptions, you must modify the assignment scope of the role definition, making it available to other subscriptions. Recently, Microsoft has made custom RBAC roles available on Management Groups level. This greatly simplified the

Continue reading
%d bloggers like this: