Connecting to your Azure SQL database over a Private Endpoint

In a corporate network, internal database servers are usually heavily firewalled in separate network segments. However, when we deploy our database in Azure, we can connect to it directly over the internet.

To improve the security of your database, you should use a private link (also known as Private Endpoint) to connect to your database from your application. This will route the traffic over internal Azure connections, and you can disallow any public access to the database server.

Fixing 'Could not inject value for GitVersion' in Azure Pipelines

If you are using GitVersion with NUKE and you are trying to get the pipeline working, but are running into the build failing with Could not inject value for GitVersion.

I will assume you are using a YAML pipeline (and in my case I was pulling the sources from GitHub), try this.

First open the pipeline that is experiencing issues and go select ‘Edit’:

Screenshot of Azure Pipelines overview.

Select the additional settings that are collapsed and go to ‘Triggers’:

Expanded additional settings with Triggers highlighted

Capturing application logging in MsTest

In a lot of projects I have been on I’ve seen the following approaches when it comes to application logging in test:

  1. The most popular option: It is completely ignored, either by pumping it into a mock or a NullLogger
  2. It is tested by verifying that the correct log messages are written. This is usually done to satisfy a ‘strict’ mocking framework.

Neither of these options are ideal in my opinion. The first option totally hides the logging, making it hard to see if it is actually valuable. The second option adds too much noise into the tests, since verifying that the message is written doesn’t tell me much.

Easy way to set Azure RBAC roles in Bicep

When deploying resources in Azure using Bicep, occasionally you will have to assign rights to a user or principal to perform certain actions. For example, authorizing an app service to access a storage account.

Initially you would create something like this:

// Assume we have an app service with a System Assigned managed service identity
var principalId = appService.identity.principalId;

resource storageAccount 'Microsoft.Storage/storageAccounts@2021-06-01' existing = {
    name: 'some-existing-storage-account'
}

resource roleAuthorization 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = {
    name: guid(storageAccount.id, resourceGroup().id, principalId)
    scope: storageAccount
    properties: {
        principalId: principalId
        roleDefinitionId: '/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe' // Storage Blob Data Contributor
    }
}

I came up with the following Bicep module which shows a nice way to hide the nasty details such as the role guids in a module.

Running GitVersion as a .NET Core local tool in FAKE

Recently I wanted to use GitVersion to determine the version number for a project. To keep the project self-contained I installed GitVersion as a .NET Local Tool. However, when trying to get the generated version numbers through FAKE it didn’t work.

Unfortunately, the current version of FAKE does not support running GitVersion as a dotnet tool. To bridge that gap I wrote the following FAKE script to get it to work.

SQL Server integration testing using xUnit

Recently I wanted to verify that my data access layer could properly read and write to a SQL Server database, and I wanted to have these tests automated. I wanted to answer these questions:

  1. Can my DbContext roundtrip entities to the database and back?
  2. Does the schema in my migration scripts match the expected schema in my code? (follows from 1)
  3. Can my migration scripts be applied to the database correctly?

Since I was using SQL Server I could utilize SQL Server LocalDB that comes with Visual Studio. To keep performance acceptable I do not want to create and destroy a database for each test, so I need a way to reset the database after a test has run.

Hosting an ASP.NET Core web application in Azure

As a side project, I am working on a web application that I want to host in Azure eventually. There is a ton of documentation available around Azure but instructions vary by product. I have documented the steps I needed to run a web application in Azure.

To make it easier to automate the deployment steps I am avoiding the Azure portal. I want to script these steps later so that I can automate my deployments. Everything I want to do can be done using the Azure CLI so, for now, I will be using that.

Authorizing Managed Service Identity in Azure SQL Database

When trying to deploy a simple web application and Azure SQL database through Azure DevOps pipelines, I wanted to use a system managed application identity to authorize the web application to access the database. This requires running something like the following SQL script on the Azure SQL database.

CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
ALTER ROLE db_ddladmin ADD MEMBER [<identity-name>];

I was having a lot of trouble getting the Azure SqlCmd task to work, while the error(s) it was showing was not helpful at all. For example:

Reducing GuidCombGenerator allocations

Recently at work, I had to implement some functionality that required the use of Guid identifiers that were stored in SQL Server. The Guids were generated in the application and used as an alternative key / external identifier for other systems. To avoid excessive index fragmentation, we opted to use the GuidComb variant using a generator from the NHibernate project.

The GuidCombGenerator generates Guid values that have a timestamp embedded into the last 6 bytes. For example:

SSH cmdlets missing from posh-git

After repaving my machine and installing the latest version of posh-git I noticed that my Powershell profile was no longer working properly. I was using the Start-SshAgent cmdlet to load my SSH keys and well, it was no longer recognized.

When I checked the GitHub repository, it was not immediately clear that these have been moved to a separate project: posh-sshell. Follow the instructions (or clone the repository), and include this new Powershell module as well in your profile!