AZ-400 Exam Dumps : Microsoft Azure DevOps Solutions

Every request made against a storage service must be authorized, unless the request is for a blob or container resource that has been made available for public or signed access. One option for authorizing a request is by using Shared Key.

Scenario: The mobile applications must be able to call the share pricing service of the existing retirement fund management system. Until the system is upgraded, the service will only support basic authentication over HTTPS.

The investment planning applications suite will include one multi-tier web application and two iOS mobile application. One mobile application will be used by employees; the other will be used by customers.

Task 6: Create a Service Connection for Resource Group Deployment using Managed Identity and Workload Identity Federation

Step 1: Understand the Requirements

You want to deploy resources in the RGHod489Q1628 resource group.

The service connection must:

Use the ManagedJd1 managed identity.

Use workload identity federation (OIDC-based authentication for enhanced security).

Step 2: Verify Prerequisites

You need to ensure:

The ManagedJd1 managed identity exists in your Azure subscription.

Your Azure DevOps project (Project1) is linked to an Azure Active Directory tenant (for OIDC support).

You have the Owner or User Access Administrator role on the RGHod489Q1628 resource group.

Step 3: Assign Role to Managed Identity

Go to the Azure Portal.

In the search bar, type Managed Identities and select Managed Identities.

Locate and click on the ManagedJd1 identity.

In the left menu, click Azure role assignments.

Click + Add role assignment.

Set the following:

Scope: Resource Group

Subscription: Your subscription

Resource Group: RGHod489Q1628

Role: Contributor (or appropriate role)

Click Save.

This step ensures ManagedJd1 has permissions to deploy resources to RGHod489Q1628.

Step 4: Create a Federated Credential for Workload Identity Federation

In the Azure Portal, navigate to the ManagedJd1 managed identity.

In the left menu, click Workload identity federation (preview).

Click + Add a federated credential.

Configure as follows:

Federated credential name: devops-oidc

Issuer: (or use the default for Azure DevOps)

Subject identifier: Use the following format for Azure DevOps:

css

Copy

system:azuredevops:{organizationName}:{projectName}

For example:

css

Copy

system:azuredevops:{YourOrganizationName}:{Project1}

Audience: api://AzureADTokenExchange

Click Add.

This federated credential establishes trust between your Azure DevOps project and the managed identity.

Step 5: Create a Service Connection in Azure DevOps

Go to your Azure DevOps project (Project1) in the browser.

In the left menu, click Project settings.

Under Pipelines, click Service connections.

Click New service connection.

Choose Azure Resource Manager.

Choose the authentication method:

Select Workload identity federation.

Configure the service connection:

Scope level: Resource Group.

Resource Group: RGHod489Q1628.

Subscription: Your subscription.

Authentication method: Managed Identity with workload identity federation.

Managed Identity: Enter the client ID or select ManagedJd1.

Service connection name: e.g., Project1-RGHod489Q1628-Conn.

Grant access permission to all pipelines (recommended).

Click Save.

Step 6: Validate the Service Connection

After creation, click on the new service connection to Verify it.

Ensure the connection test is successful.

You can now use this service connection in your pipelines for deploying resources to RGHod489Q1628.

Task 7: Create a Pipeline to Deploy a Docker Image in a New Branch

Step 1: Create a New Branch

In your Azure DevOps Project (Project1), navigate to Repos.

In the left menu, click on Branches.

Click New branch.

Enter:

Branch name: azure-pipelines

Based on: main (or your default branch)

Click Create.

This creates a new branch named azure-pipelines.

Step 2: Switch to the New Branch

In Repos, click on Files.

In the top-left branch selector, choose azure-pipelines.

Step 3: Use the Predefined Docker Pipeline Template

Azure Pipelines has predefined YAML templates for common tasks, including Docker.

Here’s how to add it:

In the azure-pipelines branch, click New file.

Name the file: azure-pipelines.yml.

Click the Show templates button in the YAML editor (if available).

Search for the Docker template in the list of predefined templates.

Select the Docker template to auto-populate the YAML file.

If the editor doesn’t show the template picker, you can manually add the following basic Docker pipeline template:

yaml

Copy

# Predefined Docker pipeline template

trigger:

- main

resources:

- repo: self

variables:

imageName: 'mydockerimage'

stages:

- stage: Build

displayName: Build and push stage

jobs:

- job: Build

pool:

vmImage: 'ubuntu-latest'

steps:

- task: Docker@2

displayName: Build and push an image to container registry

inputs:

command: buildAndPush

repository: $(imageName)

dockerfile: '**/Dockerfile'

containerRegistry: ''

tags: |

latest

Replace with your actual Azure Container Registry (ACR) or DockerHub service connection name.

Step 4: Commit the Pipeline to the New Branch

In the YAML editor, review and adjust if needed (like setting the correct container registry service connection).

In the bottom commit message box:

Message: e.g., Add Docker deployment pipeline

Ensure the branch is set to azure-pipelines.

Click Commit (not commit to main).

This creates the pipeline YAML file in the new azure-pipelines branch.

Step 5: Create the Pipeline in Azure DevOps

In the left menu, click Pipelines.

Click New pipeline.

Choose:

Azure Repos Git.

Select your repo.

Select Existing Azure Pipelines YAML file.

In the branch selector, choose the azure-pipelines branch.

Select the YAML file path (azure-pipelines.yml).

Click Continue and then Run to validate the pipeline.