- last night's successes!

src/Zimmergren.ACI.DemoWithManagedIdentity/Dockerfile

@@ -0,0 +1,4 @@
+FROM microsoft/dotnet:2.2-runtime
+WORKDIR /app
+COPY ./bin/Debug/netcoreapp2.2/publish .
+ENTRYPOINT ["dotnet", "Zimmergren.ACI.DemoWithManagedIdentity.dll"]

src/Zimmergren.ACI.DemoWithManagedIdentity/Program.cs

@@ -0,0 +1,74 @@
+using System;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using System.Web;
+using Microsoft.Azure.KeyVault;
+using Newtonsoft.Json.Linq;
+
+namespace Zimmergren.ACI.DemoWithManagedIdentity
+{
+    public class Program
+    {
+        static void Main(string[] args)
+        {
+            Console.WriteLine("Welcome to another ACI Demo!");
+            while (true)
+            {
+                Console.WriteLine($"{Environment.NewLine}START {DateTime.UtcNow} ({Environment.MachineName})");
+
+                ProcessRequest();
+
+                Thread.Sleep(2500);
+            }
+        }
+
+        private static void ProcessRequest()
+        {
+            var secretName = "TobiSecretOne";
+            var secretValue = GetSecretFromKeyVault(secretName);
+
+            Console.WriteLine($" Secret '{secretName}' has value '{secretValue}'");
+        }
+
+        /// <summary>
+        /// Gets a given secret from the Key Vault
+        /// </summary>
+        /// <param name="secretName">Name of the secret</param>
+        /// <returns>String value of the secret</returns>
+        private static string GetSecretFromKeyVault(string secretName)
+        {
+            var keyVault = new KeyVaultClient(GetAccessTokenAsync);
+            var secretResult = keyVault.GetSecretAsync($"https://myacidemovault.vault.azure.net", secretName).Result;
+
+            return secretResult.Value;
+        }
+
+        /// <summary>
+        /// Gets an Access Token (Authorization Bearer token) for the given resource.
+        /// Using the public Azure Instance Metadata Service endpoint, which is only accessible from inside this container,
+        /// and only if your service principal that is now attached to your
+        /// ACI container group already has been granted permissions to the resource you're targeting.
+        /// </summary>
+        /// <param name="authority"></param>
+        /// <param name="resource">Resource URI of the targeted service ("https://vault.azure.com", for example)</param>
+        /// <param name="scope"></param>
+        /// <returns></returns>
+        private static async Task<string> GetAccessTokenAsync(string authority, string resource, string scope)
+        {
+            var aimsEndpoint = "169.254.169.254";
+            var apiVersion = "2018-02-01";
+
+            var aimsUri = $"http://{aimsEndpoint}/metadata/identity/oauth2/token?api-version={apiVersion}&resource={HttpUtility.UrlEncode(resource)}";
+
+            HttpClient client = new HttpClient();
+            var response = client.GetStringAsync(aimsUri).Result;
+
+            // Parse the Json response and pick the "access_token" property, which has the value of our Bearer authorization token.
+            var rawResponse = JObject.Parse(response);
+            var accessToken = rawResponse["access_token"].Value<string>();
+
+            return accessToken;
+        }
+    }
+}

src/Zimmergren.ACI.DemoWithManagedIdentity/Zimmergren.ACI.DemoWithManagedIdentity.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp2.2</TargetFramework>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.Azure.KeyVault" Version="3.0.3" />
+    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+  </ItemGroup>
+
+</Project>

src/Zimmergren.ACI.DemoWithManagedIdentity/Zimmergren.ACI.DemoWithManagedIdentity.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.28531.58
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Zimmergren.ACI.DemoWithManagedIdentity", "Zimmergren.ACI.DemoWithManagedIdentity.csproj", "{72726C13-263B-4343-A974-21167D700E68}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{72726C13-263B-4343-A974-21167D700E68}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{72726C13-263B-4343-A974-21167D700E68}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{72726C13-263B-4343-A974-21167D700E68}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{72726C13-263B-4343-A974-21167D700E68}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {3A7A8978-9EAA-4834-A8EF-C268CA83C366}
+	EndGlobalSection
+EndGlobal

src/Zimmergren.ACI.DemoWithManagedIdentity/aim-for-the-stars.cmd

@@ -0,0 +1,6 @@
+dotnet build && dotnet publish
+docker build . -t aci-demo-app-with-managed-identity
+docker tag aci-demo-app-with-managed-identity acrdemomagic.azurecr.io/aci-demo-app-with-managed-identity:latest
+docker push acrdemomagic.azurecr.io/aci-demo-app-with-managed-identity:latest
+REM az container delete -g demos -n aci-demo-app-with-managed-identity
+REM az container create -g demos -f ..\..\yaml\aci-demo-with-managed-identity.yaml

yaml/aci-demo-with-managed-identity.yaml

@@ -0,0 +1,21 @@
+apiVersion: 2018-10-01
+name: aci-demo-app-with-managed-identity
+location: westeurope
+type: Microsoft.ContainerInstance/containerGroups
+identity:
+  type: SystemAssigned
+properties:
+  osType: Linux
+  restartPolicy: Always
+  containers:
+  - name: aci-demo-app-with-managed-identity
+    properties:
+      image: acrdemomagic.azurecr.io/aci-demo-app-with-managed-identity:latest
+      resources:
+        requests:
+          cpu: 2.0
+          memoryInGB: 2.0
+  imageRegistryCredentials:
+  - server: acrdemomagic.azurecr.io
+    username: acrdemomagic
+    password: bXYqFzw2zMbp0NVBzI/QO3HiLzgju5mG