Thursday, August 26, 2021

CICD Improvements with GitHub support in Azure Government and Azure China

We have added support for GitHub in Azure for U.S. Government and Azure China. 

Due to compliance reasons, we suggest customers get their OAuth application to authenticate against their own GitHub accounts. To use GitHub in Azure Gov and Azure China, you can bring your own (BYO) GitHub OAuth application.


Note: BYO GitHub OAuth application capability is not available in Azure public. In Azure public, we use Microsoft managed GitHub OAuth app which simplifies the setup by not requiring customers to bring and manage their own OAuth applications.

 

Getting started steps:

    1. Application Name: <Your desired application name>
    2. Homepage URL: <Your Data Factory's web URL (domain), ex. "https://adf.azure.us">
      Note: if you use ADF in multiple environments, you will need an app per environment (Azure China, Azure Gov, etc.).
    3. Application Description: Optional description
    4. Authorization callback URL: Same as Homepage URL. 

         Copy the client id and client secret for use in the next step.

 

  • Create or use existing Azure Key Vault in the same Azure environment (Azure Gov or Azure China) as your Azure Data Factory. 
    1. Use an existing Azure Key Vault or create a new one in the Azure Portal.
    2. Create a new secret name and set the value equal to the GitHub client secret you generated earlier. 
      AbhishekNarain_0-1629967054184.png

    3. Copy the full secret URL, ex. https://<account name>.vault.azure.net/secrets/github-client-secret-local2/37f145c97a134698ad74f105388ec282
      AbhishekNarain_1-1629967054185.png

    4. Update the Access Policies on the left sidebar and click "+ Add Access Policy".
    5. Under secret permissions, grant "List, Get" permissions and select the principal as your Azure Data Factory. It will allow the data factory to access your GitHub client secret during GitHub authentication. Click add and return to the data factory. 
      AbhishekNarain_2-1629967054185.png

 

  • Configure the GitHub repository in Azure Data Factory
    1. In the ADF management tab, select "Git configuration" and click "Configure."
      AbhishekNarain_9-1629967875649.png
    2. Select repository type as GitHub and enter the GitHub account associated with your repository, then click continue.
      AbhishekNarain_10-1629967875650.png
    3. In the "Azure Government Cloud BYOA" popup, enter your GitHub client id and the secret URL, ex. https://<account name>.vault.azure.net/secrets/github-client-secret-local2/37f145c97a134698ad74f105388ec282. 
      AbhishekNarain_11-1629967875650.png
    4. Click verify and log into GitHub in the popup window.
      AbhishekNarain_12-1629967875650.png
    5. If your OAuth app and key vault are correctly configured, you will then be able to complete your repository setup on the next screen.

AbhishekNarain_13-1629967875650.png

 

                       

AbhishekNarain_14-1629967875650.png

 

Common issue:
Ensure your call back URL is correct and does not include a "/" at the end, ex. https://adf.azure.com is a valid URL, and https://adf.azure.com/ is not

 

 

 

Posted at https://sl.advdat.com/3sN31GZ
Labels: ,