danielscholl

AKS Workload Identity Demo Script Specification

PART I: DEMO-SPECIFIC CONTENT

This section contains specific details for this spec

Purpose

This script demonstrates Azure Kubernetes Service (AKS) workload identity integration with Key Vault, allowing pods to authenticate to Azure services and access secrets without storing credentials.

Cross-Tenant Access Configuration with Existing Azure AD Applications

This guide provides a step-by-step tutorial on configuring cross-tenant access between two existing Azure Active Directory (Azure AD) applications. Specifically, it details how a user from Tenant 1 can access an application hosted by Tenant 2 using OpenID Connect (OIDC) protocols.

Prerequisites

Administrative Access: Ensure you have administrative privileges in both Tenant 1 and Tenant 2.
Existing Azure AD Applications: Both tenants should have their applications registered in Azure AD.
Familiarity with Azure Portal: Basic understanding of navigating and configuring settings within the Azure portal.

Title: Run LiteLLM in Docker with Localhost Exposure and API Key

Description: A guide to containerize litellm and expose it on localhost:4000 while using an API_KEY environment variable.

Content:

# Dockerfile for LiteLLM
# ----------------------
# Base Python image

Bicep Azure Verified Modules

bicep/avm/res/aad/domain-service (Version: 0.3.0)
- No default sample found
bicep/avm/res/alerts-management/action-rule (Version: 0.2.0)
- No default sample found
bicep/avm/res/analysis-services/server (Version: 0.3.1)

Aider Architect Prompt Sample

/architect Create an azd bicep project following conventions.
Using AVM modules create: User Managed Identity, Key Vault, AKS in eastus2.

Aider Conf Settings

.aider.conf.yml

	#!/usr/bin/env python3
	# /// script
	# dependencies = [
	# "typer>=0.16.0", # CLI framework with automatic help generation
	# "rich>=14.0.0", # Rich console output and formatting
	# "pydantic>=2.11.7", # Data validation and settings management
	# "pyyaml>=6.0", # YAML processing for resource definitions
	# ]
	# ///

	<purpose>
	You are an expert in analyzing security vulnerabilities in Maven POM files.
	Your task is to analyze the Dependabot vulnerability report, categorize vulnerabilities by severity,
	and filter out any irrelevant data based on the criteria specified in the <instructions> section.
	</purpose>

	<instructions>
	<instruction>Read and analyze the provided Dependabot vulnerability report.</instruction>
	<instruction>Group vulnerabilities by severity in the following order: Critical, High, Medium, Low.</instruction>
	<instruction>For each vulnerability, extract and display:

	<purpose>
	You are an expert in analyzing and refactoring Maven POM files.
	Your task is to analyze the POM file provided in the <project> section at the end of this file,
	and provide both a standardized POM file and clear documentation for changes.

	Follow the pattern section exactly to generate a properly structured POM file.
	</purpose>

	<instructions>
	<instruction>Read and analyze the POM file content provided in the <project> section at the end of this file.</instruction>

	import requests
	import re

	def extract_bicep_lines(content):
	# Extract lines that match the pattern '- **bicep'
	bicep_lines = []
	for line in content.splitlines():
	if line.startswith('- **bicep'):
	bicep_lines.append(line)

	import requests

	class ACRVersionChecker:
	def __init__(self, base_url: str = "https://mcr.microsoft.com"):
	self.catalog_url = f"{base_url}/v2/_catalog"
	self.tag_list_base_url = f"{base_url}/v2"

	def fetch_catalog(self):
	"""Fetch the list of repositories from MCR."""
	print("Fetching repository catalog...")