IntelliTect-Samples · jenny-curry · Apr 7, 2026 · Apr 2, 2026 · Apr 2, 2026 · Apr 2, 2026
diff --git a/.github/workflows/azure-login-service-principal.yml b/.github/workflows/azure-login-service-principal.yml
@@ -16,67 +16,136 @@ permissions:
 
 jobs:
   # # Job 1: Login using OIDC (Recommended - More Secure)
-  # login-with-oidc:
+  login-with-oidc:
+    runs-on: ubuntu-latest
+    environment: production  # The login step will use this environment as part of the subject claim when reaching out to azure to looking for a matching OIDC Federated Credential. If this is ommitted, the branch name will be used in the subject claim
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Azure Login with OIDC
+        uses: azure/login@v1
+        with:
+          client-id: ${{ vars.CLIENT_ID }}
+          tenant-id: ${{ vars.TENANT_ID }}
+          subscription-id: ${{ vars.SUBSCRIPTION_ID }}
+          enable-AzPSSession: true
+
+
+      - name: Verify Azure Connection
+        run: |
+          echo "Successfully logged into Azure!"
+          az account show
+          az group list --output table
+
+      - name: Azure CLI Script Example
+        run: |
+          # Example: List all resource groups
+          echo "=== Resource Groups ==="
+          az group list --query "[].{Name:name, Location:location}" --output table
+
+          # Example: List all storage accounts
+          echo "=== Storage Accounts ==="
+          az storage account show --name ewu2026test --resource-group rg-vmtest1 --query "[].{Name:name, Location:location}" --output table
+
+
+      - name: Logout from Azure
+        if: always()
+        run: az logout
+
+  # Job 2: Login using Service Principal with Client Secret
+  # login-with-client-secret:
   #   runs-on: ubuntu-latest
-  #   environment: production  # Optional: Use GitHub environment for additional protection
 
   #   steps:
   #     - name: Checkout code
   #       uses: actions/checkout@v4
 
-  #     - name: Azure Login with OIDC
+  #     - name: Azure Login with Service Principal
   #       uses: azure/login@v1
   #       with:
-  #         client-id: ${{ secrets.AZURE_CLIENT_ID }}
-  #         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-  #         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+  #         creds: |
+  #           {
+  #             "clientId": "${{ secrets.AZURE_CLIENT_ID }}",
+  #             "clientSecret": "${{ secrets.AZURE_CLIENT_SECRET }}",
+  #             "subscriptionId": "${{ secrets.AZURE_SUBSCRIPTION_ID }}",
+  #             "tenantId": "${{ secrets.AZURE_TENANT_ID }}"
+  #           }
 
   #     - name: Verify Azure Connection
   #       run: |
-  #         echo "Successfully logged into Azure!"
+  #         echo "Successfully logged into Azure with service principal!"
   #         az account show
-  #         az group list --output table
-
-  #     - name: Azure CLI Script Example
-  #       run: |
-  #         # Example: List all resource groups
-  #         echo "=== Resource Groups ==="
-  #         az group list --query "[].{Name:name, Location:location}" --output table
-
-  #         # Example: List all web apps
-  #         echo "=== Web Apps ==="
-  #         az webapp list --query "[].{Name:name, State:state, Location:location}" --output table
 
   #     - name: Logout from Azure
   #       if: always()
   #       run: az logout
 
-  # Job 2: Login using Client ID and Client Secret
-  login-with-client-secret:
-    runs-on: ubuntu-latest
-
+  # Job 3: Using PowerShell to Create Key Vault
+  create-keyvault-with-powershell:
+    runs-on: windows-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Azure Login with Client ID and Secret
+      - name: Azure Login with OIDC
         uses: azure/login@v1
         with:
-          client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-          tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
+          client-id: ${{ vars.CLIENT_ID }}
+          tenant-id: ${{ vars.TENANT_ID }}
+          subscription-id: ${{ vars.SUBSCRIPTION_ID }}
+          enable-AzPSSession: true
 
-      - name: Verify Azure Connection
-        run: |
-          echo "Successfully logged into Azure with client secret!"
-          az account show
+      - name: Create Key Vault with Azure PowerShell
+        uses: azure/powershell@v1
+        with:
+          azPSVersion: 'latest'
+          inlineScript: |
+            # Set variables
+            $resourceGroupName = "rg-vmtest1"
+            $keyVaultName = "kv-ewu2026test"
+            $location = "eastus"
+
+            Write-Host "Connected to Azure Subscription:"
+            Get-AzContext
+
+            # Check if resource group exists, create if not
+            $rg = Get-AzResourceGroup -Name $resourceGroupName -ErrorAction SilentlyContinue
+            if (-not $rg) {
+              Write-Host "Creating resource group: $resourceGroupName"
+              New-AzResourceGroup -Name $resourceGroupName -Location $location
+            } else {
+              Write-Host "Resource group $resourceGroupName already exists"
+            }
+
+            # Check if Key Vault exists
+            $kv = Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName -ErrorAction SilentlyContinue
+            if (-not $kv) {
+              Write-Host "Creating Key Vault: $keyVaultName"
+              New-AzKeyVault -VaultName $keyVaultName `
+                -ResourceGroupName $resourceGroupName `
+                -Location $location `
+                -EnabledForDeployment `
+                -EnabledForTemplateDeployment
+              Write-Host "Key Vault created successfully!"
+            } else {
+              Write-Host "Key Vault $keyVaultName already exists"
+            }
+
+            # Display Key Vault details
+            Write-Host "`n=== Key Vault Details ==="
+            Get-AzKeyVault -VaultName $keyVaultName -ResourceGroupName $resourceGroupName | 
+              Select-Object VaultName, ResourceGroupName, Location, VaultUri | 
+              Format-List
 
       - name: Logout from Azure
         if: always()
-        run: az logout
+        run: |
+          az logout
+          Disconnect-AzAccount
 
-  # # Job 3: Login using JSON Credentials (Legacy Method)
+  # # Job 4: Login using JSON Credentials (Legacy Method)
   # login-with-json-creds:
   #   runs-on: ubuntu-latest
 
@@ -97,37 +166,3 @@ jobs:
   #     - name: Logout from Azure
   #       if: always()
   #       run: az logout
-
-  # # Job 4: Using PowerShell with Azure
-  # login-with-powershell:
-  #   runs-on: windows-latest
-
-  #   steps:
-  #     - name: Checkout code
-  #       uses: actions/checkout@v4
-
-  #     - name: Azure Login with OIDC
-  #       uses: azure/login@v1
-  #       with:
-  #         client-id: ${{ secrets.AZURE_CLIENT_ID }}
-  #         tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-  #         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
-  #         enable-AzPSSession: true  # Enable Azure PowerShell
-
-  #     - name: Run Azure PowerShell Script
-  #       uses: azure/powershell@v1
-  #       with:
-  #         azPSVersion: 'latest'
-  #         inlineScript: |
-  #           # Example PowerShell commands
-  #           Write-Host "Connected to Azure Subscription:"
-  #           Get-AzContext
-
-  #           Write-Host "`n=== Resource Groups ==="
-  #           Get-AzResourceGroup | Select-Object ResourceGroupName, Location | Format-Table
-
-  #     - name: Logout from Azure
-  #       if: always()
-  #       run: |
-  #         az logout
-  #         Disconnect-AzAccount
diff --git a/Lectures.md b/Lectures.md
@@ -29,13 +29,13 @@
 ### Topics Covered
 - Q and A (max 10 min)
 - Review tools and environment configuration
-- Getting connected to Copilot
+- Getting connected to Copilot (https://github.com/settings/education/benefits?utm_source=2025-04-25-repo-TeacherToolbox&locale=en-US)
 - Getting connected to Azure
   - API and Resource Manager architecture
   - PowerShell and the AZ module
   - Azure CLI
   - Configuring a budget and cost alerts
-  - Provisoning Services
+  - Provisioning Services
 - [GitHub Actions Intro](https://docs.github.com/en/actions)
 - Service Principals and Open ID Connect (OIDC)
 - Services Review