Here’s the story of my last pull request – the short version – that took me two weeks to complete, although, in the end, it added just one new line of code. For some time, I’ve been working to convince the architects in my team that we need to use managed identities everywhere in our online web solutions, and I was finally able to succeed.
Why is this important?
Besides making the systems more secure, because there are no secrets to manage, doing so, greatly reduces the effort to write the “infrastructure-as-code” files.
For example, if you want to create an Azure function, you don’t need to write code to retrieve the access key for the associated storage account. Or, if you need to code an SQL Azure database, you don’t need to configure a vault to store the initial password.
To speed things up, I even resorted to bribery, by offering to make some code changes myself – not that they were so hard to convince, but they didn’t have the resources to complete this as fast as I wanted it done.
And even when I got behind the steering wheel myself, it turns out that I still needed two weeks to manage to implement the change that configures the code to use a managed identity to access the SQL Azure databases.
The funny thing is there was only one needed change: add the NuGet package Microsoft.Data.SqlClient to the data access module.
The unfolding of events
So how comes I needed so much time, to add just one line of code? Here’s a successive list of the events, as I emotionally recall them:
- Did some research on the solution (that was quick and easy, there’s a tutorial on Microsoft Learn).
- Find out that no code changes should be required – yay!
- Configure a test environment – that was quick, I’ve just had to follow the tutorial.
- Configure a build configuration for the test environment – quick, again.
- Run a build.
- Run a test – nope, annoyingly, it doesn’t work.
- StackOverflow to the rescue, but from the multiple solutions proposed it is not clear which specific one should I choose, and why.
- Experiment with upgrading NuGet packages – now, the solution is old, really, really, old, and it needed some migration to .NET 6 before upgrading the packages; it took me a lot of manual work to do that, as the command line was going directly for the .NET 7 packages. In the end, the architect had to redo the work, as I was not getting anywhere – he knows EF and all the SQL-related .NET libraries, unlike me – I haven’t written SQL-related code in about eight years, if I remember correctly; yay, go me, the spoiled head of engineering!
- Build and test again – still doesn’t work.
- Follow the SO thread, try to upgrade some NuGet packages, still doesn’t work.
- Re-read the SO thread, have a hunch that I should try the easiest solution first – just add a NuGet package.
- Build and test and, finally, the web site reports it can access the database.
- Create a pull request and realize that it contains changes that upgrade multiple NuGet packages.
- Create a new branch, only add the single NuGet package, build, and take a long needed, long break.
- Test and start singing when the app reports that it can access the database.
- Create the “true” pull request – one line added in a .csproj file.
- Dump the experience here, I don’t know why – probably to clear my head.
After I took some time to cool down, I realized that this was business as usual. And I rejoiced at the thought that I’ve only promised to organize the IaC systems, which is fun, and I shan’t have to write SQL-related code; oh, spoiled me!