# Introduction to Azure DevOps

*Azure DevOps* is a cloud-based platform developed by Microsoft that offers a comprehensive set of tools and services to support the entire software development lifecycle. While it encompasses multiple components like *Boards*, *Repos*, *Test Plans*, and *Artifacts*, it is perhaps best know for its robust CI/CD capabilities.

One of the primary functions of Azure DevOps is to facilitate collaboration and automation throughout the software development process, particularly in the context of CI/CD:

- **Collaboration**: Azure DevOps provides a centralized platform where development, testing, and operations teams can collaborate seamlessly. It offers features for tracking work items, managing code changes, and monitoring the progress of CI/CD pipelines.

- **Automation**: CI/CD pipelines in Azure DevOps automate various aspects of software delivery, including code compilation, testing, and deployment. Automation helps teams reduce manual errors, accelerate the release cycle, and maintain consistent deployment processes.

- **Integration**: Azure DevOps integrates with a wide range of development tools and Azure services, allowing teams to streamline their CI/CD workflows. This integration ensures that code changes can be built, tested, and deployed efficiently.

## Key Components 

Azure DevOps is organized into five primary components, each serving a specific purpose in the software development process:

1. **Azure Boards**

    - **Azure Boards** is a work tracking system that helps teams plan, track, and manage their work. It provides features for creating and managing user stories, tasks, bugs, and other work items.
    - Teams can use *Agile*, *Scrum*, or custom workflows to tailor Azure Boards to their specific needs. Agile and Scrum are methodologies and frameworks commonly used in software development industry to manage projects and deliver software in a more flexible and collaborative manner.
<br><br>
2. **Azure Repos**

    - **Azure Repos** is a version control system that allows teams to manage and track changes to their codebase. It supports both git and Team Foundation Version Control (TFVC).
    - Teams can create pipelines that automatically trigger when code changes are committed, ensuring fast and reliable delivery
<br><br>
3. **Azure Pipelines**
  
    - **Azure Pipelines** is a continuous integration and continuous delivery (CI/CD) service that automates the building, testing, and deployment of applications
    - Teams can create pipelines that automatically trigger when code changes are committed, ensuring fast and reliable delivery
<br><br> 
4. **Azure Test Plans**

    - Azure Test Plans is a testing tool that enables teams to plan, track, and manage their testing efforts. It supports test case management, test execution, and bug tracking.
    - Teams can ensure software quality through comprehensive testing processes
<br><br>
5. **Azure Artifacts**

    - **Azure Artifacts** is a package management service that helps teams create, host, and share software packages and dependencies
    - Teams can manage their artifact feeds and integrate them with their CI/CD pipeline

## Creating and Configuring an Azure DevOps Project

Before we can proceed to create and configure projects in Azure DevOps, it's essential to understand how to access the platform and sign up.

Azure DevOps offers two primary methods of access: the web interface and the desktop client.

- **Web Interface**: The web interface is accessible from any web browser, making it convenient for users to access Azure DevOps from various devices. It provides a user-friendly dashboard for managing projects, repositories, pipelines, and more.

- **Azure DevOps Extension for VSCode**: For developers who prefer to work within the Visual Studio Code environment, you can use the **Azure DevOps** extension. This extension allows you to interact with Azure DevOps directly from within VSCode.

Throughout this pathway we will focus on learning how to use the Azure DevOps web interface.

### Setting Up an Account with GitHub

Azure DevOps allows you to create an account using your existing GitHub credentials. Here's how to set up an account:

1. Open a web browser and go to the [Azure DevOps website](https://azure.microsoft.com/en-gb/products/devops/)
2. Click on the **Start free with Github** option. This will redirect you to a Microsoft login page. From there select the **Sign in with GitHub** option.

<p align=center> <img src=images/LoginOptions.png width=500 height=500> </p>

3. You will be redirected to GitHub where you need to log in with your existing credentials. Then you should be redirected back to a Microsoft page, where you will need to provide some additional details to create your Azure DevOps account, such as your name, email and country. Once those details are provisioned press **Continue**.

4. You will be redirected to a new page where you will need to choose a name for your DevOps Organization, as well as a location where all of your project will be located. As per usual, you should choose a region that is geographically close to you. You will be asked to complete a verification code.

<p align=center> <img src=images/DevOpsOrganization.png width=400 height=600> </p>

5. Finally, press **Continue** to finish provisioning your Azure DevOps Organization account, and you should be redirected to the Azure DevOps homepage.

Once you've completed these steps, your Azure DevOps account will be associated with your GitHub account. You can now access Azure DevOps and create and configure projects for your software development needs.

### Creating a Project in Azure DevOps

> In Azure DevOps, a *project* is a fundamental organizational unit that encompasses all the resources and tools needed to manage specific software development initiative. A project serves as a container for your team's work, facilitating collaboration, work tracking, version control, and CI/CD processes. Within a project, you can create repositories, work items, pipelines, and more.

To create a new project in Azure DevOps, open Azure DevOps and sign in to your account if you haven't already. On the Azure DevOps homepage, you will find the page for creating a new project opened. 

<p align=center> <img src=images/AzureDevOpsHomepage.png width=850 height=450> </p>

#### Naming Conventions and Project Settings

Consider the following points regarding naming conventions and project settings:

- **Naming Conventions**: Naming conventions are vital for maintaining consistency across projects. They should align with your organization's guidelines and reflect the project's purpose. For example, consider using prefixes or tags to categorize projects based on departments or product lines.

- **Project Description**: A concise project description is crucial to communicate the project's objectives and scope to team members and stakeholders. This description provides context and ensures everyone understands the project's goals.

- **Visibility**: Azure DevOps allows you to control the visibility of your project. You can choose to make it public, allowing anyone in your organization to access it, or limit access to specific team members or groups. Consider the project's sensitivity and collaboration requirements when setting visibility.


Provide a name for your new project. It's crucial to follow naming conventions for consistency and clarity. A well-chosen name should convey the project's purpose and scope. You should also include a description for this project. Leave the rest of the configurations as default and then click **Create project** to provision the project. Once the project has been successfully created you should see the following page:

<p align=center> <img src=images/ProjectHomepage.png width=900 height=400> </p>

### Exploring the Project Homepage

The project homepage is the central hub where you can access important project-related information and perform different actions. Here's what you can typically see and do on the project homepage:

- **Overview**: Get an overview of the project's recent activities, such as code commits, work item updates, and build status. This section provides a snapshot of your project's progress.

- **Wiki**: Create and collaborate on project documentation using the built-in wiki feature

- **Boards**: If you're following an Agile or Scrum methodology, you can access boards for sprint planning, backlog management, and tracking work item progress

- **Repos**: View and manage code repositories. You can create, clone, and manage branches, commits, and pull requests from this section.

- **Pipelines**: Access and manage your CI/CD pipelines. Monitor build and release pipeline status, trigger builds, and review deployment logs.

- **Test Plans**: If your project involves testing, you can create and manage test plans, test suites, and test configurations

- **Artifacts**: Manage package feeds and artifacts associated with your project. Publish and consume packages, and track version history.

## Managing, Teams, Repositories, and Permissions

### Teams and Collaboration

In Azure DevOps, effective collaboration is a cornerstone of successful software development projects.

> *Teams* are groups of individuals with specific roles and responsibilities within a project. 

They are the building blocks for organizing work and defining who has access to project resources. Here's an overview of teams and their significance:

- **Cross-Functional Collaboration**: Teams typically consist of cross-functional members, including developers, testers, designers, and more. Each team has a unique set of skills to contribute to the project's success.

- **Scalability**: Azure DevOps allows you to create multiple teams within a project, making it suitable for projects of various sizes and complexities

- **Work Organization**: Teams help organize work items, tasks, and backlog items. They are responsible for delivering specific sets of features or functionalities within the project.

- **Permissions**: Teams define permissions and access control. You can assign permissions to teams based on their role and responsibilities. This ensures that team members can access the resources they need while maintaining project security.

To create, manage, and assign members to teams in Azure DevOps, follow these steps:

1. Log in to Azure DevOps and navigate to your project

2. Click on the **Project settings** button at the bottom left-corner of the project homepage. Here, locate the **Teams** section and click on it to access the team management interface.

3. To create a new team, click on the **New Team** button. This will open the following pop-up:

<p align=center> <img src=images/CreateTeam.png width=900 height=400> </p>

4. Begin by providing a name and a description

5. Assign team members by adding their Azure DevOps usernames or email addresses. Assign individuals who possess the necessary skills for the team's responsibilities.

6. Finally, under the **Permission** section you can define permissions for each team. You can specify who can view, edit, or contribute to various project resources. Always ensure that permissions align with team roles and responsibilities. We will discuss in more details different permission in a later section.

### Repositories

In Azure DevOps, repositories play a pivotal role in version control, enabling teams to collaborate efficiently on code and track changes effectively. 

> A **repository** is a central location where you store and manage your source code, documents, and related assets. It provides a structured way to track changes made to your codebase and allows multiple developers to work collaboratively on the same project.

To create a git repository within your Azure DevOps project, follow these steps:


1. Log in to Azure DevOps and navigate to your project

2. Click on the **Project settings** button at the bottom left-corner of the project homepage. Here, locate the **Repos** section and click on it to access the repository management interface.

3. Click on the **+ Create** button to create a new repository. Provide a name for your repository, and specify whether this should be public or private.

<p align=center> <img src=images/CreateRepo.png width=900 height=400> </p>

4. Initialize with a `README` (Optional): You have the option to initialize the repository with a `README` file. A `README` file is a useful way to document your project and its purpose.

Click **Create** to finish provisioning the new repository. Once create it should appear under **All Repositories**. We will cover in more detail repositories and how to use them in the next lesson.

### Permissions and Security

Maintaining a secure and well-defined access control system is vital to protect your project's resources and data. Access control and permissions are critical aspects of Azure DevOps that serve multiple purposes:

- **Data Security**: Permissions ensure that only authorized individuals have access to sensitive project data, protecting your code, work items, and other resources

- **Compliance**: Many organizations have compliance requirements that necessitate strict access controls. Azure DevOps allows you to tailor permissions to meet these standards.

- **Resource Protection**: Permissions prevent unauthorized modifications to critical project resources, reducing the risk of accidental data loss or code changes

- **Collaboration**: Properly configured permissions facilitate collaboration by allowing teams and individuals to access and contribute to project assets

Permission can be configured at teams level in the **Teams** tab or at the groups and users levels under **Project settings** --> **Permissions**. Groups are simply containers for users, simplifying permission management by allowing you to assign access controls at the group level. Users are the individual members of your organization or project teams, each with their unique credentials and roles. 

> In Azure DevOps, when you create a new project, there are several default groups that are automatically created. These default groups help you manage permissions and access control within the project. 

The specific default groups may vary depending on the type of project and the services you are using, but some common groups are:

- *Readers*: The **Readers** group includes users who have read-only access to the project's resources. Members of this group can view project information but cannot make changes.

- *Contributors*: The **Contributors** group consists of users who actively work on project tasks and can make changes to project resources. They have a higher level of access than readers.

- *Project Administrators*: The **Project Administrators** group has administrative control within the specific project. Members of this group can configure project settings, manage users, and assign project-level permissions.

- *Build Administrator*s: If you are using Azure DevOps for CI/CD pipelines, there may be a **Build Administrators** group that has control over build-related configurations

- *Release Administrators*: Similarly, if you are using Azure DevOps for CI/CD pipelines, there may be a **Release Administrators** group responsible for managing release-related settings

These default groups provide a starting point for managing permissions within your project. You can add or remove users from the groups and customize their permissions based on your project's specific requirements. 

Additionally, you can create custom groups to organize users based on their roles or responsibilities within the project, allowing for more fine-grained control over access and permissions.

##  Service Connections

Azure DevOps provides a comprehensive ecosystem for software development. To leverage this ecosystem fully, you often need to interact with Azure resources like virtual machines, databases, and cloud services.

> *Service connections* simplify these interactions. They act as connectors that eliminate the complexities of manual configurations and credential management. 

Service connections are necessary for several reasons:

- **Authentication**: Both cloud-hosted and external resources typically require authentication for access. Service connections provide the necessary credentials and security tokens for secure access.

- **Integration**: Service connections enable you to seamlessly integrate both cloud-hosted and external resources into your CI/CD pipelines, ensuring that your applications are deployed consistently and reliably

- **Resource Provisioning**: When provisioning cloud-hosted or external resources dynamically as part of your deployment process, service connections are essential for programmatically creating and managing resources

- **Secrets Management**: Service connections help manage sensitive information like API keys, connection strings, and authentication tokens securely, reducing the risk of exposing credentials in source code

### Types of Service Connections

Service connections in Azure DevOps come in various flavors, each tailored to specific needs. 

#### 1. Azure Resource Connections

The most common and crucial type of service connections in Azure DevOps are Azure resource connections. They enable secure and authenticated communication between your DevOps pipelines and Azure services. 

Several Azure resources benefit from the use of service connections, including:

- **Azure App Service**: When deploying web applications, APIs, or other services to Azure App Service, service connections facilitate deployment automation

- **Azure Kubernetes Service (AKS)**: AKS clusters often require service connections for deploying containerized applications and managing cluster resources

- **Azure SQL Database**: For database deployment and management tasks, service connections ensure secure interactions with Azure SQL databases

- **Azure Storage**: Service connections assist in interacting with Azure Storage services, such as Blob Storage, Table Storage, and Queue Storage


#### 2. Service Endpoints for External Services

In addition to Azure resource connections, Azure DevOps also offers *service endpoints*, sometimes referred to as service connections for external services and systems. These endpoints extend the reach of Azure DevOps, allowing you to connect to a multitude of external systems. 

For instance, you can set up service endpoints to connect with version control systems like GitHub, build systems like Jenkins, container registries, or even issue tracking platforms. 


### Hands-On: Creating and Configuring a Service Connection

In this example, we will demonstrate how to create and configure an Azure service connection to access an AKS cluster, discuss the use of *service principals* and authentication methods, and emphasize security considerations to keep in mind during the setup process.

To create an Azure service connection that connect to an AKS cluster, follow these steps:

1. **Access Service Connections**: Log in to Azure DevOps and navigate to your project. Click on the **Project settings** button at the bottom left-corner of the project homepage. Here, locate the **Pipelines** section within your project and click on **Service connections** to access the service connection management interface.

2. **Create a New Service Connection**: Select the **Create service connection** button create a new service connection and choose **Azure Resource Manager** for Azure services

3. **Authentication Method**: Choose the authentication method based on your use case. For AKS, we recommend using a **Secure Principal (manual)** for secure access.

4. **Subscription ID and Name**:

    - **Subscription ID**: This is a unique identifier for your Azure subscription.
      - Log in to the Azure portal. Search for **Subscriptions** in the Homepage search bar
      - This should display a list of the active subscriptions in your Azure account and their respective subscription ID <br><br>
      
    - **Subscription Name**: The subscription name is simply the name of your Azure subscription. It's typically displayed next to the Subscription ID in the Azure portal.

5. **Service Principal Configuration**:

    - **Service Principal ID**: This is the ID of the Azure AD application (service principal) that will authenticate to AKS. A **service principal** is an identity that can be used for automated access to Azure resources. If you followed along the Terraform lessons you should already have this information available, the Service Principal ID is simply the `client_id`/`appID` of the `provider "azurerm"` block in any Terraform configuration that connects to your Azure account.
    
    - **Service principal key**: When you create a service principal it will generate a client secret (authentication key). This corresponds to the `client_secret`/`password` in the `provider "azurerm"` block in any Terraform configuration that connects to your Azure account.

    - **Tenant ID**: Specifies the Azure AD tenant ID. This corresponds to the `tenant_id`/`tenant` in the `provider "azurerm"` block in any Terraform configuration that connects to your Azure account.

<p align=center> <img src=images/ServiceConnectionSetUp.png width=350 height=550> </p>

6. **Test Connection**: Before saving, test the connection to ensure that it can successfully authenticate and interact with the AKS cluster. It should be able to retrieve cluster information.

7. **Save and Use**: Once configured and tested, save the service connection. It is now ready for use in your pipelines and automation tasks.

<p align=center> <img src=images/ServiceConnections.png width=800 height=400> </p>

Once the AKS service connection is set up you should see it in your Service connection list, and you can use it in your Azure DevOps pipelines and automation tasks to interact with the AKS cluster. For example, you can use it to:

- Deploy containerized applications to the AKS cluster
- Scale and manage the AKS cluster
- Execute `kubectl` commands to interact with Kubernetes resources

By following this example and considering the security best practices, you can create and manage Azure service connections for AKS and other Azure resources securely and efficiently, enabling seamless integration with your DevOps processes.

## Key Takeaways

- Azure DevOps is a comprehensive DevOps tool set that streamlines the software development lifecycle through collaboration, automation, and integration
- Azure DevOps includes key components such as **Boards** (for work item tracking), **Repos** (for version control), **Pipelines** (for CI/CD), **Test Plans** (for testing), and **Artifacts** (for package management)
- Project setup in Azure DevOps involves creating and configuring a project, defining teams, repositories, and permissions, and setting up service connections for seamless integration with Azure resources where necessary
- Proper project setup is crucial as it lays the foundation for effective collaboration, version control, and automated CI/CD pipelines, enabling smoother and more efficient software development workflows