Assignment 02 code + documentation
This commit is contained in:
parent
180d610cb7
commit
528e33a18a
|
@ -0,0 +1,59 @@
|
||||||
|
# 2nd Assignment
|
||||||
|
|
||||||
|
## Main Challanges
|
||||||
|
|
||||||
|
Azure is a new envionrment for me, but my experience within GCP has been
|
||||||
|
helpful in navigating my needs.
|
||||||
|
|
||||||
|
I've never deployed function apps before (not even in GCP), but the
|
||||||
|
concept was rather clear to me.
|
||||||
|
|
||||||
|
I learned how to creat a System Assigned Managed Role to the azure func.
|
||||||
|
I also learned how to assign it to the Key Valult's Secret-User roles.
|
||||||
|
(I did this manually on each vault, as the free account does not allow
|
||||||
|
creation of custom roles, which is probably what I would use in a
|
||||||
|
production envrionment)
|
||||||
|
|
||||||
|
I learned how to allow Visual Studio to create the function app and
|
||||||
|
deploy the code. Something I had to troubleshoot at first, as my first
|
||||||
|
setup failed to deploy multiple times.
|
||||||
|
Seems that newbies to this realm, based on my searching for solutions,
|
||||||
|
face similar issues - but I eventually overcame those hurdles by
|
||||||
|
correctly deploying a fresh Funciton App.
|
||||||
|
|
||||||
|
## Script logic
|
||||||
|
|
||||||
|
The script itself is rather simple, I based it on the template HTTP
|
||||||
|
trigger function from the VS Code template.
|
||||||
|
|
||||||
|
I added authentication and the KeyVault logic, and added error handling
|
||||||
|
and reporting code.
|
||||||
|
|
||||||
|
After a successful local run, I created a requirements.txt file and
|
||||||
|
deploeyd the function app to Azure.
|
||||||
|
|
||||||
|
### Notes about current implementation
|
||||||
|
|
||||||
|
In a production public (without authentication of any sorts) facing page
|
||||||
|
I would not leave the error reporting code as it is, and rely more on
|
||||||
|
logging, but since I'm unfamiliar with the logging constructs preferred
|
||||||
|
I ommitted this at this time.
|
||||||
|
|
||||||
|
## How to use:
|
||||||
|
|
||||||
|
The App's URL is:
|
||||||
|
|
||||||
|
> <https://anysecrets.azurewebsites.net/api/getsecret>
|
||||||
|
|
||||||
|
It takes a single argument `name` which is the Vault's name to pull the
|
||||||
|
secret from (GSzVaronisAssignmentKv1, GSzVaronisAssignmentKv2 or
|
||||||
|
GSzVaronisAssignmentKv3)
|
||||||
|
|
||||||
|
For example:
|
||||||
|
|
||||||
|
> <https://anysecrets.azurewebsites.net/api/getsecret?name=GSzVaronisAssignmentKv2>
|
||||||
|
|
||||||
|
When name is not supplied, some identifying details are presented for
|
||||||
|
troubleshooting purposes.
|
||||||
|
|
||||||
|
When an exception occured, the error message will be printed.
|
|
@ -1,12 +1,24 @@
|
||||||
import logging
|
import logging
|
||||||
|
import sys
|
||||||
|
|
||||||
|
# Code based on VSCode template for Python Azure Function Apps and
|
||||||
|
# https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-python?tabs=azure-cli#create-the-sample-code
|
||||||
|
|
||||||
|
import os
|
||||||
import azure.functions as func
|
import azure.functions as func
|
||||||
|
from azure.keyvault.secrets import SecretClient
|
||||||
|
from azure.identity import DefaultAzureCredential
|
||||||
|
|
||||||
def main(req: func.HttpRequest) -> func.HttpResponse:
|
def main(req: func.HttpRequest) -> func.HttpResponse:
|
||||||
logging.info('Python HTTP trigger function processed a request.')
|
logging.info('Python HTTP trigger function processed a request.')
|
||||||
|
|
||||||
name = req.params.get('name')
|
name = req.params.get('name')
|
||||||
|
credential = None
|
||||||
|
Err = None
|
||||||
|
msg = ""
|
||||||
|
status_code = 200
|
||||||
if not name:
|
if not name:
|
||||||
|
status_code = 201
|
||||||
try:
|
try:
|
||||||
req_body = req.get_json()
|
req_body = req.get_json()
|
||||||
except ValueError:
|
except ValueError:
|
||||||
|
@ -14,10 +26,48 @@ def main(req: func.HttpRequest) -> func.HttpResponse:
|
||||||
else:
|
else:
|
||||||
name = req_body.get('name')
|
name = req_body.get('name')
|
||||||
|
|
||||||
if name:
|
try:
|
||||||
return func.HttpResponse(f"Hello World, {name}!")
|
credential = DefaultAzureCredential()
|
||||||
|
except:
|
||||||
|
the_type, Err, the_traceback = sys.exc_info()
|
||||||
|
status_code = 500
|
||||||
|
credential = None
|
||||||
|
pass
|
||||||
|
|
||||||
|
# except BaseException as e:
|
||||||
|
# return func.HttpResponse( e, status_code=200 )
|
||||||
|
|
||||||
|
# credentialErr = e
|
||||||
|
|
||||||
|
|
||||||
|
if name and credential:
|
||||||
|
keyVaultName = name
|
||||||
|
KVUri = f"https://{keyVaultName}.vault.azure.net"
|
||||||
|
|
||||||
|
try:
|
||||||
|
client = SecretClient(vault_url=KVUri, credential=credential)
|
||||||
|
|
||||||
|
secretName = "VaronisAssignmentSecret"
|
||||||
|
|
||||||
|
print(f"Retrieving your secret from {keyVaultName}.")
|
||||||
|
|
||||||
|
retrieved_secret = client.get_secret(secretName)
|
||||||
|
|
||||||
|
print(f"Your secret is '{retrieved_secret.value}'.")
|
||||||
|
|
||||||
|
msg = f"{retrieved_secret.value}"
|
||||||
|
except:
|
||||||
|
status_code = 500
|
||||||
|
the_type, Err, the_traceback = sys.exc_info()
|
||||||
|
pass
|
||||||
else:
|
else:
|
||||||
return func.HttpResponse(
|
msg = "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
|
||||||
"Please pass a name on the query string or in the request body",
|
|
||||||
status_code=400
|
if status_code != 200:
|
||||||
)
|
if credential:
|
||||||
|
msg += f"\nCredentials { credential }."
|
||||||
|
|
||||||
|
if Err:
|
||||||
|
msg += f"\nErr: { Err }"
|
||||||
|
|
||||||
|
return func.HttpResponse( msg, status_code=status_code )
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
"name": "Azure"
|
"name": "GSzVaronisAssignmentKv1"
|
||||||
}
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
azure-common==1.1.28
|
||||||
|
azure-core==1.28.0
|
||||||
|
azure-functions==1.15.0
|
||||||
|
azure-identity==1.13.0
|
||||||
|
azure-keyvault==4.2.0
|
||||||
|
azure-keyvault-certificates==4.7.0
|
||||||
|
azure-keyvault-keys==4.8.0
|
||||||
|
azure-keyvault-secrets==4.7.0
|
||||||
|
certifi==2023.7.22
|
||||||
|
cffi==1.15.1
|
||||||
|
charset-normalizer==3.2.0
|
||||||
|
cryptography==41.0.2
|
||||||
|
idna==3.4
|
||||||
|
isodate==0.6.1
|
||||||
|
msal==1.23.0
|
||||||
|
msal-extensions==1.0.0
|
||||||
|
portalocker==2.7.0
|
||||||
|
pycparser==2.21
|
||||||
|
PyJWT==2.8.0
|
||||||
|
requests==2.31.0
|
||||||
|
six==1.16.0
|
||||||
|
typing_extensions==4.7.1
|
||||||
|
urllib3==2.0.4
|
Loading…
Reference in New Issue