commit fc244ca554d25b466673b83e4668c6dbdcc7e43b Author: Gal Szkolnik Date: Thu Jul 20 04:46:41 2023 +0000 Assignment diff --git a/ASSIGNMENTS.md b/ASSIGNMENTS.md new file mode 100644 index 0000000..b326736 --- /dev/null +++ b/ASSIGNMENTS.md @@ -0,0 +1,111 @@ +# DevSecOps Interview Assignments - PowerShell/Python + +- Received the 'Home Work' from Nir Rozenblum + + Important hint: + - Consider that your code should be able to run multiple times and + achieve the end goal successfully. it means that the code must be + robust and not break (imagine that it will run several times as + part of a production system workload). + Please share the below assignments results by uploading it to your + own repository (such as GitHub, GitLab, Bitbucket etc.) + + If you don’t have an Azure account, create a new free Azure account + at + + Assignment 1: PowerShell script that interacts with Azure Active + directory. + - Create a PowerShell script that interacts with Azure Active + directory and does the following: + + Creates 20 Azure Active Directory User accounts with the name of + `Test User `. + + Creates an Azure Active Directory Security group with the name + of `Varonis Assignment Group`. + + Adds each of the user accounts created in the previous step to + the `Varonis Assignment Group`, the accounts should be added + separately, and not as a bulk. + + The script should generate a customized log that includes the + following details for each attempt to add the user account to + the security group: + - Username + - Timestamp of the attempt to add the user to the group. + - Result of the attempt (successfailure) + + Notice: Errors must be handled properly such that in the end of + the process all the users that were created will be added to the + group successfully. + + Assignment 2: Python based Azure Function App that interacts with + Azure Key Vault. + - Prerequisite: + + create the following Key Vault resources (no automation required + in this step) + - 3 x Azure Key Vaults: `VaronisAssignmentKv1`, + `VaronisAssignmentKv2` and `VaronisAssignmentKv3`. + - In each Key Vault, add a secret named `VaronisAssignmentSecret` + that contains some secret value. + + Create a Python based Azure Function App that does the following: + - The Function app should be triggered via simple HTTP Trigger. + - The HTTP trigger would accept as parameter a secret name, for + example: + + > ```plaintext + > https://assignment-func.azurewebsites.net/api/KeyVaultSecret?name={secret_name} + > ``` + + - If the function is triggered with a secret name of an existing + secret that was created in the previous step (for example: + `VaronisAssignmentSecret`) + It should read that key vault secret and print the following + properties: + + Name of the Key Vault. + + Name of the Key Vault secret. + + The Creation date of the secret. + + The secret value. + - If the secret does not exist, the function will not expose any + information but will return a generic error. + - Add a screen shot of the function execution, or better, + provide a URL to trigger the function. + - Try to write production level code, we want to see how you + code in real life. + + Assignment 3: Create Azure Infrastructure resources via Terraform + - Use Terraform to deploy all the infrastructure resources described + in the below diagram, note the following guidelines: + + In two different regions, deploy + - 2 x Azure VMs + - 1 x Azure Load Balancer + - \+ all the required network resources (vNet, Subnets, NICs etc.) + + The load balancers should be connected to the VMs in each region. + + Deploy a single Azure Traffic Manager (no matter which region) + that will use the load balancers as endpoints. + + Connections towards the Traffic Manager FQDN should be routed to + the region that is closer to the end user. + + Consider needed security controls, such as NSGs, Firewalls, + application gateways if applicable. + + Feel free to use whichever OS or port configuration you desire, + the focus is on the infrastructure components, no application + needed to be configured on the VMs. + + In addition, create a dedicate Azure Storage account in each + region, and ensure that only the VMs has access to it – there + are several ways to achieve that, think about the most efficient + one. + + ```mermaid + flowchart BT + atm["Azure Traffic Manager"] + subgraph eus["East US region"] + direction BT + subgraph "eus-deployment" ["East us vNet"] + alb-eus["Azure Load Balancer
Public IP/FQDN"] + vm1-eus["Azure VM 01"] + vm2-eus["Azure VM 02"] + end + end + subgraph neu["Noth Europe region"] + direction BT + subgraph "neu-deployment" ["Noth Europe vNet"] + alb-neu["Azure Load Balancer
Public IP/FQDN"] + vm1-neu["Azure VM 01"] + vm2-neu["Azure VM 02"] + end + end + + atm --- alb-neu & alb-eus + alb-eus --> vm1-eus & vm2-eus + alb-neu --> vm1-neu & vm2-neu + ```