From fc244ca554d25b466673b83e4668c6dbdcc7e43b Mon Sep 17 00:00:00 2001
From: Gal Szkolnik <code@lksz.me>
Date: Thu, 20 Jul 2023 04:46:41 +0000
Subject: [PATCH] Assignment

---
 ASSIGNMENTS.md | 111 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 111 insertions(+)
 create mode 100644 ASSIGNMENTS.md

diff --git a/ASSIGNMENTS.md b/ASSIGNMENTS.md
new file mode 100644
index 0000000..b326736
--- /dev/null
+++ b/ASSIGNMENTS.md
@@ -0,0 +1,111 @@
+# DevSecOps Interview Assignments - PowerShell/Python
+
+- Received the 'Home Work' from Nir Rozenblum
+  + Important hint:
+    - Consider that your code should be able to run multiple times and
+      achieve the end goal successfully. it means that the code must be
+      robust and not break (imagine that it will run several times as
+      part of a production system workload).
+      Please share the below assignments results by uploading it to your
+      own repository (such as GitHub, GitLab, Bitbucket etc.)  
+  + If you don’t have an Azure account, create a new free Azure account
+    at <https://azure.microsoft.com/en-in/free/>
+  + Assignment 1: PowerShell script that interacts with Azure Active
+    directory.
+    - Create a PowerShell script that interacts with Azure Active
+      directory and does the following:
+      + Creates 20 Azure Active Directory User accounts with the name of
+        `Test User <Counter>`.
+      + Creates an Azure Active Directory Security group with the name
+        of `Varonis Assignment Group`.
+      + Adds each of the user accounts created in the previous step to
+        the `Varonis Assignment Group`, the accounts should be added
+        separately, and not as a bulk.
+      + The script should generate a customized log that includes the
+        following details for each attempt to add the user account to
+        the security group:
+        - Username
+        - Timestamp of the attempt to add the user to the group.
+        - Result of the attempt (successfailure)
+      + Notice: Errors must be handled properly such that in the end of
+        the process all the users that were created will be added to the
+        group successfully.
+  + Assignment 2: Python based Azure Function App that interacts with
+    Azure Key Vault.
+    - Prerequisite:
+      + create the following Key Vault resources (no automation required
+        in this step)
+        - 3 x Azure Key Vaults: `VaronisAssignmentKv1`,
+          `VaronisAssignmentKv2` and `VaronisAssignmentKv3`.
+        - In each Key Vault, add a secret named `VaronisAssignmentSecret`
+          that contains some secret value.
+      + Create a Python based Azure Function App that does the following:
+        - The Function app should be triggered via simple HTTP Trigger.
+        - The HTTP trigger would accept as parameter a secret name, for
+          example:
+
+          > ```plaintext
+          > https://assignment-func.azurewebsites.net/api/KeyVaultSecret?name={secret_name}
+          > ```
+
+        - If the function is triggered with a secret name of an existing
+          secret that was created in the previous step (for example:
+          `VaronisAssignmentSecret`)
+          It should read that key vault secret and print the following
+          properties:
+          + Name of the Key Vault.
+          + Name of the Key Vault secret.
+          + The Creation date of the secret.
+          + The secret value.
+        - If the secret does not exist, the function will not expose any
+          information but will return a generic error.
+        - Add a screen shot of the function execution, or better,
+          provide a URL to trigger the function.
+        - Try to write production level code, we want to see how you
+          code in real life.
+  + Assignment 3: Create Azure Infrastructure resources via Terraform
+    - Use Terraform to deploy all the infrastructure resources described
+      in the below diagram, note the following guidelines:
+      + In two different regions, deploy
+        - 2 x Azure VMs
+        - 1 x Azure Load Balancer
+        - \+ all the required network resources (vNet, Subnets, NICs etc.)
+      + The load balancers should be connected to the VMs in each region.
+      + Deploy a single Azure Traffic Manager (no matter which region)
+        that will use the load balancers as endpoints.
+      + Connections towards the Traffic Manager FQDN should be routed to
+        the region that is closer to the end user.
+      + Consider needed security controls, such as NSGs, Firewalls,
+        application gateways if applicable.
+      + Feel free to use whichever OS or port configuration you desire,
+        the focus is on the infrastructure components, no application
+        needed to be configured on the VMs.
+      + In addition, create a dedicate Azure Storage account in each
+        region, and ensure that only the VMs has access to it – there
+        are several ways to achieve that, think about the most efficient
+        one.
+
+      ```mermaid
+      flowchart BT
+        atm["Azure Traffic Manager"]
+        subgraph eus["East US region"]
+            direction BT
+            subgraph "eus-deployment" ["East us vNet"]
+                alb-eus["Azure Load Balancer<br/>Public IP/FQDN"]
+                vm1-eus["Azure VM 01"]
+                vm2-eus["Azure VM 02"]
+            end
+        end
+        subgraph neu["Noth Europe region"]
+            direction BT
+            subgraph "neu-deployment" ["Noth Europe vNet"]
+                alb-neu["Azure Load Balancer<br/>Public IP/FQDN"]
+                vm1-neu["Azure VM 01"]
+                vm2-neu["Azure VM 02"]
+            end
+        end
+
+        atm --- alb-neu & alb-eus
+        alb-eus --> vm1-eus & vm2-eus
+        alb-neu --> vm1-neu & vm2-neu
+      ```