Assignment
This commit is contained in:
commit
fc244ca554
|
@ -0,0 +1,111 @@
|
|||
# DevSecOps Interview Assignments - PowerShell/Python
|
||||
|
||||
- Received the 'Home Work' from Nir Rozenblum
|
||||
+ Important hint:
|
||||
- Consider that your code should be able to run multiple times and
|
||||
achieve the end goal successfully. it means that the code must be
|
||||
robust and not break (imagine that it will run several times as
|
||||
part of a production system workload).
|
||||
Please share the below assignments results by uploading it to your
|
||||
own repository (such as GitHub, GitLab, Bitbucket etc.)
|
||||
+ If you don’t have an Azure account, create a new free Azure account
|
||||
at <https://azure.microsoft.com/en-in/free/>
|
||||
+ Assignment 1: PowerShell script that interacts with Azure Active
|
||||
directory.
|
||||
- Create a PowerShell script that interacts with Azure Active
|
||||
directory and does the following:
|
||||
+ Creates 20 Azure Active Directory User accounts with the name of
|
||||
`Test User <Counter>`.
|
||||
+ Creates an Azure Active Directory Security group with the name
|
||||
of `Varonis Assignment Group`.
|
||||
+ Adds each of the user accounts created in the previous step to
|
||||
the `Varonis Assignment Group`, the accounts should be added
|
||||
separately, and not as a bulk.
|
||||
+ The script should generate a customized log that includes the
|
||||
following details for each attempt to add the user account to
|
||||
the security group:
|
||||
- Username
|
||||
- Timestamp of the attempt to add the user to the group.
|
||||
- Result of the attempt (successfailure)
|
||||
+ Notice: Errors must be handled properly such that in the end of
|
||||
the process all the users that were created will be added to the
|
||||
group successfully.
|
||||
+ Assignment 2: Python based Azure Function App that interacts with
|
||||
Azure Key Vault.
|
||||
- Prerequisite:
|
||||
+ create the following Key Vault resources (no automation required
|
||||
in this step)
|
||||
- 3 x Azure Key Vaults: `VaronisAssignmentKv1`,
|
||||
`VaronisAssignmentKv2` and `VaronisAssignmentKv3`.
|
||||
- In each Key Vault, add a secret named `VaronisAssignmentSecret`
|
||||
that contains some secret value.
|
||||
+ Create a Python based Azure Function App that does the following:
|
||||
- The Function app should be triggered via simple HTTP Trigger.
|
||||
- The HTTP trigger would accept as parameter a secret name, for
|
||||
example:
|
||||
|
||||
> ```plaintext
|
||||
> https://assignment-func.azurewebsites.net/api/KeyVaultSecret?name={secret_name}
|
||||
> ```
|
||||
|
||||
- If the function is triggered with a secret name of an existing
|
||||
secret that was created in the previous step (for example:
|
||||
`VaronisAssignmentSecret`)
|
||||
It should read that key vault secret and print the following
|
||||
properties:
|
||||
+ Name of the Key Vault.
|
||||
+ Name of the Key Vault secret.
|
||||
+ The Creation date of the secret.
|
||||
+ The secret value.
|
||||
- If the secret does not exist, the function will not expose any
|
||||
information but will return a generic error.
|
||||
- Add a screen shot of the function execution, or better,
|
||||
provide a URL to trigger the function.
|
||||
- Try to write production level code, we want to see how you
|
||||
code in real life.
|
||||
+ Assignment 3: Create Azure Infrastructure resources via Terraform
|
||||
- Use Terraform to deploy all the infrastructure resources described
|
||||
in the below diagram, note the following guidelines:
|
||||
+ In two different regions, deploy
|
||||
- 2 x Azure VMs
|
||||
- 1 x Azure Load Balancer
|
||||
- \+ all the required network resources (vNet, Subnets, NICs etc.)
|
||||
+ The load balancers should be connected to the VMs in each region.
|
||||
+ Deploy a single Azure Traffic Manager (no matter which region)
|
||||
that will use the load balancers as endpoints.
|
||||
+ Connections towards the Traffic Manager FQDN should be routed to
|
||||
the region that is closer to the end user.
|
||||
+ Consider needed security controls, such as NSGs, Firewalls,
|
||||
application gateways if applicable.
|
||||
+ Feel free to use whichever OS or port configuration you desire,
|
||||
the focus is on the infrastructure components, no application
|
||||
needed to be configured on the VMs.
|
||||
+ In addition, create a dedicate Azure Storage account in each
|
||||
region, and ensure that only the VMs has access to it – there
|
||||
are several ways to achieve that, think about the most efficient
|
||||
one.
|
||||
|
||||
```mermaid
|
||||
flowchart BT
|
||||
atm["Azure Traffic Manager"]
|
||||
subgraph eus["East US region"]
|
||||
direction BT
|
||||
subgraph "eus-deployment" ["East us vNet"]
|
||||
alb-eus["Azure Load Balancer<br/>Public IP/FQDN"]
|
||||
vm1-eus["Azure VM 01"]
|
||||
vm2-eus["Azure VM 02"]
|
||||
end
|
||||
end
|
||||
subgraph neu["Noth Europe region"]
|
||||
direction BT
|
||||
subgraph "neu-deployment" ["Noth Europe vNet"]
|
||||
alb-neu["Azure Load Balancer<br/>Public IP/FQDN"]
|
||||
vm1-neu["Azure VM 01"]
|
||||
vm2-neu["Azure VM 02"]
|
||||
end
|
||||
end
|
||||
|
||||
atm --- alb-neu & alb-eus
|
||||
alb-eus --> vm1-eus & vm2-eus
|
||||
alb-neu --> vm1-neu & vm2-neu
|
||||
```
|
Loading…
Reference in New Issue