vrns
/
DevOpsAssignment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: vrns:30ef8afca4898c5a956a300b8c5c48b72a99bc64
Branches Tags
vrns:main
vrns:assignment-03
..
compare: vrns:59ae9c536ec65e756cca813e7b6110adbc140f5e
Branches Tags
vrns:assignment-03
vrns:main

No commits in common. "30ef8afca4898c5a956a300b8c5c48b72a99bc64" and "59ae9c536ec65e756cca813e7b6110adbc140f5e" have entirely different histories.
30ef8afca4 ... 59ae9c536e

14 changed files with 2 additions and 414 deletions
Show Stats Expand all files Collapse all files

3
.devcontainer/Dockerfile
View File

@ -1,3 +0,0 @@
# Find the Dockerfile at this URL
# https://github.com/Azure/azure-functions-docker/blob/dev/host/4/bullseye/amd64/python/python39/python39-core-tools.Dockerfile
FROM mcr.microsoft.com/azure-functions/python:4-python3.9-core-tools

27
.devcontainer/devcontainer.json
View File

@ -1,27 +0,0 @@
{
"name": "Azure Functions & Python 3",
"dockerFile": "Dockerfile",
"forwardPorts": [ 7071 ],
// Configure tool-specific properties.
"customizations": {
// Configure properties specific to VS Code.
"vscode": {
// Add the IDs of extensions you want installed when the container is created.
"extensions": [
"ms-azuretools.vscode-azurefunctions",
"ms-azuretools.vscode-docker",
"ms-python.python"
]
}
},
// Use 'postCreateCommand' to run commands after the container is created.
// "postCreateCommand": "npm install",
// Set `remoteUser` to `root` to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
"remoteUser": "vscode",
"features": {
"ghcr.io/devcontainers/features/terraform:1": {}
}
}

137
.gitignore vendored
View File

@ -1,135 +1,2 @@
# Byte-compiled / optimized / DLL files data
__pycache__/ .vscode
*.py[cod]
*$py.class
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
pip-wheel-metadata/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.pytest_cache/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
.python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that dont work, or not
# install all needed dependencies.
#Pipfile.lock
# celery beat schedule file
celerybeat-schedule
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# Azure Functions artifacts
bin
obj
appsettings.json
local.settings.json
# Azurite artifacts
__blobstorage__
__queuestorage__
__azurite_db*__.json
.python_packages

5
.npmignore
View File

@ -1,5 +0,0 @@
README.md
test-project
definition-manifest.json
.vscode
.npmignore

6
.vscode/extensions.json vendored
View File

@ -1,6 +0,0 @@
{
"recommendations": [
"ms-azuretools.vscode-azurefunctions",
"ms-python.python"
]
}

12
.vscode/launch.json vendored
View File

@ -1,12 +0,0 @@
{
"version": "0.2.0",
"configurations": [
{
"name": "Attach to Python Functions",
"type": "python",
"request": "attach",
"port": 9091,
"preLaunchTask": "func: host start"
}
]
}

8
.vscode/settings.json vendored
View File

@ -1,8 +0,0 @@
{
"azureFunctions.deploySubpath": "src/ASSIGNMENT-02",
"azureFunctions.scmDoBuildDuringDeployment": true,
"azureFunctions.pythonVenv": ".venv",
"azureFunctions.projectLanguage": "Python",
"azureFunctions.projectRuntime": "~4",
"azureFunctions.projectSubpath": "src/ASSIGNMENT-02"
}

33
.vscode/tasks.json vendored
View File

@ -1,33 +0,0 @@
{
"version": "2.0.0",
"tasks": [
{
"type": "func",
"label": "func: host start",
"command": "host start",
"problemMatcher": "$func-python-watch",
"isBackground": true,
"dependsOn": "pip install (functions)",
"options": {
"cwd": "${workspaceFolder}/src/ASSIGNMENT-02"
}
},
{
"label": "pip install (functions)",
"type": "shell",
"osx": {
"command": "${config:azureFunctions.pythonVenv}/bin/python -m pip install -r requirements.txt"
},
"windows": {
"command": "${config:azureFunctions.pythonVenv}/Scripts/python -m pip install -r requirements.txt"
},
"linux": {
"command": "${config:azureFunctions.pythonVenv}/bin/python -m pip install -r requirements.txt"
},
"problemMatcher": [],
"options": {
"cwd": "${workspaceFolder}/src/ASSIGNMENT-02"
}
}
]
}

59
src/ASSIGNMENT-02/ASSIGNMENT-02.md
View File

@ -1,59 +0,0 @@
# 2nd Assignment
## Main Challanges
Azure is a new envionrment for me, but my experience within GCP has been
helpful in navigating my needs.
I've never deployed function apps before (not even in GCP), but the
concept was rather clear to me.
I learned how to creat a System Assigned Managed Role to the azure func.
I also learned how to assign it to the Key Valult's Secret-User roles.
(I did this manually on each vault, as the free account does not allow
creation of custom roles, which is probably what I would use in a
production envrionment)
I learned how to allow Visual Studio to create the function app and
deploy the code. Something I had to troubleshoot at first, as my first
setup failed to deploy multiple times.
Seems that newbies to this realm, based on my searching for solutions,
face similar issues - but I eventually overcame those hurdles by
correctly deploying a fresh Funciton App.
## Script logic
The script itself is rather simple, I based it on the template HTTP
trigger function from the VS Code template.
I added authentication and the KeyVault logic, and added error handling
and reporting code.
After a successful local run, I created a requirements.txt file and
deploeyd the function app to Azure.
### Notes about current implementation
In a production public (without authentication of any sorts) facing page
I would not leave the error reporting code as it is, and rely more on
logging, but since I'm unfamiliar with the logging constructs preferred
I ommitted this at this time.
## How to use:
The App's URL is:
> <https://anysecrets.azurewebsites.net/api/getsecret>
It takes a single argument `name` which is the Vault's name to pull the
secret from (GSzVaronisAssignmentKv1, GSzVaronisAssignmentKv2 or
GSzVaronisAssignmentKv3)
For example:
> <https://anysecrets.azurewebsites.net/api/getsecret?name=GSzVaronisAssignmentKv2>
When name is not supplied, some identifying details are presented for
troubleshooting purposes.
When an exception occured, the error message will be printed.

73
src/ASSIGNMENT-02/GetSecret/__init__.py
View File

@ -1,73 +0,0 @@
import logging
import sys
# Code based on VSCode template for Python Azure Function Apps and
# https://learn.microsoft.com/en-us/azure/key-vault/secrets/quick-create-python?tabs=azure-cli#create-the-sample-code
import os
import azure.functions as func
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential
def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
name = req.params.get('name')
credential = None
Err = None
msg = ""
status_code = 200
if not name:
status_code = 201
try:
req_body = req.get_json()
except ValueError:
pass
else:
name = req_body.get('name')
try:
credential = DefaultAzureCredential()
except:
the_type, Err, the_traceback = sys.exc_info()
status_code = 500
credential = None
pass
# except BaseException as e:
# return func.HttpResponse( e, status_code=200 )
# credentialErr = e
if name and credential:
keyVaultName = name
KVUri = f"https://{keyVaultName}.vault.azure.net"
try:
client = SecretClient(vault_url=KVUri, credential=credential)
secretName = "VaronisAssignmentSecret"
print(f"Retrieving your secret from {keyVaultName}.")
retrieved_secret = client.get_secret(secretName)
print(f"Your secret is '{retrieved_secret.value}'.")
msg = f"{retrieved_secret.value}"
except:
status_code = 500
the_type, Err, the_traceback = sys.exc_info()
pass
else:
msg = "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
if status_code != 200:
if credential:
msg += f"\nCredentials { credential }."
if Err:
msg += f"\nErr: { Err }"
return func.HttpResponse( msg, status_code=status_code )

20
src/ASSIGNMENT-02/GetSecret/function.json
View File

@ -1,20 +0,0 @@
{
"scriptFile": "__init__.py",
"bindings": [
{
"authLevel": "anonymous",
"type": "httpTrigger",
"direction": "in",
"name": "req",
"methods": [
"get",
"post"
]
},
{
"type": "http",
"direction": "out",
"name": "$return"
}
]
}

3
src/ASSIGNMENT-02/GetSecret/sample.dat
View File

@ -1,3 +0,0 @@
{
"name": "GSzVaronisAssignmentKv1"
}

7
src/ASSIGNMENT-02/host.json
View File

@ -1,7 +0,0 @@
{
"version": "2.0",
"extensionBundle": {
"id": "Microsoft.Azure.Functions.ExtensionBundle",
"version": "[3.*, 4.0.0)"
}
}

23
src/ASSIGNMENT-02/requirements.txt
View File

@ -1,23 +0,0 @@
azure-common==1.1.28
azure-core==1.28.0
azure-functions==1.15.0
azure-identity==1.13.0
azure-keyvault==4.2.0
azure-keyvault-certificates==4.7.0
azure-keyvault-keys==4.8.0
azure-keyvault-secrets==4.7.0
certifi==2023.7.22
cffi==1.15.1
charset-normalizer==3.2.0
cryptography==41.0.2
idna==3.4
isodate==0.6.1
msal==1.23.0
msal-extensions==1.0.0
portalocker==2.7.0
pycparser==2.21
PyJWT==2.8.0
requests==2.31.0
six==1.16.0
typing_extensions==4.7.1
urllib3==2.0.4