# DevSecOps Interview Assignments - PowerShell/Python

- Received the 'Home Work' from Nir Rozenblum
  + Important hint:
    - Consider that your code should be able to run multiple times and
      achieve the end goal successfully. it means that the code must be
      robust and not break (imagine that it will run several times as
      part of a production system workload).
      Please share the below assignments results by uploading it to your
      own repository (such as GitHub, GitLab, Bitbucket etc.)  
  + If you don’t have an Azure account, create a new free Azure account
    at <https://azure.microsoft.com/en-in/free/>
  + Assignment 1: PowerShell script that interacts with Azure Active
    directory.
    - Create a PowerShell script that interacts with Azure Active
      directory and does the following:
      + Creates 20 Azure Active Directory User accounts with the name of
        `Test User <Counter>`.
      + Creates an Azure Active Directory Security group with the name
        of `Varonis Assignment Group`.
      + Adds each of the user accounts created in the previous step to
        the `Varonis Assignment Group`, the accounts should be added
        separately, and not as a bulk.
      + The script should generate a customized log that includes the
        following details for each attempt to add the user account to
        the security group:
        - Username
        - Timestamp of the attempt to add the user to the group.
        - Result of the attempt (successfailure)
      + Notice: Errors must be handled properly such that in the end of
        the process all the users that were created will be added to the
        group successfully.
  + Assignment 2: Python based Azure Function App that interacts with
    Azure Key Vault.
    - Prerequisite:
      + create the following Key Vault resources (no automation required
        in this step)
        - 3 x Azure Key Vaults: `VaronisAssignmentKv1`,
          `VaronisAssignmentKv2` and `VaronisAssignmentKv3`.
        - In each Key Vault, add a secret named `VaronisAssignmentSecret`
          that contains some secret value.
      + Create a Python based Azure Function App that does the following:
        - The Function app should be triggered via simple HTTP Trigger.
        - The HTTP trigger would accept as parameter a secret name, for
          example:

          > ```plaintext
          > https://assignment-func.azurewebsites.net/api/KeyVaultSecret?name={secret_name}
          > ```

        - If the function is triggered with a secret name of an existing
          secret that was created in the previous step (for example:
          `VaronisAssignmentSecret`)
          It should read that key vault secret and print the following
          properties:
          + Name of the Key Vault.
          + Name of the Key Vault secret.
          + The Creation date of the secret.
          + The secret value.
        - If the secret does not exist, the function will not expose any
          information but will return a generic error.
        - Add a screen shot of the function execution, or better,
          provide a URL to trigger the function.
        - Try to write production level code, we want to see how you
          code in real life.
  + Assignment 3: Create Azure Infrastructure resources via Terraform
    - Use Terraform to deploy all the infrastructure resources described
      in the below diagram, note the following guidelines:
      + In two different regions, deploy
        - 2 x Azure VMs
        - 1 x Azure Load Balancer
        - \+ all the required network resources (vNet, Subnets, NICs etc.)
      + The load balancers should be connected to the VMs in each region.
      + Deploy a single Azure Traffic Manager (no matter which region)
        that will use the load balancers as endpoints.
      + Connections towards the Traffic Manager FQDN should be routed to
        the region that is closer to the end user.
      + Consider needed security controls, such as NSGs, Firewalls,
        application gateways if applicable.
      + Feel free to use whichever OS or port configuration you desire,
        the focus is on the infrastructure components, no application
        needed to be configured on the VMs.
      + In addition, create a dedicate Azure Storage account in each
        region, and ensure that only the VMs has access to it – there
        are several ways to achieve that, think about the most efficient
        one.

      ```mermaid
      flowchart BT
        atm["Azure Traffic Manager"]
        subgraph eus["East US region"]
            direction BT
            subgraph "eus-deployment" ["East us vNet"]
                alb-eus["Azure Load Balancer<br/>Public IP/FQDN"]
                vm1-eus["Azure VM 01"]
                vm2-eus["Azure VM 02"]
            end
        end
        subgraph neu["Noth Europe region"]
            direction BT
            subgraph "neu-deployment" ["Noth Europe vNet"]
                alb-neu["Azure Load Balancer<br/>Public IP/FQDN"]
                vm1-neu["Azure VM 01"]
                vm2-neu["Azure VM 02"]
            end
        end

        atm --- alb-neu & alb-eus
        alb-eus --> vm1-eus & vm2-eus
        alb-neu --> vm1-neu & vm2-neu
      ```