ehrnst

apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo-canary
spec:
  replicas: 1
  selector:
    matchLabels:
      app: echo
      version: canary

ehrnst

param devPrometheusWorkspaceId string
param prodPrometheusWorkspaceId string
param resourceLocation string = resourceGroup().location
param tags object

var nodeRecordingRuleGroupDescription = 'Node Exporter recording rules for Prometheus '
var version = '1.0'

resource nodeRecordingRuleGroupDev 'Microsoft.AlertsManagement/prometheusRuleGroups@2023-03-01' = {
  name: 'NodeRecordingRulesRuleGroup-linux-dev'

ehrnst

param(
    [Parameter(HelpMessage="The Azure DevOps organization.")]
    [string]$adoOrg = "Adatum",

    [Parameter(Mandatory=$true, HelpMessage="The Azure DevOps team project.")]
    [string]$adoTeamProject,

    [Parameter(Mandatory=$true, HelpMessage="The Azure DevOps repository.")]
    [string]$adoRepo,

ehrnst

<#
.SYNOPSIS
This script retrieves Azure Active Directory (AD) applications with expired secrets and checks their sign-in logs.

.DESCRIPTION
The script first retrieves all Azure AD applications using the Get-AzADApplication cmdlet. It then filters these applications to only include those where the password credential has expired more than 30 days ago and where there is only one password credential.
For each of these applications, the script retrieves the AppId and constructs three queries to check the sign-in logs for the last 30 days. The queries are for service principal sign-ins, non-interactive user sign-ins, and interactive sign-ins.
The script then executes these queries using the Invoke-AzOperationalInsightsQuery cmdlet and stores the results in three separate variables: $servicePrincipalSignins, $nonInteractiveSignins, and $interactiveSignins.

Finally, the script outputs the results of these queries.

ehrnst

# slack test

$slackKey = Get-AzKeyVaultsecret -VaultName "" -Name "" -AsPlainText
$azOpenAiKey = Get-AzKeyVaultsecret -VaultName "" -Name "" -AsPlainText
$slackChannelId = "" 
$slackThreadId = "" 
$openAiUrl = ""
$slackUrl = "https://slack.com/api/conversations.replies?channel=$slackChannelId&ts=$slackThreadId&pretty=1"
$slackHeaders= @{
    "Authorization" = "Bearer $slackKey"

ehrnst

# creates an appregistration in Azure AD and connects it with a github repo
# use as an example only

[CmdletBinding()]
param (
    [Parameter(Mandatory)]
    [string]
    $gitHubRepoName,
    [Parameter(Mandatory)]
    [string]

ehrnst

param storageAccountName string

resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@2021-09-01' = {
    name: '${storageAccountName}/default/mycontainer'
}
  

ehrnst

// get latest resource changes based on resource group tag
resourcechanges
| join kind= inner (
resourcecontainers
| where type =~ 'microsoft.resources/subscriptions/resourcegroups'
	| where isnotempty(tags)
	| where tags['key'] =~ 'value'
    | project subscriptionId, resourceGroup)
on subscriptionId, resourceGroup
| extend changeTime = todatetime(properties.changeAttributes.timestamp),

ehrnst

$version = get-date -Format yyyy-MM-dd
$commit = "$ENV:BUILD_SOURCEVERSION"

# get the latest files changed
$files = $(git diff HEAD HEAD~ --name-only -- *.bicep modules/)
if ($files.count -ge 1) {
  # copy files to staging
  copy-item $files -Destination $ENV:BUILD_ARTIFACTSTAGINGDIRECTORY

  # set a variable and build number

ehrnst

## connect to storage using SAS

$storageName = ""
$sasToken = ""
$container = ""

$ctx = New-AzureStorageContext -StorageAccountName $storageName -SasToken $sasToken
# get all the blobs
$blobs = Get-AzureStorageBlob -Container $container -Context $ctx