Marvin Buss marvinbuss

## audio_test.py
import asyncio
import time
import wave
import base64
import sys
import logging
from typing import Tuple, Any, ClassVar, Final, cast
from datetime import datetime
from dotenv import load_dotenv
from semantic_kernel import Kernel

## storage.tf
# resource "azurerm_storage_account" "storage" {
#   name                = replace("${local.prefix}-stg001", "-", "")
#   location            = var.location
#   resource_group_name = azurerm_resource_group.app_rg.name
#   tags                = var.tags
#   identity {
#     type = "UserAssigned"
#     identity_ids = [
#       azurerm_user_assigned_identity.user_assigned_identity.id
#     ]

## keyvault_policy_validation.py
from azure.identity import DefaultAzureCredential
from azure.mgmt.keyvault import KeyVaultManagementClient
from azure.mgmt.keyvault.models import KeyCreateParameters, KeyProperties, KeyAttributes, RotationPolicy, KeyRotationPolicyAttributes, LifetimeAction, Action, Trigger, KeyRotationPolicyActionType

# Define Azure parameters
subscription_id = "<your-subscription-id>"
resource_group_name = "<your-resource-group-name>"
keyvault_name = "<your-keyvault-name>"
keyvault_key_name = "<your-keyvault-key-name>"

## storage_policy_validation.py
from azure.identity import DefaultAzureCredential
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import BlobServiceProperties, CorsRules, CorsRule, DeleteRetentionPolicy

# Define Azure parameters
subscription_id = "<your-subscription-id>"
storage_resource_group_name = "<your-resource-group-name>"
storage_account_name = "<your-storage-account-name>"

# Create client

## Deny-Kubernetes-LoadBalancerConstraints.json
{
    "type": "Microsoft.Authorization/policyDefinitions",
    "name": "Deny-Kubernetes-LoadBalancerConstraints",
    "properties": {
      "displayName": "Kubernetes clusters should use internal load balancers or external load balancers with IP constraints",
      "policyType": "Custom",
      "mode": "Microsoft.Kubernetes.Data",
      "description": "Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. Also allow external services of type Load Balancer but ensure that IP constraints are in place. For more information, see https://aka.ms/kubepolicydoc.",
      "metadata": {
        "version": "1.0.0",

## k8sloadbalancerconstraints.yml
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8sloadbalancerconstraints
  annotations:
    metadata.gatekeeper.sh/title: "Load Balancer Constraints"
    metadata.gatekeeper.sh/version: 1.0.0
    description: >-
      Restricts Service load balancer to internal or external with IP constraints.
spec:

## keyVaultKey.json
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "keyVaultKeyName": {
      "type": "String",
      "defaultValue": "mabusscmk004",
      "metadata": {
        "description": "Specifies the name of the key vault key."
      }

## Deny-OpenAI-Deployments.json
{
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "Deny-OpenAI-Deployments",
  "properties": {
    "displayName": "Allowed Open AI models should be limited",
    "policyType": "Custom",
    "mode": "All",
    "description": "Models deployed in Open AI should be limited.",
    "metadata": {
      "version": "1.0.0",

## Deny-Kubernetes-LoadBalancerSourceRanges.json
{
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "Deny-Kubernetes-LoadBalancerSourceRanges",
  "properties": {
    "displayName": "Kubernetes cluster services of type load balancer should only use allowed IPs",
    "policyType": "Custom",
    "mode": "Microsoft.Kubernetes.Data",
    "description": "Use allowed load balancer IPs to avoid access from non-approved IPs in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc.",
    "metadata": {
      "version": "1.0.0",

## k8sloadbalancersourceranges.yaml
apiVersion: templates.gatekeeper.sh/v1beta1
kind: ConstraintTemplate
metadata:
  name: k8sloadbalancersourceranges
  annotations:
    metadata.gatekeeper.sh/title: "Load Balancer Source Ranges"
    metadata.gatekeeper.sh/version: 1.0.0
    description: >-
      Restricts Service load balancer source ranges to an allowed list of IP addresses.
spec:
	import asyncio
	import time
	import wave
	import base64
	import sys
	import logging
	from typing import Tuple, Any, ClassVar, Final, cast
	from datetime import datetime
	from dotenv import load_dotenv
	from semantic_kernel import Kernel
	# resource "azurerm_storage_account" "storage" {
	# name = replace("${local.prefix}-stg001", "-", "")
	# location = var.location
	# resource_group_name = azurerm_resource_group.app_rg.name
	# tags = var.tags
	# identity {
	# type = "UserAssigned"
	# identity_ids = [
	# azurerm_user_assigned_identity.user_assigned_identity.id
	# ]
	from azure.identity import DefaultAzureCredential
	from azure.mgmt.keyvault import KeyVaultManagementClient
	from azure.mgmt.keyvault.models import KeyCreateParameters, KeyProperties, KeyAttributes, RotationPolicy, KeyRotationPolicyAttributes, LifetimeAction, Action, Trigger, KeyRotationPolicyActionType

	# Define Azure parameters
	subscription_id = "<your-subscription-id>"
	resource_group_name = "<your-resource-group-name>"
	keyvault_name = "<your-keyvault-name>"
	keyvault_key_name = "<your-keyvault-key-name>"
	from azure.identity import DefaultAzureCredential
	from azure.mgmt.storage import StorageManagementClient
	from azure.mgmt.storage.models import BlobServiceProperties, CorsRules, CorsRule, DeleteRetentionPolicy

	# Define Azure parameters
	subscription_id = "<your-subscription-id>"
	storage_resource_group_name = "<your-resource-group-name>"
	storage_account_name = "<your-storage-account-name>"

	# Create client
	{
	"type": "Microsoft.Authorization/policyDefinitions",
	"name": "Deny-Kubernetes-LoadBalancerConstraints",
	"properties": {
	"displayName": "Kubernetes clusters should use internal load balancers or external load balancers with IP constraints",
	"policyType": "Custom",
	"mode": "Microsoft.Kubernetes.Data",
	"description": "Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. Also allow external services of type Load Balancer but ensure that IP constraints are in place. For more information, see https://aka.ms/kubepolicydoc.",
	"metadata": {
	"version": "1.0.0",
	apiVersion: templates.gatekeeper.sh/v1beta1
	kind: ConstraintTemplate
	metadata:
	name: k8sloadbalancerconstraints
	annotations:
	metadata.gatekeeper.sh/title: "Load Balancer Constraints"
	metadata.gatekeeper.sh/version: 1.0.0
	description: >-
	Restricts Service load balancer to internal or external with IP constraints.
	spec:
	{
	"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
	"contentVersion": "1.0.0.0",
	"parameters": {
	"keyVaultKeyName": {
	"type": "String",
	"defaultValue": "mabusscmk004",
	"metadata": {
	"description": "Specifies the name of the key vault key."
	}
	{
	"type": "Microsoft.Authorization/policyDefinitions",
	"name": "Deny-OpenAI-Deployments",
	"properties": {
	"displayName": "Allowed Open AI models should be limited",
	"policyType": "Custom",
	"mode": "All",
	"description": "Models deployed in Open AI should be limited.",
	"metadata": {
	"version": "1.0.0",
	{
	"type": "Microsoft.Authorization/policyDefinitions",
	"name": "Deny-Kubernetes-LoadBalancerSourceRanges",
	"properties": {
	"displayName": "Kubernetes cluster services of type load balancer should only use allowed IPs",
	"policyType": "Custom",
	"mode": "Microsoft.Kubernetes.Data",
	"description": "Use allowed load balancer IPs to avoid access from non-approved IPs in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc.",
	"metadata": {
	"version": "1.0.0",