Marvin Buss marvinbuss
marvinbuss
/ k8sloadbalancersourceranges.yaml
Last active
April 16, 2023 18:41
Gatekeeper Policy to deny source ranges in Azure Kubernetes Service LoadBalancer Service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: templates.gatekeeper.sh/v1beta1 | |
| kind: ConstraintTemplate | |
| metadata: | |
| name: k8sloadbalancersourceranges | |
| annotations: | |
| metadata.gatekeeper.sh/title: "Load Balancer Source Ranges" | |
| metadata.gatekeeper.sh/version: 1.0.0 | |
| description: >- | |
| Restricts Service load balancer source ranges to an allowed list of IP addresses. | |
| spec: |
marvinbuss
/ Deny-Kubernetes-LoadBalancerSourceRanges.json
Last active
April 16, 2023 18:40
Azure Policy to deny source ranges in Azure Kubernetes Service LoadBalancer Service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "Microsoft.Authorization/policyDefinitions", | |
| "name": "Deny-Kubernetes-LoadBalancerSourceRanges", | |
| "properties": { | |
| "displayName": "Kubernetes cluster services of type load balancer should only use allowed IPs", | |
| "policyType": "Custom", | |
| "mode": "Microsoft.Kubernetes.Data", | |
| "description": "Use allowed load balancer IPs to avoid access from non-approved IPs in a Kubernetes cluster. For more information, see https://aka.ms/kubepolicydoc.", | |
| "metadata": { | |
| "version": "1.0.0", |
marvinbuss
/ Deny-OpenAI-Deployments.json
Created
April 16, 2023 18:39
Azure Policy to limit models being deployed with Azure Open AI.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "Microsoft.Authorization/policyDefinitions", | |
| "name": "Deny-OpenAI-Deployments", | |
| "properties": { | |
| "displayName": "Allowed Open AI models should be limited", | |
| "policyType": "Custom", | |
| "mode": "All", | |
| "description": "Models deployed in Open AI should be limited.", | |
| "metadata": { | |
| "version": "1.0.0", |
marvinbuss
/ keyVaultKey.json
Created
April 21, 2023 13:44
ARM template to create a Key Vault Key with key rotation and expiry time.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", | |
| "contentVersion": "1.0.0.0", | |
| "parameters": { | |
| "keyVaultKeyName": { | |
| "type": "String", | |
| "defaultValue": "mabusscmk004", | |
| "metadata": { | |
| "description": "Specifies the name of the key vault key." | |
| } |
marvinbuss
/ k8sloadbalancerconstraints.yml
Last active
April 24, 2023 09:34
Gatekeeper Policy to only allow load balancer services that are internal or external with IP constraints
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: templates.gatekeeper.sh/v1beta1 | |
| kind: ConstraintTemplate | |
| metadata: | |
| name: k8sloadbalancerconstraints | |
| annotations: | |
| metadata.gatekeeper.sh/title: "Load Balancer Constraints" | |
| metadata.gatekeeper.sh/version: 1.0.0 | |
| description: >- | |
| Restricts Service load balancer to internal or external with IP constraints. | |
| spec: |
marvinbuss
/ Deny-Kubernetes-LoadBalancerConstraints.json
Created
April 24, 2023 09:40
Azure Policy to only allow Kubernetes load balancer services that are internal or external with IP constraints
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "type": "Microsoft.Authorization/policyDefinitions", | |
| "name": "Deny-Kubernetes-LoadBalancerConstraints", | |
| "properties": { | |
| "displayName": "Kubernetes clusters should use internal load balancers or external load balancers with IP constraints", | |
| "policyType": "Custom", | |
| "mode": "Microsoft.Kubernetes.Data", | |
| "description": "Use internal load balancers to make a Kubernetes service accessible only to applications running in the same virtual network as the Kubernetes cluster. Also allow external services of type Load Balancer but ensure that IP constraints are in place. For more information, see https://aka.ms/kubepolicydoc.", | |
| "metadata": { | |
| "version": "1.0.0", |
marvinbuss
/ storage_policy_validation.py
Last active
April 25, 2023 17:41
Python script to validate the blobServices policies of a storage account.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from azure.identity import DefaultAzureCredential | |
| from azure.mgmt.storage import StorageManagementClient | |
| from azure.mgmt.storage.models import BlobServiceProperties, CorsRules, CorsRule, DeleteRetentionPolicy | |
| # Define Azure parameters | |
| subscription_id = "<your-subscription-id>" | |
| storage_resource_group_name = "<your-resource-group-name>" | |
| storage_account_name = "<your-storage-account-name>" | |
| # Create client |
marvinbuss
/ keyvault_policy_validation.py
Created
April 26, 2023 10:04
Python script to validate the Key Vault key policies.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from azure.identity import DefaultAzureCredential | |
| from azure.mgmt.keyvault import KeyVaultManagementClient | |
| from azure.mgmt.keyvault.models import KeyCreateParameters, KeyProperties, KeyAttributes, RotationPolicy, KeyRotationPolicyAttributes, LifetimeAction, Action, Trigger, KeyRotationPolicyActionType | |
| # Define Azure parameters | |
| subscription_id = "<your-subscription-id>" | |
| resource_group_name = "<your-resource-group-name>" | |
| keyvault_name = "<your-keyvault-name>" | |
| keyvault_key_name = "<your-keyvault-key-name>" |
marvinbuss
/ storage.tf
Created
April 28, 2023 14:12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # resource "azurerm_storage_account" "storage" { | |
| # name = replace("${local.prefix}-stg001", "-", "") | |
| # location = var.location | |
| # resource_group_name = azurerm_resource_group.app_rg.name | |
| # tags = var.tags | |
| # identity { | |
| # type = "UserAssigned" | |
| # identity_ids = [ | |
| # azurerm_user_assigned_identity.user_assigned_identity.id | |
| # ] |
marvinbuss
/ audio_test.py
Created
October 16, 2025 11:38
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import asyncio | |
| import time | |
| import wave | |
| import base64 | |
| import sys | |
| import logging | |
| from typing import Tuple, Any, ClassVar, Final, cast | |
| from datetime import datetime | |
| from dotenv import load_dotenv | |
| from semantic_kernel import Kernel |