Azure Function for Storage Account HTTPs Only Policy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.IO; | |
using System.Linq; | |
using System.Threading.Tasks; | |
using Microsoft.AspNetCore.Mvc; | |
using Microsoft.Azure.WebJobs; | |
using Microsoft.Azure.WebJobs.Extensions.Http; | |
using Microsoft.AspNetCore.Http; | |
using Microsoft.Azure.Management.Fluent; | |
using Microsoft.Azure.Management.ResourceManager.Fluent; | |
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication; | |
using Microsoft.Azure.Management.ResourceManager.Fluent.Core; | |
using Microsoft.Azure.Services.AppAuthentication; | |
using Microsoft.Extensions.Logging; | |
using Microsoft.Rest; | |
using Newtonsoft.Json; | |
namespace SubscriptionMonitoringFunctions | |
{ | |
public static class StorageHttpsPolicyFunction | |
{ | |
[FunctionName("StorageHttpsOnlyPolicy")] | |
public static async Task<IActionResult> Run( | |
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, | |
ILogger log) | |
{ | |
string requestData = string.Empty; | |
Rootobject rootData = null; | |
string subscriptionId = string.Empty; | |
string storageAccountName = string.Empty; | |
string resourceId = string.Empty; | |
string outputStatus = string.Empty; | |
try | |
{ | |
log.LogInformation("StorageHttpsPolicy: Begin to read activity log"); | |
outputStatus += $"\n StorageHttpsPolicy: Begin to read activity log"; | |
requestData = await new StreamReader(req.Body).ReadToEndAsync(); | |
rootData = JsonConvert.DeserializeObject<Rootobject>(requestData); | |
if (rootData.data.context.activityLog.resourceType.Contains("storageAccounts")) | |
{ | |
subscriptionId = rootData.data.context.activityLog.subscriptionId; | |
log.LogInformation($"StorageHttpsPolicy: Found Subscription Id {subscriptionId}"); | |
outputStatus += $"\n StorageHttpsPolicy: Found Subscription Id {subscriptionId}"; | |
resourceId = rootData.data.context.activityLog.resourceId; | |
log.LogInformation($"StorageHttpsPolicy: Found Resource Id {resourceId}"); | |
outputStatus += $"\n StorageHttpsPolicy: Found Resource Id {resourceId}"; | |
storageAccountName = rootData.data.context.activityLog.resourceId.Substring(resourceId.LastIndexOf("storageAccounts") + 16).Split("/")[0]; | |
log.LogInformation($"StorageHttpsPolicy: Found Storage Account: {storageAccountName}"); | |
outputStatus += $"\n StorageHttpsPolicy: Found Storage Account: {storageAccountName}"; | |
var token = Authenticate().Result; | |
var credentials = new AzureCredentials(new TokenCredentials(token), new TokenCredentials(token), string.Empty, AzureEnvironment.AzureGlobalCloud); | |
var azure = Azure.Configure().WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic).Authenticate(credentials).WithSubscription(subscriptionId); | |
var storageAccounts = azure.StorageAccounts.List(); | |
var storageAccount = storageAccounts.FirstOrDefault(x => x.Name == storageAccountName); | |
storageAccount?.Update().WithOnlyHttpsTraffic().Apply(); | |
log.LogInformation("StorageHttpsPolicy: Policy application successful"); | |
outputStatus += $"\n StorageHttpsPolicy: Policy application successful"; | |
} | |
else | |
{ | |
outputStatus += $"\n StorageHttpsPolicy: Couldn't find Storage Account"; | |
} | |
} | |
catch (Exception x) | |
{ | |
log.LogInformation("StorageHttpsPolicy: Policy application failed"); | |
outputStatus += $"\n StorageHttpsPolicy: Policy application failed with {x.Message}"; | |
log.LogInformation(x.Message); | |
} | |
return outputStatus != null | |
? (ActionResult)new OkObjectResult(outputStatus) | |
: new BadRequestObjectResult("Error in execution of this policy"); | |
} | |
public static async Task<string> Authenticate() | |
{ | |
var azureServiceTokenProvider = new AzureServiceTokenProvider(); | |
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com").ConfigureAwait(false); | |
return accessToken; | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment