Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Azure Function for Storage Account HTTPs Only Policy
using System;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Extensions.Logging;
using Microsoft.Rest;
using Newtonsoft.Json;
namespace SubscriptionMonitoringFunctions
{
public static class StorageHttpsPolicyFunction
{
[FunctionName("StorageHttpsOnlyPolicy")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
string requestData = string.Empty;
Rootobject rootData = null;
string subscriptionId = string.Empty;
string storageAccountName = string.Empty;
string resourceId = string.Empty;
string outputStatus = string.Empty;
try
{
log.LogInformation("StorageHttpsPolicy: Begin to read activity log");
outputStatus += $"\n StorageHttpsPolicy: Begin to read activity log";
requestData = await new StreamReader(req.Body).ReadToEndAsync();
rootData = JsonConvert.DeserializeObject<Rootobject>(requestData);
if (rootData.data.context.activityLog.resourceType.Contains("storageAccounts"))
{
subscriptionId = rootData.data.context.activityLog.subscriptionId;
log.LogInformation($"StorageHttpsPolicy: Found Subscription Id {subscriptionId}");
outputStatus += $"\n StorageHttpsPolicy: Found Subscription Id {subscriptionId}";
resourceId = rootData.data.context.activityLog.resourceId;
log.LogInformation($"StorageHttpsPolicy: Found Resource Id {resourceId}");
outputStatus += $"\n StorageHttpsPolicy: Found Resource Id {resourceId}";
storageAccountName = rootData.data.context.activityLog.resourceId.Substring(resourceId.LastIndexOf("storageAccounts") + 16).Split("/")[0];
log.LogInformation($"StorageHttpsPolicy: Found Storage Account: {storageAccountName}");
outputStatus += $"\n StorageHttpsPolicy: Found Storage Account: {storageAccountName}";
var token = Authenticate().Result;
var credentials = new AzureCredentials(new TokenCredentials(token), new TokenCredentials(token), string.Empty, AzureEnvironment.AzureGlobalCloud);
var azure = Azure.Configure().WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic).Authenticate(credentials).WithSubscription(subscriptionId);
var storageAccounts = azure.StorageAccounts.List();
var storageAccount = storageAccounts.FirstOrDefault(x => x.Name == storageAccountName);
storageAccount?.Update().WithOnlyHttpsTraffic().Apply();
log.LogInformation("StorageHttpsPolicy: Policy application successful");
outputStatus += $"\n StorageHttpsPolicy: Policy application successful";
}
else
{
outputStatus += $"\n StorageHttpsPolicy: Couldn't find Storage Account";
}
}
catch (Exception x)
{
log.LogInformation("StorageHttpsPolicy: Policy application failed");
outputStatus += $"\n StorageHttpsPolicy: Policy application failed with {x.Message}";
log.LogInformation(x.Message);
}
return outputStatus != null
? (ActionResult)new OkObjectResult(outputStatus)
: new BadRequestObjectResult("Error in execution of this policy");
}
public static async Task<string> Authenticate()
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://management.azure.com").ConfigureAwait(false);
return accessToken;
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.