Metadata-Version: 2.1
Name: ops-py-azure-key-vault-alert
Version: 1.0.11
Summary: Post Key Vault Secrets report to webhook
License: MIT License
        
        Copyright (c) 2023 Equinor
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Description-Content-Type: text/markdown
Requires-Dist: certifi==2023.11.17
Requires-Dist: charset-normalizer==3.3.2
Requires-Dist: idna==3.6
Requires-Dist: ops-py-azure-key-vault-report==1.0.5
Requires-Dist: ops-py-message-handler==0.0.3
Requires-Dist: pip==23.3.1
Requires-Dist: requests==2.31.0
Requires-Dist: setuptools==69.0.2
Requires-Dist: urllib3==2.1.0
Requires-Dist: wheel==0.42.0

# azure-key-vault-alert
[pip package](https://pypi.org/project/ops-py-azure-key-vault-alert)

---

## Description
Generates a **Key Vault Secret** status report using 
[ops-py-azure-key-vault-report](https://pypi.org/project/ops-py-azure-key-vault-report)
for one more **Key Vaults**.

Each report is posted continuously to **Slack** using
[ops-py-message-handler](https://pypi.org/project/ops-py-message-handler/)

When done, an optional final notify is sent to **Slack** using an additional webhook.

## Installation
`pip install ops-py-azure-key-vault-alert`

---

## Usage
Export the **WEBHOOK_REPORT** Environment Variables:
  - `WEBHOOK_REPORT`  
    Each report is posted to the value of this webhook. E.g.:  
    `export WEBHOOK_REPORT="https://hooks.slack.com/workflows/T02XYZ..."`


  - `WEBHOOK_NOTIFY`  
    When all the reports have been posted, an additional POST is performed to the value of this webhook. E.g.:  
    `export WEBHOOK_NOTIFY="https://hooks.slack.com/workflows/T02ZYX..."`


Provide the list of key vaults to generate reports for after the `-v` / `--vaults`'  
command line argument (space separated) when **executing the code**. E.g.:   
`python3 azure_key_vault_alert -v kv-prod kv-dev kv-qa`

**Other valid arguments:**   
`--expire_threshold`     
If this argument is provided and followed by a int value (int),
the record will only be reported if days to the record's Expiration Date is below the threshold.

`--include_no_expiration`   
If this argument is provided, the report will also include the records which has no Expiration Date set.

`--include_all`  
If this argument is provided, the report will include all the records (verbose).

`--teams_output`  
If this argument is provided, a MS Teams json object of the report will be generated and used as the payload.

---

### Example on how to use this package in a GitHub Action Workflow:
**NOTE:** Use the predefined shared [azure-key-vault-alert](..%2F..%2F..%2Fdocs%2Fworkflows%2Fazure-key-vault-alert.md) workflow instead.

**Bash script**  
Create shell script which then is called by the pipeline, e.g. `key_vault_alert.sh` with the following content:
```
#!/bin/bash

BASEDIR=$(dirname "$0")

# To ensure that we are in the same directory as where this script is located
cd $BASEDIR

# Create a new empty Python virtual environment
python3 -m venv .venv

# Activate the newly created Python virtual environment
source .venv/bin/activate

# Only install the python packages specified in the requirements.txt files
pip install -r requirements.txt

# Executes ops-py-azure-key-vault-alert. Arguments are passed from this bash script to the python script
python3 -m azure_key_vault_alert.azure_key_vault_alert "$@"
```
Make sure to make the script executable before checking it in: `chmod +x key_vault_alert.sh`

**PIP requirements.txt file**  
Make sure to generate a `requirements.txt` file and check in:
```
python3 -m venv .venv
source .venv/bin/activate
pip install --upgrade pip ops-py-azure-key-vault-alert
pip list --format=freeze > requirements.txt
git add requirements.txt 
```
More info about [Python virtual environment](https://github.com/equinor/ops-py/tree/main/tools)


**Pipeline steps**

- **Login to Azure CLI**  
  Make sure this step is done before calling the `azure-key-vault-alert`. Also make sure the client id has the privileges to list the desired Key Vault Secrets.  
  Example code of this step:
  ```
  - name: "Azure login"
    uses: azure/login@v1
    with:
      client-id: ${{ env.SERVICE_PRINCIPAL_CLIENT_ID }}
      subscription-id: ${{ env.SUBSCRIPTION_ID }}
      tenant-id: ${{ env.TENANT_ID }}
      enable-AzPSSession: true
  ```

- Execute the `key_vault_alert.sh` script:
  ```
  - name: Key Vault Secrets report to Slack
    run: ./key_vault_alert.sh -v kv-dev kv-qa
  ```
  Specify the list of desired key vault names after the `-v` argument. The key vault names must be separated by space.
