Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Custom Extension Instance Configuration #1184

Merged
merged 39 commits into from
Sep 24, 2021
Merged

Custom Extension Instance Configuration #1184

merged 39 commits into from
Sep 24, 2021

Conversation

nharper285
Copy link
Contributor

@nharper285 nharper285 commented Aug 25, 2021
edited
Loading

Summary of the Pull Request

What is this about?
This is the final 'draft' of the Custom Extension work that we have undertaken to enable Microsoft Security Monitoring extensions for OneFuzz virtual assets. The Azure Keyvault extension has also been enabled, as it is a pre-req for the security monitoring extensions. This work leverages the InstanceConfiguration infrastructure developed by MSR.

PR Checklist

  • Applies to work item: Leverage InstanceConfiguration for Custom Extensions #1187
  • CLA signed. If not, go over here and sign the CLI.
  • Tests added/passed
  • Requires documentation to be updated
  • I've discussed this with core contributors already. If not checked, I'm ready to accept this work might be rejected in favor of a different grand plan. Issue number where discussion took place: #xxx

Info on Pull Request

What does this include?
These pull request includes changes to:

  • extensions.py - InstanceConfig is now fetched into the generic_extension.py function that collects the extensions deployed to virtual assets. The function now checks for the presence of the security monitoring extensions (geneva, azure monitor, azure security, keyvault) and constructs the json configuration based off the InstanceConfig extension values.
  • models.py - Several new models have been added that represent the new extensions, as well as, a new generic extension class AzureVmExtensionConfig that can be used for future extension implementation.

Validation Steps Performed

How does someone test & validate?
I have fully tested this functionality by deploying a local build, configuring a valid InstanceConfig, and deploying VMSS. I have confirmed that azure monitor events show up in geneva.

@ranweiler ranweiler linked an issue Aug 26, 2021 that may be closed by this pull request
Leverage InstanceConfiguration for Custom Extensions #1187
Closed
@bmc-msft
Copy link
Contributor

Can you confirm that the azsec extension is working correctly?

@nharper285
Copy link
Contributor Author

Can you confirm that the azsec extension is working correctly?

I have an experiment running now that will confirm this!

@nharper285
Copy link
Contributor Author

nharper285 commented Sep 14, 2021
edited
Loading

@bmc-msft, I can finally confirm that changes work :) Data took longer than expected to propagate to s360.

@nharper285
Copy link
Contributor Author

@bmc-msft, I've reverted the changes.

@bmc-msft bmc-msft merged commit 599c400 into microsoft:main Sep 24, 2021
@ranweiler ranweiler mentioned this pull request Oct 6, 2021
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Nov 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@bmc-msft bmc-msft bmc-msft approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Leverage InstanceConfiguration for Custom Extensions
3 participants
@nharper285 @bmc-msft @nharper32