Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/seanson/azure-ad-monitor

A utility for exposing Azure AD metrics to Prometheus
https://github.com/seanson/azure-ad-monitor

Last synced: about 23 hours ago
JSON representation

A utility for exposing Azure AD metrics to Prometheus

Host: GitHub
URL: https://github.com/seanson/azure-ad-monitor
Owner: seanson
Created: 2020-02-24T12:31:46.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-07-06T05:41:12.000Z (4 months ago)
Last Synced: 2024-07-06T06:40:19.018Z (4 months ago)
Language: Python
Size: 520 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 6
Metadata Files:
- Readme: README.md
- Security: SECURITY.md

Awesome Lists containing this project

README

# azure-ad-monitor

![azure searching logo](./logo.png)

This is a utility intended to export some custom Azure Active Directory information out as Prometheus Metrics.

It currently only supports exposing Azure AD Application Secret expiry times.

## Why

Azure AD is a wonderful tool for setting up Single Sign On applications. These applications are secured with client secrets can be configured to expire after 1 year, 2 years or never. Ideally short lived credentials with a regular rotation capacity is best but there is no alerting mechanism.

The goal of this project is to provide a Prometheus metric in order to allow long term tracking, dashboarding and alerting of these credential expiry times and hopefully prevent future production incidents.

## Usage

### Running

This requires the following environment variables set:

- `TENANT_ID`: Global tenant ID for AD
- `CLIENT_ID`: The client ID for the configured App Registration
- `CLIENT_SECRET`: The client secret for the configured App Registration

The full list of applications will be queried every 10 minutes.

### Azure Permissions

This requires a Service Priniciple on Azure with the following permissions:

- Microsoft Graph `Application.Read.All`

## Development

This project uses Python [Poetry](https://python-poetry.org/) for local installation.

`poetry install`

If the above environment variables are not configured this will fall back to using your credentials from `az login`.

## TODO

- [ ] Kubernetes YAML in `deploy` to deploy the service
- [ ] Kubernetes YAML for Prometheus Operator rules / alerts
- [ ] Hashicorp Vault support
- [ ] Some tests