Initial commit

.editorconfig

@@ -0,0 +1,2 @@
+[*]
+max-line-length = 120

.flake8

@@ -0,0 +1,2 @@
+[flake8]
+max-line-length = 120

.gitignore

@@ -0,0 +1,66 @@
+*.py[cod]
+
+# C extensions
+*.so
+
+# Packages
+*.egg
+*.egg-info
+dist
+build
+eggs
+.eggs
+parts
+bin
+var
+sdist
+wheelhouse
+develop-eggs
+.installed.cfg
+lib
+lib64
+venv*/
+.venv*/
+pyvenv*/
+
+# Installer logs
+pip-log.txt
+
+# Unit test / coverage reports
+.coverage
+.tox
+.coverage.*
+nosetests.xml
+coverage.xml
+htmlcov
+
+# Translations
+*.mo
+
+# Mr Developer
+.mr.developer.cfg
+.project
+.pydevproject
+.idea
+.vscode
+*.iml
+*.komodoproject
+
+# Complexity
+output/*.html
+output/*/index.html
+
+# Sphinx
+docs/_build
+
+.DS_Store
+*~
+.*.sw[po]
+.build
+.ve
+.env
+.cache
+.pytest
+.bootstrap
+.appveyor.token
+*.bak

Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.7
+
+WORKDIR /app
+
+COPY requirements.txt /app
+
+RUN pip install -r requirements.txt
+
+COPY . /app
+
+ENTRYPOINT ["uwsgi", "--ini", "uwsgi.ini"]

README.md

@@ -0,0 +1,23 @@
+# azure-ad-monitor
+
+This is a utility intended to export some custom Azure Active Directory information out as Prometheus Metrics.
+
+It currently only supports exposing Azure AD Application Secret expiry times.
+
+## Why
+
+Azure AD is a wonderful tool for setting up Single Sign On applications. These applications are secured with client secrets can be configured to expire after 1 year, 2 years or never. Ideally short lived credentials with a regular rotation capacity is best but there is no alerting mechanism.
+
+The goal of this project is to provide a Prometheus metric in order to allow long term tracking, dashboarding and alerting of these credential expiry times and hopefully prevent future production incidents.
+
+## Development
+
+This project uses Python [Poetry](https://python-poetry.org/) for local installation.
+
+`poetry install`
+
+## TODO
+
+- [ ] Kubernetes YAML in `deploy` to deploy the service
+- [ ] Kubernetes YAML for Prometheus Operator rules / alerts
+- [ ] Some tests