Storage should be expanded with an endpoint that can handle defender scan results report. Defender can be configured to publish scan results on an EventGrid topic. Storage should consume the reports and update correct DataElement with the scan results.
We need a new controller with a new POST endpoint as an event receiver. The endpoint should be secured with an AccessKey. This will also require more Azure resources defined in terraform. "The event topic must be a custom topic in the same region as the storage account". The Storage application must also have a defined event subscription, possibly for every storage account unless we find a way to publish all reports to the same topic.
We need to analyze what we need to include in the report so that Storage can find correct DataElement. The report need to contain app id, instance id and data id as well as the scan result. Some of that might be unknown for defender and would need to be included in the event subscription for each storage account if possible
Additional Information
This issue is part of a change where the goal is to discontinue the file scan application and the use of Clam AV. Defender is already active, but the reports aren't being used for anything.
Most of the required setup, wiring and authorization has already been done once in the Notifications Email application.
Take a look at the DeliveryReportController implementation. It must be adapted for Defender, but the framework should be usable.
Take a look at terraform resource definitions, but note that we want to change how AccessKey is included in a request.
Tasks
[ ] Create a new controller: DefenderScanReportController
[ ] Add an endpoint to handle defender reports: storage/api/v1/defender/reports
[ ] Update correct DataElement with correct status (Clean/Infected) using existing Service and Repository logic if possible.
[ ] Create a new AccessKeyAttribute class to authorize requests. Inspired by the same class in the notifications-email project, but using header instead of query parameter.
[ ] Add Configuration settings for the shared secret: New section. DefenderSettings with property AccessKey.
[ ] Decorate the controller with the attribute.
[ ] Add necessary terraform resources to add a new event grid topic and subscriptions for delivery report. Ensure that the subscription includes a header value with the access key. Look for how to set up "delivery parameters" with terraform.
Description
Storage should be expanded with an endpoint that can handle defender scan results report. Defender can be configured to publish scan results on an EventGrid topic. Storage should consume the reports and update correct DataElement with the scan results.
We need a new controller with a new POST endpoint as an event receiver. The endpoint should be secured with an AccessKey. This will also require more Azure resources defined in terraform. "The event topic must be a custom topic in the same region as the storage account". The Storage application must also have a defined event subscription, possibly for every storage account unless we find a way to publish all reports to the same topic.
We need to analyze what we need to include in the report so that Storage can find correct DataElement. The report need to contain app id, instance id and data id as well as the scan result. Some of that might be unknown for defender and would need to be included in the event subscription for each storage account if possible
Additional Information
This issue is part of a change where the goal is to discontinue the file scan application and the use of Clam AV. Defender is already active, but the reports aren't being used for anything.
Most of the required setup, wiring and authorization has already been done once in the Notifications Email application. Take a look at the
DeliveryReportControllerimplementation. It must be adapted for Defender, but the framework should be usable.Take a look at terraform resource definitions, but note that we want to change how AccessKey is included in a request.
Tasks
DefenderScanReportControllerstorage/api/v1/defender/reportsAccessKeyAttributeclass to authorize requests. Inspired by the same class in the notifications-email project, but using header instead of query parameter.DefenderSettingswith propertyAccessKey.Acceptance Criterias
No response