azure/agentless v0.1.0

What's Changed

• [azure] LFO Onboarding Script v1 by @agulen in #1
• [Azure LFO] Support Python 3.9 in onboarding script by @agulen in #3
• [azure lfo] Detect existing LFO installs by @agulen in #4
• [azure][LFO] Include sub name in the LFO script response by @agulen in #5
• [AZINTS-3609] Move quickstart script to new repo by @benjjs in #6
• GCP-XXXX: Add GCP Onboarding Script to Integrations-Management by @tedkahwaji in #10
• [AZINTS-3933] Report existing log forwarders by @benjjs in #7
• Ensure integrations quickstart connection closed by @benjjs in #8
• [AZINTS-3933] Use ARG to collect existing Log Forwarders by @benjjs in #9
• [AZINTS-3895] Trigger LFO script from quickstart by @benjjs in #12
• GCP-2943: Update Setup Script to Support Monitored Resource Configs by @tedkahwaji in #14
• GCP-XXXX: Update Folder Search by @tedkahwaji in #15
• [azure] Remove mgmt group requirement from LFO script by @agulen in #13
• [azure] Include tag filters + PII rule data when detecting existing LFOs by @agulen in #16
• [azure] Bug fix + test cleanup by @agulen in #17
• [azure][lfo] Enable expansion of log forwarding scopes by @agulen in #18
• [azure][lfo] Bug fix when setting monitored subscriptions by @agulen in #19
• [AZINTS-3939] Add open source license file, headers, notice by @gpalmz in #20
• [AZINTS-3939] Add CONTRIBUTING.md, update README.md by @gpalmz in #21
• [AZINTS-3939] Update README.md by @gpalmz in #22
• GCP-XXXX: Add Exponential Backoff And Retry Logic by @tedkahwaji in #23
• [AZINTS-3989] Add azure_integration_quickstart.pyz by @gpalmz in #24
• Remove dist/ from gitignore by @gpalmz in #25
• GCP-XXXX: Add Read Me by @tedkahwaji in #26
• GCP-XXXX: Update Dev Bash Script by @tedkahwaji in #27
• [AZINTS-3933] Pass new log forwarder fields to front end by @benjjs in #28
• [AZINTS-4021] Fix subscription id field by @benjjs in #29
• [azure][lfo] PII rules fetching bug fix by @agulen in #32
• [azure][lfo] Display unknown subscription name if user doesn't have access by @agulen in #31
• Pull out shared azure logic by @benjjs in #33
• GCP-XXXX: Split Script Across Multiple Files by @tedkahwaji in #34
• [storage monitoring] add install script to integrations management by @ava-silver in #35
• [AZINTS-3739] Move LFO templates to integrations-management by @gpalmz in #30
• [azure][logging] Stricter validation of user parameters by @agulen in #36
• [azure] Fix build script by @agulen in #37
• [azure] Friendlier errors from log forwarding upsert by @agulen in #38
• Remove unstable/internal info from readmes by @gpalmz in #39
• [azure] Remove debug prompt by @agulen in #40
• [AZINTS-4026] Make lfo collection step non-blocking by @benjjs in #41
• [AZINTS-4061] Fix LFO collection hangup by @gpalmz in #42
• [AZINTS-4084] Only list scopes within the current tenant by @gpalmz in #43
• [azure] BugFix: Pass monitored subs as IDs instead of names by @agulen in #44
• Fix lint errors by @benjjs in #45
• Fix more formatting by @gpalmz in #47
• Make imports honor new max line length by @gpalmz in #48
• [azure][LFO] Remove app service plan creation step in LFO script by @agulen in #49
• Fix subtle bug with permission checks by @gpalmz in #52
• Make request error behavior similar regardless of whether it's retryable by @gpalmz in #53
• Fix some subtle bugs (and type annotations) by @gpalmz in #54
• Prevent error on 404 awaiting selections; simplify request error handling by @gpalmz in #55
• [AZINTS-4077] Shortcut multiple LFOs by @benjjs in #50
• Tweak language to make sense for both local shell and cloud shell by @gpalmz in #56
• Improve setup instructions by @gpalmz in #51
• [AZINTS-4102] Expand README dev setup instructions by @gpalmz in #58
• [AZINTS-4086] Report token expiry as connection error by @benjjs in #59
• Fix management group selection parsing by @benjjs in #60
• [azure][lfo] Pass dd site to LFO config by @agulen in #62
• [azure][lfo] Auto-register missing resource providers by @agulen in #63
• GCP-3046: Add GCP Dataflow Quick Start Script by @tedkahwaji in #57
• AZINTS-4118 Surface user actionable errors by @benjjs in #64
• [AZINTS-4116] Refactor setup script by @benjjs in #65
• Make sure version check appears at top of executable by @benjjs in #66
• Fix create-for-rbac integration name by @benjjs in #68
• [AZINTS-4139] Specify max client secret TTL when creating app registration by @gpalmz in #67
• build pyz by @gpalmz in #69
• Remove unnecessary linter suppression by @gpalmz in #70
• [AZINTS-3739] Build script for LFO ARM templates by @gpalmz in #71
• [AZINTS-4137] Enrich app reg access errors with instructions by @benjjs in #72
• Extract role assignments functions (currently unused) by @gpalmz in #75
• Remove shebangs from python files since theyre compiled to pyz anyway by @gpalmz in #76
• Remove shebangs from python files since theyre compiled to pyz anyway by @gpalmz in #77
• [AZINTS-4124] Guard against manually copying script by @benjjs in #78
• [azure] Grab stdout in az cmd error case by @agulen in #80
• Fix management group fetch permission error by @benjjs in #79
• GCP-3078: Bind Permissions To Lowest Level Resource by @tedkahwaji in #73
• [AZINTS-4178] Make refresh token errors user actionable by @benjjs in #81
• Report disconnects separately by @benjjs in #74
• Expand AccessError Coverage by @benjjs in #82
• [AZINTS-4152] Surface interactive auth prompt to user by @gpalmz in #83
• Fix disconnect reported as error by @benjjs in #84
• GCP-XXXX: Skip Projects And Folders if Display Name Not Provided by @tedkahwaji in #86
• GCP-XXXX: Build Log Forwarding Script by @tedkahwaji in #87
• GCP-XXXX: Always Grant Service Account Permission to GCS Bucket by @tedkahwaji in #90
• GCP-XXXX: Add gs:// prefix to command by @tedkahwaji in #91
• [azure] Include explicit user-facing message for UserActionRequired errors by @agulen in #85
• [AZINTS-4207] Make policy errors user actionable by @benjjs in #88
• [AZINTS-4117] Util unit tests by @benjjs in #89
• [AZINTS-4117] Selections unit tests by @benjjs in #92
• Add status reporter tests by @benjjs in #93
• GCP-XXXX: Update Failed To Generate API Key Message by @tedkahwaji in #94
• [AZINTS-4117] Test scopes by @benjjs in #95
• [AZINTS-4253] Build pyz on save by @gpalmz in #99
• [AZINTS-4252] Use az rest to fetch permissions by @gpalmz in #101
• [AZINTS-4268][HD-148] Quickstart agent bulk install for Azure VMs by @gpalmz in #104
• [AZINTS-4260] Handle unhandled throttling by @gpalmz in #106
• [AZINTS-4143] Check ability to create app registrations (concurrently) by @gpalmz in #103
• [AZINTS-4117] Test actions by @benjjs in #100
• [AZINTS-4117] Test permissions by @benjjs in #102
• GCP-3125: Support Additional Roles/APIs For Integration QuickStart by @tedkahwaji in #98
• GCP-3143: Update Log Forwarding Service Account Name by @tedkahwaji in #107
• Code freeze base branch by @gpalmz in #96
• [AZINTS-4249] Handle disabled subscription state by @gpalmz in #108
• [CLOUDS-6969] LFO workload profile support by @benjjs in #97
• [AZINTS-4143] Use MSPIM API rather than graph to check entra role assignments by @gpalmz in #109
• Replace some AzCmd usages with Cmd by @gpalmz in #110
• [AZINTS-4143] Avoid join when querying entra role assignments by @gpalmz in #111
• Extract odata query util by @gpalmz in #112
• GCP-XXXX: Add Missing --quiet Flag by @tedkahwaji in #113
• [GCP-3179] Update Onboarding Script by @katherinekim-51 in #114
• [CLOUDS-6969][CLOUDS-6990] Deploy Consumption workload profile for container app environments by @parsons90 in #116
• Add some IDE steps to the README by @benjjs in #117
• [K9VULN-10617] feat(agentless-gcp): Add Cloud Shell setup script for Agentless Scanner by @mohamed-challal in #115
• [AZINTS-4138] Include az version in error by @mshvartsberg in #118
• [AZINTS-4138] Include python version in error by @mshvartsberg in #119
• [AZINTS-3580] Use generic status api by @benjjs in #121
• [K9VULN-10951] feat(agentless-gcp): add destroy command, multi-region support and security hardening by @mohamed-challal in #120
• [XC-36] Do not override validate param; allow frontend to specify it by @gpalmz in #122
• [AZINTS_4141] Pass through available regions from customer context by @mshvartsberg in #123
• [XC-36] Wait until app registration can access subscriptions by @gpalmz in #124
• [K9VULN-11306] feat(agentless-gcp): use workflow status api in gcp agentless by @mohamed-challal in #126
• [K9VULN-11306] add(agentless-gcp): set agentless Codeowners by @mohamed-challal in #127
• Add Fix for Azure Policy Compliance by @mshvartsberg in #128
• [AZINTS-4359] Create LFO-only Quickstart Script by @mshvartsberg in #130
• Temporary fix to executable name by @benjjs in #131
• Remove app registration readiness check; moved to orchestrator job by @gpalmz in #133
• add azure authority by @PCaponetti in #134
• Update storage account name parameter to use unique string by @mjmanney in #129
• Update Executable Files by @mshvartsberg in #137
• [AZINTS-4405] Parallelize Scope and Log Forwarder Collection by @mshvartsberg in #138
• TON-XXXX: Remediate Azure Tests by @tedkahwaji in #140
• Build azure logging arm json by @gpalmz in #141
• Build standalone forwarder bicep into dist JSON by @gpalmz in #142
• [GCP-3339] Update main onboarding script to include logs forwarding by @katherinekim-51 in #143
• [K9VULN-12014] Extract GCP service account from main module in GCP cloud shell scripts by @k3nz0 in #139
• [K9VULN-12163] feat(agentless-gcp): introduce agentless setup metadata by @mohamed-challal in #146
• [AZINTS-4450] Pass existing subscriptions monitored by log forwarder to UI by @mshvartsberg in #145
• [CLOUDS-7557] Get all subscriptions for nested management groups by @mshvartsberg in #150
• DEPENDENCY UPGRADE: minor: pytest · patch: ruff [azure] by @campaigner-prod[bot] in #149
• [AZINTS-4442] set WEBSITE_CONTENTSHARE to unique value for each function app by @parsons90 in #144
• [AZINTS-4445] update LFO templates by @parsons90 in #151
• [K9VULN-12480] feat: Azure Agentless Scanner - Cloud Shell wizard scaffolding & preflight (Step 1) by @mohamed-challal in #152
• [K9VULN-12535] feat(agentless-azure): implement cloud shell deploy flow (Step 2) by @mohamed-challal in #154
• [support ticket] Change SA filter logic by @katherinekim-51 in #156
• [AZINTS-4406] Removing LFO Scopes by @mshvartsberg in #153
• [AZINTS-4454] Don't log expected az role assignment list --assignee error by @mshvartsberg in #155
• chore(deps): minor: pytest · patch: ruff [gcp] by @gh-worker-campaigns-3e9aa4[bot] in #159
• chore(deps): ruff (unstable → 0.15.8) [azure] by @gh-worker-campaigns-3e9aa4[bot] in #158
• chore(deps): pytest (major → 9.0.2) [azure] by @gh-worker-campaigns-3e9aa4[bot] in #157
• chore(deps): ruff (unstable → 0.15.9) [gcp] by @gh-worker-campaigns-3e9aa4[bot] in #162
• chore(deps): ruff (patch → 0.15.9) [azure] by @gh-worker-campaigns-3e9aa4[bot] in #161
• [AZINTS-4400] Enable Secretless Auth via Azure Cloud Shell flow by @benjjs in #164
• [AZINTS-4525] speed up scope removal by @mshvartsberg in #163
• [K9VULN-12730] feat(agentless-azure): implement destroy command by @mohamed-challal in #167
• [AZINTS-4559] add wait_for_rg_delete step by @mshvartsberg in #165
• [K9VULN-12791] feat(azure agentless): activate scan options via API + shared client by @mohamed-challal in #172
• Add CI Tasks For Integration Management Repo by @tedkahwaji in #174
• TON-XXXX: Publish Per Package Releases From Main by @tedkahwaji in #177

New Contributors

• @agulen made their first contribution in #1
• @benjjs made their first contribution in #6
• @tedkahwaji made their first contribution in #10
• @gpalmz made their first contribution in #20
• @ava-silver made their first contribution in #35
• @katherinekim-51 made their first contribution in #114
• @parsons90 made their first contribution in #116
• @mohamed-challal made their first contribution in #115
• @mshvartsberg made their first contribution in #118
• @PCaponetti made their first contribution in #134
• @mjmanney made their first contribution in #129
• @k3nz0 made their first contribution in #139
• @campaigner-prod[bot] made their first contribution in #149
• @gh-worker-campaigns-3e9aa4[bot] made their first contribution in #159

Full Changelog: https://github.com/DataDog/integrations-management/commits/azure-agentless-v0.1.0