Spearhead/checkmk-plugins
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix Host header problem with proxy, switch Azure auth to type Fides uses.

Browse Source
This commit is contained in:
Marsell Kukuljevic 2024-11-15 16:40:02 +01:00
parent d4b0c9497d
commit 1b54b70a8d
4 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
check_mk-azure/azure-spearhead-0.2.0.mkp
View File

Binary file not shown.

BIN
check_mk-azure/azure-spearhead-0.2.2.mkp Executable file
View File

Binary file not shown.

17
check_mk-azure/local/share/check_mk/agents/special/agent_azure_common
View File

@ -28,6 +28,8 @@ RESOURCE_GROUP_RE = re.compile('/resourceGroups/(.+?)/')
# https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling # https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling
def get_url(req, default): def get_url(req, default):
#import http.client
#http.client.HTTPConnection.debuglevel = 1
try: try:
res = request.urlopen(req) res = request.urlopen(req)
return res.read() return res.read()
@ -41,20 +43,25 @@ def get_url(req, default):
def set_proxy(req, proxy): def set_proxy(req, proxy):
if proxy is None or proxy == '': if proxy is None or proxy == '':
return return
match = re.match('(https?)://(.+?)/?$', proxy, re.I) match = re.match('(https?)://(.+?)/?$', proxy, re.I)
req.set_proxy(match[2], match[1].lower()) req.set_proxy(match[2], match[1].lower())
# The explicit Host header is required for this to also work with a proxy.
# If we don't include it, Python sends the proxy's Host to Microsoft
# instead! So we have to set the Host to the Microsoft domain manually.
match = re.match('https://(.+?)/', req.full_url, re.I)
req.add_header('Host', match[1] + ":443")
def get_token(tenant, username, password, proxy): def get_token(tenant, username, password, proxy):
data = parse.urlencode({ data = parse.urlencode({
'username': username, 'client_id': username,
'password': password, 'client_secret': password,
'grant_type': 'password', 'grant_type': 'client_credentials',
'claims': '{"access_token": {"xms_cc": {"values": ["CP1"]}}}', 'claims': '{"access_token": {"xms_cc": {"values": ["CP1"]}}}',
'scope': 'https://management.core.windows.net//.default offline_access openid profile', 'scope': 'https://management.core.windows.net//.default offline_access openid profile',
'client_info': 1, 'client_info': 1,
# This is actually the client ID of the Azure CLI tools
'client_id': '04b07795-8ddb-461a-bbee-02f9e1bf7b46',
}) })
req = request.Request(f'https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token', req = request.Request(f'https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token',

6
check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py
View File

@ -29,14 +29,14 @@ def _discovery(title):
( (
"tenant", "tenant",
TextInput( TextInput(
title=_("Tenant ID"), title=_("Tenant ID / Directory ID"),
allow_empty=False, allow_empty=False,
), ),
), ),
( (
"username", "username",
TextInput( TextInput(
title=_("Username"), title=_("Client ID / Application ID"),
allow_empty=False, allow_empty=False,
), ),
), ),
@ -44,7 +44,7 @@ def _discovery(title):
"password", "password",
IndividualOrStoredPassword( IndividualOrStoredPassword(
# Password( # Password(
title=_("Password"), title=_("Client Secret"),
allow_empty=False, allow_empty=False,
), ),
), ),