Fix Host header problem with proxy, switch Azure auth to type Fides uses.

2024-11-15 16:40:02 +01:00 · 2024-11-15 16:40:02 +01:00 · 1b54b70a8d
commit 1b54b70a8d
parent d4b0c9497d
4 changed files with 15 additions and 8 deletions
--- a/check_mk-azure/azure-spearhead-0.2.0.mkp
+++ b/check_mk-azure/azure-spearhead-0.2.0.mkp
--- a/check_mk-azure/azure-spearhead-0.2.2.mkp
+++ b/check_mk-azure/azure-spearhead-0.2.2.mkp
--- a/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common
+++ b/check_mk-azure/local/share/check_mk/agents/special/agent_azure_common
@ -28,6 +28,8 @@ RESOURCE_GROUP_RE = re.compile('/resourceGroups/(.+?)/')

 # https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling
 def get_url(req, default):
+    #import http.client
+    #http.client.HTTPConnection.debuglevel = 1
    try:
        res = request.urlopen(req)
        return res.read()
@ -41,20 +43,25 @@ def get_url(req, default):
 def set_proxy(req, proxy):
    if proxy is None or proxy == '':
        return
+
    match = re.match('(https?)://(.+?)/?$', proxy, re.I)
    req.set_proxy(match[2], match[1].lower())

+    # The explicit Host header is required for this to also work with a proxy.
+    # If we don't include it, Python sends the proxy's Host to Microsoft
+    # instead! So we have to set the Host to the Microsoft domain manually.
+    match = re.match('https://(.+?)/', req.full_url, re.I)
+    req.add_header('Host', match[1] + ":443")
+

 def get_token(tenant, username, password, proxy):
    data = parse.urlencode({
-        'username': username,
-        'password': password,
-        'grant_type': 'password',
+        'client_id': username,
+        'client_secret': password,
+        'grant_type': 'client_credentials',
        'claims': '{"access_token": {"xms_cc": {"values": ["CP1"]}}}',
        'scope': 'https://management.core.windows.net//.default offline_access openid profile',
        'client_info': 1,
-        # This is actually the client ID of the Azure CLI tools
-        'client_id': '04b07795-8ddb-461a-bbee-02f9e1bf7b46',
    })

    req = request.Request(f'https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token',
--- a/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py
+++ b/check_mk-azure/local/share/check_mk/web/plugins/wato/azure_common.py
@ -29,14 +29,14 @@ def _discovery(title):
            (
                "tenant",
                TextInput(
-                    title=_("Tenant ID"),
+                    title=_("Tenant ID / Directory ID"),
                    allow_empty=False,
                ),
            ),
            (
                "username",
                TextInput(
-                    title=_("Username"),
+                    title=_("Client ID / Application ID"),
                    allow_empty=False,
                ),
            ),
@ -44,7 +44,7 @@ def _discovery(title):
                "password",
                IndividualOrStoredPassword(
 #                Password(
-                    title=_("Password"),
+                    title=_("Client Secret"),
                    allow_empty=False,
                ),
            ),