diff --git a/local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py b/local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py index e26b458..2f499af 100644 --- a/local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py +++ b/local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py @@ -1,4 +1,5 @@ #!/usr/bin/env python3 +# Copyright 2023, Spearhead Systems SRL. import json from datetime import datetime, timezone diff --git a/local/share/check_mk/agents/special/agent_azure_keyvault b/local/share/check_mk/agents/special/agent_azure_keyvault index 7ca3689..f0ad41c 100755 --- a/local/share/check_mk/agents/special/agent_azure_keyvault +++ b/local/share/check_mk/agents/special/agent_azure_keyvault @@ -1,7 +1,26 @@ #!/bin/bash +# Copyright 2023, Spearhead Systems SRL. + +az=~/az + +set -euo pipefail + +if [ "$#" -lt 4 ]; then + echo "Usage: $0 ... [vaultN]" >&2 + exit 1 +fi + +tenant="$1" +user="$2" +password="$3" +vaults="${@:4}" echo "<<>>" -for vault in "${@:1}"; do - ~/az keyvault certificate list --vault-name="$vault" +"$az" login --service-principal --tenant="$tenant" --user="$user" --password="$password" > /dev/null + +for vault in $vaults; do + "$az" keyvault certificate list --vault-name="$vault" done + +"$az" logout diff --git a/local/share/check_mk/checks/agent_azure_keyvault b/local/share/check_mk/checks/agent_azure_keyvault index 6cfc7d7..7e86144 100644 --- a/local/share/check_mk/checks/agent_azure_keyvault +++ b/local/share/check_mk/checks/agent_azure_keyvault @@ -1,10 +1,14 @@ #!/usr/bin/env python3 - +# Copyright 2023, Spearhead Systems SRL. def agent_azure_keyvault(params, hostname, ipaddress): - args = [] + tenant = params["tenant"] + client = params["client"] + secret = params["secret"] - for vault in params["vault_name"].split(","): + args = [tenant, client, secret] + + for vault in params["vaults"]: args.extend([vault.strip()]) return args diff --git a/local/share/check_mk/web/plugins/wato/azure_keyvault.py b/local/share/check_mk/web/plugins/wato/azure_keyvault.py index 9924069..71d5c67 100644 --- a/local/share/check_mk/web/plugins/wato/azure_keyvault.py +++ b/local/share/check_mk/web/plugins/wato/azure_keyvault.py @@ -1,10 +1,12 @@ #!/usr/bin/env python3 +# Copyright 2023, Spearhead Systems SRL. import copy from cmk.gui.i18n import _ from cmk.gui.plugins.wato.utils import ( rulespec_registry, HostRulespec, +# IndividualOrStoredPassword, RulespecGroupCheckParametersDiscovery, CheckParameterRulespecWithItem, RulespecGroupCheckParametersApplications, @@ -14,6 +16,8 @@ from cmk.gui.valuespec import ( Dictionary, TextInput, Integer, + ListOfStrings, + Password ) @@ -52,12 +56,35 @@ def _valuespec_special_agents_azure_keyvault_discovery(): title=_("Azure Key Vault Certificate Discovery"), elements=[ ( - "vault_name", + "tenant", TextInput( - title=_("Key Vault Names (CSV)"), - help=_( - "Comma-separated list of all the name of the Azure key vaults to perform certificate checks on. E.g. to check just the vault 'mkdev', enter 'mkdev'; to check 'mkdev' and 'mkdev2', enter 'mkdev,mkdev2'" - ), + title=_("Tenant ID / Directory ID"), + allow_empty=False, + size=45, + ), + ), + ( + "client", + TextInput( + title=_("Client ID / Application ID"), + allow_empty=False, + size=45, + ), + ), + ( + "secret", +# IndividualOrStoredPassword( + Password( + title=_("Client Secret"), + allow_empty=False, + size=45, + ), + ), + ( + "vaults", + ListOfStrings( + title=_("Keyvaults"), + allow_empty=False, ), ), ],