mkukuljevic/azure_keyvault
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Plugin now uses service principal to login in, uses multiple GUI fields for multiple keyvaults, and logs out after Azure query. Also added copyright headers.

Browse Source
This commit is contained in:
Marsell Kukuljevic 2023-10-23 22:19:37 +02:00
parent fbc55995fc
commit 86964d70d2
4 changed files with 61 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py
View File

@ -1,4 +1,5 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
import json import json
from datetime import datetime, timezone from datetime import datetime, timezone

23
local/share/check_mk/agents/special/agent_azure_keyvault
View File

@ -1,7 +1,26 @@
#!/bin/bash #!/bin/bash
# Copyright 2023, Spearhead Systems SRL.
az=~/az
set -euo pipefail
if [ "$#" -lt 4 ]; then
echo "Usage: $0 <tenant> <user> <password> <vault1> ... [vaultN]" >&2
exit 1
fi
tenant="$1"
user="$2"
password="$3"
vaults="${@:4}"
echo "<<<azure_keyvault:sep(0)>>>" echo "<<<azure_keyvault:sep(0)>>>"
for vault in "${@:1}"; do "$az" login --service-principal --tenant="$tenant" --user="$user" --password="$password" > /dev/null
~/az keyvault certificate list --vault-name="$vault"
for vault in $vaults; do
"$az" keyvault certificate list --vault-name="$vault"
done done
"$az" logout

10
local/share/check_mk/checks/agent_azure_keyvault
View File

@ -1,10 +1,14 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
def agent_azure_keyvault(params, hostname, ipaddress): def agent_azure_keyvault(params, hostname, ipaddress):
args = [] tenant = params["tenant"]
client = params["client"]
secret = params["secret"]
for vault in params["vault_name"].split(","): args = [tenant, client, secret]
for vault in params["vaults"]:
args.extend([vault.strip()]) args.extend([vault.strip()])
return args return args

37
local/share/check_mk/web/plugins/wato/azure_keyvault.py
View File

@ -1,10 +1,12 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
import copy import copy
from cmk.gui.i18n import _ from cmk.gui.i18n import _
from cmk.gui.plugins.wato.utils import ( from cmk.gui.plugins.wato.utils import (
rulespec_registry, rulespec_registry,
HostRulespec, HostRulespec,
# IndividualOrStoredPassword,
RulespecGroupCheckParametersDiscovery, RulespecGroupCheckParametersDiscovery,
CheckParameterRulespecWithItem, CheckParameterRulespecWithItem,
RulespecGroupCheckParametersApplications, RulespecGroupCheckParametersApplications,
@ -14,6 +16,8 @@ from cmk.gui.valuespec import (
Dictionary, Dictionary,
TextInput, TextInput,
Integer, Integer,
ListOfStrings,
Password
) )
@ -52,12 +56,35 @@ def _valuespec_special_agents_azure_keyvault_discovery():
title=_("Azure Key Vault Certificate Discovery"), title=_("Azure Key Vault Certificate Discovery"),
elements=[ elements=[
( (
"vault_name", "tenant",
TextInput( TextInput(
title=_("Key Vault Names (CSV)"), title=_("Tenant ID / Directory ID"),
help=_( allow_empty=False,
"Comma-separated list of all the name of the Azure key vaults to perform certificate checks on. E.g. to check just the vault 'mkdev', enter 'mkdev'; to check 'mkdev' and 'mkdev2', enter 'mkdev,mkdev2'" size=45,
), ),
),
(
"client",
TextInput(
title=_("Client ID / Application ID"),
allow_empty=False,
size=45,
),
),
(
"secret",
# IndividualOrStoredPassword(
Password(
title=_("Client Secret"),
allow_empty=False,
size=45,
),
),
(
"vaults",
ListOfStrings(
title=_("Keyvaults"),
allow_empty=False,
), ),
), ),
], ],