Plugin now uses service principal to login in, uses multiple GUI fields for multiple keyvaults, and logs out after Azure query. Also added copyright headers.

local/lib/check_mk/base/plugins/agent_based/azure_keyvault.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python3
+# Copyright 2023, Spearhead Systems SRL.
 
 import json
 from datetime import datetime, timezone

local/share/check_mk/agents/special/agent_azure_keyvault

@@ -1,7 +1,26 @@
 #!/bin/bash
+# Copyright 2023, Spearhead Systems SRL.
+
+az=~/az
+
+set -euo pipefail
+
+if [ "$#" -lt 4 ]; then
+  echo "Usage: $0 <tenant> <user> <password> <vault1> ... [vaultN]" >&2
+  exit 1
+fi
+
+tenant="$1"
+user="$2"
+password="$3"
+vaults="${@:4}"
 
 echo "<<<azure_keyvault:sep(0)>>>"
 
-for vault in "${@:1}"; do
-  ~/az keyvault certificate list --vault-name="$vault"
+"$az" login --service-principal --tenant="$tenant" --user="$user" --password="$password" > /dev/null
+
+for vault in $vaults; do
+  "$az" keyvault certificate list --vault-name="$vault"
 done
+
+"$az" logout

local/share/check_mk/checks/agent_azure_keyvault

@@ -1,10 +1,14 @@
 #!/usr/bin/env python3
-
+# Copyright 2023, Spearhead Systems SRL.
 
 def agent_azure_keyvault(params, hostname, ipaddress):
-    args = []
+    tenant = params["tenant"]
+    client = params["client"]
+    secret = params["secret"]
 
-    for vault in params["vault_name"].split(","):
+    args = [tenant, client, secret]
+
+    for vault in params["vaults"]:
         args.extend([vault.strip()])
 
     return args

local/share/check_mk/web/plugins/wato/azure_keyvault.py

@@ -1,10 +1,12 @@
 #!/usr/bin/env python3
+# Copyright 2023, Spearhead Systems SRL.
 
 import copy
 from cmk.gui.i18n import _
 from cmk.gui.plugins.wato.utils import (
     rulespec_registry,
     HostRulespec,
+#    IndividualOrStoredPassword,
     RulespecGroupCheckParametersDiscovery,
     CheckParameterRulespecWithItem,
     RulespecGroupCheckParametersApplications,
@@ -14,6 +16,8 @@ from cmk.gui.valuespec import (
     Dictionary,
     TextInput,
     Integer,
+    ListOfStrings,
+    Password
 )
 
 
@@ -52,13 +56,36 @@ def _valuespec_special_agents_azure_keyvault_discovery():
         title=_("Azure Key Vault Certificate Discovery"),
         elements=[
             (
-                "vault_name",
+                "tenant",
                 TextInput(
-                    title=_("Key Vault Names (CSV)"),
-                    help=_(
-                        "Comma-separated list of all the name of the Azure key vaults to perform certificate checks on. E.g. to check just the vault 'mkdev', enter 'mkdev'; to check 'mkdev' and 'mkdev2', enter 'mkdev,mkdev2'"
+                    title=_("Tenant ID / Directory ID"),
+                    allow_empty=False,
+                    size=45,
                 ),
             ),
+            (
+                "client",
+                TextInput(
+                    title=_("Client ID / Application ID"),
+                    allow_empty=False,
+                    size=45,
+                ),
+            ),
+            (
+                "secret",
+#                IndividualOrStoredPassword(
+                Password(
+                    title=_("Client Secret"),
+                    allow_empty=False,
+                    size=45,
+                ),
+            ),
+            (
+                "vaults",
+                ListOfStrings(
+                    title=_("Keyvaults"),
+                    allow_empty=False,
+                ),
             ),
         ],
     )