Plugin now uses service principal to login in, uses multiple GUI fields for multiple keyvaults, and logs out after Azure query. Also added copyright headers.

This commit is contained in:
Marsell Kukuljevic 2023-10-23 22:19:37 +02:00
parent fbc55995fc
commit 86964d70d2
4 changed files with 61 additions and 10 deletions

View File

@ -1,4 +1,5 @@
#!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
import json
from datetime import datetime, timezone

View File

@ -1,7 +1,26 @@
#!/bin/bash
# Copyright 2023, Spearhead Systems SRL.
az=~/az
set -euo pipefail
if [ "$#" -lt 4 ]; then
echo "Usage: $0 <tenant> <user> <password> <vault1> ... [vaultN]" >&2
exit 1
fi
tenant="$1"
user="$2"
password="$3"
vaults="${@:4}"
echo "<<<azure_keyvault:sep(0)>>>"
for vault in "${@:1}"; do
~/az keyvault certificate list --vault-name="$vault"
"$az" login --service-principal --tenant="$tenant" --user="$user" --password="$password" > /dev/null
for vault in $vaults; do
"$az" keyvault certificate list --vault-name="$vault"
done
"$az" logout

View File

@ -1,10 +1,14 @@
#!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
def agent_azure_keyvault(params, hostname, ipaddress):
args = []
tenant = params["tenant"]
client = params["client"]
secret = params["secret"]
for vault in params["vault_name"].split(","):
args = [tenant, client, secret]
for vault in params["vaults"]:
args.extend([vault.strip()])
return args

View File

@ -1,10 +1,12 @@
#!/usr/bin/env python3
# Copyright 2023, Spearhead Systems SRL.
import copy
from cmk.gui.i18n import _
from cmk.gui.plugins.wato.utils import (
rulespec_registry,
HostRulespec,
# IndividualOrStoredPassword,
RulespecGroupCheckParametersDiscovery,
CheckParameterRulespecWithItem,
RulespecGroupCheckParametersApplications,
@ -14,6 +16,8 @@ from cmk.gui.valuespec import (
Dictionary,
TextInput,
Integer,
ListOfStrings,
Password
)
@ -52,12 +56,35 @@ def _valuespec_special_agents_azure_keyvault_discovery():
title=_("Azure Key Vault Certificate Discovery"),
elements=[
(
"vault_name",
"tenant",
TextInput(
title=_("Key Vault Names (CSV)"),
help=_(
"Comma-separated list of all the name of the Azure key vaults to perform certificate checks on. E.g. to check just the vault 'mkdev', enter 'mkdev'; to check 'mkdev' and 'mkdev2', enter 'mkdev,mkdev2'"
),
title=_("Tenant ID / Directory ID"),
allow_empty=False,
size=45,
),
),
(
"client",
TextInput(
title=_("Client ID / Application ID"),
allow_empty=False,
size=45,
),
),
(
"secret",
# IndividualOrStoredPassword(
Password(
title=_("Client Secret"),
allow_empty=False,
size=45,
),
),
(
"vaults",
ListOfStrings(
title=_("Keyvaults"),
allow_empty=False,
),
),
],