|
| 1 | +#!/usr/bin/env python3 |
| 2 | +# -*- encoding: utf-8; py-indent-offset: 4 -*- |
| 3 | + |
| 4 | +# Copyright (C) 2024 Christopher Pommer <cp.software@outlook.de> |
| 5 | + |
| 6 | +# This program is free software; you can redistribute it and/or |
| 7 | +# modify it under the terms of the GNU General Public License |
| 8 | +# as published by the Free Software Foundation; either version 2 |
| 9 | +# of the License, or (at your option) any later version. |
| 10 | + |
| 11 | +# This program is distributed in the hope that it will be useful, |
| 12 | +# but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | +# GNU General Public License for more details. |
| 15 | + |
| 16 | +# You should have received a copy of the GNU General Public License |
| 17 | +# along with this program; if not, write to the Free Software |
| 18 | +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 19 | + |
| 20 | + |
| 21 | +import json |
| 22 | +from collections.abc import Mapping, Sequence |
| 23 | +from dataclasses import dataclass |
| 24 | +from datetime import datetime |
| 25 | +from typing import Any |
| 26 | + |
| 27 | +from cmk.agent_based.v2 import ( |
| 28 | + AgentSection, |
| 29 | + check_levels, |
| 30 | + CheckPlugin, |
| 31 | + CheckResult, |
| 32 | + DiscoveryResult, |
| 33 | + render, |
| 34 | + Result, |
| 35 | + Service, |
| 36 | + State, |
| 37 | + StringTable, |
| 38 | +) |
| 39 | + |
| 40 | + |
| 41 | +@dataclass(frozen=True) |
| 42 | +class TokenInfo: |
| 43 | + token_appleid: str |
| 44 | + token_expiration: str |
| 45 | + token_id: str |
| 46 | + token_name: str |
| 47 | + token_type: str |
| 48 | + |
| 49 | + |
| 50 | +# Example data from special agent: |
| 51 | +# <<<ms_intune_apple_ade_tokens:sep(0)>>> |
| 52 | +# [ |
| 53 | +# { |
| 54 | +# "token_appleid": "ade@domain.td", |
| 55 | +# "token_expiration": "2025-03-02T06:54:05Z", |
| 56 | +# "token_id": "00000000-0000-0000-0000-000000000000", |
| 57 | +# "token_name": "Apple Business Manager", |
| 58 | +# "token_type": "dep" |
| 59 | +# }, |
| 60 | +# ... |
| 61 | +# ] |
| 62 | + |
| 63 | +Section = Mapping[str, Sequence[TokenInfo]] |
| 64 | + |
| 65 | + |
| 66 | +def parse_ms_intune_apple_ade_tokens(string_table: StringTable) -> Section: |
| 67 | + parsed = {} |
| 68 | + token_names = set() |
| 69 | + for item in json.loads("".join(string_table[0])): |
| 70 | + token_name = item["token_name"] |
| 71 | + # generate unique names, because token name is not unique |
| 72 | + if token_name in token_names: |
| 73 | + token_name_unique = f"{token_name}_{item["token_id"][-4:]}" |
| 74 | + else: |
| 75 | + token_name_unique = token_name |
| 76 | + token_names.add(token_name) |
| 77 | + |
| 78 | + parsed[token_name_unique] = item |
| 79 | + |
| 80 | + return parsed |
| 81 | + |
| 82 | + |
| 83 | +def discover_ms_intune_apple_ade_tokens(section: Section) -> DiscoveryResult: |
| 84 | + for group in section: |
| 85 | + yield Service(item=group) |
| 86 | + |
| 87 | + |
| 88 | +def check_ms_intune_apple_ade_tokens(item: str, params: Mapping[str, Any], section: Section) -> CheckResult: |
| 89 | + token = section.get(item) |
| 90 | + if not token: |
| 91 | + return |
| 92 | + |
| 93 | + params_levels_token_expiration = params.get("token_expiration") |
| 94 | + |
| 95 | + token_appleid = token["token_appleid"] |
| 96 | + token_expiration = token["token_expiration"] |
| 97 | + token_id = token["token_id"] |
| 98 | + token_name = token["token_name"] |
| 99 | + token_type = token["token_type"] |
| 100 | + |
| 101 | + token_expiration_datetime = datetime.fromisoformat(token_expiration) |
| 102 | + token_expiration_timestamp = token_expiration_datetime.timestamp() |
| 103 | + token_expiration_timestamp_render = render.datetime(int(token_expiration_timestamp)) |
| 104 | + |
| 105 | + token_expiration_timespan = token_expiration_timestamp - datetime.now().timestamp() |
| 106 | + |
| 107 | + result_details = ( |
| 108 | + f"Expiration time: {token_expiration_timestamp_render}" |
| 109 | + f"\\nToken name: {token_name}" |
| 110 | + f"\\nToken ID: {token_id}" |
| 111 | + f"\\nToken type: {token_type}" |
| 112 | + f"\\nApple ID: {token_appleid}" |
| 113 | + ) |
| 114 | + result_summary = f"Expiration time: {token_expiration_timestamp_render}" |
| 115 | + |
| 116 | + if token_expiration_timespan > 0: |
| 117 | + yield from check_levels( |
| 118 | + token_expiration_timespan, |
| 119 | + levels_lower=(params_levels_token_expiration), |
| 120 | + label="Remaining", |
| 121 | + render_func=render.timespan, |
| 122 | + ) |
| 123 | + else: |
| 124 | + yield from check_levels( |
| 125 | + token_expiration_timespan, |
| 126 | + levels_lower=(params_levels_token_expiration), |
| 127 | + label="Expired", |
| 128 | + render_func=lambda x: "%s ago" % render.timespan(abs(x)), |
| 129 | + ) |
| 130 | + |
| 131 | + yield Result( |
| 132 | + state=State.OK, |
| 133 | + summary=result_summary, |
| 134 | + details=result_details, |
| 135 | + ) |
| 136 | + |
| 137 | + |
| 138 | +agent_section_ms_intune_apple_ade_tokens = AgentSection( |
| 139 | + name="ms_intune_apple_ade_tokens", |
| 140 | + parse_function=parse_ms_intune_apple_ade_tokens, |
| 141 | +) |
| 142 | + |
| 143 | + |
| 144 | +check_plugin_ms_intune_apple_ade_tokens = CheckPlugin( |
| 145 | + name="ms_intune_apple_ade_tokens", |
| 146 | + service_name="Intune Apple ADE token %s", |
| 147 | + discovery_function=discover_ms_intune_apple_ade_tokens, |
| 148 | + check_function=check_ms_intune_apple_ade_tokens, |
| 149 | + check_ruleset_name="ms_intune_apple_ade_tokens", |
| 150 | + check_default_parameters={"token_expiration": ("fixed", (1209600.0, 432000.0))}, |
| 151 | +) |
0 commit comments