From 2f1a8e3655b5be39ea7b355d5791bca11f479658 Mon Sep 17 00:00:00 2001 From: "redmond\\wbernard" Date: Wed, 25 Aug 2021 10:15:18 -0700 Subject: [PATCH 1/6] Allow local path to be provided rather than the encoded certificate --- AzureMonitorAgent/agent.py | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index 9d437f0af..fa5ab65f9 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -348,11 +348,27 @@ def install(): # check if required GCS params are available MONITORING_GCS_CERT_CERTFILE = None if "certificate" in protected_settings: - MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(protected_settings.get("certificate")) + certificate = protected_settings.get("certificate") + # Try to handle a local path first if url style is provider, + # then fallback as base64 encoded certificate payload + if certificate.startsWith('file:'): + certificate = certificate[5:] + with open(certificate, 'r') as f: + MONITORING_GCS_CERT_CERTFILE = f.read() + else: + MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(certificate) MONITORING_GCS_CERT_KEYFILE = None if "certificateKey" in protected_settings: - MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(protected_settings.get("certificateKey")) + certificateKey = protected_settings.get("certificateKey") + # Try to handle a local path first if url style is provider, + # then fallback as base64 encoded certificate payload + if certificateKey.startsWith('file:'): + certificateKey = certificateKey[5:] + with open(certificateKey, 'r') as f: + MONITORING_GCS_CERT_KEYFILE = f.read() + else: + MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(certificateKey) MONITORING_GCS_ENVIRONMENT = "" if "monitoringGCSEnvironment" in protected_settings: From a62723e5e53d2a4f3db3dd4c8dd3c52b4a459b87 Mon Sep 17 00:00:00 2001 From: "redmond\\wbernard" Date: Fri, 3 Sep 2021 12:23:28 -0700 Subject: [PATCH 2/6] Load certificate from different properties in case of path --- AzureMonitorAgent/agent.py | 30 +++++++++++------------------- 1 file changed, 11 insertions(+), 19 deletions(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index fa5ab65f9..4975e73e1 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -347,28 +347,20 @@ def install(): # check if required GCS params are available MONITORING_GCS_CERT_CERTFILE = None - if "certificate" in protected_settings: - certificate = protected_settings.get("certificate") - # Try to handle a local path first if url style is provider, - # then fallback as base64 encoded certificate payload - if certificate.startsWith('file:'): - certificate = certificate[5:] - with open(certificate, 'r') as f: - MONITORING_GCS_CERT_CERTFILE = f.read() - else: - MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(certificate) + if "certificate" in protected_settings: + MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(protected_settings.get("certificate")) + + if "certificatePath" in protected_settings: + with open(protected_settings.get("certificatePath"), 'r') as f: + MONITORING_GCS_CERT_CERTFILE = f.read() MONITORING_GCS_CERT_KEYFILE = None if "certificateKey" in protected_settings: - certificateKey = protected_settings.get("certificateKey") - # Try to handle a local path first if url style is provider, - # then fallback as base64 encoded certificate payload - if certificateKey.startsWith('file:'): - certificateKey = certificateKey[5:] - with open(certificateKey, 'r') as f: - MONITORING_GCS_CERT_KEYFILE = f.read() - else: - MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(certificateKey) + MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(protected_settings.get("certificateKey")) + + if "certificateKeyPath" in protected_settings: + with open(protected_settings.get("certificateKeyPath"), 'r') as f: + MONITORING_GCS_CERT_CERTFILE = f.read() MONITORING_GCS_ENVIRONMENT = "" if "monitoringGCSEnvironment" in protected_settings: From 07e862c1d93ebb49e677fa719c911107827c5523 Mon Sep 17 00:00:00 2001 From: "redmond\\wbernard" Date: Fri, 3 Sep 2021 12:27:14 -0700 Subject: [PATCH 3/6] Remove whitespace --- AzureMonitorAgent/agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index 4975e73e1..5b3984676 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -347,7 +347,7 @@ def install(): # check if required GCS params are available MONITORING_GCS_CERT_CERTFILE = None - if "certificate" in protected_settings: + if "certificate" in protected_settings: MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(protected_settings.get("certificate")) if "certificatePath" in protected_settings: From cf04139d38a42edea1451dec08e361b774debd71 Mon Sep 17 00:00:00 2001 From: "redmond\\wbernard" Date: Fri, 3 Sep 2021 15:53:47 -0700 Subject: [PATCH 4/6] Handle exception for certificate files read operation --- AzureMonitorAgent/agent.py | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index 5b3984676..bc4e94585 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -351,16 +351,23 @@ def install(): MONITORING_GCS_CERT_CERTFILE = base64.standard_b64decode(protected_settings.get("certificate")) if "certificatePath" in protected_settings: - with open(protected_settings.get("certificatePath"), 'r') as f: - MONITORING_GCS_CERT_CERTFILE = f.read() + try: + with open(protected_settings.get("certificatePath"), 'r') as f: + MONITORING_GCS_CERT_CERTFILE = f.read() + except Exception as ex: + log_and_exit('Install', MissingorInvalidParameterErrorCode, 'Failed to read certificate {0}: {1}'.format(protected_settings.get("certificatePath"), ex)) MONITORING_GCS_CERT_KEYFILE = None if "certificateKey" in protected_settings: MONITORING_GCS_CERT_KEYFILE = base64.standard_b64decode(protected_settings.get("certificateKey")) if "certificateKeyPath" in protected_settings: - with open(protected_settings.get("certificateKeyPath"), 'r') as f: - MONITORING_GCS_CERT_CERTFILE = f.read() + try: + with open(protected_settings.get("certificateKeyPath"), 'r') as f: + MONITORING_GCS_CERT_CERTFILE = f.read() + except Exception as ex: + log_and_exit('Install', MissingorInvalidParameterErrorCode, 'Failed to read certificate key {0}: {1}'.format(protected_settings.get("certificateKeyPath"), ex)) + MONITORING_GCS_ENVIRONMENT = "" if "monitoringGCSEnvironment" in protected_settings: From 50f7df7e9bc1792df82ef6c924507d07b646d803 Mon Sep 17 00:00:00 2001 From: "redmond\\wbernard" Date: Fri, 3 Sep 2021 17:28:03 -0700 Subject: [PATCH 5/6] Fix typo --- AzureMonitorAgent/agent.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index bc4e94585..165988ee5 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -364,11 +364,10 @@ def install(): if "certificateKeyPath" in protected_settings: try: with open(protected_settings.get("certificateKeyPath"), 'r') as f: - MONITORING_GCS_CERT_CERTFILE = f.read() + MONITORING_GCS_CERT_KEYFILE = f.read() except Exception as ex: log_and_exit('Install', MissingorInvalidParameterErrorCode, 'Failed to read certificate key {0}: {1}'.format(protected_settings.get("certificateKeyPath"), ex)) - MONITORING_GCS_ENVIRONMENT = "" if "monitoringGCSEnvironment" in protected_settings: MONITORING_GCS_ENVIRONMENT = protected_settings.get("monitoringGCSEnvironment") From 3d5170d4cd03c3a7f9c466551131bc5c4eb42ef3 Mon Sep 17 00:00:00 2001 From: William Bernardet Date: Tue, 16 Nov 2021 18:17:50 +0000 Subject: [PATCH 6/6] Read in binary mode to match standard_b64decode returning bytes --- AzureMonitorAgent/agent.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AzureMonitorAgent/agent.py b/AzureMonitorAgent/agent.py index a423128b0..92fb7d137 100644 --- a/AzureMonitorAgent/agent.py +++ b/AzureMonitorAgent/agent.py @@ -367,7 +367,7 @@ def install(): if "certificatePath" in protected_settings: try: - with open(protected_settings.get("certificatePath"), 'r') as f: + with open(protected_settings.get("certificatePath"), 'rb') as f: MONITORING_GCS_CERT_CERTFILE = f.read() except Exception as ex: log_and_exit('Install', MissingorInvalidParameterErrorCode, 'Failed to read certificate {0}: {1}'.format(protected_settings.get("certificatePath"), ex)) @@ -378,7 +378,7 @@ def install(): if "certificateKeyPath" in protected_settings: try: - with open(protected_settings.get("certificateKeyPath"), 'r') as f: + with open(protected_settings.get("certificateKeyPath"), 'rb') as f: MONITORING_GCS_CERT_KEYFILE = f.read() except Exception as ex: log_and_exit('Install', MissingorInvalidParameterErrorCode, 'Failed to read certificate key {0}: {1}'.format(protected_settings.get("certificateKeyPath"), ex))