From a06afdca4105e8b0178ef12d8e6a7612cac03e22 Mon Sep 17 00:00:00 2001 From: Kisbogyi Date: Thu, 18 Jul 2024 13:45:23 +0000 Subject: [PATCH 1/3] add support for azure arc --- dnsapi/dns_azure.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 00ccd7983a..d9695002b8 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -83,7 +83,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET" "$AZUREDNS_ARC") if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -186,7 +186,7 @@ dns_azure_rm() { fi fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET") + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET", "$AZUREDNS_ARC") if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -292,6 +292,7 @@ _azure_getaccess_token() { tenantID=$2 clientID=$3 clientSecret=$4 + arc=$5 accesstoken="${AZUREDNS_BEARERTOKEN:-$(_readaccountconf_mutable AZUREDNS_BEARERTOKEN)}" expires_on="${AZUREDNS_TOKENVALIDTO:-$(_readaccountconf_mutable AZUREDNS_TOKENVALIDTO)}" @@ -312,7 +313,16 @@ _azure_getaccess_token() { if [ "$managedIdentity" = true ]; then # https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http export _H1="Metadata: true" - response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" + + if [ "$arc" = true ]; then + response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" + T=$(cat $HTTP_HEADER | grep Www | sed 's/Www-Authenticate: Basic realm=//g' | sed 's/[^a-zA-Z0-9\/\.\-]//g') + export _H2="Authorization: Basic $(cat $T)" + response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" + else + response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" + fi + response="$(echo "$response" | _normalizeJson)" accesstoken=$(echo "$response" | _egrep_o "\"access_token\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") expires_on=$(echo "$response" | _egrep_o "\"expires_on\":\"[^\"]*\"" | _head_n 1 | cut -d : -f 2 | tr -d \") From 1213bbfb6eefdba4f3e5e4fb497bc6dae011bdb2 Mon Sep 17 00:00:00 2001 From: Kisbogyi Date: Fri, 19 Jul 2024 21:00:13 +0200 Subject: [PATCH 2/3] fix issues with shellcheck and shfmt --- dnsapi/dns_azure.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index d9695002b8..2e7d17339b 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -83,7 +83,7 @@ dns_azure_add() { _saveaccountconf_mutable AZUREDNS_CLIENTSECRET "$AZUREDNS_CLIENTSECRET" fi - accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET" "$AZUREDNS_ARC") + accesstoken=$(_azure_getaccess_token "$AZUREDNS_MANAGEDIDENTITY" "$AZUREDNS_TENANTID" "$AZUREDNS_APPID" "$AZUREDNS_CLIENTSECRET" "$AZUREDNS_ARC") if ! _get_root "$fulldomain" "$AZUREDNS_SUBSCRIPTIONID" "$accesstoken"; then _err "invalid domain" @@ -314,13 +314,14 @@ _azure_getaccess_token() { # https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-use-vm-token#get-a-token-using-http export _H1="Metadata: true" - if [ "$arc" = true ]; then - response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" - T=$(cat $HTTP_HEADER | grep Www | sed 's/Www-Authenticate: Basic realm=//g' | sed 's/[^a-zA-Z0-9\/\.\-]//g') - export _H2="Authorization: Basic $(cat $T)" - response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" + if [ "$arc" = true ]; then + response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" + CHALLANGE=$(cat "$HTTP_HEADER" | grep Www | sed 's/Www-Authenticate: Basic realm=//g' | sed 's/[^a-zA-Z0-9\/\.\-]//g') + _H2="Authorization: Basic $(cat "$CHALLANGE")" + export _H2 + response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" else - response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" + response="$(_get http://169.254.169.254/metadata/identity/oauth2/token\?api-version=2018-02-01\&resource=https://management.azure.com/)" fi response="$(echo "$response" | _normalizeJson)" From 7ccbee6759cc992d6a7d826b3cc8f4c7d8239384 Mon Sep 17 00:00:00 2001 From: Kisbogyi Date: Tue, 22 Apr 2025 23:53:38 +0200 Subject: [PATCH 3/3] fix shellcheck issue by GBBx --- dnsapi/dns_azure.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dnsapi/dns_azure.sh b/dnsapi/dns_azure.sh index 33f8f670f9..b08a65c0cb 100644 --- a/dnsapi/dns_azure.sh +++ b/dnsapi/dns_azure.sh @@ -345,8 +345,8 @@ _azure_getaccess_token() { if [ "$arc" = true ]; then response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" - CHALLANGE=$(cat "$HTTP_HEADER" | grep Www | sed 's/Www-Authenticate: Basic realm=//g' | sed 's/[^a-zA-Z0-9\/\.\-]//g') - _H2="Authorization: Basic $(cat "$CHALLANGE")" + CHALLENGE=$(grep Www "$HTTP_HEADER" | sed 's/Www-Authenticate: Basic realm=//g' | sed 's/[^a-zA-Z0-9\/\.\-]//g') + _H2="Authorization: Basic $(cat "$CHALLENGE")" export _H2 response="$(_get http://localhost:40342/metadata/identity/oauth2/token\?api-version=2019-08-15\&resource=https://management.azure.com/)" else