Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20770

user macro secret text values not provided to zabbix_proxy from JavaScript

    XMLWordPrintable

Details

    • Problem report
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • 5.4.11
    • None
    • Proxy (P), Server (S)
    • None
    • CentOS 8, TimescaleDB

    Description

      Steps to reproduce:

      having 2 preprocessing rules in LLD rule (dependent item with JSON input)

      • JSONPath: $.pageEntries
      • JavaScript containing following lines (logging just for debugging purposes):

       

      var oidc_credentials_json_string = '{"grant_type": "password", "accessCode1": "{$CLOUD.APP.GW.ACCESS.CODE.1}", "accessCode2": "{$CLOUD.APP.GW.ACCESS.CODE.2}", "scope": "openid h"}';
      Zabbix.log(2, oidc_credentials_json_string);
      var token_json_string = request_oidc.post("{$CLOUD.APP.OIDC.ACCESS.URL}" + "/oidc/grantToken", oidc_credentials_json_string);
      Zabbix.log(2, token_json_string);
      

      Result:

      • macro values with access codes not used in the request when set as secret text, as seen in /var/log/zabbix/zabbix_proxy.log (active proxy traffic encrypted with PSK):
      {"grant_type": "password", "accessCode1": "******", "accessCode2": "******", "scope": "openid h"}
      • => request fails returning invalid authentication

      Expected:

      • secret text macros in JavaScript could be usable on zabbix_proxy (masking values in the log file in such case is OK)

      Workaround:

      • use plain text macros, then they are used, but also visible in ZBX frontend and zabbix_proxy.log (not preferred)
      • for script items macro values can be provided as input parameters, then this problem is probably not present (not tested recently, but slightly remembered from the past), but parameters cannot be set for preprocessing steps (maybe there is another workaround, e.g. to add those macros somehow into input JSON, e.g. by preceeding preprocessing steps - not tested)

      Attachments

        Activity

          People

            avolodin Aleksey Volodin
            rico Richard Ostrochovsk√Ĺ
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: