Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20770

user macro secret text values not provided to zabbix_proxy from JavaScript

    XMLWordPrintable

Details

    • Team A
    • Sprint 90 (Jul 2022)
    • 1

    Description

      Steps to reproduce:

      having 2 preprocessing rules in LLD rule (dependent item with JSON input)

      • JSONPath: $.pageEntries
      • JavaScript containing following lines (logging just for debugging purposes):

       

      var oidc_credentials_json_string = '{"grant_type": "password", "accessCode1": "{$CLOUD.APP.GW.ACCESS.CODE.1}", "accessCode2": "{$CLOUD.APP.GW.ACCESS.CODE.2}", "scope": "openid h"}';
      Zabbix.log(2, oidc_credentials_json_string);
      var token_json_string = request_oidc.post("{$CLOUD.APP.OIDC.ACCESS.URL}" + "/oidc/grantToken", oidc_credentials_json_string);
      Zabbix.log(2, token_json_string);
      

      Result:

      • macro values with access codes not used in the request when set as secret text, as seen in /var/log/zabbix/zabbix_proxy.log (active proxy traffic encrypted with PSK):
      {"grant_type": "password", "accessCode1": "******", "accessCode2": "******", "scope": "openid h"}
      • => request fails returning invalid authentication

      Expected:

      • secret text macros in JavaScript could be usable on zabbix_proxy (masking values in the log file in such case is OK)

      Workaround:

      • use plain text macros, then they are used, but also visible in ZBX frontend and zabbix_proxy.log (not preferred)
      • for script items macro values can be provided as input parameters, then this problem is probably not present (not tested recently, but slightly remembered from the past), but parameters cannot be set for preprocessing steps (maybe there is another workaround, e.g. to add those macros somehow into input JSON, e.g. by preceeding preprocessing steps - not tested)

      Attachments

        Issue Links

          Activity

            People

              vso Vladislavs Sokurenko
              rico Richard Ostrochovský
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: