api_endpoint = rtrim(trim($api_endpoint), '/'); $this->db_path = trim($db_path); $this->cert_file = $cert_file !== null ? trim($cert_file) : null; $this->key_file = $key_file !== null ? trim($key_file) : null; } public function validateParameters(): bool { $api_endpoint = parse_url($this->api_endpoint); if (!$api_endpoint || !array_key_exists('scheme', $api_endpoint) || !array_key_exists('host', $api_endpoint) || strtolower($api_endpoint['scheme']) !== 'https' || $api_endpoint['host'] === '') { $this->addError(_s('Provided API endpoint "%1$s" is invalid.', $this->api_endpoint)); } $secret_parser = new CVaultSecretParser(['provider' => ZBX_VAULT_TYPE_CYBERARK, 'with_key' => false]); if ($secret_parser->parse($this->db_path) != CParser::PARSE_SUCCESS) { $this->addError(_s('Provided secret query string "%1$s" is invalid.', $this->db_path)); } return !$this->getErrors(); } public function getCredentials(): ?array { $http_context = [ 'method' => 'GET', 'header' => 'Content-Type: application/json', 'ignore_errors' => true ]; if ($this->cert_file !== null && $this->key_file !== null) { $http_context['ssl'] = [ 'local_cert' => $this->cert_file, 'local_pk' => $this->key_file, 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true ]; } $secret = @file_get_contents($this->api_endpoint.'/AIMWebService/api/Accounts?'.$this->db_path, false, stream_context_create(['http' => $http_context]) ); if ($secret === false) { $this->addError(_('Vault connection failed.')); return null; } $db_credentials = $secret ? json_decode($secret, true) : null; if ($db_credentials === null) { $this->addError(_('Unable to load database credentials from Vault.')); return null; } if (!array_key_exists('UserName', $db_credentials) || !array_key_exists('Content', $db_credentials)) { $this->addError(_('Username and password must be stored in Vault secret keys "UserName" and "Content".')); return null; } return [ 'user' => $db_credentials['UserName'], 'password' => $db_credentials['Content'] ]; } }