GithubHelp home page GithubHelp logo

okieselbach / munki-middleware-azure-storage Goto Github PK

View Code? Open in Web Editor NEW
14.0 4.0 3.0 27 KB

Generate Azure Blob Storage account authentication for Munki

Home Page: https://oliverkieselbach.com/2021/07/14/comprehensive-guide-to-managing-macos-with-intune/

Python 100.00%
macos munki macadmin azure-storage macadmins mac azure blob-storage

munki-middleware-azure-storage's Introduction

Azure Blob Storage Authentication for Munki

The Azure Blob Storage Middleware allows munki clients to connect securely, and directly to a munki repo hosted in an Azure Blob Storage account.

Description

This module is meant to plug into munki as a middleware. https://github.com/munki/munki/wiki

The latest version middleware_azure.py of the script will use the Shared Access Signature from the blob storage account.

Previous version with storage key (middleware_azure_storagekey_deprecated.py) generates the required http headers to interact with an protected Azure blob storage account. Inspired by S3-Auth (https://github.com/waderobson/s3-auth). I have deprecated the old version as it needs more strict key handling to provide proper security. For research purpose I will keep it for some time here.

MS reference docs for Storage REST API Auth and interaction https://docs.microsoft.com/en-us/azure/storage/common/storage-rest-api-auth

Configuration

Defaults must be in place (replace with your account and example assumes containername = munki):

sudo defaults write /Library/Preferences/ManagedInstalls SoftwareRepoURL 'http://yourstorageaccount.blob.core.windows.net/munki'
sudo defaults write /Library/Preferences/ManagedInstalls SharedAccessSignature 'XXX'

Configuration via MDM

<key>SoftwareRepoURL</key>
<string>http://yourstorageaccount.blob.core.windows.net/munki</string>
<key>SharedAccessSignature</key>
<string>XXX</string>

Use Powershell output from below to convert the Shared Access Signature (SAS) to be correctly escaped for usage in xml MDM profile above:

[Security.SecurityElement]::Escape("?sp=r&st=2021-09-07T07:25:56Z&se=2025-09-07T15:25:56Z&spr=https&sv=2020-08-04&sr=c&sig=ThIsIsEnExAmPlEThIsIsEnExAmPlEThIsIsEnExAmPlE")

Check my macOS GitHub repo for a sample MDM .mobileconfig file.

Location

copy to '/usr/local/munki/middleware_azure.py'

Permissions

sudo chown root /usr/local/munki/middleware*.py
sudo chmod 600 /usr/local/munki/middleware*.py

Debugging

log files for munki are stored here:

/Library/Managed Installs/Logs/

If required set LoggingLevel higher than 1 e.g. 2 or 3

sudo defaults write /Library/Preferences/ManagedInstalls LoggingLevel -int 3

Further reading

If you are interested in a blog article detailing a bit more of the middleware in action with Microsoft Intune then have a look here:

https://oliverkieselbach.com/2021/07/14/comprehensive-guide-to-managing-macos-with-intune/

munki-middleware-azure-storage's People

Contributors

okieselbach avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar

Forkers

almenscorner jamesatwebpros

munki-middleware-azure-storage's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.