From e92378a3bc0b85245011c69b7e01d074abc57914 Mon Sep 17 00:00:00 2001 From: Maxim Ivanov Date: Thu, 23 May 2024 13:18:46 +0100 Subject: [PATCH] feat(input.azure_monitor): use default azure creds chain when no secret provided This allows Telegraf authenticating with Workload Identity on K8S or with VM identity when running directly on a virtual machine. --- go.mod | 4 +++- go.sum | 4 ++-- plugins/inputs/azure_monitor/README.md | 8 +++++++- plugins/inputs/azure_monitor/azure_monitor.go | 15 +++++++++++++-- plugins/inputs/azure_monitor/sample.conf | 8 +++++++- 5 files changed, 32 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index e562e5cc2895e..73c45ef8fa48d 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/influxdata/telegraf go 1.22 +replace github.com/logzio/azure-monitor-metrics-receiver v1.0.1 => github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15 + require ( cloud.google.com/go/bigquery v1.61.0 cloud.google.com/go/monitoring v1.18.1 @@ -238,7 +240,7 @@ require ( github.com/Azure/azure-pipeline-go v0.2.3 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect github.com/Azure/go-amqp v1.0.0 // indirect diff --git a/go.sum b/go.sum index a014c8d211e1a..f60b617c6c424 100644 --- a/go.sum +++ b/go.sum @@ -1731,8 +1731,6 @@ github.com/linkedin/goavro/v2 v2.12.0 h1:rIQQSj8jdAUlKQh6DttK8wCRv4t4QO09g1C4aBW github.com/linkedin/goavro/v2 v2.12.0/go.mod h1:KXx+erlq+RPlGSPmLF7xGo6SAbh8sCQ53x064+ioxhk= github.com/linode/linodego v1.23.0 h1:s0ReCZtuN9Z1IoUN9w1RLeYO1dMZUGPwOQ/IBFsBHtU= github.com/linode/linodego v1.23.0/go.mod h1:0U7wj/UQOqBNbKv1FYTXiBUXueR8DY4HvIotwE0ENgg= -github.com/logzio/azure-monitor-metrics-receiver v1.0.1 h1:FTwUtM0K3RB8XX4N4xfswzOUWoiLK9pJUMqPpTOJclc= -github.com/logzio/azure-monitor-metrics-receiver v1.0.1/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc= github.com/loov/hrtime v1.0.1/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0= github.com/loov/hrtime v1.0.3/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0= github.com/loov/hrtime/hrplot v1.0.2/go.mod h1:9t65xYn4d42ntjv40Wt5lbU72/VC5S0zGDgjC8kD5BU= @@ -2065,6 +2063,8 @@ github.com/rabbitmq/amqp091-go v1.9.0 h1:qrQtyzB4H8BQgEuJwhmVQqVHB9O4+MNDJCCAcpc github.com/rabbitmq/amqp091-go v1.9.0/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= +github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15 h1:P/xwevDkBcsxncmv9LHxKrodbscuoAoF4W7r/9JuoR4= +github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc= github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8= github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= diff --git a/plugins/inputs/azure_monitor/README.md b/plugins/inputs/azure_monitor/README.md index b03d1a461b2c3..d294532caaf64 100644 --- a/plugins/inputs/azure_monitor/README.md +++ b/plugins/inputs/azure_monitor/README.md @@ -67,7 +67,13 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details. subscription_id = "<>" # can be obtained by registering an application under Azure Active Directory client_id = "<>" - # can be obtained by registering an application under Azure Active Directory + # can be obtained by registering an application under Azure Active Directory. + # If not specified Default Azure Credentials chain will be attempted: + # - Environment credentials (AZURE_*) + # - Workload Identity in Kubernetes cluster + # - Managed Identity + # - Azure CLI auth + # - Developer Azure CLI auth client_secret = "<>" # can be found under Azure Active Directory->Properties tenant_id = "<>" diff --git a/plugins/inputs/azure_monitor/azure_monitor.go b/plugins/inputs/azure_monitor/azure_monitor.go index 05f82f9c8d94f..984c33de6a798 100644 --- a/plugins/inputs/azure_monitor/azure_monitor.go +++ b/plugins/inputs/azure_monitor/azure_monitor.go @@ -4,6 +4,8 @@ package azure_monitor import ( _ "embed" "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/azcore" + "github.com/Azure/azure-sdk-for-go/sdk/azidentity" "sync" "github.com/influxdata/telegraf" @@ -158,8 +160,17 @@ func (acm *azureClientsManager) createAzureClients( clientID string, clientSecret string, tenantID string, -) (*receiver.AzureClients, error) { - azureClients, err := receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID) +) (azureClients *receiver.AzureClients, err error) { + var token azcore.TokenCredential + if clientSecret != "" { + azureClients, err = receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID) + } else { + if token, err = azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{ + TenantID: tenantID, + }); err == nil { + azureClients, err = receiver.CreateAzureClientsWithCreds(subscriptionID, token) + } + } if err != nil { return nil, fmt.Errorf("error creating Azure clients: %w", err) } diff --git a/plugins/inputs/azure_monitor/sample.conf b/plugins/inputs/azure_monitor/sample.conf index 9f7bf30848e22..a0052f2dfb9ea 100644 --- a/plugins/inputs/azure_monitor/sample.conf +++ b/plugins/inputs/azure_monitor/sample.conf @@ -4,7 +4,13 @@ subscription_id = "<>" # can be obtained by registering an application under Azure Active Directory client_id = "<>" - # can be obtained by registering an application under Azure Active Directory + # can be obtained by registering an application under Azure Active Directory. + # If not specified Default Azure Credentials chain will be attempted: + # - Environment credentials (AZURE_*) + # - Workload Identity in Kubernetes cluster + # - Managed Identity + # - Azure CLI auth + # - Developer Azure CLI auth client_secret = "<>" # can be found under Azure Active Directory->Properties tenant_id = "<>"