Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AzureMonitor: User authentication support #81918

Merged
merged 33 commits into from
Mar 19, 2024
Merged

AzureMonitor: User authentication support #81918

merged 33 commits into from
Mar 19, 2024

Conversation

aangelisc
Copy link
Contributor

@aangelisc aangelisc commented Feb 5, 2024
edited
Loading

This PR adds support for current user authentication to the Azure Monitor data source. It's quite a large PR but its been done in segments with each PR reviewed individually.

grafana PR's:

grafana-azure-sdk-go PR's:

In order to support user-based authentication in Azure Monitor the following has been done:

  • Bump grafana-azure-sdk-go to v1.13.1. This adds support for current user authentication fallback credentials and adds support for these credentials in the credentials builder.
  • Add user_identity_fallback_credentials_enabled to the Grafana configuration. This defaults to true when user_identity_enabled is also true. This configuration variable allows Grafana administrators to enable/disable fallback credentials at the instance level.
    • The sample.ini file has been updated.
    • The docs have been updated.
    • The frontend types have been updated.
    • The environment variable configuration has been updated.
  • Azure Monitor QueryData, CallResource, and CheckHealth functions have been updated to appropriately pass the user context.
  • Azure Monitor now allows user identity authentication.
  • ConfigEditor components have been co-located, similar to the various QueryEditor components.
  • Credentials logic has been updated for current user authentication.
  • Updates the frontend to better support user-based authentication.
  • The config editor has been updated to allow configuration of fallback service credentials (App Registration, Managed Identity, and Workload Identity are currently supported).
  • Add toggle for enabling/disabling fallback credentials at the data source level (in addition to the instance level toggle).
  • Add alert if fallback credentials are disabled at the instance level.
  • Makes use of the new style credentials given that user-auth hasn't existed in Azure Monitor previously.
  • Adds various warnings around user-auth and what may/may not work.
  • Add authenticatedBy prop to user object in @grafana/runtime, making it available to data sources.
  • Update mocks
  • Update some tests
  • Update docs

This will benefit from manual user testing. Let me know if you need help to achieve this.

Fallback credentials disabled alert:
image

Fallback credentials information alert:
image

Fallback credentials configuration:
image

Alerting warning when fallback credentials are missing/disabled:
image

Query editor warning when logged in with auth provider other than Azure:
image

Part of #81918

Note: This feature is experimental and may be subject to unexpected behaviour or potential breaking changes. Backend Grafana functionality e.g. alerts, recorded queries, reporting etc may not function as expected with current user authentication.

Fixes #85635

@aangelisc aangelisc self-assigned this Feb 5, 2024
@aangelisc
Merge branch 'main' into andreas/az-user-auth
c8b43be 
# Conflicts:
#	pkg/tsdb/azuremonitor/azuremonitor.go
#	public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx
#	public/app/plugins/datasource/azuremonitor/components/ResourcePicker/AdvancedMulti.tsx
#	public/app/plugins/datasource/azuremonitor/components/ResourcePicker/NestedEntry.tsx
#	public/app/plugins/datasource/azuremonitor/components/ResourcePicker/ResourcePicker.tsx
#	public/app/plugins/datasource/azuremonitor/components/VariableEditor/VariableEditor.tsx
#	public/app/plugins/datasource/azuremonitor/components/shared/Space.tsx
@aangelisc
Merge branch 'main' into andreas/az-user-auth
83deb36
@aangelisc
Merge branch 'main' into andreas/az-user-auth
6cfcccc
This was referenced Feb 23, 2024
Merged
Merged
Merged
Merged
@aangelisc aangelisc mentioned this pull request Feb 26, 2024
Merged
@aangelisc
AzureMonitor: Add flag for enabling/disabling fallback credentials fo…
092c2d8 
…r current user authentication (#82332)

* Rename field

* Add fallback setting

* Update tests and mock

* Remove duplicate setting line

* Update name of property

* Update frontend settings

* Update docs and default config files

* Update azure-sdk

* Fix lint

* Update test

* Bump dependency
@grafana-pr-automation grafana-pr-automation bot added type/docs datasource/MSSQL Microsoft SQL Server Data Source labels Feb 26, 2024
@aangelisc
Merge branch 'main' into andreas/az-user-auth
716393d 
# Conflicts:
#	pkg/plugins/envvars/envvars.go
#	pkg/services/pluginsintegration/pluginconfig/envvars_test.go
@aangelisc
Update configuration
de1868a
@aangelisc aangelisc marked this pull request as ready for review February 29, 2024 13:56
jdbaldry
jdbaldry approved these changes Mar 13, 2024
View reviewed changes
Copy link
Member

@jdbaldry jdbaldry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some more style suggestions for the documentation changes.

Let me know if I can explain any in more detail :)

docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
docs/sources/datasources/azure-monitor/_index.md Outdated Show resolved Hide resolved
@aangelisc

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@aangelisc

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@aangelisc aangelisc requested a review from jdbaldry March 14, 2024 12:59
jdbaldry
jdbaldry approved these changes Mar 14, 2024
View reviewed changes
Copy link
Member

@jdbaldry jdbaldry left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thank you for considering the suggestions and writing these docs in the first place :)

bossinc
bossinc approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@bossinc bossinc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a lot of work! Very nice test coverage. Thank you for splitting up the PRs by PRing into this branch
🎉 🎉 🎉

I gave it a once over, and nothing stuck out. I didn't test alerting and recorded queries. Let me know if I should tests these

@aangelisc

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@ephemeral-instances-bot

This comment was marked as outdated.

Sign in to view
@aangelisc
Copy link
Contributor Author

/deploy-to-hg

@ephemeral-instances-bot
Copy link

  • Preparing your instance. A comment containing your instance's url will be added to this PR when the instance is ready.
  • Your instance will be ready in ~10 minutes.
  • Check the GitHub actions tab to follow the workflow progress
  • Slack channel: #proj-ephemeral-hg-instances
  • Building instance with andreas/az-user-auth oss branch and main enterprise branch. How to choose a branch

@ephemeral-instances-bot
Copy link

@aangelisc
Merge branch 'main' into andreas/az-user-auth
75cc145 
# Conflicts:
#	go.mod
#	go.sum
#	pkg/services/pluginsintegration/pluginconfig/envvars_test.go
#	pkg/tsdb/azuremonitor/azuremonitor.go
@aangelisc
Update test
94b6034
@aangelisc aangelisc merged commit 6bb7ab2 into main Mar 19, 2024
19 checks passed
@aangelisc aangelisc deleted the andreas/az-user-auth branch March 19, 2024 16:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chri2547 chri2547 chri2547 left review comments

@jdbaldry jdbaldry jdbaldry approved these changes

@bossinc bossinc bossinc approved these changes

@asimpson asimpson Awaiting requested review from asimpson asimpson is a code owner automatically assigned from grafana/partner-datasources

@adamyeats adamyeats Awaiting requested review from adamyeats adamyeats is a code owner automatically assigned from grafana/partner-datasources

@alyssabull alyssabull Awaiting requested review from alyssabull alyssabull is a code owner automatically assigned from grafana/partner-datasources

Assignees

@aangelisc aangelisc

Labels
add to changelog area/backend area/frontend datasource/Azure Azure Monitor Datasource datasource/MSSQL Microsoft SQL Server Data Source effort/medium no-backport Skip backport of PR type/docs
Projects
None yet
Milestone
11.0.0-preview
Development

Successfully merging this pull request may close these issues.

AzureMonitor: User authentication support
6 participants
@aangelisc @grafanabot @jdbaldry @bossinc @chri2547 @fabrizio-grafana