feat(input.azure_monitor): use default azure creds chain when no secr…

…et provided This allows Telegraf authenticating with Workload Identity on K8S or with VM identity when running directly on a virtual machine.
influxdata · May 23, 2024 · 9764c74 · 9764c74
1 parent 5e830fb
commit 9764c74
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 8 deletions.
diff --git a/go.mod b/go.mod
@@ -2,6 +2,8 @@ module github.com/influxdata/telegraf
 
 go 1.22
 
+replace github.com/logzio/azure-monitor-metrics-receiver v1.0.1 => github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15
+
 require (
 	cloud.google.com/go/bigquery v1.61.0
 	cloud.google.com/go/monitoring v1.18.1
@@ -237,8 +239,8 @@ require (
 	github.com/Azure/azure-amqp-common-go/v4 v4.2.0 // indirect
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect
 	github.com/Azure/go-amqp v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -1731,8 +1731,6 @@ github.com/linkedin/goavro/v2 v2.12.0 h1:rIQQSj8jdAUlKQh6DttK8wCRv4t4QO09g1C4aBW
 github.com/linkedin/goavro/v2 v2.12.0/go.mod h1:KXx+erlq+RPlGSPmLF7xGo6SAbh8sCQ53x064+ioxhk=
 github.com/linode/linodego v1.23.0 h1:s0ReCZtuN9Z1IoUN9w1RLeYO1dMZUGPwOQ/IBFsBHtU=
 github.com/linode/linodego v1.23.0/go.mod h1:0U7wj/UQOqBNbKv1FYTXiBUXueR8DY4HvIotwE0ENgg=
-github.com/logzio/azure-monitor-metrics-receiver v1.0.1 h1:FTwUtM0K3RB8XX4N4xfswzOUWoiLK9pJUMqPpTOJclc=
-github.com/logzio/azure-monitor-metrics-receiver v1.0.1/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc=
 github.com/loov/hrtime v1.0.1/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0=
 github.com/loov/hrtime v1.0.3/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0=
 github.com/loov/hrtime/hrplot v1.0.2/go.mod h1:9t65xYn4d42ntjv40Wt5lbU72/VC5S0zGDgjC8kD5BU=
@@ -2065,6 +2063,8 @@ github.com/rabbitmq/amqp091-go v1.9.0 h1:qrQtyzB4H8BQgEuJwhmVQqVHB9O4+MNDJCCAcpc
 github.com/rabbitmq/amqp091-go v1.9.0/go.mod h1:+jPrT9iY2eLjRaMSRHUhc3z14E/l85kv/f+6luSD3pc=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
+github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15 h1:P/xwevDkBcsxncmv9LHxKrodbscuoAoF4W7r/9JuoR4=
+github.com/redbaron/azure-monitor-metrics-receiver v0.0.0-20240521144623-e9f658551b15/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc=
 github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
 github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
 github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=

diff --git a/plugins/inputs/azure_monitor/README.md b/plugins/inputs/azure_monitor/README.md
@@ -67,7 +67,13 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
   subscription_id = "<<SUBSCRIPTION_ID>>"
   # can be obtained by registering an application under Azure Active Directory
   client_id = "<<CLIENT_ID>>"
-  # can be obtained by registering an application under Azure Active Directory
+  # can be obtained by registering an application under Azure Active Directory.
+  # If not specified Default Azure Credentials chain will be attempted:
+  # - Environment credentials (AZURE_*)
+  # - Workload Identity in Kubernetes cluster
+  # - Managed Identity
+  # - Azure CLI auth
+  # - Developer Azure CLI auth
   client_secret = "<<CLIENT_SECRET>>"
   # can be found under Azure Active Directory->Properties
   tenant_id = "<<TENANT_ID>>"

diff --git a/plugins/inputs/azure_monitor/azure_monitor.go b/plugins/inputs/azure_monitor/azure_monitor.go
@@ -4,6 +4,8 @@ package azure_monitor
 import (
 	_ "embed"
 	"fmt"
+	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"sync"
 
 	"github.com/influxdata/telegraf"
@@ -158,8 +160,17 @@ func (acm *azureClientsManager) createAzureClients(
 	clientID string,
 	clientSecret string,
 	tenantID string,
-) (*receiver.AzureClients, error) {
-	azureClients, err := receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID)
+) (azureClients *receiver.AzureClients, err error) {
+	var token azcore.TokenCredential
+	if clientSecret != "" {
+		azureClients, err = receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID)
+	} else {
+		if token, err = azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{
+			TenantID: tenantID,
+		}); err == nil {
+			azureClients, err = receiver.CreateAzureClientsWithCreds(subscriptionID, token)
+		}
+	}
 	if err != nil {
 		return nil, fmt.Errorf("error creating Azure clients: %w", err)
 	}

diff --git a/plugins/inputs/azure_monitor/sample.conf b/plugins/inputs/azure_monitor/sample.conf
@@ -4,7 +4,13 @@
   subscription_id = "<<SUBSCRIPTION_ID>>"
   # can be obtained by registering an application under Azure Active Directory
   client_id = "<<CLIENT_ID>>"
-  # can be obtained by registering an application under Azure Active Directory
+  # can be obtained by registering an application under Azure Active Directory.
+  # If not specified Default Azure Credentials chain will be attempted:
+  # - Environment credentials (AZURE_*)
+  # - Workload Identity in Kubernetes cluster
+  # - Managed Identity
+  # - Azure CLI auth
+  # - Developer Azure CLI auth
   client_secret = "<<CLIENT_SECRET>>"
   # can be found under Azure Active Directory->Properties
   tenant_id = "<<TENANT_ID>>"