feat(input.azure_monitor): Use default azure credentials chain when n…

…o secret provided (#15395)
influxdata · Jun 5, 2024 · c663680 · c663680
1 parent c8d9ae1
commit c663680
Show file tree

Hide file tree

Showing 5 changed files with 26 additions and 10 deletions.
diff --git a/go.mod b/go.mod
@@ -130,7 +130,7 @@ require (
 	github.com/kolo/xmlrpc v0.0.0-20220921171641-a4b6fa1dd06b
 	github.com/leodido/go-syslog/v4 v4.1.0
 	github.com/linkedin/goavro/v2 v2.12.0
-	github.com/logzio/azure-monitor-metrics-receiver v1.0.1
+	github.com/logzio/azure-monitor-metrics-receiver v1.0.2
 	github.com/lxc/incus v0.4.0
 	github.com/mdlayher/apcupsd v0.0.0-20220319200143-473c7b5f3c6a
 	github.com/mdlayher/vsock v1.2.1
@@ -238,7 +238,7 @@ require (
 	github.com/Azure/azure-pipeline-go v0.2.3 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 // indirect
 	github.com/Azure/go-amqp v1.0.0 // indirect

diff --git a/go.sum b/go.sum
@@ -1729,8 +1729,8 @@ github.com/linkedin/goavro/v2 v2.12.0 h1:rIQQSj8jdAUlKQh6DttK8wCRv4t4QO09g1C4aBW
 github.com/linkedin/goavro/v2 v2.12.0/go.mod h1:KXx+erlq+RPlGSPmLF7xGo6SAbh8sCQ53x064+ioxhk=
 github.com/linode/linodego v1.23.0 h1:s0ReCZtuN9Z1IoUN9w1RLeYO1dMZUGPwOQ/IBFsBHtU=
 github.com/linode/linodego v1.23.0/go.mod h1:0U7wj/UQOqBNbKv1FYTXiBUXueR8DY4HvIotwE0ENgg=
-github.com/logzio/azure-monitor-metrics-receiver v1.0.1 h1:FTwUtM0K3RB8XX4N4xfswzOUWoiLK9pJUMqPpTOJclc=
-github.com/logzio/azure-monitor-metrics-receiver v1.0.1/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc=
+github.com/logzio/azure-monitor-metrics-receiver v1.0.2 h1:1vNuag1MwjTm02BJ9U7w3hCStJug2CgPMmzI8VmEbFA=
+github.com/logzio/azure-monitor-metrics-receiver v1.0.2/go.mod h1:yJGdECqN75b4r4SXLwNkeeZoN/rPVKcfJLfixQw1hZc=
 github.com/loov/hrtime v1.0.1/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0=
 github.com/loov/hrtime v1.0.3/go.mod h1:yDY3Pwv2izeY4sq7YcPX/dtLwzg5NU1AxWuWxKwd0p0=
 github.com/loov/hrtime/hrplot v1.0.2/go.mod h1:9t65xYn4d42ntjv40Wt5lbU72/VC5S0zGDgjC8kD5BU=

diff --git a/plugins/inputs/azure_monitor/README.md b/plugins/inputs/azure_monitor/README.md
@@ -67,7 +67,13 @@ See the [CONFIGURATION.md][CONFIGURATION.md] for more details.
   subscription_id = "<<SUBSCRIPTION_ID>>"
   # can be obtained by registering an application under Azure Active Directory
   client_id = "<<CLIENT_ID>>"
-  # can be obtained by registering an application under Azure Active Directory
+  # can be obtained by registering an application under Azure Active Directory.
+  # If not specified Default Azure Credentials chain will be attempted:
+  # - Environment credentials (AZURE_*)
+  # - Workload Identity in Kubernetes cluster
+  # - Managed Identity
+  # - Azure CLI auth
+  # - Developer Azure CLI auth
   client_secret = "<<CLIENT_SECRET>>"
   # can be found under Azure Active Directory->Properties
   tenant_id = "<<TENANT_ID>>"

diff --git a/plugins/inputs/azure_monitor/azure_monitor.go b/plugins/inputs/azure_monitor/azure_monitor.go
@@ -4,6 +4,7 @@ package azure_monitor
 import (
 	_ "embed"
 	"fmt"
+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 	"sync"
 
 	"github.com/influxdata/telegraf"
@@ -159,12 +160,15 @@ func (acm *azureClientsManager) createAzureClients(
 	clientSecret string,
 	tenantID string,
 ) (*receiver.AzureClients, error) {
-	azureClients, err := receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID)
-	if err != nil {
-		return nil, fmt.Errorf("error creating Azure clients: %w", err)
+	if clientSecret != "" {
+		return receiver.CreateAzureClients(subscriptionID, clientID, clientSecret, tenantID)
 	}
 
-	return azureClients, nil
+	token, err := azidentity.NewDefaultAzureCredential(&azidentity.DefaultAzureCredentialOptions{TenantID: tenantID})
+	if err != nil {
+		return nil, fmt.Errorf("error creating Azure token: %w", err)
+	}
+	return receiver.CreateAzureClientsWithCreds(subscriptionID, token)
 }
 
 func init() {

diff --git a/plugins/inputs/azure_monitor/sample.conf b/plugins/inputs/azure_monitor/sample.conf
@@ -4,7 +4,13 @@
   subscription_id = "<<SUBSCRIPTION_ID>>"
   # can be obtained by registering an application under Azure Active Directory
   client_id = "<<CLIENT_ID>>"
-  # can be obtained by registering an application under Azure Active Directory
+  # can be obtained by registering an application under Azure Active Directory.
+  # If not specified Default Azure Credentials chain will be attempted:
+  # - Environment credentials (AZURE_*)
+  # - Workload Identity in Kubernetes cluster
+  # - Managed Identity
+  # - Azure CLI auth
+  # - Developer Azure CLI auth
   client_secret = "<<CLIENT_SECRET>>"
   # can be found under Azure Active Directory->Properties
   tenant_id = "<<TENANT_ID>>"