-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support SDK auth in AzureAD RemoteWrite #6596
Conversation
@simonpasquier addressed comments PTAL |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we need to update ValidateRemoteWriteSpec
to ensure that only one auth method is defined.
Related-to prometheus-operator#6584 Signed-off-by: Jayapriya Pai <slashpai9@gmail.com>
@simonpasquier updated |
Co-authored-by: Simon Pasquier <spasquie@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have one late comment but we can have the improvement in a follow-up PR.
@@ -127,14 +127,22 @@ func ValidateRemoteWriteSpec(spec monitoringv1.RemoteWriteSpec) error { | |||
} | |||
|
|||
if spec.AzureAD != nil { | |||
if spec.AzureAD.ManagedIdentity == nil && spec.AzureAD.OAuth == nil { | |||
return fmt.Errorf("must provide Azure Managed Identity or Azure OAuth in the Azure AD config") | |||
if spec.AzureAD.ManagedIdentity == nil && spec.AzureAD.OAuth == nil && spec.AzureAD.SDK == nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's still a risk that users pick up the SDK option with an older Prometheus version in which the generated config will fail. Ideally the operator should fail here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we have this validated similar to relabel configs is resource_selector.go?
@@ -2124,6 +2124,12 @@ func (cg *ConfigGenerator) generateRemoteWriteConfig( | |||
}) | |||
} | |||
|
|||
if spec.AzureAD.SDK != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit) we could use a switch/case to make it more readable/robust.
I can address comments in follow up PR I had enabled auto-merge :) |
feat: support SDK auth in AzureAD RemoteWrite
Related-to #6584
Description
Describe the big picture of your changes here to communicate to the maintainers why we should accept this pull request.
If it fixes a bug or resolves a feature request, be sure to link to that issue.
Type of change
What type of changes does your code introduce to the Prometheus operator? Put an
x
in the box that apply.CHANGE
(fix or feature that would cause existing functionality to not work as expected)FEATURE
(non-breaking change which adds functionality)BUGFIX
(non-breaking change which fixes an issue)ENHANCEMENT
(non-breaking change which improves existing functionality)NONE
(if none of the other choices apply. Example, tooling, build system, CI, docs, etc.)Verification
Please check the Prometheus-Operator testing guidelines for recommendations about automated tests.
Changelog entry
Please put a one-line changelog entry below. This will be copied to the changelog file during the release process.