Support default credential auth

open-telemetry · Jun 14, 2024 · d5f655a · d5f655a
1 parent 6693fb3
commit d5f655a
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 20 deletions.
diff --git a/receiver/azuremonitorreceiver/config.go b/receiver/azuremonitorreceiver/config.go
@@ -247,9 +247,10 @@ type Config struct {
 }
 
 const (
-	servicePrincipal = "service_principal"
-	workloadIdentity = "workload_identity"
-	managedIdentity  = "managed_identity"
+	defaultCredentials = "default_credentials"
+	servicePrincipal   = "service_principal"
+	workloadIdentity   = "workload_identity"
+	managedIdentity    = "managed_identity"
 )
 
 // Validate validates the configuration by checking for missing or invalid fields
@@ -288,8 +289,9 @@ func (c Config) Validate() (err error) {
 		if c.ClientID == "" {
 			err = multierr.Append(err, errMissingClientID)
 		}
+	case defaultCredentials:
 	default:
-		return fmt.Errorf("authentication %v is not supported. supported authentications include [%v,%v,%v]", c.Authentication, servicePrincipal, workloadIdentity, managedIdentity)
+		return fmt.Errorf("authentication %v is not supported. supported authentications include [%v,%v,%v,%v]", c.Authentication, servicePrincipal, workloadIdentity, managedIdentity, defaultCredentials)
 	}
 
 	if c.Cloud != azureCloud && c.Cloud != azureGovernmentCloud {

diff --git a/receiver/azuremonitorreceiver/scraper.go b/receiver/azuremonitorreceiver/scraper.go
@@ -83,8 +83,10 @@ func newScraper(conf *Config, settings receiver.Settings) *azureScraper {
 		cfg:                             conf,
 		settings:                        settings.TelemetrySettings,
 		mb:                              metadata.NewMetricsBuilder(conf.MetricsBuilderConfig, settings),
+		azDefaultCredentialsFunc:        azidentity.NewDefaultAzureCredential,
 		azIDCredentialsFunc:             azidentity.NewClientSecretCredential,
 		azIDWorkloadFunc:                azidentity.NewWorkloadIdentityCredential,
+		azManagedIdentityFunc:           azidentity.NewManagedIdentityCredential,
 		armClientFunc:                   armresources.NewClient,
 		armMonitorDefinitionsClientFunc: armmonitor.NewMetricDefinitionsClient,
 		armMonitorMetricsClientFunc:     armmonitor.NewMetricsClient,
@@ -104,9 +106,10 @@ type azureScraper struct {
 	resources                       map[string]*azureResource
 	resourcesUpdated                time.Time
 	mb                              *metadata.MetricsBuilder
+	azDefaultCredentialsFunc        func(options *azidentity.DefaultAzureCredentialOptions) (*azidentity.DefaultAzureCredential, error)
 	azIDCredentialsFunc             func(string, string, string, *azidentity.ClientSecretCredentialOptions) (*azidentity.ClientSecretCredential, error)
 	azIDWorkloadFunc                func(options *azidentity.WorkloadIdentityCredentialOptions) (*azidentity.WorkloadIdentityCredential, error)
-	azIDManagedIdentityFunc         func(options *azidentity.ManagedIdentityCredentialOptions) (*azidentity.ManagedIdentityCredential, error)
+	azManagedIdentityFunc           func(options *azidentity.ManagedIdentityCredentialOptions) (*azidentity.ManagedIdentityCredential, error)
 	armClientOptions                *arm.ClientOptions
 	armClientFunc                   func(string, azcore.TokenCredential, *arm.ClientOptions) (*armresources.Client, error)
 	armMonitorDefinitionsClientFunc func(string, azcore.TokenCredential, *arm.ClientOptions) (*armmonitor.MetricDefinitionsClient, error)
@@ -135,18 +138,18 @@ func (s *azureScraper) getArmClientOptions() *arm.ClientOptions {
 	return &options
 }
 
-func (s *azureScraper) getArmClient() armClient {
-	client, _ := s.armClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
-	return client
+func (s *azureScraper) getArmClient() (armClient, error) {
+	client, err := s.armClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
+	return client, err
 }
 
 type metricsDefinitionsClientInterface interface {
 	NewListPager(resourceURI string, options *armmonitor.MetricDefinitionsClientListOptions) *runtime.Pager[armmonitor.MetricDefinitionsClientListResponse]
 }
 
-func (s *azureScraper) getMetricsDefinitionsClient() metricsDefinitionsClientInterface {
-	client, _ := s.armMonitorDefinitionsClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
-	return client
+func (s *azureScraper) getMetricsDefinitionsClient() (metricsDefinitionsClientInterface, error) {
+	client, err := s.armMonitorDefinitionsClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
+	return client, err
 }
 
 type metricsValuesClient interface {
@@ -155,9 +158,9 @@ type metricsValuesClient interface {
 	)
 }
 
-func (s *azureScraper) GetMetricsValuesClient() metricsValuesClient {
-	client, _ := s.armMonitorMetricsClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
-	return client
+func (s *azureScraper) GetMetricsValuesClient() (metricsValuesClient, error) {
+	client, err := s.armMonitorMetricsClientFunc(s.cfg.SubscriptionID, s.cred, s.armClientOptions)
+	return client, err
 }
 
 func (s *azureScraper) start(_ context.Context, _ component.Host) (err error) {
@@ -166,9 +169,18 @@ func (s *azureScraper) start(_ context.Context, _ component.Host) (err error) {
 	}
 
 	s.armClientOptions = s.getArmClientOptions()
-	s.clientResources = s.getArmClient()
-	s.clientMetricsDefinitions = s.getMetricsDefinitionsClient()
-	s.clientMetricsValues = s.GetMetricsValuesClient()
+	s.clientResources, err = s.getArmClient()
+	if err != nil {
+		return err
+	}
+	s.clientMetricsDefinitions, err = s.getMetricsDefinitionsClient()
+	if err != nil {
+		return err
+	}
+	s.clientMetricsValues, err = s.GetMetricsValuesClient()
+	if err != nil {
+		return err
+	}
 
 	s.resources = map[string]*azureResource{}
 
@@ -177,6 +189,10 @@ func (s *azureScraper) start(_ context.Context, _ component.Host) (err error) {
 
 func (s *azureScraper) loadCredentials() (err error) {
 	switch s.cfg.Authentication {
+	case defaultCredentials:
+		if s.cred, err = s.azDefaultCredentialsFunc(nil); err != nil {
+			return err
+		}
 	case servicePrincipal:
 		if s.cred, err = s.azIDCredentialsFunc(s.cfg.TenantID, s.cfg.ClientID, s.cfg.ClientSecret, nil); err != nil {
 			return err
@@ -186,9 +202,13 @@ func (s *azureScraper) loadCredentials() (err error) {
 			return err
 		}
 	case managedIdentity:
-		if s.cred, err = s.azIDManagedIdentityFunc(&azidentity.ManagedIdentityCredentialOptions{
-			ID: azidentity.ClientID(s.cfg.ClientID),
-		}); err != nil {
+		var options *azidentity.ManagedIdentityCredentialOptions
+		if s.cfg.ClientID != "" {
+			options = &azidentity.ManagedIdentityCredentialOptions{
+				ID: azidentity.ClientID(s.cfg.ClientID),
+			}
+		}
+		if s.cred, err = s.azManagedIdentityFunc(options); err != nil {
 			return err
 		}
 	default: