From 1237541490a3a5fc530bee3c3b54552cbcee47b0 Mon Sep 17 00:00:00 2001 From: arminfelder Date: Tue, 8 Oct 2024 17:32:03 +0200 Subject: [PATCH] [receiver/azureblobreceiver] support for default auth (#35636) adds "default" auth, to make the azure go package, autodiscover credentials added by e.g. workload identities --- .../feature_azureblobreceiverDefaultAuth.yaml | 29 +++++++++++++++++++ receiver/azureblobreceiver/README.md | 2 +- receiver/azureblobreceiver/config.go | 5 ++-- receiver/azureblobreceiver/factory.go | 9 ++++++ 4 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 .chloggen/feature_azureblobreceiverDefaultAuth.yaml diff --git a/.chloggen/feature_azureblobreceiverDefaultAuth.yaml b/.chloggen/feature_azureblobreceiverDefaultAuth.yaml new file mode 100644 index 000000000000..5416b0d4e31d --- /dev/null +++ b/.chloggen/feature_azureblobreceiverDefaultAuth.yaml @@ -0,0 +1,29 @@ +# Use this changelog template to create an entry for release notes. + +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: 'enhancement' + +# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) +component: 'azureblobreceiver' + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: "adds support for using azidentity default auth, enabling the use of Azure Managed Identities, e.g. Workload Identities on AKS" + +# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. +issues: [35636] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: | + This change allows to use authentication type "default", which makes the receiver use azidentity default Credentials, + which automatically picks up, identities assigned to e.g. a container or a VirtualMachine + +# If your change doesn't affect end users or the exported elements of any package, +# you should instead start your pull request title with [chore] or use the "Skip Changelog" label. +# Optional: The change log or logs in which this entry should be included. +# e.g. '[user]' or '[user, api]' +# Include 'user' if the change is relevant to end users. +# Include 'api' if there is a change to a library API. +# Default: '[user]' +change_logs: [] diff --git a/receiver/azureblobreceiver/README.md b/receiver/azureblobreceiver/README.md index 4543670831fe..b22e6a3a947a 100644 --- a/receiver/azureblobreceiver/README.md +++ b/receiver/azureblobreceiver/README.md @@ -24,7 +24,7 @@ The following settings are required: The following settings can be optionally configured: -- `auth` (default = connection_string): Specifies the used authentication method. Supported values are `connection_string`, `service_principal`. +- `auth` (default = connection_string): Specifies the used authentication method. Supported values are `connection_string`, `service_principal`, `default`. - `cloud` (default = "AzureCloud"): Defines which Azure Cloud to use when using the `service_principal` authentication method. Value is either `AzureCloud` or `AzureUSGovernment`. - `logs:` ` container_name:` (default = "logs"): Name of the blob container with the logs diff --git a/receiver/azureblobreceiver/config.go b/receiver/azureblobreceiver/config.go index 596917133dc1..4fb6faa602b0 100644 --- a/receiver/azureblobreceiver/config.go +++ b/receiver/azureblobreceiver/config.go @@ -69,16 +69,17 @@ type AuthType string const ( ServicePrincipalAuth AuthType = "service_principal" ConnectionStringAuth AuthType = "connection_string" + DefaultAuth AuthType = "default" ) func (e *AuthType) UnmarshalText(text []byte) error { str := AuthType(text) switch str { - case ServicePrincipalAuth, ConnectionStringAuth: + case ServicePrincipalAuth, ConnectionStringAuth, DefaultAuth: *e = str return nil default: - return fmt.Errorf("authentication %v is not supported. supported authentications include [%v,%v]", str, ServicePrincipalAuth, ConnectionStringAuth) + return fmt.Errorf("authentication %v is not supported. supported authentications include [%v,%v,%v]", str, ServicePrincipalAuth, ConnectionStringAuth, DefaultAuth) } } diff --git a/receiver/azureblobreceiver/factory.go b/receiver/azureblobreceiver/factory.go index a849813e909c..91d71f253008 100644 --- a/receiver/azureblobreceiver/factory.go +++ b/receiver/azureblobreceiver/factory.go @@ -141,6 +141,15 @@ func (f *blobReceiverFactory) getBlobEventHandler(cfg *Config, logger *zap.Logge if err != nil { return nil, err } + case DefaultAuth: + cred, err := azidentity.NewDefaultAzureCredential(nil) + if err != nil { + return nil, err + } + bc, err = newBlobClientFromCredential(cfg.StorageAccountURL, cred, logger) + if err != nil { + return nil, err + } default: return nil, fmt.Errorf("unknown authentication %v", cfg.Authentication) }