mudhorn/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2024-09-19 23:37:31 -07:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

remote write config allows passing empty azure client_id to use the default managed identity.

Browse source 
Signed-off-by: dhlee <dhlee@marchex.com>
This commit is contained in:
dhlee 2024-02-06 15:17:22 -08:00
parent 6005ac6f9d
commit 2e2b01d785
6 changed files with 32 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/configuration/configuration.md
View file

@ -3605,7 +3605,7 @@ azuread:
# The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.
[ cloud: <string> | default = AzurePublic ]
# Azure User-assigned Managed identity.
# Azure Managed Identity. Leave 'client_id' blank to use the default managed identity.
[ managed_identity:
[ client_id: <string> ] ]

21
storage/remote/azuread/azuread.go
View file

@ -111,13 +111,11 @@ func (c *AzureADConfig) Validate() error {
}
if c.ManagedIdentity != nil {
if c.ManagedIdentity.ClientID == "" {
return fmt.Errorf("must provide an Azure Managed Identity client_id in the Azure AD config")
}
_, err := uuid.Parse(c.ManagedIdentity.ClientID)
if err != nil {
return fmt.Errorf("the provided Azure Managed Identity client_id is invalid")
if c.ManagedIdentity.ClientID != "" {
_, err := uuid.Parse(c.ManagedIdentity.ClientID)
if err != nil {
return fmt.Errorf("the provided Azure Managed Identity client_id is invalid")
}
}
}
@ -230,8 +228,13 @@ func newTokenCredential(cfg *AzureADConfig) (azcore.TokenCredential, error) {
// newManagedIdentityTokenCredential returns new Managed Identity token credential.
func newManagedIdentityTokenCredential(clientOpts *azcore.ClientOptions, managedIdentityConfig *ManagedIdentityConfig) (azcore.TokenCredential, error) {
clientID := azidentity.ClientID(managedIdentityConfig.ClientID)
opts := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts, ID: clientID}
var opts *azidentity.ManagedIdentityCredentialOptions
if managedIdentityConfig.ClientID != "" {
clientID := azidentity.ClientID(managedIdentityConfig.ClientID)
opts = &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts, ID: clientID}
} else {
opts = &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts}
}
return azidentity.NewManagedIdentityCredential(opts)
}

17
storage/remote/azuread/azuread_test.go
View file

@ -142,11 +142,18 @@ func TestAzureAdConfig(t *testing.T) {
filename string
err string
}{
// Missing managedidentiy or oauth field.
// Missing managedidentity or oauth field.
{
filename: "testdata/azuread_bad_configmissing.yaml",
err: "must provide an Azure Managed Identity or Azure OAuth in the Azure AD config",
},
// Missing clientid field from managedidentity.
// Because of limitations on go's yaml library, it's difficult to tell the difference between a mapping pair
// whose value is null versus a mapping pair that is missing entirely when the value's type is a struct.
{
filename: "testdata/azuread_bad_missingclientid.yaml",
err: "must provide an Azure Managed Identity or Azure OAuth in the Azure AD config",
},
// Invalid managedidentity client id.
{
filename: "testdata/azuread_bad_invalidclientid.yaml",
@ -166,9 +173,13 @@ func TestAzureAdConfig(t *testing.T) {
{
filename: "testdata/azuread_good_cloudmissing.yaml",
},
// Valid managed identity config.
// Valid specific managed identity config.
{
filename: "testdata/azuread_good_managedidentity.yaml",
filename: "testdata/azuread_good_specificmanagedidentity.yaml",
},
// Valid default managed identity config.
{
filename: "testdata/azuread_good_defaultmanagedidentity.yaml",
},
// Valid Oauth config.
{

2
storage/remote/azuread/testdata/azuread_bad_missingclientid.yaml vendored Normal file
View file

@ -0,0 +1,2 @@
cloud: AzurePublic
managed_identity:

3
storage/remote/azuread/testdata/azuread_good_defaultmanagedidentity.yaml vendored Normal file
View file

@ -0,0 +1,3 @@
cloud: AzurePublic
managed_identity:
client_id:

0
storage/remote/azuread/testdata/azuread_good_managedidentity.yaml → storage/remote/azuread/testdata/azuread_good_specificmanagedidentity.yaml vendored
View file