remote write config allows passing empty azure client_id to use the default managed identity.

Signed-off-by: dhlee <dhlee@marchex.com>

docs/configuration/configuration.md

@@ -3605,7 +3605,7 @@ azuread:
   # The Azure Cloud. Options are 'AzurePublic', 'AzureChina', or 'AzureGovernment'.
   [ cloud: <string> | default = AzurePublic ]
 
-  # Azure User-assigned Managed identity.
+  # Azure Managed Identity.  Leave 'client_id' blank to use the default managed identity.
   [ managed_identity:
       [ client_id: <string> ] ]  
 

storage/remote/azuread/azuread.go

@@ -111,13 +111,11 @@ func (c *AzureADConfig) Validate() error {
 	}
 
 	if c.ManagedIdentity != nil {
-		if c.ManagedIdentity.ClientID == "" {
+		if c.ManagedIdentity.ClientID != "" {
-			return fmt.Errorf("must provide an Azure Managed Identity client_id in the Azure AD config")
+			_, err := uuid.Parse(c.ManagedIdentity.ClientID)
-		}
+			if err != nil {
-
+				return fmt.Errorf("the provided Azure Managed Identity client_id is invalid")
-		_, err := uuid.Parse(c.ManagedIdentity.ClientID)
+			}
-		if err != nil {
-			return fmt.Errorf("the provided Azure Managed Identity client_id is invalid")
 		}
 	}
 
@@ -230,8 +228,13 @@ func newTokenCredential(cfg *AzureADConfig) (azcore.TokenCredential, error) {
 
 // newManagedIdentityTokenCredential returns new Managed Identity token credential.
 func newManagedIdentityTokenCredential(clientOpts *azcore.ClientOptions, managedIdentityConfig *ManagedIdentityConfig) (azcore.TokenCredential, error) {
-	clientID := azidentity.ClientID(managedIdentityConfig.ClientID)
+	var opts *azidentity.ManagedIdentityCredentialOptions
-	opts := &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts, ID: clientID}
+	if managedIdentityConfig.ClientID != "" {
+		clientID := azidentity.ClientID(managedIdentityConfig.ClientID)
+		opts = &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts, ID: clientID}
+	} else {
+		opts = &azidentity.ManagedIdentityCredentialOptions{ClientOptions: *clientOpts}
+	}
 	return azidentity.NewManagedIdentityCredential(opts)
 }
 

storage/remote/azuread/azuread_test.go

@@ -142,11 +142,18 @@ func TestAzureAdConfig(t *testing.T) {
 		filename string
 		err      string
 	}{
-		// Missing managedidentiy or oauth field.
+		// Missing managedidentity or oauth field.
 		{
 			filename: "testdata/azuread_bad_configmissing.yaml",
 			err:      "must provide an Azure Managed Identity or Azure OAuth in the Azure AD config",
 		},
+		// Missing clientid field from managedidentity.
+		// Because of limitations on go's yaml library, it's difficult to tell the difference between a mapping pair
+		// whose value is null versus a mapping pair that is missing entirely when the value's type is a struct.
+		{
+			filename: "testdata/azuread_bad_missingclientid.yaml",
+			err:      "must provide an Azure Managed Identity or Azure OAuth in the Azure AD config",
+		},
 		// Invalid managedidentity client id.
 		{
 			filename: "testdata/azuread_bad_invalidclientid.yaml",
@@ -166,9 +173,13 @@ func TestAzureAdConfig(t *testing.T) {
 		{
 			filename: "testdata/azuread_good_cloudmissing.yaml",
 		},
-		// Valid managed identity config.
+		// Valid specific managed identity config.
 		{
-			filename: "testdata/azuread_good_managedidentity.yaml",
+			filename: "testdata/azuread_good_specificmanagedidentity.yaml",
+		},
+		// Valid default managed identity config.
+		{
+			filename: "testdata/azuread_good_defaultmanagedidentity.yaml",
 		},
 		// Valid Oauth config.
 		{

storage/remote/azuread/testdata/azuread_bad_missingclientid.yaml

@@ -0,0 +1,2 @@
+cloud: AzurePublic
+managed_identity:

storage/remote/azuread/testdata/azuread_good_defaultmanagedidentity.yaml

@@ -0,0 +1,3 @@
+cloud: AzurePublic
+managed_identity:
+  client_id: