Skip to content

feat: Enabling DefaultAzureCredential for AuthenticationMode #2578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Dec 14, 2024
Merged

feat: Enabling DefaultAzureCredential for AuthenticationMode #2578

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
52ee147
adding default-credentials for local debug
jayendranarumugam Nov 24, 2024
1b762ac
PR suggestion to rename sdkdefault
jayendranarumugam Nov 25, 2024
120ead4
rename func
jayendranarumugam Nov 25, 2024
2a96594
Code quality fix InconsistentNaming
jayendranarumugam Dec 1, 2024
542225b
fix build errors
jayendranarumugam Dec 2, 2024
bdd5c22
Merge branch 'master' into feature/adddefaultcreds
jayendranarumugam Dec 11, 2024
fa76339
adjusments
jayendranarumugam Dec 11, 2024
a6c2f11
adjustments fix
jayendranarumugam Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion changelog/content/deprecated/authentication-modes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ However, as of Promitor Scraper v2.2.0 & Resource Discovery v0.3.0, users can ch

```yaml
authentication:
# Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity.
# Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity , SdkDefault.
mode: ServicePrincipal
identityId: xxxx-xxxx-xxxx
```
Expand Down
2 changes: 2 additions & 0 deletions src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -302,6 +302,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
case AuthenticationMode.SystemAssignedManagedIdentity:
return "system-assigned-identity";
case AuthenticationMode.SdkDefault:
return "default-azure-credentials";
default:
throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
}
Expand Down
1 change: 1 addition & 0 deletions src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@ public enum AuthenticationMode
ServicePrincipal = 0,
UserAssignedManagedIdentity = 1,
SystemAssignedManagedIdentity = 2,
SdkDefault = 3
}
}
2 changes: 2 additions & 0 deletions ...romitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
case AuthenticationMode.SystemAssignedManagedIdentity:
return "system-assigned-identity";
case AuthenticationMode.SdkDefault:
return "default-azure-credentials";
default:
throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
}
Expand Down
2 changes: 2 additions & 0 deletions ...Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
case AuthenticationMode.SystemAssignedManagedIdentity:
return "system-assigned-identity";
case AuthenticationMode.SdkDefault:
return "default-azure-credentials";
default:
throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
}
Expand Down
41 changes: 41 additions & 0 deletions src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,26 @@ public void GetConfiguredAzureAuthentication_SystemAssignedManagedIdentityIsVali
Assert.Null(authenticationInfo.Secret);
}

[Fact]
public void GetConfiguredAzureAuthentication_SdkDefaultIsValid_Succeeds()
{
// Arrange
var expectedAuthenticationMode = AuthenticationMode.SdkDefault;
var inMemoryConfiguration = new Dictionary<string, string>
{
{ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString()},
};
var config = CreateConfiguration(inMemoryConfiguration);

// Act
var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config);

// Assert
Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode);
Assert.Null(authenticationInfo.IdentityId);
Assert.Null(authenticationInfo.Secret);
}

[Fact]
public void GetConfiguredAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds()
{
Expand Down Expand Up @@ -309,6 +329,27 @@ public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succe
Assert.Null(azureCredentials.ClientId);
}

[Fact]
public void CreateAzureAuthentication_SdkDefaultIsValid_Succeeds()
{
// Arrange
var expectedTenantId = Guid.NewGuid().ToString();
var azureCloud = AzureEnvironment.AzureChinaCloud;
var azureAuthenticationInfo = new AzureAuthenticationInfo
{
Mode = AuthenticationMode.SdkDefault
};
var azureCredentialFactory = new AzureCredentialsFactory();

// Act
var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory);

// Assert
Assert.Equal(expectedTenantId, azureCredentials.TenantId);
Assert.Equal(azureCloud, azureCredentials.Environment);
Assert.Null(azureCredentials.ClientId);
}

[Fact]
public void CreateAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds()
{
Expand Down
19 changes: 19 additions & 0 deletions src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,25 @@ public void SystemAssignedManagedIdentity_ValidWithoutApplicationKey_Succeeds()
PromitorAssert.ValidationIsSuccessful(validationResult);
}

[Fact]
public void SdkDefault_ValidWithoutApplicationKey_Succeeds()
{
// Arrange
var inMemoryConfiguration = new Dictionary<string, string>
{
{ConfigurationKeys.Authentication.Mode, AuthenticationMode.SdkDefault.ToString()},
};

var config = CreateConfiguration(inMemoryConfiguration);

// Act
var azureAuthenticationValidationStep = new AzureAuthenticationValidationStep(config, NullLogger<AzureAuthenticationValidationStep>.Instance);
var validationResult = azureAuthenticationValidationStep.Run();

// Assert
PromitorAssert.ValidationIsSuccessful(validationResult);
}

private IConfigurationRoot CreateConfiguration(Dictionary<string, string> inMemoryConfiguration)
{
return new ConfigurationBuilder()
Expand Down
Loading