Support providing credentials using AZURE_X environment variables

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.11 as builder
+FROM golang:1.16 as builder
 WORKDIR /go/src/github.com/RobustPerception/azure_metrics_exporter
 COPY . .
 RUN make build

Makefile

@@ -11,9 +11,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-GO    := GO15VENDOREXPERIMENT=1 go
-PROMU := $(GOPATH)/bin/promu
-pkgs   = $(shell $(GO) list ./... | grep -v /vendor/)
+GO     := GO15VENDOREXPERIMENT=1 go
+GOPATH ?= ~/go
+PROMU  := $(GOPATH)/bin/promu
+pkgs    = $(shell $(GO) list ./... | grep -v /vendor/)
 
 PREFIX                  ?= $(shell pwd)
 BIN_DIR                 ?= $(shell pwd)
@@ -56,4 +57,4 @@ promu:
 		GOARCH=$(subst x86_64,amd64,$(patsubst i%86,386,$(shell uname -m))) \
 		$(GO) get -u github.com/prometheus/promu
 
-.PHONY: all style format build test vet tarball docker promu
+.PHONY: all style format build test vet tarball docker promu

README.md

@@ -21,7 +21,7 @@ Note that Azure imposes an [API read limit of 15,000 requests per hour](https://
 
 ## Exporter configuration
 
-This exporter requires a configuration file. By default, it will look for the azure.yml file in the CWD.
+This exporter requires a configuration file containing the metrics to be collected. By default, it will look for the `azure.yml` file in the CWD, or the file specified via `--config.file=/path/to/azure.yml`.
 
 ### Azure account requirements
 
@@ -35,6 +35,8 @@ This exporter reads metrics from an existing Azure subscription with these requi
   * The VM running the azure-metrics-exporter must have reading permission to Azure Monitor (e.g., Subscriptions -> your_subscription -> Access control (IAM) -> Role assignments -> Add -> Add role assignment -> Role : "Monitoring Reader", Select:  your_vm)
   * Only `subscription_id` will be needed in your credentials configuration.
 
+Any credentials may be provided under the `credentials` section of the `azure.yml` config as in the example below, or alternatively using environment variables named `AZURE_SUBSCRIPTION_ID`, `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, and `AZURE_TENANT_ID`. These environment variables allow keeping your credentials separate from the metrics configuration.
+
 ### Example azure-metrics-exporter config
 
 `azure_resource_id` and `subscription_id` can be found under properties in the Azure portal for your application/service.
@@ -55,10 +57,10 @@ You can find endpoints for national clouds [here](http://www.azurespeed.com/Info
 active_directory_authority_url: "https://login.microsoftonline.com/"
 resource_manager_url: "https://management.azure.com/"
 credentials:
-  subscription_id: <secret>
-  client_id: <secret>
-  client_secret: <secret>
-  tenant_id: <secret>
+  subscription_id: <secret, or AZURE_SUBSCRIPTION_ID>
+  client_id: <secret, or AZURE_CLIENT_ID>
+  client_secret: <secret, or AZURE_CLIENT_SECRET>
+  tenant_id: <secret, or AZURE_TENANT_ID>
 
 targets:
   - resource: "azure_resource_id"

config/config.go

@@ -3,6 +3,7 @@ package config
 import (
 	"fmt"
 	"io/ioutil"
+	"os"
 	"regexp"
 	"strings"
 	"sync"
@@ -45,6 +46,21 @@ func (sc *SafeConfig) ReloadConfig(confFile string) (err error) {
 		return fmt.Errorf("Error parsing config file: %s", err)
 	}
 
+	// Check for credentials provided using environment variables.
+	// Treat the environment variables as overrides of anything in the YAML file.
+	if val, found := os.LookupEnv("AZURE_SUBSCRIPTION_ID"); found {
+		c.Credentials.SubscriptionID = val
+	}
+	if val, found := os.LookupEnv("AZURE_CLIENT_ID"); found {
+		c.Credentials.ClientID = val
+	}
+	if val, found := os.LookupEnv("AZURE_CLIENT_SECRET"); found {
+		c.Credentials.ClientSecret = val
+	}
+	if val, found := os.LookupEnv("AZURE_TENANT_ID"); found {
+		c.Credentials.TenantID = val
+	}
+
 	if err := c.Validate(); err != nil {
 		return fmt.Errorf("Error validating config file: %s", err)
 	}