feat: Enabling DefaultAzureCredential for AuthenticationMode (#2578)

* adding default-credentials for local debug * PR suggestion to rename sdkdefault * rename func * Code quality fix InconsistentNaming * fix build errors * adjusments * adjustments fix
tomkerkhove · Dec 14, 2024 · 5593299 · 5593299
1 parent 71ee284
commit 5593299
Show file tree

Hide file tree

Showing 7 changed files with 68 additions and 1 deletion.
diff --git a/changelog/content/deprecated/authentication-modes.md b/changelog/content/deprecated/authentication-modes.md
@@ -22,7 +22,7 @@ However, as of Promitor Scraper v2.2.0 & Resource Discovery v0.3.0, users can ch
 
 ```yaml
 authentication:
-  # Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity.
+  # Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity , SdkDefault.
   mode: ServicePrincipal
   identityId: xxxx-xxxx-xxxx
 ```

diff --git a/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs b/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs
@@ -302,6 +302,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
                     return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
                 case AuthenticationMode.SystemAssignedManagedIdentity:
                     return "system-assigned-identity";
+                case AuthenticationMode.SdkDefault:
+                    return "default-azure-credentials";
                 default:
                     throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
             }

diff --git a/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs b/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs
@@ -5,5 +5,6 @@ public enum AuthenticationMode
         ServicePrincipal = 0,
         UserAssignedManagedIdentity = 1,
         SystemAssignedManagedIdentity = 2,
+        SdkDefault = 3
     }
 }
diff --git a/...romitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs b/...romitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs
@@ -74,6 +74,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
                     return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
                 case AuthenticationMode.SystemAssignedManagedIdentity:
                     return "system-assigned-identity";
+                case AuthenticationMode.SdkDefault:
+                    return "default-azure-credentials";
                 default:
                     throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
             }

diff --git a/...Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs b/...Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs
@@ -97,6 +97,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio
                     return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity");
                 case AuthenticationMode.SystemAssignedManagedIdentity:
                     return "system-assigned-identity";
+                case AuthenticationMode.SdkDefault:
+                    return "default-azure-credentials";
                 default:
                     throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode));
             }

diff --git a/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs b/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs
@@ -35,6 +35,26 @@ public void GetConfiguredAzureAuthentication_SystemAssignedManagedIdentityIsVali
             Assert.Null(authenticationInfo.Secret);
         }
 
+        [Fact]
+        public void GetConfiguredAzureAuthentication_SdkDefaultIsValid_Succeeds()
+        {
+            // Arrange
+            var expectedAuthenticationMode = AuthenticationMode.SdkDefault;
+            var inMemoryConfiguration = new Dictionary<string, string>
+            {
+                {ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString()},
+            };
+            var config = CreateConfiguration(inMemoryConfiguration);
+
+            // Act
+            var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config);
+
+            // Assert
+            Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode);
+            Assert.Null(authenticationInfo.IdentityId);
+            Assert.Null(authenticationInfo.Secret);
+        }
+
         [Fact]
         public void GetConfiguredAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds()
         {
@@ -309,6 +329,27 @@ public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succe
             Assert.Null(azureCredentials.ClientId);
         }
 
+        [Fact]
+        public void CreateAzureAuthentication_SdkDefaultIsValid_Succeeds()
+        {
+            // Arrange
+            var expectedTenantId = Guid.NewGuid().ToString();
+            var azureCloud = AzureEnvironment.AzureChinaCloud;
+            var azureAuthenticationInfo = new AzureAuthenticationInfo
+            {
+                Mode = AuthenticationMode.SdkDefault
+            };
+            var azureCredentialFactory = new AzureCredentialsFactory();
+
+            // Act
+            var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory);
+
+            // Assert
+            Assert.Equal(expectedTenantId, azureCredentials.TenantId);
+            Assert.Equal(azureCloud, azureCredentials.Environment);
+            Assert.Null(azureCredentials.ClientId);
+        }        
+
         [Fact]
         public void CreateAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds()
         {

diff --git a/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs b/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs
@@ -304,6 +304,25 @@ public void SystemAssignedManagedIdentity_ValidWithoutApplicationKey_Succeeds()
             PromitorAssert.ValidationIsSuccessful(validationResult);
         }
 
+        [Fact]
+        public void SdkDefault_ValidWithoutApplicationKey_Succeeds()
+        {
+            // Arrange
+            var inMemoryConfiguration = new Dictionary<string, string>
+            {
+                {ConfigurationKeys.Authentication.Mode, AuthenticationMode.SdkDefault.ToString()},
+            };
+
+            var config = CreateConfiguration(inMemoryConfiguration);
+
+            // Act
+            var azureAuthenticationValidationStep = new AzureAuthenticationValidationStep(config, NullLogger<AzureAuthenticationValidationStep>.Instance);
+            var validationResult = azureAuthenticationValidationStep.Run();
+
+            // Assert
+            PromitorAssert.ValidationIsSuccessful(validationResult);
+        }
+
         private IConfigurationRoot CreateConfiguration(Dictionary<string, string> inMemoryConfiguration)
         {
             return new ConfigurationBuilder()