diff --git a/changelog/content/deprecated/authentication-modes.md b/changelog/content/deprecated/authentication-modes.md index 9c0cdf36b..36fe02ccd 100644 --- a/changelog/content/deprecated/authentication-modes.md +++ b/changelog/content/deprecated/authentication-modes.md @@ -22,7 +22,7 @@ However, as of Promitor Scraper v2.2.0 & Resource Discovery v0.3.0, users can ch ```yaml authentication: - # Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity. + # Options are ServicePrincipal, SystemAssignedManagedIdentity, UserAssignedManagedIdentity , SdkDefault. mode: ServicePrincipal identityId: xxxx-xxxx-xxxx ``` diff --git a/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs b/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs index 9883b3303..929ade083 100644 --- a/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs +++ b/src/Promitor.Agents.ResourceDiscovery/Graph/AzureResourceGraph.cs @@ -302,6 +302,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity"); case AuthenticationMode.SystemAssignedManagedIdentity: return "system-assigned-identity"; + case AuthenticationMode.SdkDefault: + return "default-azure-credentials"; default: throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode)); } diff --git a/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs b/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs index 1c3c58487..9c349df73 100644 --- a/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs +++ b/src/Promitor.Integrations.Azure/Authentication/AuthenticationMode.cs @@ -5,5 +5,6 @@ public enum AuthenticationMode ServicePrincipal = 0, UserAssignedManagedIdentity = 1, SystemAssignedManagedIdentity = 2, + SdkDefault = 3 } } diff --git a/src/Promitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs b/src/Promitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs index eccda8c7a..f440599df 100644 --- a/src/Promitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs +++ b/src/Promitor.Integrations.AzureMonitor/HttpPipelinePolicies/RecordArmRateLimitMetricsPolicy.cs @@ -74,6 +74,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity"); case AuthenticationMode.SystemAssignedManagedIdentity: return "system-assigned-identity"; + case AuthenticationMode.SdkDefault: + return "default-azure-credentials"; default: throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode)); } diff --git a/src/Promitor.Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs b/src/Promitor.Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs index 3dc2ccb22..104adafca 100644 --- a/src/Promitor.Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs +++ b/src/Promitor.Integrations.AzureMonitor/RequestHandlers/AzureResourceManagerThrottlingRequestHandler.cs @@ -97,6 +97,8 @@ private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticatio return azureAuthenticationInfo.GetIdentityIdOrDefault("externally-configured-user-assigned-identity"); case AuthenticationMode.SystemAssignedManagedIdentity: return "system-assigned-identity"; + case AuthenticationMode.SdkDefault: + return "default-azure-credentials"; default: throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode)); } diff --git a/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs b/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs index b1ee4d7b2..42d7b1cbd 100644 --- a/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs +++ b/src/Promitor.Tests.Unit/Azure/AzureAuthenticationFactoryUnitTests.cs @@ -35,6 +35,26 @@ public void GetConfiguredAzureAuthentication_SystemAssignedManagedIdentityIsVali Assert.Null(authenticationInfo.Secret); } + [Fact] + public void GetConfiguredAzureAuthentication_SdkDefaultIsValid_Succeeds() + { + // Arrange + var expectedAuthenticationMode = AuthenticationMode.SdkDefault; + var inMemoryConfiguration = new Dictionary + { + {ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString()}, + }; + var config = CreateConfiguration(inMemoryConfiguration); + + // Act + var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config); + + // Assert + Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode); + Assert.Null(authenticationInfo.IdentityId); + Assert.Null(authenticationInfo.Secret); + } + [Fact] public void GetConfiguredAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds() { @@ -309,6 +329,27 @@ public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succe Assert.Null(azureCredentials.ClientId); } + [Fact] + public void CreateAzureAuthentication_SdkDefaultIsValid_Succeeds() + { + // Arrange + var expectedTenantId = Guid.NewGuid().ToString(); + var azureCloud = AzureEnvironment.AzureChinaCloud; + var azureAuthenticationInfo = new AzureAuthenticationInfo + { + Mode = AuthenticationMode.SdkDefault + }; + var azureCredentialFactory = new AzureCredentialsFactory(); + + // Act + var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory); + + // Assert + Assert.Equal(expectedTenantId, azureCredentials.TenantId); + Assert.Equal(azureCloud, azureCredentials.Environment); + Assert.Null(azureCredentials.ClientId); + } + [Fact] public void CreateAzureAuthentication_UserAssignedManagedIdentityIsValid_Succeeds() { diff --git a/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs b/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs index 7ee246107..2ee86388a 100644 --- a/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs +++ b/src/Promitor.Tests.Unit/Validation/Authentication/AzureAuthenticationValidationStepTests.cs @@ -304,6 +304,25 @@ public void SystemAssignedManagedIdentity_ValidWithoutApplicationKey_Succeeds() PromitorAssert.ValidationIsSuccessful(validationResult); } + [Fact] + public void SdkDefault_ValidWithoutApplicationKey_Succeeds() + { + // Arrange + var inMemoryConfiguration = new Dictionary + { + {ConfigurationKeys.Authentication.Mode, AuthenticationMode.SdkDefault.ToString()}, + }; + + var config = CreateConfiguration(inMemoryConfiguration); + + // Act + var azureAuthenticationValidationStep = new AzureAuthenticationValidationStep(config, NullLogger.Instance); + var validationResult = azureAuthenticationValidationStep.Run(); + + // Assert + PromitorAssert.ValidationIsSuccessful(validationResult); + } + private IConfigurationRoot CreateConfiguration(Dictionary inMemoryConfiguration) { return new ConfigurationBuilder()