public AzureResourceGraph(IOptionsMonitor <ResourceDeclaration> resourceDeclarationMonitor, IConfiguration configuration, ILogger <AzureResourceGraph> logger) { Guard.NotNull(resourceDeclarationMonitor, nameof(resourceDeclarationMonitor)); Guard.NotNull(resourceDeclarationMonitor.CurrentValue, nameof(resourceDeclarationMonitor.CurrentValue)); Guard.NotNull(resourceDeclarationMonitor.CurrentValue.AzureLandscape, nameof(resourceDeclarationMonitor.CurrentValue.AzureLandscape)); Guard.NotNull(configuration, nameof(configuration)); Guard.NotNull(logger, nameof(logger)); _logger = logger; _resourceDeclarationMonitor = resourceDeclarationMonitor; _azureAuthenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration); }
public void CreateAzureAuthentication_UserAssignedManagedIdentityWithInvalidIdentity_Fails(string identityId) { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.UserAssignedManagedIdentity, IdentityId = identityId }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory)); }
private string DetermineApplicationId(AzureAuthenticationInfo azureAuthenticationInfo) { switch (azureAuthenticationInfo.Mode) { case AuthenticationMode.ServicePrincipal: case AuthenticationMode.UserAssignedManagedIdentity: Guard.NotNullOrWhitespace(azureAuthenticationInfo.IdentityId, nameof(azureAuthenticationInfo.IdentityId)); return(azureAuthenticationInfo.IdentityId); case AuthenticationMode.SystemAssignedManagedIdentity: return("system-assigned-identity"); default: throw new ArgumentOutOfRangeException(nameof(azureAuthenticationInfo.Mode)); } }
public void CreateAzureAuthentication_ServicePrincipleWithInvalidSecret_Fails(string identityId) { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.ServicePrincipal, IdentityId = identityId, Secret = expectedSecret }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory)); }
public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succeeds() { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.SystemAssignedManagedIdentity }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory); // Assert Assert.Equal(expectedTenantId, azureCredentials.TenantId); Assert.Equal(azureCloud, azureCredentials.Environment); Assert.Null(azureCredentials.ClientId); }
public void CreateAzureAuthentication_NoModeSpecified_AssumesServicePrinciple() { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var expectedIdentityId = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { IdentityId = expectedIdentityId, Secret = expectedSecret }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory); // Assert Assert.Equal(expectedTenantId, azureCredentials.TenantId); Assert.Equal(expectedIdentityId, azureCredentials.ClientId); Assert.Equal(azureCloud, azureCredentials.Environment); }
/// <summary> /// Constructor /// </summary> /// <param name="tenantId">Id of the tenant that is being interacted with via Azure Resource Manager</param> /// <param name="subscriptionId">Id of the subscription that is being interacted with via Azure Resource Manager</param> /// <param name="azureAuthenticationInfo">Information regarding authentication with Microsoft Azure</param> /// <param name="metricSinkWriter">Metrics writer to all sinks</param> /// <param name="azureScrapingPrometheusMetricsCollector">Metrics collector to write metrics to Prometheus</param> /// <param name="logger">Logger to write telemetry to</param> public AzureResourceManagerThrottlingRequestHandler(string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, ILogger logger) : base(azureScrapingPrometheusMetricsCollector, logger) { Guard.NotNullOrWhitespace(tenantId, nameof(tenantId)); Guard.NotNullOrWhitespace(subscriptionId, nameof(subscriptionId)); Guard.NotNull(metricSinkWriter, nameof(metricSinkWriter)); Guard.NotNull(azureScrapingPrometheusMetricsCollector, nameof(azureScrapingPrometheusMetricsCollector)); Guard.NotNull(azureAuthenticationInfo, nameof(azureAuthenticationInfo)); _metricSinkWriter = metricSinkWriter; _azureScrapingPrometheusMetricsCollector = azureScrapingPrometheusMetricsCollector; var id = DetermineApplicationId(azureAuthenticationInfo); _metricLabels = new Dictionary <string, string> { { "tenant_id", tenantId }, { "subscription_id", subscriptionId }, { "app_id", id }, }; }
/// <summary> /// Constructor /// </summary> /// <param name="azureCloud">Name of the Azure cloud to interact with</param> /// <param name="tenantId">Id of the tenant that owns the Azure subscription</param> /// <param name="subscriptionId">Id of the Azure subscription</param> /// <param name="azureAuthenticationInfo">Information regarding authentication with Microsoft Azure</param> /// <param name="metricSinkWriter">Writer to send metrics to all configured sinks</param> /// <param name="azureScrapingPrometheusMetricsCollector">Metrics collector to write metrics to Prometheus</param> /// <param name="resourceMetricDefinitionMemoryCache">Memory cache to store items in for performance optimizations</param> /// <param name="loggerFactory">Factory to create loggers with</param> /// <param name="azureMonitorIntegrationConfiguration">Options for Azure Monitor logging</param> /// <param name="azureMonitorLoggingConfiguration">Options for Azure Monitor integration</param> public AzureMonitorClient(AzureEnvironment azureCloud, string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IMemoryCache resourceMetricDefinitionMemoryCache, ILoggerFactory loggerFactory, IOptions <AzureMonitorIntegrationConfiguration> azureMonitorIntegrationConfiguration, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration) { Guard.NotNullOrWhitespace(tenantId, nameof(tenantId)); Guard.NotNullOrWhitespace(subscriptionId, nameof(subscriptionId)); Guard.NotNull(azureAuthenticationInfo, nameof(azureAuthenticationInfo)); Guard.NotNull(azureMonitorIntegrationConfiguration, nameof(azureMonitorIntegrationConfiguration)); Guard.NotNull(azureMonitorLoggingConfiguration, nameof(azureMonitorLoggingConfiguration)); Guard.NotNull(resourceMetricDefinitionMemoryCache, nameof(resourceMetricDefinitionMemoryCache)); _resourceMetricDefinitionMemoryCache = resourceMetricDefinitionMemoryCache; _azureMonitorIntegrationConfiguration = azureMonitorIntegrationConfiguration; _logger = loggerFactory.CreateLogger <AzureMonitorClient>(); _authenticatedAzureSubscription = CreateAzureClient(azureCloud, tenantId, subscriptionId, azureAuthenticationInfo, loggerFactory, metricSinkWriter, azureScrapingPrometheusMetricsCollector, azureMonitorLoggingConfiguration); }
private IAzure CreateAzureClient(AzureEnvironment azureCloud, string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, ILoggerFactory loggerFactory, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration) { var credentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, tenantId, azureAuthenticationInfo, _azureCredentialsFactory); var throttlingLogger = loggerFactory.CreateLogger <AzureResourceManagerThrottlingRequestHandler>(); var monitorHandler = new AzureResourceManagerThrottlingRequestHandler(tenantId, subscriptionId, azureAuthenticationInfo, metricSinkWriter, azureScrapingPrometheusMetricsCollector, throttlingLogger); var azureClientConfiguration = Microsoft.Azure.Management.Fluent.Azure.Configure() .WithDelegatingHandler(monitorHandler); var azureMonitorLogging = azureMonitorLoggingConfiguration.Value; if (azureMonitorLogging.IsEnabled) { var integrationLogger = loggerFactory.CreateLogger <AzureMonitorIntegrationLogger>(); ServiceClientTracing.AddTracingInterceptor(new AzureMonitorIntegrationLogger(integrationLogger)); ServiceClientTracing.IsEnabled = true; azureClientConfiguration = azureClientConfiguration.WithDelegatingHandler(new HttpLoggingDelegatingHandler()) .WithLogLevel(azureMonitorLogging.InformationLevel); } return(azureClientConfiguration .Authenticate(credentials) .WithSubscription(subscriptionId)); }
/// <summary> /// Constructor /// </summary> /// <param name="azureCloud">Name of the Azure cloud to interact with</param> /// <param name="tenantId">Id of the tenant that owns the Azure subscription</param> /// <param name="subscriptionId">Id of the Azure subscription</param> /// <param name="azureAuthenticationInfo">Information regarding authentication with Microsoft Azure</param> /// <param name="azureMonitorLoggingConfiguration">Options for Azure Monitor logging</param> /// <param name="metricSinkWriter">Writer to send metrics to all configured sinks</param> /// <param name="metricsCollector">Metrics collector to write metrics to Prometheus</param> /// <param name="loggerFactory">Factory to create loggers with</param> public AzureMonitorClient(AzureEnvironment azureCloud, string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration, MetricSinkWriter metricSinkWriter, IRuntimeMetricsCollector metricsCollector, ILoggerFactory loggerFactory) { Guard.NotNullOrWhitespace(tenantId, nameof(tenantId)); Guard.NotNullOrWhitespace(subscriptionId, nameof(subscriptionId)); Guard.NotNull(azureAuthenticationInfo, nameof(azureAuthenticationInfo)); Guard.NotNull(azureMonitorLoggingConfiguration, nameof(azureMonitorLoggingConfiguration)); _logger = loggerFactory.CreateLogger <AzureMonitorClient>(); _authenticatedAzureSubscription = CreateAzureClient(azureCloud, tenantId, subscriptionId, azureAuthenticationInfo, azureMonitorLoggingConfiguration, loggerFactory, metricSinkWriter, metricsCollector); }