private static AzureMonitorClient CreateNewAzureMonitorClient(AzureEnvironment cloud, string tenantId, string subscriptionId, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IMemoryCache resourceMetricDefinitionMemoryCache, IConfiguration configuration, IOptions <AzureMonitorIntegrationConfiguration> azureMonitorIntegrationConfiguration, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration, ILoggerFactory loggerFactory)
{
var azureCredentials = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration);
var azureMonitorClient = new AzureMonitorClient(cloud, tenantId, subscriptionId, azureCredentials, metricSinkWriter, azureScrapingPrometheusMetricsCollector, resourceMetricDefinitionMemoryCache, loggerFactory, azureMonitorIntegrationConfiguration, azureMonitorLoggingConfiguration);
return(azureMonitorClient);
}
private IAzure CreateAzureClient(AzureEnvironment azureCloud, string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, ILoggerFactory loggerFactory, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration)
{
var credentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, tenantId, azureAuthenticationInfo, _azureCredentialsFactory);
var throttlingLogger = loggerFactory.CreateLogger <AzureResourceManagerThrottlingRequestHandler>();
var monitorHandler = new AzureResourceManagerThrottlingRequestHandler(tenantId, subscriptionId, azureAuthenticationInfo, metricSinkWriter, azureScrapingPrometheusMetricsCollector, throttlingLogger);
var azureClientConfiguration = Microsoft.Azure.Management.Fluent.Azure.Configure()
.WithDelegatingHandler(monitorHandler);
var azureMonitorLogging = azureMonitorLoggingConfiguration.Value;
if (azureMonitorLogging.IsEnabled)
{
var integrationLogger = loggerFactory.CreateLogger <AzureMonitorIntegrationLogger>();
ServiceClientTracing.AddTracingInterceptor(new AzureMonitorIntegrationLogger(integrationLogger));
ServiceClientTracing.IsEnabled = true;
azureClientConfiguration = azureClientConfiguration.WithDelegatingHandler(new HttpLoggingDelegatingHandler())
.WithLogLevel(azureMonitorLogging.InformationLevel);
}
return(azureClientConfiguration
.Authenticate(credentials)
.WithSubscription(subscriptionId));
}
private static AzureMonitorClient CreateNewAzureMonitorClient(AzureEnvironment cloud, string tenantId, string subscriptionId, MetricSinkWriter metricSinkWriter, IRuntimeMetricsCollector metricsCollector, IConfiguration configuration, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration, ILoggerFactory loggerFactory)
{
var azureCredentials = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration);
var azureMonitorClient = new AzureMonitorClient(cloud, tenantId, subscriptionId, azureCredentials, azureMonitorLoggingConfiguration, metricSinkWriter, metricsCollector, loggerFactory);
return(azureMonitorClient);
}
private async Task <ResourceGraphClient> CreateClientAsync()
{
var azureEnvironment = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureEnvironment();
var azureAuthorityHost = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureAuthorityHost();
var credentials = await AzureAuthenticationFactory.GetTokenCredentialsAsync(azureEnvironment.ManagementEndpoint, TenantId, _azureAuthenticationInfo, azureAuthorityHost);
var resourceManagerBaseUri = new Uri(azureEnvironment.ResourceManagerEndpoint);
var appId = DetermineApplicationId(_azureAuthenticationInfo);
var metricLabels = new Dictionary <string, string>
{
{ "tenant_id", TenantId },
{ "cloud", azureEnvironment.GetDisplayName() },
{ "app_id", appId },
{ "auth_mode", _azureAuthenticationInfo.Mode.ToString() },
};
var resourceGraphClient = new ResourceGraphClient(resourceManagerBaseUri, credentials, new AzureResourceGraphThrottlingRequestHandler(_prometheusMetricsCollector, metricLabels, _logger));
var version = Promitor.Core.Version.Get();
var promitorUserAgent = UserAgent.Generate("Resource-Discovery", version);
resourceGraphClient.UserAgent.Clear();
resourceGraphClient.UserAgent.TryParseAdd(promitorUserAgent);
return(resourceGraphClient);
}
public AzureResourceGraph(IOptionsMonitor <ResourceDeclaration> resourceDeclarationMonitor, IConfiguration configuration, ILogger <AzureResourceGraph> logger)
{
Guard.NotNull(resourceDeclarationMonitor, nameof(resourceDeclarationMonitor));
Guard.NotNull(resourceDeclarationMonitor.CurrentValue, nameof(resourceDeclarationMonitor.CurrentValue));
Guard.NotNull(resourceDeclarationMonitor.CurrentValue.AzureLandscape, nameof(resourceDeclarationMonitor.CurrentValue.AzureLandscape));
Guard.NotNull(configuration, nameof(configuration));
Guard.NotNull(logger, nameof(logger));
_logger = logger;
_resourceDeclarationMonitor = resourceDeclarationMonitor;
_azureAuthenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration);
}
public ValidationResult Run()
{
try
{
AzureAuthenticationFactory.GetConfiguredAzureAuthentication(_configuration);
return(ValidationResult.Successful(ComponentName));
}
catch (AuthenticationException authenticationException)
{
return(ValidationResult.Failure(ComponentName, $"Azure authentication is not configured correctly - {authenticationException.Message}"));
}
}
public void GetConfiguredAzureAuthentication_UserAssignedManagedIdentityWithInvalidIdentity_Fails(string identityId)
{
// Arrange
var expectedAuthenticationMode = AuthenticationMode.UserAssignedManagedIdentity;
var inMemoryConfiguration = new Dictionary <string, string>
{
{ ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() },
{ ConfigurationKeys.Authentication.IdentityId, identityId },
};
var config = CreateConfiguration(inMemoryConfiguration);
// Act & Assert
Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config));
}
public void CreateAzureAuthentication_UserAssignedManagedIdentityWithInvalidIdentity_Fails(string identityId)
{
// Arrange
var expectedTenantId = Guid.NewGuid().ToString();
var azureCloud = AzureEnvironment.AzureChinaCloud;
var azureAuthenticationInfo = new AzureAuthenticationInfo
{
Mode = AuthenticationMode.UserAssignedManagedIdentity,
IdentityId = identityId
};
var azureCredentialFactory = new AzureCredentialsFactory();
// Act & Assert
Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory));
}
public void GetConfiguredAzureAuthentication_ServicePrincipleWithInvalidSecret_Fails(string identitySecret)
{
// Arrange
var expectedIdentityId = Guid.NewGuid().ToString();
var expectedAuthenticationMode = AuthenticationMode.ServicePrincipal;
var inMemoryConfiguration = new Dictionary <string, string>
{
{ ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() },
{ EnvironmentVariables.Authentication.ApplicationId, expectedIdentityId },
{ EnvironmentVariables.Authentication.ApplicationKey, identitySecret },
};
var config = CreateConfiguration(inMemoryConfiguration);
// Act & Assert
Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config));
}
private async Task <ResourceGraphClient> CreateClientAsync()
{
var azureEnvironment = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureEnvironment();
var credentials = await AzureAuthenticationFactory.GetTokenCredentialsAsync(azureEnvironment.ManagementEndpoint, TenantId, _azureAuthenticationInfo);
var resourceGraphClient = new ResourceGraphClient(credentials);
var version = Promitor.Core.Version.Get();
var promitorUserAgent = UserAgent.Generate("Resource-Discovery", version);
resourceGraphClient.UserAgent.Clear();
resourceGraphClient.UserAgent.TryParseAdd(promitorUserAgent);
return(resourceGraphClient);
}
public void CreateAzureAuthentication_ServicePrincipleWithInvalidSecret_Fails(string identityId)
{
// Arrange
var expectedTenantId = Guid.NewGuid().ToString();
var expectedSecret = Guid.NewGuid().ToString();
var azureCloud = AzureEnvironment.AzureChinaCloud;
var azureAuthenticationInfo = new AzureAuthenticationInfo
{
Mode = AuthenticationMode.ServicePrincipal,
IdentityId = identityId,
Secret = expectedSecret
};
var azureCredentialFactory = new AzureCredentialsFactory();
// Act & Assert
Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory));
}
public void GetConfiguredAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succeeds()
{
// Arrange
var expectedAuthenticationMode = AuthenticationMode.SystemAssignedManagedIdentity;
var inMemoryConfiguration = new Dictionary <string, string>
{
{ ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() },
};
var config = CreateConfiguration(inMemoryConfiguration);
// Act
var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config);
// Assert
Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode);
Assert.Null(authenticationInfo.IdentityId);
Assert.Null(authenticationInfo.Secret);
}
public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succeeds()
{
// Arrange
var expectedTenantId = Guid.NewGuid().ToString();
var azureCloud = AzureEnvironment.AzureChinaCloud;
var azureAuthenticationInfo = new AzureAuthenticationInfo
{
Mode = AuthenticationMode.SystemAssignedManagedIdentity
};
var azureCredentialFactory = new AzureCredentialsFactory();
// Act
var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory);
// Assert
Assert.Equal(expectedTenantId, azureCredentials.TenantId);
Assert.Equal(azureCloud, azureCredentials.Environment);
Assert.Null(azureCredentials.ClientId);
}
public void GetConfiguredAzureAuthentication_NoAuthenticationModeIsConfigured_DefaultsToServicePrinciple()
{
// Arrange
var expectedIdentityId = Guid.NewGuid().ToString();
var expectedSecret = Guid.NewGuid().ToString();
var inMemoryConfiguration = new Dictionary <string, string>
{
{ ConfigurationKeys.Authentication.IdentityId, expectedIdentityId },
{ EnvironmentVariables.Authentication.ApplicationKey, expectedSecret },
};
var config = CreateConfiguration(inMemoryConfiguration);
// Act
var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config);
// Assert
Assert.Equal(AuthenticationMode.ServicePrincipal, authenticationInfo.Mode);
Assert.Equal(expectedIdentityId, authenticationInfo.IdentityId);
Assert.Equal(expectedSecret, authenticationInfo.Secret);
}
public void CreateAzureAuthentication_NoModeSpecified_AssumesServicePrinciple()
{
// Arrange
var expectedTenantId = Guid.NewGuid().ToString();
var expectedIdentityId = Guid.NewGuid().ToString();
var expectedSecret = Guid.NewGuid().ToString();
var azureCloud = AzureEnvironment.AzureChinaCloud;
var azureAuthenticationInfo = new AzureAuthenticationInfo
{
IdentityId = expectedIdentityId,
Secret = expectedSecret
};
var azureCredentialFactory = new AzureCredentialsFactory();
// Act
var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory);
// Assert
Assert.Equal(expectedTenantId, azureCredentials.TenantId);
Assert.Equal(expectedIdentityId, azureCredentials.ClientId);
Assert.Equal(azureCloud, azureCredentials.Environment);
}
public void GetConfiguredAzureAuthentication_ServicePrincipleIsValidWithLegacyAndNewConfig_UsesNewConfig()
{
// Arrange
var configuredIdentityIdThroughNewApproach = Guid.NewGuid().ToString();
var configuredIdentityIdThroughLegacyApproach = Guid.NewGuid().ToString();
var expectedSecret = Guid.NewGuid().ToString();
var expectedAuthenticationMode = AuthenticationMode.ServicePrincipal;
var inMemoryConfiguration = new Dictionary <string, string>
{
{ ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() },
{ ConfigurationKeys.Authentication.IdentityId, configuredIdentityIdThroughNewApproach },
{ EnvironmentVariables.Authentication.ApplicationId, configuredIdentityIdThroughLegacyApproach },
{ EnvironmentVariables.Authentication.ApplicationKey, expectedSecret },
};
var config = CreateConfiguration(inMemoryConfiguration);
// Act
var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config);
// Assert
Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode);
Assert.Equal(configuredIdentityIdThroughNewApproach, authenticationInfo.IdentityId);
Assert.Equal(expectedSecret, authenticationInfo.Secret);
}
