private static AzureMonitorClient CreateNewAzureMonitorClient(AzureEnvironment cloud, string tenantId, string subscriptionId, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IMemoryCache resourceMetricDefinitionMemoryCache, IConfiguration configuration, IOptions <AzureMonitorIntegrationConfiguration> azureMonitorIntegrationConfiguration, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration, ILoggerFactory loggerFactory) { var azureCredentials = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration); var azureMonitorClient = new AzureMonitorClient(cloud, tenantId, subscriptionId, azureCredentials, metricSinkWriter, azureScrapingPrometheusMetricsCollector, resourceMetricDefinitionMemoryCache, loggerFactory, azureMonitorIntegrationConfiguration, azureMonitorLoggingConfiguration); return(azureMonitorClient); }
private IAzure CreateAzureClient(AzureEnvironment azureCloud, string tenantId, string subscriptionId, AzureAuthenticationInfo azureAuthenticationInfo, ILoggerFactory loggerFactory, MetricSinkWriter metricSinkWriter, IAzureScrapingPrometheusMetricsCollector azureScrapingPrometheusMetricsCollector, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration) { var credentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, tenantId, azureAuthenticationInfo, _azureCredentialsFactory); var throttlingLogger = loggerFactory.CreateLogger <AzureResourceManagerThrottlingRequestHandler>(); var monitorHandler = new AzureResourceManagerThrottlingRequestHandler(tenantId, subscriptionId, azureAuthenticationInfo, metricSinkWriter, azureScrapingPrometheusMetricsCollector, throttlingLogger); var azureClientConfiguration = Microsoft.Azure.Management.Fluent.Azure.Configure() .WithDelegatingHandler(monitorHandler); var azureMonitorLogging = azureMonitorLoggingConfiguration.Value; if (azureMonitorLogging.IsEnabled) { var integrationLogger = loggerFactory.CreateLogger <AzureMonitorIntegrationLogger>(); ServiceClientTracing.AddTracingInterceptor(new AzureMonitorIntegrationLogger(integrationLogger)); ServiceClientTracing.IsEnabled = true; azureClientConfiguration = azureClientConfiguration.WithDelegatingHandler(new HttpLoggingDelegatingHandler()) .WithLogLevel(azureMonitorLogging.InformationLevel); } return(azureClientConfiguration .Authenticate(credentials) .WithSubscription(subscriptionId)); }
private static AzureMonitorClient CreateNewAzureMonitorClient(AzureEnvironment cloud, string tenantId, string subscriptionId, MetricSinkWriter metricSinkWriter, IRuntimeMetricsCollector metricsCollector, IConfiguration configuration, IOptions <AzureMonitorLoggingConfiguration> azureMonitorLoggingConfiguration, ILoggerFactory loggerFactory) { var azureCredentials = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration); var azureMonitorClient = new AzureMonitorClient(cloud, tenantId, subscriptionId, azureCredentials, azureMonitorLoggingConfiguration, metricSinkWriter, metricsCollector, loggerFactory); return(azureMonitorClient); }
private async Task <ResourceGraphClient> CreateClientAsync() { var azureEnvironment = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureEnvironment(); var azureAuthorityHost = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureAuthorityHost(); var credentials = await AzureAuthenticationFactory.GetTokenCredentialsAsync(azureEnvironment.ManagementEndpoint, TenantId, _azureAuthenticationInfo, azureAuthorityHost); var resourceManagerBaseUri = new Uri(azureEnvironment.ResourceManagerEndpoint); var appId = DetermineApplicationId(_azureAuthenticationInfo); var metricLabels = new Dictionary <string, string> { { "tenant_id", TenantId }, { "cloud", azureEnvironment.GetDisplayName() }, { "app_id", appId }, { "auth_mode", _azureAuthenticationInfo.Mode.ToString() }, }; var resourceGraphClient = new ResourceGraphClient(resourceManagerBaseUri, credentials, new AzureResourceGraphThrottlingRequestHandler(_prometheusMetricsCollector, metricLabels, _logger)); var version = Promitor.Core.Version.Get(); var promitorUserAgent = UserAgent.Generate("Resource-Discovery", version); resourceGraphClient.UserAgent.Clear(); resourceGraphClient.UserAgent.TryParseAdd(promitorUserAgent); return(resourceGraphClient); }
public AzureResourceGraph(IOptionsMonitor <ResourceDeclaration> resourceDeclarationMonitor, IConfiguration configuration, ILogger <AzureResourceGraph> logger) { Guard.NotNull(resourceDeclarationMonitor, nameof(resourceDeclarationMonitor)); Guard.NotNull(resourceDeclarationMonitor.CurrentValue, nameof(resourceDeclarationMonitor.CurrentValue)); Guard.NotNull(resourceDeclarationMonitor.CurrentValue.AzureLandscape, nameof(resourceDeclarationMonitor.CurrentValue.AzureLandscape)); Guard.NotNull(configuration, nameof(configuration)); Guard.NotNull(logger, nameof(logger)); _logger = logger; _resourceDeclarationMonitor = resourceDeclarationMonitor; _azureAuthenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(configuration); }
public ValidationResult Run() { try { AzureAuthenticationFactory.GetConfiguredAzureAuthentication(_configuration); return(ValidationResult.Successful(ComponentName)); } catch (AuthenticationException authenticationException) { return(ValidationResult.Failure(ComponentName, $"Azure authentication is not configured correctly - {authenticationException.Message}")); } }
public void GetConfiguredAzureAuthentication_UserAssignedManagedIdentityWithInvalidIdentity_Fails(string identityId) { // Arrange var expectedAuthenticationMode = AuthenticationMode.UserAssignedManagedIdentity; var inMemoryConfiguration = new Dictionary <string, string> { { ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() }, { ConfigurationKeys.Authentication.IdentityId, identityId }, }; var config = CreateConfiguration(inMemoryConfiguration); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config)); }
public void CreateAzureAuthentication_UserAssignedManagedIdentityWithInvalidIdentity_Fails(string identityId) { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.UserAssignedManagedIdentity, IdentityId = identityId }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory)); }
public void GetConfiguredAzureAuthentication_ServicePrincipleWithInvalidSecret_Fails(string identitySecret) { // Arrange var expectedIdentityId = Guid.NewGuid().ToString(); var expectedAuthenticationMode = AuthenticationMode.ServicePrincipal; var inMemoryConfiguration = new Dictionary <string, string> { { ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() }, { EnvironmentVariables.Authentication.ApplicationId, expectedIdentityId }, { EnvironmentVariables.Authentication.ApplicationKey, identitySecret }, }; var config = CreateConfiguration(inMemoryConfiguration); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config)); }
private async Task <ResourceGraphClient> CreateClientAsync() { var azureEnvironment = _resourceDeclarationMonitor.CurrentValue.AzureLandscape.Cloud.GetAzureEnvironment(); var credentials = await AzureAuthenticationFactory.GetTokenCredentialsAsync(azureEnvironment.ManagementEndpoint, TenantId, _azureAuthenticationInfo); var resourceGraphClient = new ResourceGraphClient(credentials); var version = Promitor.Core.Version.Get(); var promitorUserAgent = UserAgent.Generate("Resource-Discovery", version); resourceGraphClient.UserAgent.Clear(); resourceGraphClient.UserAgent.TryParseAdd(promitorUserAgent); return(resourceGraphClient); }
public void CreateAzureAuthentication_ServicePrincipleWithInvalidSecret_Fails(string identityId) { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.ServicePrincipal, IdentityId = identityId, Secret = expectedSecret }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act & Assert Assert.Throws <AuthenticationException>(() => AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory)); }
public void GetConfiguredAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succeeds() { // Arrange var expectedAuthenticationMode = AuthenticationMode.SystemAssignedManagedIdentity; var inMemoryConfiguration = new Dictionary <string, string> { { ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() }, }; var config = CreateConfiguration(inMemoryConfiguration); // Act var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config); // Assert Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode); Assert.Null(authenticationInfo.IdentityId); Assert.Null(authenticationInfo.Secret); }
public void CreateAzureAuthentication_SystemAssignedManagedIdentityIsValid_Succeeds() { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { Mode = AuthenticationMode.SystemAssignedManagedIdentity }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory); // Assert Assert.Equal(expectedTenantId, azureCredentials.TenantId); Assert.Equal(azureCloud, azureCredentials.Environment); Assert.Null(azureCredentials.ClientId); }
public void GetConfiguredAzureAuthentication_NoAuthenticationModeIsConfigured_DefaultsToServicePrinciple() { // Arrange var expectedIdentityId = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var inMemoryConfiguration = new Dictionary <string, string> { { ConfigurationKeys.Authentication.IdentityId, expectedIdentityId }, { EnvironmentVariables.Authentication.ApplicationKey, expectedSecret }, }; var config = CreateConfiguration(inMemoryConfiguration); // Act var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config); // Assert Assert.Equal(AuthenticationMode.ServicePrincipal, authenticationInfo.Mode); Assert.Equal(expectedIdentityId, authenticationInfo.IdentityId); Assert.Equal(expectedSecret, authenticationInfo.Secret); }
public void CreateAzureAuthentication_NoModeSpecified_AssumesServicePrinciple() { // Arrange var expectedTenantId = Guid.NewGuid().ToString(); var expectedIdentityId = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var azureCloud = AzureEnvironment.AzureChinaCloud; var azureAuthenticationInfo = new AzureAuthenticationInfo { IdentityId = expectedIdentityId, Secret = expectedSecret }; var azureCredentialFactory = new AzureCredentialsFactory(); // Act var azureCredentials = AzureAuthenticationFactory.CreateAzureAuthentication(azureCloud, expectedTenantId, azureAuthenticationInfo, azureCredentialFactory); // Assert Assert.Equal(expectedTenantId, azureCredentials.TenantId); Assert.Equal(expectedIdentityId, azureCredentials.ClientId); Assert.Equal(azureCloud, azureCredentials.Environment); }
public void GetConfiguredAzureAuthentication_ServicePrincipleIsValidWithLegacyAndNewConfig_UsesNewConfig() { // Arrange var configuredIdentityIdThroughNewApproach = Guid.NewGuid().ToString(); var configuredIdentityIdThroughLegacyApproach = Guid.NewGuid().ToString(); var expectedSecret = Guid.NewGuid().ToString(); var expectedAuthenticationMode = AuthenticationMode.ServicePrincipal; var inMemoryConfiguration = new Dictionary <string, string> { { ConfigurationKeys.Authentication.Mode, expectedAuthenticationMode.ToString() }, { ConfigurationKeys.Authentication.IdentityId, configuredIdentityIdThroughNewApproach }, { EnvironmentVariables.Authentication.ApplicationId, configuredIdentityIdThroughLegacyApproach }, { EnvironmentVariables.Authentication.ApplicationKey, expectedSecret }, }; var config = CreateConfiguration(inMemoryConfiguration); // Act var authenticationInfo = AzureAuthenticationFactory.GetConfiguredAzureAuthentication(config); // Assert Assert.Equal(expectedAuthenticationMode, authenticationInfo.Mode); Assert.Equal(configuredIdentityIdThroughNewApproach, authenticationInfo.IdentityId); Assert.Equal(expectedSecret, authenticationInfo.Secret); }