grafana/pkg/setting/setting_azure.go

package setting

import (
	"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"
	"github.com/grafana/grafana/pkg/util"
)

func (cfg *Cfg) readAzureSettings() {
	azureSettings := &azsettings.AzureSettings{}

	azureSection := cfg.Raw.Section("azure")
	authSection := cfg.Raw.Section("auth")

	// This setting is specific to Prometheus
	azureSettings.AzureAuthEnabled = authSection.Key("azure_auth_enabled").MustBool(false)

	// Cloud
	cloudName := azureSection.Key("cloud").MustString(azsettings.AzurePublic)
	azureSettings.Cloud = azsettings.NormalizeAzureCloud(cloudName)

	// Managed Identity authentication
	azureSettings.ManagedIdentityEnabled = azureSection.Key("managed_identity_enabled").MustBool(false)
	azureSettings.ManagedIdentityClientId = azureSection.Key("managed_identity_client_id").String()

	// Workload Identity authentication
	if azureSection.Key("workload_identity_enabled").MustBool(false) {
		azureSettings.WorkloadIdentityEnabled = true
		workloadIdentitySettings := &azsettings.WorkloadIdentitySettings{}

		if val := azureSection.Key("workload_identity_tenant_id").String(); val != "" {
			workloadIdentitySettings.TenantId = val
		}
		if val := azureSection.Key("workload_identity_client_id").String(); val != "" {
			workloadIdentitySettings.ClientId = val
		}
		if val := azureSection.Key("workload_identity_token_file").String(); val != "" {
			workloadIdentitySettings.TokenFile = val
		}

		azureSettings.WorkloadIdentitySettings = workloadIdentitySettings
	}

	// User Identity authentication
	if azureSection.Key("user_identity_enabled").MustBool(false) {
		azureSettings.UserIdentityEnabled = true
		tokenEndpointSettings := &azsettings.TokenEndpointSettings{}

		// Get token endpoint from Azure AD settings if enabled
		azureAdSection := cfg.Raw.Section("auth.azuread")
		if azureAdSection.Key("enabled").MustBool(false) {
			tokenEndpointSettings.TokenUrl = azureAdSection.Key("token_url").String()
			tokenEndpointSettings.ClientId = azureAdSection.Key("client_id").String()
			tokenEndpointSettings.ClientSecret = azureAdSection.Key("client_secret").String()
		}

		// Override individual settings
		if val := azureSection.Key("user_identity_token_url").String(); val != "" {
			tokenEndpointSettings.TokenUrl = val
		}
		if val := azureSection.Key("user_identity_client_id").String(); val != "" {
			tokenEndpointSettings.ClientId = val
			tokenEndpointSettings.ClientSecret = ""
		}
		if val := azureSection.Key("user_identity_client_secret").String(); val != "" {
			tokenEndpointSettings.ClientSecret = val
		}

		azureSettings.UserIdentityTokenEndpoint = tokenEndpointSettings
		azureSettings.UserIdentityFallbackCredentialsEnabled = azureSection.Key("user_identity_fallback_credentials_enabled").MustBool(true)
	}

	azureSettings.ForwardSettingsPlugins = util.SplitString(azureSection.Key("forward_settings_to_plugins").String())

	cfg.Azure = azureSettings
}
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00			`package setting`

Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) * Configuration for user identity authentication * Use token endpoint form Azure AD settings * Documentation update * Update Grafana Azure SDK * Fix secret override * Fix lint * Fix doc wording 2023-05-15 12:00:54 -05:00			`import (`
Chore: Update grafana-azure-sdk-go (#84741) * Update grafana-azure-sdk-go * Update test 2024-03-19 09:56:40 -05:00			`"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"`
Plugins: Include Azure settings as a part of Grafana config sent in plugin requests (#79342) * Add Azure settings and update tests * Filter by plugin ID * Add forward settings config variable * Update line * Add tests * Update so that data sources are fully defined in config * Update SDK and test * Fix lint * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Remove unnecessary if --------- Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> 2023-12-14 05:48:22 -06:00			`"github.com/grafana/grafana/pkg/util"`
Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) * Configuration for user identity authentication * Use token endpoint form Azure AD settings * Documentation update * Update Grafana Azure SDK * Fix secret override * Fix lint * Fix doc wording 2023-05-15 12:00:54 -05:00			`)`
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00
			`func (cfg *Cfg) readAzureSettings() {`
Shared Azure middleware between Azure Monitor and Prometheus datasources (#46002) * Scopes in Azure middleware * Enable Azure middleware without feature flag * Use common Azure middleware in Azure Monitor * Apply feature flag to JsonData configuration of Azure auth * Enforce feature flag in Prometheus datasource * Prometheus provider tests * Datasource service tests * Fix http client provider tests * Pass sdkhttpclient.Options by reference * Add middleware to httpclient.Options * Remove dependency on Grafana settings * Unit-tests updated * Fix ds_proxy_test * Fix service_test 2022-04-01 06:26:49 -05:00			`azureSettings := &azsettings.AzureSettings{}`

AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00			`azureSection := cfg.Raw.Section("azure")`
Prometheus: Add missing Azure setting (#84094) 2024-03-11 03:57:42 -05:00			`authSection := cfg.Raw.Section("auth")`

			`// This setting is specific to Prometheus`
			`azureSettings.AzureAuthEnabled = authSection.Key("azure_auth_enabled").MustBool(false)`
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00
			`// Cloud`
Shared Azure middleware between Azure Monitor and Prometheus datasources (#46002) * Scopes in Azure middleware * Enable Azure middleware without feature flag * Use common Azure middleware in Azure Monitor * Apply feature flag to JsonData configuration of Azure auth * Enforce feature flag in Prometheus datasource * Prometheus provider tests * Datasource service tests * Fix http client provider tests * Pass sdkhttpclient.Options by reference * Add middleware to httpclient.Options * Remove dependency on Grafana settings * Unit-tests updated * Fix ds_proxy_test * Fix service_test 2022-04-01 06:26:49 -05:00			`cloudName := azureSection.Key("cloud").MustString(azsettings.AzurePublic)`
			`azureSettings.Cloud = azsettings.NormalizeAzureCloud(cloudName)`
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00
Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) * Configuration for user identity authentication * Use token endpoint form Azure AD settings * Documentation update * Update Grafana Azure SDK * Fix secret override * Fix lint * Fix doc wording 2023-05-15 12:00:54 -05:00			`// Managed Identity authentication`
Shared Azure middleware between Azure Monitor and Prometheus datasources (#46002) * Scopes in Azure middleware * Enable Azure middleware without feature flag * Use common Azure middleware in Azure Monitor * Apply feature flag to JsonData configuration of Azure auth * Enforce feature flag in Prometheus datasource * Prometheus provider tests * Datasource service tests * Fix http client provider tests * Pass sdkhttpclient.Options by reference * Add middleware to httpclient.Options * Remove dependency on Grafana settings * Unit-tests updated * Fix ds_proxy_test * Fix service_test 2022-04-01 06:26:49 -05:00			`azureSettings.ManagedIdentityEnabled = azureSection.Key("managed_identity_enabled").MustBool(false)`
			`azureSettings.ManagedIdentityClientId = azureSection.Key("managed_identity_client_id").String()`
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00
Azure: Settings for Azure AD Workload Identity (#75283) * Settings for Azure AD Workload Identity * Update dependency on Grafana Azure SDK * Documentation * Fix JS code * Cleanup Prometheus backend code * Making prettier happy 2023-09-28 06:05:16 -05:00			`// Workload Identity authentication`
			`if azureSection.Key("workload_identity_enabled").MustBool(false) {`
			`azureSettings.WorkloadIdentityEnabled = true`
			`workloadIdentitySettings := &azsettings.WorkloadIdentitySettings{}`

			`if val := azureSection.Key("workload_identity_tenant_id").String(); val != "" {`
			`workloadIdentitySettings.TenantId = val`
			`}`
			`if val := azureSection.Key("workload_identity_client_id").String(); val != "" {`
			`workloadIdentitySettings.ClientId = val`
			`}`
			`if val := azureSection.Key("workload_identity_token_file").String(); val != "" {`
			`workloadIdentitySettings.TokenFile = val`
			`}`

			`azureSettings.WorkloadIdentitySettings = workloadIdentitySettings`
			`}`

Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) * Configuration for user identity authentication * Use token endpoint form Azure AD settings * Documentation update * Update Grafana Azure SDK * Fix secret override * Fix lint * Fix doc wording 2023-05-15 12:00:54 -05:00			`// User Identity authentication`
			`if azureSection.Key("user_identity_enabled").MustBool(false) {`
			`azureSettings.UserIdentityEnabled = true`
			`tokenEndpointSettings := &azsettings.TokenEndpointSettings{}`

			`// Get token endpoint from Azure AD settings if enabled`
			`azureAdSection := cfg.Raw.Section("auth.azuread")`
			`if azureAdSection.Key("enabled").MustBool(false) {`
			`tokenEndpointSettings.TokenUrl = azureAdSection.Key("token_url").String()`
			`tokenEndpointSettings.ClientId = azureAdSection.Key("client_id").String()`
			`tokenEndpointSettings.ClientSecret = azureAdSection.Key("client_secret").String()`
			`}`

			`// Override individual settings`
			`if val := azureSection.Key("user_identity_token_url").String(); val != "" {`
			`tokenEndpointSettings.TokenUrl = val`
			`}`
			`if val := azureSection.Key("user_identity_client_id").String(); val != "" {`
			`tokenEndpointSettings.ClientId = val`
			`tokenEndpointSettings.ClientSecret = ""`
			`}`
			`if val := azureSection.Key("user_identity_client_secret").String(); val != "" {`
			`tokenEndpointSettings.ClientSecret = val`
			`}`

			`azureSettings.UserIdentityTokenEndpoint = tokenEndpointSettings`
AzureMonitor: User authentication support (#81918) * Stub out frontend user auth * Stub out backend user auth * Add context * Reorganise files * Refactor app registration form * Alert for user auth service principal credentials * AzureMonitor: Add flag for enabling/disabling fallback credentials for current user authentication (#82332) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Update azure-sdk * Fix lint * Update test * Bump dependency * Update configuration * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Docs review * AzureMonitor: User authentication frontend updates (#83107) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Fix bug in authTypeOptions * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Add documentation links * Fix broken link --------- Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * AzureMonitor: Update docs for current user authentication (#83440) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Update docs * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Feedback * Spelling * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> --------- Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Docs review * Update docs with additional configuration information * Fix to appropriately hide the query editor * Typo * Update isCredentialsComplete * Update test --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> 2024-03-19 11:32:24 -05:00			`azureSettings.UserIdentityFallbackCredentialsEnabled = azureSection.Key("user_identity_fallback_credentials_enabled").MustBool(true)`
Azure: Configuration for user identity authentication in datasources (Experimental) (#50277) * Configuration for user identity authentication * Use token endpoint form Azure AD settings * Documentation update * Update Grafana Azure SDK * Fix secret override * Fix lint * Fix doc wording 2023-05-15 12:00:54 -05:00			`}`

Plugins: Include Azure settings as a part of Grafana config sent in plugin requests (#79342) * Add Azure settings and update tests * Filter by plugin ID * Add forward settings config variable * Update line * Add tests * Update so that data sources are fully defined in config * Update SDK and test * Fix lint * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Remove unnecessary if --------- Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> 2023-12-14 05:48:22 -06:00			`azureSettings.ForwardSettingsPlugins = util.SplitString(azureSection.Key("forward_settings_to_plugins").String())`

Shared Azure middleware between Azure Monitor and Prometheus datasources (#46002) * Scopes in Azure middleware * Enable Azure middleware without feature flag * Use common Azure middleware in Azure Monitor * Apply feature flag to JsonData configuration of Azure auth * Enforce feature flag in Prometheus datasource * Prometheus provider tests * Datasource service tests * Fix http client provider tests * Pass sdkhttpclient.Options by reference * Add middleware to httpclient.Options * Remove dependency on Grafana settings * Unit-tests updated * Fix ds_proxy_test * Fix service_test 2022-04-01 06:26:49 -05:00			`cfg.Azure = azureSettings`
AzureMonitor: Azure settings in Grafana server config (#33728) * Azure cloud settings * Fix typos * Grouped Azure settings * Doc fixes * Some settings are not needed * Updated cloud name aliases 2021-05-12 09:23:37 -05:00			`}`