AB#2524 Refactor Azure metadata/cloud API (#477)

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-08-06 14:04:17 -04:00 · 2022-11-15 09:08:18 +01:00 · 2022-11-15 09:08:18 +01:00 · f41c54e837
commit f41c54e837
parent 74a7a80153
23 changed files with 2127 additions and 2492 deletions
--- a/internal/cloud/azure/logger.go
+++ b/internal/cloud/azure/logger.go
@ -10,7 +10,11 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"net/http"

+	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
+	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights"
+	"github.com/edgelesssys/constellation/v2/internal/cloud"
 	"github.com/microsoft/ApplicationInsights-Go/appinsights"
 )

@ -22,23 +26,35 @@ type Logger struct {

 // NewLogger creates a new client to store information in Azure Application Insights
 // https://github.com/Microsoft/ApplicationInsights-go
-func NewLogger(ctx context.Context, metadata *Metadata) (*Logger, error) {
-	component, err := metadata.getAppInsights(ctx)
+func NewLogger(ctx context.Context) (*Logger, error) {
+	cred, err := azidentity.NewDefaultAzureCredential(nil)
 	if err != nil {
-		return nil, fmt.Errorf("getting app insights: %w", err)
+		return nil, fmt.Errorf("loading credentials: %w", err)
 	}
-
-	if component.Properties == nil || component.Properties.InstrumentationKey == nil {
-		return nil, errors.New("unable to get instrumentation key")
+	imdsAPI := &imdsClient{
+		client: &http.Client{Transport: &http.Transport{Proxy: nil}},
 	}
-
-	client := appinsights.NewTelemetryClient(*component.Properties.InstrumentationKey)
-
-	self, err := metadata.Self(ctx)
+	subscriptionID, err := imdsAPI.subscriptionID(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("getting self: %w", err)
+		return nil, fmt.Errorf("retrieving subscription ID: %w", err)
 	}
-	client.Context().CommonProperties["instance-name"] = self.Name
+	appInsightAPI, err := armapplicationinsights.NewComponentsClient(subscriptionID, cred, nil)
+	if err != nil {
+		return nil, fmt.Errorf("setting up insights API client. %w", err)
+	}
+
+	instrumentationKey, err := getAppInsightsKey(ctx, imdsAPI, appInsightAPI)
+	if err != nil {
+		return nil, fmt.Errorf("getting app insights instrumentation key: %w", err)
+	}
+
+	client := appinsights.NewTelemetryClient(instrumentationKey)
+
+	name, err := imdsAPI.name(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("retrieving instance name: %w", err)
+	}
+	client.Context().CommonProperties["instance-name"] = name

 	return &Logger{client: client}, nil
 }
@ -54,3 +70,37 @@ func (l *Logger) Close() error {
 	<-l.client.Channel().Close()
 	return nil
 }
+
+// getAppInsightsKey returns a instrumentation key needed to set up cloud logging on Azure.
+// The key is retrieved from the resource group of the instance the function is called from.
+func getAppInsightsKey(ctx context.Context, imdsAPI imdsAPI, appInsightAPI applicationInsightsAPI) (string, error) {
+	resourceGroup, err := imdsAPI.resourceGroup(ctx)
+	if err != nil {
+		return "", err
+	}
+	uid, err := imdsAPI.uid(ctx)
+	if err != nil {
+		return "", err
+	}
+
+	pager := appInsightAPI.NewListByResourceGroupPager(resourceGroup, nil)
+	for pager.More() {
+		page, err := pager.NextPage(ctx)
+		if err != nil {
+			return "", fmt.Errorf("retrieving application insights: %w", err)
+		}
+
+		for _, component := range page.Value {
+			if component == nil || component.Tags == nil ||
+				component.Tags[cloud.TagUID] == nil || *component.Tags[cloud.TagUID] != uid {
+				continue
+			}
+
+			if component.Properties == nil || component.Properties.InstrumentationKey == nil {
+				return "", errors.New("unable to get instrumentation key")
+			}
+			return *component.Properties.InstrumentationKey, nil
+		}
+	}
+	return "", errors.New("could not find correctly tagged application insights")
+}