mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-14 10:24:24 -05:00
5a0234b3f2
* Convert enforceIDKeyDigest setting to enum * Use MAA fallback in Azure SNP attestation * Only create MAA provider if MAA fallback is enabled --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
107 lines
3.2 KiB
Go
107 lines
3.2 KiB
Go
/*
|
|
Copyright (c) Edgeless Systems GmbH
|
|
|
|
SPDX-License-Identifier: AGPL-3.0-only
|
|
*/
|
|
|
|
package azure
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
|
|
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights"
|
|
"github.com/edgelesssys/constellation/v2/internal/cloud"
|
|
"github.com/microsoft/ApplicationInsights-Go/appinsights"
|
|
)
|
|
|
|
// Logger implements CloudLogger interface for Azure to Disclose early boot
|
|
// logs into Azure's App Insights service.
|
|
type Logger struct {
|
|
client appinsights.TelemetryClient
|
|
}
|
|
|
|
// NewLogger creates a new client to store information in Azure Application Insights
|
|
// https://github.com/Microsoft/ApplicationInsights-go
|
|
func NewLogger(ctx context.Context) (*Logger, error) {
|
|
cred, err := azidentity.NewDefaultAzureCredential(nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("loading credentials: %w", err)
|
|
}
|
|
imdsAPI := &IMDSClient{
|
|
client: &http.Client{Transport: &http.Transport{Proxy: nil}},
|
|
}
|
|
subscriptionID, err := imdsAPI.subscriptionID(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("retrieving subscription ID: %w", err)
|
|
}
|
|
appInsightAPI, err := armapplicationinsights.NewComponentsClient(subscriptionID, cred, nil)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("setting up insights API client. %w", err)
|
|
}
|
|
|
|
instrumentationKey, err := getAppInsightsKey(ctx, imdsAPI, appInsightAPI)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("getting app insights instrumentation key: %w", err)
|
|
}
|
|
|
|
client := appinsights.NewTelemetryClient(instrumentationKey)
|
|
|
|
name, err := imdsAPI.name(ctx)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("retrieving instance name: %w", err)
|
|
}
|
|
client.Context().CommonProperties["instance-name"] = name
|
|
|
|
return &Logger{client: client}, nil
|
|
}
|
|
|
|
// Disclose stores log information in Azure Application Insights!
|
|
// Do **NOT** log sensitive information!
|
|
func (l *Logger) Disclose(msg string) {
|
|
l.client.Track(appinsights.NewTraceTelemetry(msg, appinsights.Information))
|
|
}
|
|
|
|
// Close blocks until all information are written to cloud API.
|
|
func (l *Logger) Close() error {
|
|
<-l.client.Channel().Close()
|
|
return nil
|
|
}
|
|
|
|
// getAppInsightsKey returns a instrumentation key needed to set up cloud logging on Azure.
|
|
// The key is retrieved from the resource group of the instance the function is called from.
|
|
func getAppInsightsKey(ctx context.Context, imdsAPI imdsAPI, appInsightAPI applicationInsightsAPI) (string, error) {
|
|
resourceGroup, err := imdsAPI.resourceGroup(ctx)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
uid, err := imdsAPI.uid(ctx)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
pager := appInsightAPI.NewListByResourceGroupPager(resourceGroup, nil)
|
|
for pager.More() {
|
|
page, err := pager.NextPage(ctx)
|
|
if err != nil {
|
|
return "", fmt.Errorf("retrieving application insights: %w", err)
|
|
}
|
|
|
|
for _, component := range page.Value {
|
|
if component == nil || component.Tags == nil ||
|
|
component.Tags[cloud.TagUID] == nil || *component.Tags[cloud.TagUID] != uid {
|
|
continue
|
|
}
|
|
|
|
if component.Properties == nil || component.Properties.InstrumentationKey == nil {
|
|
return "", errors.New("unable to get instrumentation key")
|
|
}
|
|
return *component.Properties.InstrumentationKey, nil
|
|
}
|
|
}
|
|
return "", errors.New("could not find correctly tagged application insights")
|
|
}
|