The highest tagged major version is v2.

azuread

package

v0.310.0 Latest Latest Go to latest Published: Feb 25, 2026 License: Apache-2.0 Imports: 12 Imported by: 5

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/prometheus/prometheus

Links

README ¶

azuread package

azuread provides an http.RoundTripper that attaches an Azure AD accessToken to remote write requests.

This module is considered internal to Prometheus, without any stability guarantees for external usage.

Documentation ¶

Index ¶

Constants
func NewAzureADRoundTripper(cfg *AzureADConfig, next http.RoundTripper) (http.RoundTripper, error)
type AzureADConfig
- func (c *AzureADConfig) UnmarshalYAML(unmarshal func(any) error) error
- func (c *AzureADConfig) Validate() error
type ManagedIdentityConfig
type OAuthConfig
type SDKConfig
type WorkloadIdentityConfig

Constants ¶

View Source

const (
	AzureChina      = "AzureChina"
	AzureGovernment = "AzureGovernment"
	AzurePublic     = "AzurePublic"
)

Clouds.

View Source

const (
	IngestionChinaAudience      = "https://monitor.azure.cn//.default"
	IngestionGovernmentAudience = "https://monitor.azure.us//.default"
	IngestionPublicAudience     = "https://monitor.azure.com//.default"
)

Audiences.

View Source

const (
	// DefaultWorkloadIdentityTokenPath is the default path where the Azure Workload Identity
	// webhook puts the service account token on Azure environments. See <azure docs link>.
	DefaultWorkloadIdentityTokenPath = "/var/run/secrets/azure/tokens/azure-identity-token"
)

Variables ¶

This section is empty.

Functions ¶

func NewAzureADRoundTripper ¶

func NewAzureADRoundTripper(cfg *AzureADConfig, next http.RoundTripper) (http.RoundTripper, error)

NewAzureADRoundTripper creates round tripper adding Azure AD authorization to calls.

Types ¶

type AzureADConfig ¶

type AzureADConfig struct {
	// ManagedIdentity is the managed identity that is being used to authenticate.
	ManagedIdentity *ManagedIdentityConfig `yaml:"managed_identity,omitempty"`

	// WorkloadIdentity is the workload identity that is being used to authenticate.
	WorkloadIdentity *WorkloadIdentityConfig `yaml:"workload_identity,omitempty"`

	// OAuth is the oauth config that is being used to authenticate.
	OAuth *OAuthConfig `yaml:"oauth,omitempty"`

	// SDK is the SDK config that is being used to authenticate.
	SDK *SDKConfig `yaml:"sdk,omitempty"`

	// Cloud is the Azure cloud in which the service is running. Example: AzurePublic/AzureGovernment/AzureChina.
	Cloud string `yaml:"cloud,omitempty"`

	// Scope is the custom OAuth 2.0 scope to request when acquiring tokens.
	Scope string `yaml:"scope,omitempty"`
}

AzureADConfig is used to store the config values.

func (*AzureADConfig) UnmarshalYAML ¶

func (c *AzureADConfig) UnmarshalYAML(unmarshal func(any) error) error

UnmarshalYAML unmarshal the Azure AD config yaml.

func (*AzureADConfig) Validate ¶

func (c *AzureADConfig) Validate() error

Validate validates config values provided.

type ManagedIdentityConfig ¶

type ManagedIdentityConfig struct {
	// ClientID is the clientId of the managed identity that is being used to authenticate.
	ClientID string `yaml:"client_id,omitempty"`
}

ManagedIdentityConfig is used to store managed identity config values.

type OAuthConfig ¶ added in v0.48.0

type OAuthConfig struct {
	// ClientID is the clientId of the azure active directory application that is being used to authenticate.
	ClientID string `yaml:"client_id,omitempty"`

	// ClientSecret is the clientSecret of the azure active directory application that is being used to authenticate.
	ClientSecret string `yaml:"client_secret,omitempty"`

	// TenantID is the tenantId of the azure active directory application that is being used to authenticate.
	TenantID string `yaml:"tenant_id,omitempty"`
}

OAuthConfig is used to store azure oauth config values.

type SDKConfig ¶ added in v0.52.0

type SDKConfig struct {
	// TenantID is the tenantId of the azure active directory application that is being used to authenticate.
	TenantID string `yaml:"tenant_id,omitempty"`
}

SDKConfig is used to store azure SDK config values.

type WorkloadIdentityConfig ¶ added in v0.307.0

type WorkloadIdentityConfig struct {
	// ClientID is the clientId of the Microsoft Entra application or user-assigned managed identity.
	ClientID string `yaml:"client_id,omitempty"`

	// TenantID is the tenantId of the Microsoft Entra application or user-assigned managed identity.
	// This should match the tenant ID where your application or managed identity is registered.
	TenantID string `yaml:"tenant_id,omitempty"`

	// TokenFilePath is the path to the token file provided by the Kubernetes service account projected volume.
	// If not specified, it defaults to DefaultWorkloadIdentityTokenPath.
	TokenFilePath string `yaml:"token_file_path,omitempty"`
}

WorkloadIdentityConfig is used to store workload identity config values.

Source Files ¶

View all Source files

azuread.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL