README
¶
Azure common library webdevops projects
ArmClient
Env vars
| Variable name | Default | Description |
|---|---|---|
AZURE_AUTH_METHOD (or AZURE_AUTH) |
none | Defines the force auth method, fallback is the default auth method from the azure-sdk-for-go |
AZURE_SERVICEDISCOVERY_CACHE_TTL |
60m (time.Duration) |
ServiceDiscovery cache (eg. subscription, resourceGroup list,...) |
AZURE_SERVICEDISCOVERY_SUBSCRIPTION_ID |
Subscription IDs separated by commas or spaces (whitespaces are trimmed) | |
AZURE_SERVICEDISCOVERY_SUBSCRIPTION_TAG_SELECTOR |
Tag selector tagName=tagValue,tagName2=tagValue2 to filter subscriptions for ServiceDiscovery (uses kubernetes label selector library) |
Authentication
Hint: please also check microsoft azure-sdk documentation for advanced usage.
Service principal with a secret
| Variable name | Value |
|---|---|
AZURE_CLIENT_ID |
Application ID of an Azure service principal |
AZURE_TENANT_ID |
ID of the application's Azure AD tenant |
AZURE_CLIENT_SECRET |
Password of the Azure service principal |
Service principal with certificate
| Variable name | Value |
|---|---|
AZURE_CLIENT_ID |
ID of an Azure AD application |
AZURE_TENANT_ID |
ID of the application's Azure AD tenant |
AZURE_CLIENT_CERTIFICATE_PATH |
Path to a certificate file including private key (without password protection) |
AzureCLI authentication
To force authentication via AzureCLI set AZURE_AUTH_METHOD=az and the token is fetched from Azure CLI.
For this method the az binary must be executable in $PATH (inside the container/environment).
Interactive browser authentication
To force authentication via interactive browser set AZURE_AUTH_METHOD=interactive.
Interactive devicetoken authentication
To force authentication via device token set AZURE_AUTH_METHOD=devicetoken.
WorkloadIdentity/Federation authentication
To force authentication via WorkloadIdentity/Federation set AZURE_AUTH=federation.
Following environment variables needs to be set (automatically set via workloadidentity in AKS clusters):
| Variable name | Value |
|---|---|
AZURE_AUTHORITY_HOST |
The Azure Active Directory (AAD) endpoint. |
AZURE_CLIENT_ID |
The client ID of the AAD application or user-assigned managed identity. |
AZURE_TENANT_ID |
The tenant ID of the registered AAD application or user-assigned managed identity. |
AZURE_FEDERATED_TOKEN_FILE |
The path of the projected service account token file. |
Azure Cloud/Environment support
AZURE_ENVIRONMENT |
Description |
|---|---|
AzurePublicCloud, AzurePublic, AzureCloud |
Default Azure cloud, using https://portal.azure.com |
AzureChinaCloud, AzureChina |
Azure cloud in China, using https://porta.azure.cn |
AzureGovernmentCloud, AzureGoverment, AzureUSGovermentCloud, USGov |
US Government Azure cloud |
AzureSecretCloud, AzureSecret, USSec |
Azure Secret Cloud region, needs additional configuration for endpoints |
AzurePrivateCloud, AzurePrivate |
Private on-premise installation of Azure Cloud, needs additional configuration for endpoints |
Azure Private cloud
Azure private cloud needs additional custom cloud configuration which can be passed environment variables:
| Env var | Description |
|---|---|
AZURE_CLOUD_CONFIG |
JSON config as string (single line) |
AZURE_CLOUD_CONFIG_FILE |
Path to JSON config as string |
Example configuration:
{
"activeDirectoryAuthorityHost": "https://login.microsoftonline.com/",
"services": {
"resourceManager": {
"audience": "https://management.core.windows.net/",
"endpoint": "https://management.azure.com"
},
"microsoftGraph": {
"audience": "https://graph.microsoft.com",
"endpoint": "https://graph.microsoft.com"
}
}
}
Tag manager
Tag can be dynamically added to metrics and processed though filters
format is: tagname?option1 or tagname?option1&option2
| Tag option | Description |
|---|---|
name |
Name of target label |
toLower |
Lowercasing Azure tag value |
toUpper |
Uppercasing Azure tag value |
inherit |
If tag is not set, try to fetch from parent structure (Resource -> ResourceGroup -> Subscription) |
source |
Defines where the tag value should be fetched from, allowed values: resource, resourceGroup, subscription |
AzureTracing metrics
Azuretracing metrics collects latency and latency from azure-sdk-for-go and creates metrics and is controllable using environment variables (eg. setting buckets, disabling metrics or disable autoreset).
| Metric | Description |
|---|---|
azurerm_api_ratelimit |
Azure ratelimit metrics (only on /metrics, resets after query due to limited validity) |
azurerm_api_request_* |
Azure request count and latency as histogram |
Settings
| Environment variable | Example | Description |
|---|---|---|
METRIC_AZURERM_API_REQUEST_BUCKETS |
1, 5, 15, 30, 90 |
Sets buckets for azurerm_api_request histogram metric |
METRIC_AZURERM_API_REQUEST_ENABLE |
false |
Enables/disables azurerm_api_request_* metric |
METRIC_AZURERM_API_REQUEST_LABELS |
apiEndpoint, method, statusCode |
Controls labels of azurerm_api_request_* metric |
METRIC_AZURERM_API_RATELIMIT_ENABLE |
false |
Enables/disables azurerm_api_ratelimit metric |
METRIC_AZURERM_API_RATELIMIT_AUTORESET |
false |
Enables/disables azurerm_api_ratelimit autoreset after fetch |
azurerm_api_request label |
Status | Description |
|---|---|---|
apiEndpoint |
enabled by default | hostname of endpoint (max 3 parts) |
routingRegion |
disabled by default | detected region for API call, either routing region from Azure Management API or Azure resource location |
subscriptionID |
enabled by default | detected subscriptionID |
tenantID |
enabled by default | detected tenantID (extracted from jwt auth token) |
resourceProvider |
enabled by default | detected Azure Management API provider |
method |
enabled by default | HTTP method |
statusCode |
enabled by default | HTTP status code |
Directories
Click to show internal directories.
Click to hide internal directories.