support for system managed identity

ravgupms · dceravigupta · commit 6ecf807fb3dc · 2025-03-05T12:56:13.000-08:00
diff --git a/plugins/out_azure_kusto/azure_kusto.c b/plugins/out_azure_kusto/azure_kusto.c
@@ -99,7 +99,7 @@ flb_sds_t get_azure_kusto_token(struct flb_azure_kusto *ctx)
     }
 
     if (flb_oauth2_token_expired(ctx->o) == FLB_TRUE) {
-        if (ctx->managed_identity_id != NULL) { 
+        if (ctx->managed_identity_client_id != NULL) { 
             ret = azure_kusto_get_msi_token(ctx);
         }
         else {
@@ -503,9 +503,9 @@ static struct flb_config_map config_map[] = {
      offsetof(struct flb_azure_kusto, client_secret),
      "Set the client secret (Application Password) of the AAD application used for "
      "authentication"},
-    {FLB_CONFIG_MAP_STR, "managed_identity_id", (char *)NULL, 0, FLB_TRUE,
-     offsetof(struct flb_azure_kusto, managed_identity_id),
-     "A managed identity id to authenticate with. "
+    {FLB_CONFIG_MAP_STR, "managed_identity_client_id", (char *)NULL, 0, FLB_TRUE,
+     offsetof(struct flb_azure_kusto, managed_identity_client_id),
+     "A managed identity client id to authenticate with. "
      "Set to 'system' for system-assigned managed identity. "
      "Set the MI client ID (GUID) for user-assigned managed identity."},
     {FLB_CONFIG_MAP_STR, "ingestion_endpoint", (char *)NULL, 0, FLB_TRUE,
diff --git a/plugins/out_azure_kusto/azure_kusto.h b/plugins/out_azure_kusto/azure_kusto.h
@@ -68,11 +68,7 @@ struct flb_azure_kusto {
     flb_sds_t tenant_id;
     flb_sds_t client_id;
     flb_sds_t client_secret;
-
-    /* A managed identity id to authenticate with. 
-     * Set to "system" for system-assigned managed identity.
-     * Set the MI client ID (GUID) for user-assigned managed identity. */
-    flb_sds_t managed_identity_id;
+    flb_sds_t managed_identity_client_id;
     flb_sds_t ingestion_endpoint;
     flb_sds_t database_name;
     flb_sds_t table_name;
diff --git a/plugins/out_azure_kusto/azure_kusto_conf.c b/plugins/out_azure_kusto/azure_kusto_conf.c
@@ -602,27 +602,10 @@ struct flb_azure_kusto *flb_azure_kusto_conf_create(struct flb_output_instance *
         return NULL;
     }
 
-    if (ctx->managed_identity_id == NULL) {
-        /* config: 'tenant_id' */
-        if (ctx->tenant_id == NULL) {
-            flb_plg_error(ctx->ins, "property 'tenant_id' is not defined.");
-            flb_azure_kusto_conf_destroy(ctx);
-            return NULL;
-        }
-
-        /* config: 'client_id' */
-        if (ctx->client_id == NULL) {
-            flb_plg_error(ctx->ins, "property 'client_id' is not defined");
-            flb_azure_kusto_conf_destroy(ctx);
-            return NULL;
-        }
-    
-        /* config: 'client_secret' */
-        if (ctx->client_secret == NULL) {
-            flb_plg_error(ctx->ins, "property 'client_secret' is not defined");
-            flb_azure_kusto_conf_destroy(ctx);
-            return NULL;
-        }
+    if (ctx->tenant_id == NULL && ctx->client_id == NULL && ctx->client_secret == NULL && ctx->managed_identity_client_id == NULL) {
+        flb_plg_error(ctx->ins, "Service Principal or Managed Identity is not defined");
+        flb_azure_kusto_conf_destroy(ctx);
+        return NULL;
     }
 
     /* config: 'ingestion_endpoint' */
@@ -646,20 +629,58 @@ struct flb_azure_kusto *flb_azure_kusto_conf_create(struct flb_output_instance *
         return NULL;
     }
 
-    if (ctx->managed_identity_id != NULL) {
-	ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
-                                            flb_sds_len(ctx->managed_identity_id));
+    if (ctx->managed_identity_client_id != NULL) {
+        /* system assigned managed identity */
+        if (strcasecmp(ctx->managed_identity_client_id, "system") == 0) {
+            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1);
 
-        if (!ctx->oauth_url) {
-            flb_errno();
+            if (!ctx->oauth_url) {
+                flb_errno();
+                flb_azure_kusto_conf_destroy(ctx);
+                return NULL;
+            }
+
+            flb_sds_snprintf(&ctx->oauth_url, flb_sds_alloc(ctx->oauth_url),
+                            FLB_AZURE_MSIAUTH_URL_TEMPLATE, "");
+
+        } else {
+            /* user assigned managed identity */
+            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
+                                                 sizeof("&client_id=") - 1 +
+                                                 flb_sds_len(ctx->managed_identity_client_id));
+    
+            if (!ctx->oauth_url) {
+                flb_errno();
+                flb_azure_kusto_conf_destroy(ctx);
+                return NULL;
+            }
+
+            flb_sds_snprintf(&ctx->oauth_url, flb_sds_alloc(ctx->oauth_url),
+                            FLB_AZURE_MSIAUTH_URL_TEMPLATE, ctx->managed_identity_client_id);
+        }
+    }
+    else {
+        /* config: 'tenant_id' */
+        if (ctx->tenant_id == NULL) {
+            flb_plg_error(ctx->ins, "property 'tenant_id' is not defined.");
+            flb_azure_kusto_conf_destroy(ctx);
+            return NULL;
+        }
+
+        /* config: 'client_id' */
+        if (ctx->client_id == NULL) {
+            flb_plg_error(ctx->ins, "property 'client_id' is not defined");
+            flb_azure_kusto_conf_destroy(ctx);
+            return NULL;
+        }
+    
+        /* config: 'client_secret' */
+        if (ctx->client_secret == NULL) {
+            flb_plg_error(ctx->ins, "property 'client_secret' is not defined");
             flb_azure_kusto_conf_destroy(ctx);
             return NULL;
         }
 
-        flb_sds_snprintf(&ctx->oauth_url, flb_sds_alloc(ctx->oauth_url),
-                        FLB_AZURE_MSIAUTH_URL_TEMPLATE, ctx->managed_identity_id);
-    }
-    else {
         /* Create the auth URL */
         ctx->oauth_url = flb_sds_create_size(sizeof(FLB_MSAL_AUTH_URL_TEMPLATE) - 1 +
                                             flb_sds_len(ctx->tenant_id));
diff --git a/plugins/out_azure_kusto/azure_msiauth.h b/plugins/out_azure_kusto/azure_msiauth.h
@@ -21,7 +21,7 @@
 
 /* MSAL authorization URL  */
 #define FLB_AZURE_MSIAUTH_URL_TEMPLATE \
-    "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01&client_id=%s&resource=https://api.kusto.windows.net"
+    "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2021-02-01%s&resource=https://api.kusto.windows.net"
 
 char *flb_azure_msiauth_token_get(struct flb_oauth2 *ctx);
 
