Support clientsecret via env var (#3692)

Author: heyams

agent/agent-tooling/src/main/java/com/microsoft/applicationinsights/agent/internal/configuration/ConfigurationBuilder.java

@@ -265,7 +265,9 @@ private static void logConfigurationWarnings(Configuration config) {
     }
     if (config.authentication.clientSecret != null) {
       configurationLogger.warn(
-          "\"clientsecret\" typed of AAD authentication has been deprecated since 3.5.0 GA. Please use \"user-assigned identity\" or \"system-assigned identity\" instead.");
+          "\"clientsecret\" json configuration has been deprecated since 3.5.0 GA. Please use \"user-assigned managed identity\" or \"system-assigned managed identity\" instead. "
+              + "If you're on premise, you can use APPLICATIONINSIGHTS_AUTHENTICATION_STRING environment variable to pass the client ID and secret, "
+              + "e.g. APPLICATIONINSIGHTS_AUTHENTICATION_STRING=Authorization=AAD;ClientId={CLIENT_ID};ClientSecret={CLIENT_SECRET}.");
     }
     if (config.sampling.percentage != null && config.sampling.requestsPerSecond != null) {
       configurationLogger.warn(
@@ -496,9 +498,16 @@ private static void overlayAadEnvVars(
         config.authentication.type = Configuration.AuthenticationType.SAMI;
         String clientId = keyValueMap.get("ClientId");
         if (clientId != null && !clientId.isEmpty()) {
-          // Override type to User Assigned Managed Identity
-          config.authentication.type = Configuration.AuthenticationType.UAMI;
           config.authentication.clientId = clientId;
+          String clientSecret = keyValueMap.get("ClientSecret");
+          if (clientSecret != null && !clientSecret.isEmpty()) {
+            // Override type to Client Secret
+            config.authentication.type = Configuration.AuthenticationType.CLIENTSECRET;
+            config.authentication.clientSecret = clientSecret;
+          } else {
+            // Override type to User Assigned Managed Identity
+            config.authentication.type = Configuration.AuthenticationType.UAMI;
+          }
         }
       }
     }

agent/agent-tooling/src/test/java/com/microsoft/applicationinsights/agent/internal/configuration/ConfigurationTest.java

@@ -678,7 +678,6 @@ void shouldOverrideInstrumentationSpringSchedulingEnabled() throws IOException {
   @Test
   void shouldOverrideAadAuthenticationConfig() throws IOException {
     envVars.put("APPLICATIONINSIGHTS_AUTHENTICATION_STRING", "Authorization=AAD;ClientId=12345678");
-
     Configuration configuration = loadConfiguration("applicationinsights_aadauthenv.json");
     ConfigurationBuilder.overlayFromEnv(
         configuration, Paths.get("."), this::envVars, this::systemProperties);
@@ -688,8 +687,7 @@ void shouldOverrideAadAuthenticationConfig() throws IOException {
     assertThat(configuration.authentication.clientId).isEqualTo("12345678");
     assertThat(configuration.authentication.clientSecret).isNull();
 
-    envVars.put("APPLICATIONINSIGHTS_AUTHENTICATION_STRING", "Authorization=AAD;ClientId=");
-
+    envVars.put("APPLICATIONINSIGHTS_AUTHENTICATION_STRING", "Authorization=AAD");
     Configuration configuration2 = loadConfiguration("applicationinsights_aadauthenv.json");
     ConfigurationBuilder.overlayFromEnv(
         configuration2, Paths.get("."), this::envVars, this::systemProperties);
@@ -698,6 +696,18 @@ void shouldOverrideAadAuthenticationConfig() throws IOException {
     assertThat(configuration2.authentication.type).isEqualTo(Configuration.AuthenticationType.SAMI);
     assertThat(configuration2.authentication.clientId).isNull();
     assertThat(configuration2.authentication.clientSecret).isNull();
+
+    envVars.put(
+        "APPLICATIONINSIGHTS_AUTHENTICATION_STRING",
+        "Authorization=AAD;ClientId=12345678;ClientSecret=clientsecret123");
+    Configuration configuration3 = loadConfiguration("applicationinsights_aadauthenv.json");
+    ConfigurationBuilder.overlayFromEnv(
+        configuration3, Paths.get("."), this::envVars, this::systemProperties);
+    assertThat(configuration3.authentication.enabled).isTrue();
+    assertThat(configuration3.authentication.type)
+        .isEqualTo(Configuration.AuthenticationType.CLIENTSECRET);
+    assertThat(configuration3.authentication.clientId).isEqualTo("12345678");
+    assertThat(configuration3.authentication.clientSecret).isEqualTo("clientsecret123");
   }
 
   @Test