Modify quick pulse code with authentication enabled (#1678)

* Temporarily add to this repo

* Bump version to not conflict

* Add azure-monitor-opentelemetry-exporter dependency

* Remove tests

* Remove create default telemetry configuration

* Replace Channel with Rest Client

* Remove internal.channel package

* More

* Update lockfiles

* Core compiling

* Core tests passing

* Remove Exporter

* Unit tests passing (still some ignored tho)

* Remove more

* Fix some FIXMEs

* Fix more FIXMEs

* Fix more FIXMEs

* Bump version to 3.1.0

* Some fixes

* Not using external exporter for now

* Need to use BatchSpanProcessor now

* Need to upstream: fix double slash in track url

* Need to upstream: remove statusDescription property

* DO NOT MERGE, TOO VERBOSE

* Need to upstream: fix formatted duration

* Optimization

* More

* Update gradle dependencies from compile to impl

* Bring back old exporter

* Update old exporter

* More

* Temporary? Remove NDJSON from fake ingestion

* Use external exporter artifact after all

* Fix wildfly

* Fix dependency version and lock files

* Fix metric telemetry and more

* Fix LGTM issue

* Rename TelemetryConfiguration to TelemetryClient

* Set time

* Remove system.out.println

* Fix metrics

* Fix sporadic failing test

* Fix tests

* Sporadic failing tests

* Fix test

* Ignore failing test

* Ignore failing test

* Fix ndjson

* Revert "Temporary? Remove NDJSON from fake ingestion"

This reverts commit c6d31c5.

* quick pulse initial changes with httpipeline working code

* add authentication related code

* address comments, add clientsecret authenticationtype, add azure identity dependency

* fix ndjson exception, add authpolicy to TelemetryClient

* AadAuthentication to singleton

* address comments, fix spotbug issues

* fix smoke test, add lazyazurehttpclient, address comments

* fix spotbug issues

* address comments

* Fix submodule

* Fix submodule

* fix cds profiler issue, address comments

* Remove a couple of null checks

* fix lgtm issue

* spotbug workaround, ignore systemexit test for now

* Update test/smoke/testApps/SystemExit/src/smokeTest/java/com/microsoft/applicationinsights/smoketest/SpringBootAutoTest.java

Co-authored-by: Trask Stalnaker <[email protected]>

Author: kryalama

agent/agent-tooling/gradle/dependency-locks/runtimeClasspath.lockfile

@@ -7,6 +7,7 @@ ch.qos.logback:logback-classic:1.2.3
 ch.qos.logback:logback-core:1.2.3
 com.azure:azure-core-http-netty:1.9.0
 com.azure:azure-core:1.15.0
+com.azure:azure-identity:1.2.4
 com.azure:azure-monitor-opentelemetry-exporter:1.0.0-beta.4
 com.blogspot.mydailyjava:weak-lock-free:0.15
 com.fasterxml.jackson.core:jackson-annotations:2.12.2
@@ -17,7 +18,9 @@ com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.12.2
 com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.12.2
 com.fasterxml.jackson:jackson-bom:2.12.2
 com.fasterxml.woodstox:woodstox-core:6.2.4
+com.fasterxml:aalto-xml:1.0.0
 com.github.oshi:oshi-core:5.6.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
 com.google.auto.service:auto-service-annotations:1.0-rc7
 com.google.auto.service:auto-service:1.0-rc7
 com.google.auto:auto-common:0.10
@@ -28,6 +31,13 @@ com.google.guava:failureaccess:1.0.1
 com.google.guava:guava:30.1.1-jre
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
 com.google.j2objc:j2objc-annotations:1.3
+com.madgag.spongycastle:core:1.54.0.0
+com.microsoft.azure:msal4j-persistence-extension:1.1.0
+com.microsoft.azure:msal4j:1.9.1
+com.nimbusds:content-type:2.1
+com.nimbusds:lang-tag:1.4.4
+com.nimbusds:nimbus-jose-jwt:8.18
+com.nimbusds:oauth2-oidc-sdk:8.23.1
 com.squareup.moshi:moshi:1.9.3
 com.squareup.okio:okio:1.16.0
 commons-codec:commons-codec:1.13
@@ -89,6 +99,8 @@ net.bytebuddy:byte-buddy-agent:1.10.18
 net.bytebuddy:byte-buddy:1.10.18
 net.java.dev.jna:jna-platform:5.7.0
 net.java.dev.jna:jna:5.7.0
+net.minidev:accessors-smart:1.2
+net.minidev:json-smart:2.3
 org.apache.commons:commons-lang3:3.11
 org.apache.commons:commons-text:1.9
 org.apache.httpcomponents:httpclient:4.5.13
@@ -97,7 +109,20 @@ org.checkerframework:checker-qual:3.12.0
 org.codehaus.woodstox:stax2-api:4.2.1
 org.jctools:jctools-core:3.3.0
 org.jetbrains.kotlin:kotlin-bom:1.4.21
+org.jetbrains:annotations:15.0
+org.linguafranca.pwdb:KeePassJava2-dom:2.1.4
+org.linguafranca.pwdb:KeePassJava2-jaxb:2.1.4
+org.linguafranca.pwdb:KeePassJava2-kdb:2.1.4
+org.linguafranca.pwdb:KeePassJava2-kdbx:2.1.4
+org.linguafranca.pwdb:KeePassJava2-simple:2.1.4
+org.linguafranca.pwdb:KeePassJava2:2.1.4
+org.linguafranca.pwdb:database:2.1.4
+org.ow2.asm:asm:5.0.4
 org.reactivestreams:reactive-streams:1.0.3
+org.simpleframework:simple-xml:2.7.1
 org.slf4j:jcl-over-slf4j:1.7.30
 org.slf4j:slf4j-api:1.7.30
 org.slf4j:slf4j-simple:1.7.30
+stax:stax-api:1.0.1
+stax:stax:1.2.0
+xpp3:xpp3:1.1.3.3

agent/agent-tooling/src/main/java/com/microsoft/applicationinsights/agent/internal/AiComponentInstaller.java

@@ -35,6 +35,8 @@
 import com.microsoft.applicationinsights.agent.internal.wasbootstrap.configuration.RpConfiguration;
 import com.microsoft.applicationinsights.common.CommonUtils;
 import com.microsoft.applicationinsights.customExceptions.FriendlyException;
+import com.microsoft.applicationinsights.internal.authentication.AadAuthentication;
+import com.microsoft.applicationinsights.internal.channel.common.LazyAzureHttpClient;
 import com.microsoft.applicationinsights.internal.channel.common.LazyHttpClient;
 import com.microsoft.applicationinsights.internal.config.*;
 import com.microsoft.applicationinsights.internal.profiler.GcEventMonitor;
@@ -114,6 +116,11 @@ private static void start(Instrumentation instrumentation) {
         }
         // Function to validate user provided processor configuration
         validateProcessorConfiguration(config);
+        config.preview.authentication.validate();
+        //Inject authentication configuration
+        Configuration.AadAuthentication authentication = config.preview.authentication;
+        AadAuthentication.init(authentication.type, authentication.clientId, authentication.keePassDatabasePath,
+                authentication.tenantId, authentication.clientSecret, authentication.authorityHost);
 
         // FIXME do something with config
 
@@ -127,13 +134,17 @@ private static void start(Instrumentation instrumentation) {
             // this is used to delay SSL initialization because SSL initialization triggers loading of
             // java.util.logging (starting with Java 8u231)
             // and JBoss/Wildfly need to install their own JUL manager before JUL is initialized
+            LazyAzureHttpClient.safeToInitLatch = new CountDownLatch(1);
             LazyHttpClient.safeToInitLatch = new CountDownLatch(1);
-            instrumentation.addTransformer(new JulListeningClassFileTransformer(LazyHttpClient.safeToInitLatch));
+            instrumentation.addTransformer(new JulListeningClassFileTransformer(LazyAzureHttpClient.safeToInitLatch));
         }
 
         if (config.proxy.host != null) {
+            LazyAzureHttpClient.proxyHost= config.proxy.host;
+            LazyAzureHttpClient.proxyPortNumber = config.proxy.port;
             LazyHttpClient.proxy = new HttpHost(config.proxy.host, config.proxy.port);
         }
+
         AppIdSupplier appIdSupplier = AppIdSupplier.INSTANCE;
 
         TelemetryClient telemetryClient = TelemetryClient.initActive(config.customDimensions, buildXmlConfiguration(config));

agent/agent-tooling/src/main/java/com/microsoft/applicationinsights/agent/internal/AppIdSupplier.java

@@ -21,19 +21,18 @@
 
 package com.microsoft.applicationinsights.agent.internal;
 
-import java.io.IOException;
 import java.net.URI;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 
+import com.azure.core.http.HttpMethod;
+import com.azure.core.http.HttpRequest;
+import com.azure.core.http.HttpResponse;
 import com.microsoft.applicationinsights.TelemetryClient;
-import com.microsoft.applicationinsights.internal.channel.common.LazyHttpClient;
+import com.microsoft.applicationinsights.internal.channel.common.LazyAzureHttpClient;
 import com.microsoft.applicationinsights.internal.util.ExceptionStats;
 import com.microsoft.applicationinsights.internal.util.ThreadPoolUtils;
 import io.opentelemetry.instrumentation.api.aisdk.AiAppId;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.util.EntityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -116,34 +115,30 @@ public void run() {
                 return;
             }
 
-            HttpGet request = new HttpGet(uri);
-
+            HttpRequest request = new HttpRequest(HttpMethod.GET, uri.toString());
             HttpResponse response;
             try {
-                response = LazyHttpClient.getInstance().execute(request);
+                response = LazyAzureHttpClient.getInstance().send(request).block();
             } catch (Exception e) {
                 // TODO handle Friendly SSL exception
                 logger.debug(e.getMessage(), e);
                 backOff("exception sending request to " + uri, e);
                 return;
             }
 
-            String body;
-            try {
-                body = EntityUtils.toString(response.getEntity());
-            } catch (IOException e) {
-                logger.debug(e.getMessage(), e);
-                backOff("exception reading response from " + uri, e);
-                return;
+            // this check is needed to make spotbugs happy
+            if (response == null) {
+                throw new IllegalStateException("response should never be null");
             }
 
-            int statusCode = response.getStatusLine().getStatusCode();
+            String body = response.getBodyAsString().block();
+            int statusCode = response.getStatusCode();
             if (statusCode != 200) {
-                backOff("received " + statusCode + " " + response.getStatusLine().getReasonPhrase() + " from " + uri
+                backOff("received " + statusCode + " from " + uri
                         + "\nfull response:\n" + body, null);
                 return;
             }
-
+            
             // check for case when breeze returns invalid value
             if (body == null || body.isEmpty()) {
                 backOff("received empty body from " + uri, null);

agent/agent-tooling/src/main/java/com/microsoft/applicationinsights/agent/internal/wasbootstrap/configuration/Configuration.java

@@ -24,7 +24,9 @@
 import com.microsoft.applicationinsights.agent.bootstrap.diagnostics.DiagnosticsHelper;
 import com.microsoft.applicationinsights.agent.bootstrap.diagnostics.status.StatusFile;
 import com.microsoft.applicationinsights.customExceptions.FriendlyException;
+import com.microsoft.applicationinsights.internal.authentication.AuthenticationType;
 import com.microsoft.applicationinsights.internal.profiler.GcReportingLevel;
+import com.microsoft.applicationinsights.internal.system.SystemInformation;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -77,6 +79,8 @@ public enum ProcessorType {
         }
     }
 
+
+
     public static class Role {
 
         public String name;
@@ -184,6 +188,7 @@ public static class PreviewConfiguration {
 
         public ProfilerConfiguration profiler = new ProfilerConfiguration();
         public GcEventConfiguration gcEvents = new GcEventConfiguration();
+        public AadAuthentication authentication = new AadAuthentication();
     }
 
     public static class PreviewInstrumentation {
@@ -583,6 +588,62 @@ public static class GcEventConfiguration {
         public GcReportingLevel reportingLevel = GcReportingLevel.TENURED_ONLY;
     }
 
+    public static class AadAuthentication {
+        public boolean enabled;
+        public AuthenticationType type;
+        public String clientId;
+        public String keePassDatabasePath;
+        public String tenantId;
+        public String clientSecret;
+        public String authorityHost;
+
+        public void validate() throws FriendlyException {
+            if(!enabled) return;
+            if(type == null) {
+                throw new FriendlyException("AAD Authentication configuration is missing authentication \"type\".",
+                        "Please provide a valid authentication \"type\" under the \"authentication\" configuration. " +
+                                "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+            }
+
+            if(type == AuthenticationType.UAMI) {
+                if(isEmpty(clientId)) {
+                    throw new FriendlyException("AAD Authentication configuration of type User Assigned Managed Identity is missing \"clientId\".",
+                            "Please provide a valid \"clientId\" under the \"authentication\" configuration. " +
+                                    "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+                }
+            }
+
+            // keePassDatabasePath is only required for Windows. No configuration needed for Linux / Mac.
+            if(type == AuthenticationType.INTELLIJ && SystemInformation.INSTANCE.isWindows()) {
+                if(isEmpty(keePassDatabasePath)) {
+                    throw new FriendlyException("AAD Authentication configuration of type Intellij is missing \"keePassDatabasePath\".",
+                            "Please provide a valid authentication \"keePassDatabasePath\" under the \"authentication\" configuration. This is only required for Windows. " +
+                                    "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+                }
+            }
+
+            if(type == AuthenticationType.CLIENTSECRET) {
+                if (isEmpty(clientId)) {
+                    throw new FriendlyException("AAD Authentication configuration of type Client Secret Identity is missing \"clientId\".",
+                            "Please provide a valid \"clientId\" under the \"authentication\" configuration. " +
+                                    "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+                }
+
+                if (isEmpty(tenantId)) {
+                    throw new FriendlyException("AAD Authentication configuration of type Client Secret Identity is missing \"tenantId\".",
+                            "Please provide a valid \"tenantId\" under the \"authentication\" configuration. " +
+                                    "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+                }
+
+                if (isEmpty(clientSecret)) {
+                    throw new FriendlyException("AAD Authentication configuration of type Client Secret Identity is missing \"clientSecret\".",
+                            "Please provide a valid \"clientSecret\" under the \"authentication\" configuration. " +
+                                    "Learn more about authentication configuration here: https://docs.microsoft.com/en-us/azure/azure-monitor/app/java-standalone-config");
+                }
+            }
+        }
+    }
+
     private static boolean isEmpty(String str) {
         return str == null || str.trim().isEmpty();
     }

agent/agent-tooling/src/test/java/com/microsoft/applicationinsights/agent/internal/wasbootstrap/configuration/ConfigurationBuilderTest.java

@@ -81,6 +81,7 @@ public void testMalformedFaultyJson() throws IOException {
         }
     }
 
+    @Test
     public void testGetJsonEncodingExceptionMessage() {
         String pathNull = ConfigurationBuilder.getJsonEncodingExceptionMessage("file path/to/file",null);
         String pathEmpty = ConfigurationBuilder.getJsonEncodingExceptionMessage("file path/to/file","");

agent/agent-tooling/src/test/java/com/microsoft/applicationinsights/agent/internal/wasbootstrap/configuration/ConfigurationTest.java

@@ -15,6 +15,7 @@
 import com.microsoft.applicationinsights.agent.internal.wasbootstrap.configuration.Configuration.MatchType;
 import com.microsoft.applicationinsights.agent.internal.wasbootstrap.configuration.Configuration.ProcessorType;
 import com.microsoft.applicationinsights.agent.internal.wasbootstrap.configuration.ConfigurationBuilder.ConfigurationException;
+import com.microsoft.applicationinsights.internal.authentication.AuthenticationType;
 import com.squareup.moshi.JsonAdapter;
 import com.squareup.moshi.JsonDataException;
 import com.squareup.moshi.JsonReader;
@@ -191,6 +192,21 @@ public void shouldParseProcessorConfiguration() throws IOException {
         assertEquals("httpProtocol",attributesExtractConfig.actions.get(0).extractAttribute.groupNames.get(0));
     }
 
+    @Test
+    public void shouldParseAuthenticationConfiguration() throws IOException {
+
+        Configuration configuration = loadConfiguration("applicationinsights_aadauth.json");
+        PreviewConfiguration preview = configuration.preview;
+        assertEquals("InstrumentationKey=00000000-0000-0000-0000-000000000000", configuration.connectionString);
+        assertEquals(true, preview.authentication.enabled);
+        assertEquals(AuthenticationType.SAMI, preview.authentication.type);
+        assertEquals("123xyz", preview.authentication.clientId);
+        assertEquals("tenant123", preview.authentication.tenantId);
+        assertEquals("clientsecret123", preview.authentication.clientSecret);
+        assertEquals("path/to/keePass", preview.authentication.keePassDatabasePath);
+        assertEquals("https://test.com/microsoft/", preview.authentication.authorityHost);
+    }
+
     @Test
     public void shouldUseDefaults() throws IOException {
         envVars.set("WEBSITE_SITE_NAME", "Role Name From Website Env");

agent/agent-tooling/src/test/resources/applicationinsights_aadauth.json

@@ -0,0 +1,14 @@
+{
+  "connectionString": "InstrumentationKey=00000000-0000-0000-0000-000000000000",
+  "preview" : {
+    "authentication" : {
+      "enabled": true,
+      "type": "SAMI",
+      "clientId" : "123xyz",
+      "keePassDatabasePath" : "path/to/keePass",
+      "tenantId": "tenant123",
+      "clientSecret": "clientsecret123",
+      "authorityHost": "https://test.com/microsoft/"
+    }
+  }
+}

agent/exporter/gradle/dependency-locks/runtimeClasspath.lockfile

@@ -3,6 +3,7 @@
 # This file is expected to be part of source control.
 com.azure:azure-core-http-netty:1.9.0
 com.azure:azure-core:1.15.0
+com.azure:azure-identity:1.2.4
 com.azure:azure-monitor-opentelemetry-exporter:1.0.0-beta.4
 com.fasterxml.jackson.core:jackson-annotations:2.12.2
 com.fasterxml.jackson.core:jackson-core:2.12.2
@@ -12,14 +13,23 @@ com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.12.2
 com.fasterxml.jackson.module:jackson-module-jaxb-annotations:2.12.2
 com.fasterxml.jackson:jackson-bom:2.12.2
 com.fasterxml.woodstox:woodstox-core:6.2.4
+com.fasterxml:aalto-xml:1.0.0
 com.github.oshi:oshi-core:5.6.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
 com.google.code.findbugs:jsr305:3.0.2
 com.google.code.gson:gson:2.8.2
 com.google.errorprone:error_prone_annotations:2.5.1
 com.google.guava:failureaccess:1.0.1
 com.google.guava:guava:30.1.1-jre
 com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
 com.google.j2objc:j2objc-annotations:1.3
+com.madgag.spongycastle:core:1.54.0.0
+com.microsoft.azure:msal4j-persistence-extension:1.1.0
+com.microsoft.azure:msal4j:1.9.1
+com.nimbusds:content-type:2.1
+com.nimbusds:lang-tag:1.4.4
+com.nimbusds:nimbus-jose-jwt:8.18
+com.nimbusds:oauth2-oidc-sdk:8.23.1
 com.squareup.moshi:moshi:1.9.3
 com.squareup.okio:okio:1.16.0
 commons-codec:commons-codec:1.11
@@ -63,12 +73,27 @@ jakarta.activation:jakarta.activation-api:1.2.1
 jakarta.xml.bind:jakarta.xml.bind-api:2.3.2
 net.java.dev.jna:jna-platform:5.7.0
 net.java.dev.jna:jna:5.7.0
+net.minidev:accessors-smart:1.2
+net.minidev:json-smart:2.3
 org.apache.commons:commons-lang3:3.11
 org.apache.commons:commons-text:1.9
 org.apache.httpcomponents:httpclient:4.5.13
 org.apache.httpcomponents:httpcore:4.4.13
 org.checkerframework:checker-qual:3.8.0
 org.codehaus.woodstox:stax2-api:4.2.1
 org.jctools:jctools-core:3.3.0
+org.jetbrains:annotations:15.0
+org.linguafranca.pwdb:KeePassJava2-dom:2.1.4
+org.linguafranca.pwdb:KeePassJava2-jaxb:2.1.4
+org.linguafranca.pwdb:KeePassJava2-kdb:2.1.4
+org.linguafranca.pwdb:KeePassJava2-kdbx:2.1.4
+org.linguafranca.pwdb:KeePassJava2-simple:2.1.4
+org.linguafranca.pwdb:KeePassJava2:2.1.4
+org.linguafranca.pwdb:database:2.1.4
+org.ow2.asm:asm:5.0.4
 org.reactivestreams:reactive-streams:1.0.3
+org.simpleframework:simple-xml:2.7.1
 org.slf4j:slf4j-api:1.7.30
+stax:stax-api:1.0.1
+stax:stax:1.2.0
+xpp3:xpp3:1.1.3.3