in src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py [0:0]
def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_rp, cluster_type, cluster_name,
configuration_settings, configuration_protected_settings, is_ci_extension_type):
subscription_id = get_subscription_id(cmd.cli_ctx)
workspace_resource_id = ''
useAADAuth = True
if 'amalogs.useAADAuth' not in configuration_settings:
configuration_settings['amalogs.useAADAuth'] = "true"
extensionSettings = {}
if configuration_settings is not None:
if 'loganalyticsworkspaceresourceid' in configuration_settings:
configuration_settings['logAnalyticsWorkspaceResourceID'] = \
configuration_settings.pop('loganalyticsworkspaceresourceid')
if 'logAnalyticsWorkspaceResourceID' in configuration_settings:
workspace_resource_id = configuration_settings['logAnalyticsWorkspaceResourceID']
# omsagent is being renamed to ama-logs. Check for both for compatibility
if 'omsagent.useAADAuth' in configuration_settings:
useAADAuthSetting = configuration_settings['omsagent.useAADAuth']
logger.info("provided useAADAuth flag is : %s", useAADAuthSetting)
if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting):
useAADAuth = True
else:
useAADAuth = False
elif 'amalogs.useAADAuth' in configuration_settings:
useAADAuthSetting = configuration_settings['amalogs.useAADAuth']
logger.info("provided useAADAuth flag is : %s", useAADAuthSetting)
if (isinstance(useAADAuthSetting, str) and str(useAADAuthSetting).lower() == "true") or (isinstance(useAADAuthSetting, bool) and useAADAuthSetting):
useAADAuth = True
else:
useAADAuth = False
if useAADAuth and ('dataCollectionSettings' in configuration_settings):
dataCollectionSettingsString = configuration_settings["dataCollectionSettings"]
logger.info("provided dataCollectionSettings is : %s", dataCollectionSettingsString)
dataCollectionSettings = json.loads(dataCollectionSettingsString)
if 'interval' in dataCollectionSettings.keys():
intervalValue = dataCollectionSettings["interval"]
if (bool(re.match(r'^[0-9]+[m]$', intervalValue))) is False:
raise InvalidArgumentValueError('interval format must be in <number>m')
intervalValue = int(intervalValue.rstrip("m"))
if intervalValue <= 0 or intervalValue > 30:
raise InvalidArgumentValueError('interval value MUST be in the range from 1m to 30m')
if 'namespaceFilteringMode' in dataCollectionSettings.keys():
namespaceFilteringModeValue = dataCollectionSettings["namespaceFilteringMode"].lower()
if namespaceFilteringModeValue not in ["off", "exclude", "include"]:
raise InvalidArgumentValueError('namespaceFilteringMode value MUST be either Off or Exclude or Include')
if 'namespaces' in dataCollectionSettings.keys():
namspaces = dataCollectionSettings["namespaces"]
if isinstance(namspaces, list) is False:
raise InvalidArgumentValueError('namespaces must be an array type')
if 'enableContainerLogV2' in dataCollectionSettings.keys():
enableContainerLogV2Value = dataCollectionSettings["enableContainerLogV2"]
if not isinstance(enableContainerLogV2Value, bool):
raise InvalidArgumentValueError('enableContainerLogV2Value value MUST be either true or false')
if 'streams' in dataCollectionSettings.keys():
streams = dataCollectionSettings["streams"]
if isinstance(streams, list) is False:
raise InvalidArgumentValueError('streams must be an array type')
extensionSettings["dataCollectionSettings"] = dataCollectionSettings
workspace_resource_id = workspace_resource_id.strip()
if configuration_protected_settings is not None:
if 'proxyEndpoint' in configuration_protected_settings:
# current supported format for proxy endpoint is http(s)://<user>:<pwd>@<proxyhost>:<port>
# do some basic validation since the ci agent does the complete validation
proxy = configuration_protected_settings['proxyEndpoint'].strip().lower()
proxy_parts = proxy.split('://')
if (not proxy) or (not proxy.startswith('http://') and not proxy.startswith('https://')) or \
(len(proxy_parts) != 2):
raise InvalidArgumentValueError(
'proxyEndpoint url should in this format http(s)://<user>:<pwd>@<proxyhost>:<port>'
)
logger.info("successfully validated proxyEndpoint url hence passing proxy endpoint to extension")
# omsagent is being renamed to ama-logs. Set for both for compatibility
configuration_protected_settings['omsagent.proxy'] = configuration_protected_settings['proxyEndpoint']
configuration_protected_settings['amalogs.proxy'] = configuration_protected_settings['proxyEndpoint']
if not workspace_resource_id:
workspace_resource_id = _ensure_default_log_analytics_workspace_for_monitoring(
cmd, subscription_id, cluster_resource_group_name, cluster_rp, cluster_type, cluster_name)
else:
if not is_valid_resource_id(workspace_resource_id):
raise InvalidArgumentValueError('{} is not a valid Azure resource ID.'.format(workspace_resource_id))
if is_ci_extension_type:
if useAADAuth:
logger.info("creating data collection rule and association")
_ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_rp, cluster_type, cluster_name, workspace_resource_id, extensionSettings)
elif not _is_container_insights_solution_exists(cmd, workspace_resource_id):
logger.info("Creating ContainerInsights solution resource, since it doesn't exist and it is using legacy authentication")
_ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result()
# extract subscription ID and resource group from workspace_resource_id URL
parsed = parse_resource_id(workspace_resource_id)
workspace_sub_id, workspace_rg_name, workspace_name = \
parsed["subscription"], parsed["resource_group"], parsed["name"]
log_analytics_client = cf_log_analytics(cmd.cli_ctx, workspace_sub_id)
log_analytics_workspace = log_analytics_client.workspaces.get(workspace_rg_name, workspace_name)
if not log_analytics_workspace:
raise InvalidArgumentValueError(
'Failed to retrieve workspace by {}'.format(workspace_name))
# workspace key not used in case of AAD MSI auth
configuration_protected_settings['omsagent.secret.key'] = "<not_used>"
configuration_protected_settings['amalogs.secret.key'] = "<not_used>"
if not useAADAuth:
shared_keys = log_analytics_client.shared_keys.get_shared_keys(
workspace_rg_name, workspace_name)
if not shared_keys:
raise InvalidArgumentValueError('Failed to retrieve shared key for workspace {}'.format(
log_analytics_workspace))
# omsagent is being renamed to ama-logs. Set for both for compatibility
configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key
configuration_protected_settings['amalogs.secret.key'] = shared_keys.primary_shared_key
# omsagent is being renamed to ama-logs. Set for both for compatibility
configuration_protected_settings['omsagent.secret.wsid'] = log_analytics_workspace.customer_id
configuration_protected_settings['amalogs.secret.wsid'] = log_analytics_workspace.customer_id
configuration_settings['logAnalyticsWorkspaceResourceID'] = workspace_resource_id
# set the domain for the ci agent for non azure public clouds
cloud_name = cmd.cli_ctx.cloud.name
if cloud_name.lower() == 'azurechinacloud':
configuration_settings['omsagent.domain'] = 'opinsights.azure.cn'
configuration_settings['amalogs.domain'] = 'opinsights.azure.cn'
elif cloud_name.lower() == 'azureusgovernment':
configuration_settings['omsagent.domain'] = 'opinsights.azure.us'
configuration_settings['amalogs.domain'] = 'opinsights.azure.us'
elif cloud_name.lower() == 'usnat':
configuration_settings['omsagent.domain'] = 'opinsights.azure.eaglex.ic.gov'
configuration_settings['amalogs.domain'] = 'opinsights.azure.eaglex.ic.gov'
elif cloud_name.lower() == 'ussec':
configuration_settings['omsagent.domain'] = 'opinsights.azure.microsoft.scloud'
configuration_settings['amalogs.domain'] = 'opinsights.azure.microsoft.scloud'