AzureDataExplorerExporter azure manage identity

Ivalberto commented 1 month ago

Component(s)

exporter/azuredataexplorer

What happened?

Description

HI Guys, I trying to setup the azure data explorer exporter using manage identity , but always i recieving : identity isn't assignet to this resource, I already create a Manage Identity on azure, and adden as user assingned managed identity on the cluster, and give the permission also as AllDataBaseAdmin role

I this case Do I need to associate the MI to a Service Account similar to the process to use Workload identity in the cluster? or not ncesary ?

Thank in advance.

Steps to Reproduce

Create a managed identity on Azure ,
associate to azure data explorer
set manage identity on configuration file

Expected Result

Otel collector sending info to azure data explorer

Actual Result

Error accessing to azure data explorer : identity isn't assigned to this resource

Collector version

0.102

Environment information

Environment

OS: (e.g., "Ubuntu 20.04") Compiler(if manually compiled): (e.g., "go 14.2")

OpenTelemetry Collector configuration

azuredataexplorer:
      # Kusto cluster uri
      cluster_uri: "https://xxxxxxxxx-cluster.eastus.kusto.windows.net"
      managed_identity_id: "xxxxxxxx-829e-4202-8621-xxxxxxxxxxxx"
      # Database for the logs
      db_name: "xxxxxx-adx-database"
      # Metric table name
      metrics_table_name: "metrics"

Log output

Op(OpMgmt): Kind(KInternal): Error while getting token : ManagedIdentityCredential authentication failed. ManagedIdentityCredential authentication failed. the requested identity isn't assigned to this resource\nGET http://x.x.x.x/metadata/identity/oauth2/token\n--------------------------------------------------------------------------------\nRESPONSE 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_request\",\n  \"error_description\": \"Identity not found\"\n}\n--------------------------------------------------------------------------------\nTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id\nGET http://x.x.x.x/metadata/identity/oauth2/token\n--------------------------------------------------------------------------------\nRESPONSE 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_request\",\n  \"error_description\": \"Identity not found\"\n}\n--------------------------------------------------------------------------------\nTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id"}

Additional context

No response

github-actions[bot] commented 1 month ago

Pinging code owners:

exporter/azuredataexplorer: @asaharn @ag-ramachandran

See Adding Labels via Comments if you do not have permissions to add labels yourself.

Rafa-Hid commented 1 month ago

Hi @Ivalberto we are running into this same issue. Were you able to find a fix or workaround to have an OTEL collector export to Azure data explorer?

hgaol commented 1 month ago

Hi @Ivalberto and @Rafa-Hid , you may use the object id instead of the client id in the Kusto exporter configs. You can try with client id to see if the error still occurs. I've tested using it in Azure VM and it can send data to Kusto successfully.

hgaol commented 1 month ago

BTW, make sure you've added the user managed identity in your resource. It's in Identity -> User Assigned -> add user MI

open-telemetry / opentelemetry-collector-contrib