[k8s-extension] ContainerInsights Extension Managed Identity Auth Onb…

…oarding related bug fixes (#141) * fix bugs * fix indent issues * remove get workspace key for msi auth * fix pr feedback
AzureArcForKubernetes · Jul 19, 2022 · 87cedf7 · 87cedf7
1 parent 17d59e7
commit 87cedf7
Showing 1 changed file with 18 additions and 11 deletions.
diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py
@@ -483,12 +483,12 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n
             raise InvalidArgumentValueError('{} is not a valid Azure resource ID.'.format(workspace_resource_id))
 
     if is_ci_extension_type:
-        if not _is_container_insights_solution_exists(cmd, workspace_resource_id):
-            logger.info("creating containerinsights solution resource since it doesnt exist")
-            _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result()
         if useAADAuth:
             logger.info("creating data collection rule and association")
             _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id)
+        elif not _is_container_insights_solution_exists(cmd, workspace_resource_id):
+            logger.info("Creating ContainerInsights solution resource, since it doesn't exist and it is using legacy authentication")
+            _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result()
 
     # extract subscription ID and resource group from workspace_resource_id URL
     parsed = parse_resource_id(workspace_resource_id)
@@ -499,16 +499,20 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n
     log_analytics_workspace = log_analytics_client.workspaces.get(workspace_rg_name, workspace_name)
     if not log_analytics_workspace:
         raise InvalidArgumentValueError(
-            'Fails to retrieve workspace by {}'.format(workspace_name))
-
-    shared_keys = log_analytics_client.shared_keys.get_shared_keys(
-        workspace_rg_name, workspace_name)
-    if not shared_keys:
-        raise InvalidArgumentValueError('Fails to retrieve shared key for workspace {}'.format(
-            log_analytics_workspace))
+            'Failed to retrieve workspace by {}'.format(workspace_name))
+
+    # workspace key not used in case of AAD MSI auth
+    configuration_protected_settings['omsagent.secret.key'] = "<not_used>"
+    if not useAADAuth:
+        shared_keys = log_analytics_client.shared_keys.get_shared_keys(
+            workspace_rg_name, workspace_name)
+        if not shared_keys:
+            raise InvalidArgumentValueError('Failed to retrieve shared key for workspace {}'.format(
+                log_analytics_workspace))
+        configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key
     configuration_protected_settings['omsagent.secret.wsid'] = log_analytics_workspace.customer_id
     configuration_settings['logAnalyticsWorkspaceResourceID'] = workspace_resource_id
-    configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key
+
     # set the domain for the ci agent for non azure public clouds
     cloud_name = cmd.cli_ctx.cloud.name
     if cloud_name.lower() == 'azurechinacloud':
@@ -562,6 +566,9 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_
     try:
         resource = resources.get_by_id(workspace_resource_id, '2015-11-01-preview')
         workspace_region = resource.location
+        # location can have spaces for example 'East US'
+        # and some workspaces it will be "eastus" hence remove the spaces and converting lowercase
+        workspace_region = workspace_region.replace(" ", "").lower()
     except HttpResponseError as ex:
         raise ex