Address PR feedback

elsesiy · elsesiy · commit 67ff8695dbb8 · 2020-08-10T22:41:43.000-07:00
diff --git a/README.md b/README.md
@@ -25,14 +25,16 @@ And then execute:
     <match pattern>
       type azure-storage-append-blob
 
-      azure_storage_account    <your azure storage account>
-      azure_storage_access_key <your azure storage access key> # leave empty to use MSI
-      azure_storage_sas_token  <your azure storage sas token> # leave empty to use MSI
-      azure_container          <your azure storage container>
-      auto_create_container    true
-      path                     logs/
-      azure_object_key_format  %{path}%{time_slice}_%{index}.log
-      time_slice_format        %Y%m%d-%H
+      azure_storage_account             <your azure storage account>
+      azure_storage_access_key          <your azure storage access key> # leave empty to use MSI
+      azure_storage_sas_token           <your azure storage sas token> # leave empty to use MSI
+      azure_imds_api_version            <Azure Instance Metadata Service API Version> # only used for MSI
+      azure_token_refresh_interval      <refresh interval in min> # only used for MSI
+      azure_container                   <your azure storage container>
+      auto_create_container             true
+      path                              logs/
+      azure_object_key_format           %{path}%{time_slice}_%{index}.log
+      time_slice_format                 %Y%m%d-%H
       # if you want to use %{tag} or %Y/%m/%d/ like syntax in path / azure_blob_name_format,
       # need to specify tag for %{tag} and time for %Y/%m/%d in <buffer> argument.
       <buffer tag,time>
@@ -55,7 +57,21 @@ This also can be retrieved from Azure Management portal.
 
 If both are empty, the plugin will use the local Managed Identity endpoint to obtain a token for the target storage account.
 
-### azure_container (Required)
+### `azure_imds_api_version` (Optional, only for MSI)
+
+Default: 2019-08-15
+
+The Instance Metadata Service is used during the OAuth flow to obtain an access token. This API is versioned and specifying the version is mandatory.
+
+See [here](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/instance-metadata-service#versioning) for more details.
+
+### `azure_token_refresh_interval` (Optional, only for MSI)
+
+Default: 60 (1 hour)
+
+When using MSI, the initial access token needs to be refreshed periodically.
+
+### `azure_container` (Required)
 
 Azure Storage Container name
 
diff --git a/lib/fluent/plugin/out_azure-storage-append-blob.rb b/lib/fluent/plugin/out_azure-storage-append-blob.rb
@@ -24,6 +24,8 @@ class AzureStorageAppendBlobOut < Fluent::Plugin::Output
       config_param :azure_storage_access_key, :string, default: nil, secret: true
       config_param :azure_storage_sas_token, :string, default: nil, secret: true
       config_param :azure_container, :string, default: nil
+      config_param :azure_imds_api_version, :string, default: '2019-08-15'
+      config_param :azure_token_refresh_interval, :integer, default: 60
       config_param :use_msi, :bool, default: false
       config_param :azure_object_key_format, :string, default: '%{path}%{time_slice}-%{index}.log'
       config_param :auto_create_container, :bool, default: true
@@ -73,7 +75,7 @@ def multi_workers_ready?
 
       def get_access_token
         access_key_request = Faraday.new('http://169.254.169.254/metadata/identity/oauth2/token?' \
-                                         'api-version=2019-08-15' \
+                                         "api-version=#{@azure_imds_api_version}" \
                                          '&resource=https://storage.azure.com/',
                                          headers: { 'Metadata' => 'true' })
                                     .get
@@ -88,15 +90,13 @@ def start
           token_signer = Azure::Storage::Common::Core::Auth::TokenSigner.new token_credential
           @bs = Azure::Storage::Blob::BlobService.new(storage_account_name: @azure_storage_account, signer: token_signer)
 
-          # Refresh interval is 50 minutes
-          refresh_interval = 50 * 60
-          # The user-defined thread that renews the access token
+          refresh_interval = @azure_token_refresh_interval * 60
           cancelled = false
           renew_token = Thread.new do
             Thread.stop
             until cancelled
               sleep(refresh_interval)
-              # Update the access token to the credential
+
               token_credential.renew_token get_access_token
             end
           end
diff --git a/test/plugin/test_out_azure_storage_append_blob.rb b/test/plugin/test_out_azure_storage_append_blob.rb
@@ -19,6 +19,8 @@ class AzureStorageAppendBlobOutTest < Test::Unit::TestCase
   MSI_CONFIG = %(
     azure_storage_account test_storage_account
     azure_container test_container
+    azure_imds_api_version 1970-01-01
+    azure_token_refresh_interval 120
     time_slice_format        %Y%m%d-%H
     path log
   ).freeze
@@ -56,6 +58,8 @@ def create_driver(conf = CONFIG)
       assert_equal true, d.instance.use_msi
       assert_equal true, d.instance.auto_create_container
       assert_equal '%{path}%{time_slice}-%{index}.log', d.instance.azure_object_key_format
+      assert_equal 120, d.instance.azure_token_refresh_interval
+      assert_equal '1970-01-01', d.instance.azure_imds_api_version
     end
   end
 
