Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AzureDataExplorerExporter azure manage identity #33990

Closed
Ivalberto opened this issue Jul 9, 2024 · 4 comments
Closed

AzureDataExplorerExporter azure manage identity #33990

Ivalberto opened this issue Jul 9, 2024 · 4 comments
Labels
bug Something isn't working exporter/azuredataexplorer needs triage New item requiring triage

Comments

@Ivalberto
Copy link

Component(s)

exporter/azuredataexplorer

What happened?

Description

HI Guys, I trying to setup the azure data explorer exporter using manage identity , but always i recieving : identity isn't assignet to this resource, I already create a Manage Identity on azure, and adden as user assingned managed identity on the cluster, and give the permission also as AllDataBaseAdmin role

I this case Do I need to associate the MI to a Service Account similar to the process to use Workload identity in the cluster? or not ncesary ?

Thank in advance.

Steps to Reproduce

  • Create a managed identity on Azure ,
  • associate to azure data explorer
  • set manage identity on configuration file

Expected Result

  • Otel collector sending info to azure data explorer

Actual Result

  • Error accessing to azure data explorer : identity isn't assigned to this resource

Collector version

0.102

Environment information

Environment

OS: (e.g., "Ubuntu 20.04")
Compiler(if manually compiled): (e.g., "go 14.2")

OpenTelemetry Collector configuration

azuredataexplorer:
      # Kusto cluster uri
      cluster_uri: "https://xxxxxxxxx-cluster.eastus.kusto.windows.net"
      managed_identity_id: "xxxxxxxx-829e-4202-8621-xxxxxxxxxxxx"
      # Database for the logs
      db_name: "xxxxxx-adx-database"
      # Metric table name
      metrics_table_name: "metrics"

Log output

Op(OpMgmt): Kind(KInternal): Error while getting token : ManagedIdentityCredential authentication failed. ManagedIdentityCredential authentication failed. the requested identity isn't assigned to this resource\nGET http://x.x.x.x/metadata/identity/oauth2/token\n--------------------------------------------------------------------------------\nRESPONSE 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_request\",\n  \"error_description\": \"Identity not found\"\n}\n--------------------------------------------------------------------------------\nTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id\nGET http://x.x.x.x/metadata/identity/oauth2/token\n--------------------------------------------------------------------------------\nRESPONSE 400 Bad Request\n--------------------------------------------------------------------------------\n{\n  \"error\": \"invalid_request\",\n  \"error_description\": \"Identity not found\"\n}\n--------------------------------------------------------------------------------\nTo troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#managed-id"}

Additional context

No response

@Ivalberto Ivalberto added bug Something isn't working needs triage New item requiring triage labels Jul 9, 2024
Copy link
Contributor

github-actions bot commented Jul 9, 2024

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@Rafa-Hid
Copy link

Hi @Ivalberto we are running into this same issue. Were you able to find a fix or workaround to have an OTEL collector export to Azure data explorer?

@hgaol
Copy link
Contributor

hgaol commented Jul 28, 2024

Hi @Ivalberto and @Rafa-Hid , you may use the object id instead of the client id in the Kusto exporter configs. You can try with client id to see if the error still occurs. I've tested using it in Azure VM and it can send data to Kusto successfully.
image

@hgaol
Copy link
Contributor

hgaol commented Jul 30, 2024

BTW, make sure you've added the user managed identity in your resource. It's in Identity -> User Assigned -> add user MI

@Ivalberto Ivalberto closed this as not planned Won't fix, can't repro, duplicate, stale Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working exporter/azuredataexplorer needs triage New item requiring triage
Projects
None yet
Development

No branches or pull requests

3 participants