From c9ea9a2fad7781b5bffaf30946b07d5f90f3cba2 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 16:12:55 +0200 Subject: [PATCH 1/8] Add Open Telemetry --- code/function/fastapp/main.py | 3 ++- code/function/fastapp/utils.py | 21 +++++++++++++++++++++ code/function/requirements.txt | 2 ++ 3 files changed, 25 insertions(+), 1 deletion(-) diff --git a/code/function/fastapp/main.py b/code/function/fastapp/main.py index 488ef81..8834cfa 100644 --- a/code/function/fastapp/main.py +++ b/code/function/fastapp/main.py @@ -1,6 +1,7 @@ from fastapi import FastAPI from fastapp.api.v1.api_v1 import api_v1_router from fastapp.core.config import settings +from fastapp.utils import setup_tracer def get_app() -> FastAPI: @@ -24,7 +25,7 @@ def get_app() -> FastAPI: @app.on_event("startup") async def startup_event(): """Gracefully start the application before the server reports readiness.""" - pass + setup_tracer(app=app) @app.on_event("shutdown") diff --git a/code/function/fastapp/utils.py b/code/function/fastapp/utils.py index d140f1a..eb1ccbd 100644 --- a/code/function/fastapp/utils.py +++ b/code/function/fastapp/utils.py @@ -1,7 +1,13 @@ import logging from logging import Logger +from azure.monitor.opentelemetry.exporter import AzureMonitorTraceExporter +from fastapi import FastAPI from fastapp.core.config import settings +from opentelemetry.instrumentation.fastapi import FastAPIInstrumentor +from opentelemetry.sdk.resources import SERVICE_NAME, Resource +from opentelemetry.sdk.trace import TracerProvider +from opentelemetry.sdk.trace.export import BatchSpanProcessor def setup_logging(module) -> Logger: @@ -20,3 +26,18 @@ def setup_logging(module) -> Logger: ) logger.addHandler(logger_stream_handler) return logger + + +def setup_tracer(app: FastAPI): + """Setup tracer for Open Telemetry. + + app (FastAPI): The app to be instrumented by Open Telemetry. + RETURNS (None): Nothing is being returned. + """ + if settings.APPLICATIONINSIGHTS_CONNECTION_STRING: + exporter = AzureMonitorTraceExporter.from_connection_string( + settings.APPLICATIONINSIGHTS_CONNECTION_STRING + ) + tracer = TracerProvider(resource=Resource({SERVICE_NAME: "api"})) + tracer.add_span_processor(BatchSpanProcessor(exporter)) + FastAPIInstrumentor.instrument_app(app, tracer_provider=tracer) diff --git a/code/function/requirements.txt b/code/function/requirements.txt index e380e21..87d46b2 100644 --- a/code/function/requirements.txt +++ b/code/function/requirements.txt @@ -5,3 +5,5 @@ azure-functions~=1.14.0 fastapi~=0.96.1 aiohttp~=3.8.4 +opentelemetry-instrumentation-fastapi==0.39b0 +azure-monitor-opentelemetry-exporter==1.0.0b14 From 72ddda915bc74bc000c98899dda8308f70a101a8 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 17:11:05 +0200 Subject: [PATCH 2/8] Enable local auth --- code/infra/logging.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/code/infra/logging.tf b/code/infra/logging.tf index f3b6637..209e890 100644 --- a/code/infra/logging.tf +++ b/code/infra/logging.tf @@ -10,7 +10,7 @@ resource "azurerm_application_insights" "application_insights" { force_customer_storage_for_profiler = false internet_ingestion_enabled = true internet_query_enabled = true - local_authentication_disabled = true + local_authentication_disabled = false retention_in_days = 90 sampling_percentage = 100 workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id From 2519fca33c200cdb5e2e2368ba88a049ce345209 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 17:35:23 +0200 Subject: [PATCH 3/8] Add aujtentcation for logging --- code/function/fastapp/utils.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/code/function/fastapp/utils.py b/code/function/fastapp/utils.py index eb1ccbd..bd28084 100644 --- a/code/function/fastapp/utils.py +++ b/code/function/fastapp/utils.py @@ -1,6 +1,7 @@ import logging from logging import Logger +from azure.identity import DefaultAzureCredential from azure.monitor.opentelemetry.exporter import AzureMonitorTraceExporter from fastapi import FastAPI from fastapp.core.config import settings @@ -35,8 +36,10 @@ def setup_tracer(app: FastAPI): RETURNS (None): Nothing is being returned. """ if settings.APPLICATIONINSIGHTS_CONNECTION_STRING: + credential = DefaultAzureCredential() exporter = AzureMonitorTraceExporter.from_connection_string( - settings.APPLICATIONINSIGHTS_CONNECTION_STRING + settings.APPLICATIONINSIGHTS_CONNECTION_STRING, + credential=credential ) tracer = TracerProvider(resource=Resource({SERVICE_NAME: "api"})) tracer.add_span_processor(BatchSpanProcessor(exporter)) From 32786755b4215f686cb82ffd3242f884b25043a2 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 17:35:36 +0200 Subject: [PATCH 4/8] Add role assignments for app insights --- .github/workflows/terraform.yml | 2 +- code/infra/logging.tf | 2 +- code/infra/roleassignments.tf | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index e1618dc..0361717 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -40,7 +40,7 @@ jobs: uses: ./.github/workflows/_terraformApplyTemplate.yml name: "Terraform Apply" needs: [terraform_plan_dev] - if: github.event_name == 'push' || github.event_name == 'release' + # if: github.event_name == 'push' || github.event_name == 'release' with: environment: "dev" terraform_version: "1.4.6" diff --git a/code/infra/logging.tf b/code/infra/logging.tf index 209e890..f3b6637 100644 --- a/code/infra/logging.tf +++ b/code/infra/logging.tf @@ -10,7 +10,7 @@ resource "azurerm_application_insights" "application_insights" { force_customer_storage_for_profiler = false internet_ingestion_enabled = true internet_query_enabled = true - local_authentication_disabled = false + local_authentication_disabled = true retention_in_days = 90 sampling_percentage = 100 workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id diff --git a/code/infra/roleassignments.tf b/code/infra/roleassignments.tf index 86d553b..b2f3ce5 100644 --- a/code/infra/roleassignments.tf +++ b/code/infra/roleassignments.tf @@ -9,3 +9,9 @@ resource "azurerm_role_assignment" "function_role_assignment_key_vault" { role_definition_name = "Key Vault Secrets User" principal_id = azapi_resource.function.identity[0].principal_id } + +resource "azurerm_role_assignment" "function_role_assignment_application_insights" { + scope = azurerm_application_insights.application_insights.id + role_definition_name = "Monitoring Metrics Publisher" + principal_id = azapi_resource.function.identity[0].principal_id +} From 1e0795ff9f7e9f368785080281905e75d2dd0b0b Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 17:42:24 +0200 Subject: [PATCH 5/8] Add azure identity lib --- code/function/fastapp/utils.py | 3 +-- code/function/requirements.txt | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/code/function/fastapp/utils.py b/code/function/fastapp/utils.py index bd28084..6445a39 100644 --- a/code/function/fastapp/utils.py +++ b/code/function/fastapp/utils.py @@ -38,8 +38,7 @@ def setup_tracer(app: FastAPI): if settings.APPLICATIONINSIGHTS_CONNECTION_STRING: credential = DefaultAzureCredential() exporter = AzureMonitorTraceExporter.from_connection_string( - settings.APPLICATIONINSIGHTS_CONNECTION_STRING, - credential=credential + settings.APPLICATIONINSIGHTS_CONNECTION_STRING, credential=credential ) tracer = TracerProvider(resource=Resource({SERVICE_NAME: "api"})) tracer.add_span_processor(BatchSpanProcessor(exporter)) diff --git a/code/function/requirements.txt b/code/function/requirements.txt index 87d46b2..c598b19 100644 --- a/code/function/requirements.txt +++ b/code/function/requirements.txt @@ -2,6 +2,7 @@ # The Python Worker is managed by Azure Functions platform # Manually managing azure-functions-worker may cause unexpected issues +azure-identity~=1.13.0 azure-functions~=1.14.0 fastapi~=0.96.1 aiohttp~=3.8.4 From 6b23711c72e666113d2155557fcd6dd5a1a0f952 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 18:01:50 +0200 Subject: [PATCH 6/8] Used managed identity credential --- code/function/fastapp/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/code/function/fastapp/utils.py b/code/function/fastapp/utils.py index 6445a39..87495fd 100644 --- a/code/function/fastapp/utils.py +++ b/code/function/fastapp/utils.py @@ -1,7 +1,7 @@ import logging from logging import Logger -from azure.identity import DefaultAzureCredential +from azure.identity import ManagedIdentityCredential from azure.monitor.opentelemetry.exporter import AzureMonitorTraceExporter from fastapi import FastAPI from fastapp.core.config import settings @@ -36,7 +36,7 @@ def setup_tracer(app: FastAPI): RETURNS (None): Nothing is being returned. """ if settings.APPLICATIONINSIGHTS_CONNECTION_STRING: - credential = DefaultAzureCredential() + credential = ManagedIdentityCredential() exporter = AzureMonitorTraceExporter.from_connection_string( settings.APPLICATIONINSIGHTS_CONNECTION_STRING, credential=credential ) From b4210bb86f07df4f1a25f09df60a373500c424e5 Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 18:10:52 +0200 Subject: [PATCH 7/8] Remove app insights aad auth --- code/function/fastapp/utils.py | 7 ++++--- code/function/requirements.txt | 2 +- code/infra/logging.tf | 2 +- code/infra/roleassignments.tf | 10 +++++----- 4 files changed, 11 insertions(+), 10 deletions(-) diff --git a/code/function/fastapp/utils.py b/code/function/fastapp/utils.py index 87495fd..dba9aa4 100644 --- a/code/function/fastapp/utils.py +++ b/code/function/fastapp/utils.py @@ -1,7 +1,7 @@ import logging from logging import Logger -from azure.identity import ManagedIdentityCredential +# from azure.identity import ManagedIdentityCredential from azure.monitor.opentelemetry.exporter import AzureMonitorTraceExporter from fastapi import FastAPI from fastapp.core.config import settings @@ -36,9 +36,10 @@ def setup_tracer(app: FastAPI): RETURNS (None): Nothing is being returned. """ if settings.APPLICATIONINSIGHTS_CONNECTION_STRING: - credential = ManagedIdentityCredential() + # credential = ManagedIdentityCredential() exporter = AzureMonitorTraceExporter.from_connection_string( - settings.APPLICATIONINSIGHTS_CONNECTION_STRING, credential=credential + settings.APPLICATIONINSIGHTS_CONNECTION_STRING, + # credential=credential ) tracer = TracerProvider(resource=Resource({SERVICE_NAME: "api"})) tracer.add_span_processor(BatchSpanProcessor(exporter)) diff --git a/code/function/requirements.txt b/code/function/requirements.txt index c598b19..25a209e 100644 --- a/code/function/requirements.txt +++ b/code/function/requirements.txt @@ -2,7 +2,7 @@ # The Python Worker is managed by Azure Functions platform # Manually managing azure-functions-worker may cause unexpected issues -azure-identity~=1.13.0 +# azure-identity~=1.13.0 azure-functions~=1.14.0 fastapi~=0.96.1 aiohttp~=3.8.4 diff --git a/code/infra/logging.tf b/code/infra/logging.tf index f3b6637..209e890 100644 --- a/code/infra/logging.tf +++ b/code/infra/logging.tf @@ -10,7 +10,7 @@ resource "azurerm_application_insights" "application_insights" { force_customer_storage_for_profiler = false internet_ingestion_enabled = true internet_query_enabled = true - local_authentication_disabled = true + local_authentication_disabled = false retention_in_days = 90 sampling_percentage = 100 workspace_id = azurerm_log_analytics_workspace.log_analytics_workspace.id diff --git a/code/infra/roleassignments.tf b/code/infra/roleassignments.tf index b2f3ce5..cbe287d 100644 --- a/code/infra/roleassignments.tf +++ b/code/infra/roleassignments.tf @@ -10,8 +10,8 @@ resource "azurerm_role_assignment" "function_role_assignment_key_vault" { principal_id = azapi_resource.function.identity[0].principal_id } -resource "azurerm_role_assignment" "function_role_assignment_application_insights" { - scope = azurerm_application_insights.application_insights.id - role_definition_name = "Monitoring Metrics Publisher" - principal_id = azapi_resource.function.identity[0].principal_id -} +# resource "azurerm_role_assignment" "function_role_assignment_application_insights" { +# scope = azurerm_application_insights.application_insights.id +# role_definition_name = "Monitoring Metrics Publisher" +# principal_id = azapi_resource.function.identity[0].principal_id +# } From 4559f16599e2686ca3b6d58d4e8b1721c1c9436d Mon Sep 17 00:00:00 2001 From: Marvin Buss Date: Wed, 14 Jun 2023 18:18:08 +0200 Subject: [PATCH 8/8] Add deployment conditions back in --- .github/workflows/functionApp.yml | 2 +- .github/workflows/terraform.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/functionApp.yml b/.github/workflows/functionApp.yml index db7f0ca..f03355b 100644 --- a/.github/workflows/functionApp.yml +++ b/.github/workflows/functionApp.yml @@ -26,7 +26,7 @@ jobs: uses: ./.github/workflows/_functionAppDeployTemplate.yml name: "Function App Deploy" needs: [function_test] - # if: github.event_name == 'push' || github.event_name == 'release' + if: github.event_name == 'push' || github.event_name == 'release' with: environment: "dev" python_version: "3.10" diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml index 0361717..e1618dc 100644 --- a/.github/workflows/terraform.yml +++ b/.github/workflows/terraform.yml @@ -40,7 +40,7 @@ jobs: uses: ./.github/workflows/_terraformApplyTemplate.yml name: "Terraform Apply" needs: [terraform_plan_dev] - # if: github.event_name == 'push' || github.event_name == 'release' + if: github.event_name == 'push' || github.event_name == 'release' with: environment: "dev" terraform_version: "1.4.6"