diff --git a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py index f2eeb3ff5be..0db8b5dbed8 100644 --- a/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py +++ b/src/k8s-extension/azext_k8s_extension/partner_extensions/ContainerInsights.py @@ -483,12 +483,12 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n raise InvalidArgumentValueError('{} is not a valid Azure resource ID.'.format(workspace_resource_id)) if is_ci_extension_type: - if not _is_container_insights_solution_exists(cmd, workspace_resource_id): - logger.info("creating containerinsights solution resource since it doesnt exist") - _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() if useAADAuth: logger.info("creating data collection rule and association") _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_resource_group_name, cluster_name, workspace_resource_id) + elif not _is_container_insights_solution_exists(cmd, workspace_resource_id): + logger.info("Creating ContainerInsights solution resource, since it doesn't exist and it is using legacy authentication") + _ensure_container_insights_for_monitoring(cmd, workspace_resource_id).result() # extract subscription ID and resource group from workspace_resource_id URL parsed = parse_resource_id(workspace_resource_id) @@ -499,16 +499,20 @@ def _get_container_insights_settings(cmd, cluster_resource_group_name, cluster_n log_analytics_workspace = log_analytics_client.workspaces.get(workspace_rg_name, workspace_name) if not log_analytics_workspace: raise InvalidArgumentValueError( - 'Fails to retrieve workspace by {}'.format(workspace_name)) - - shared_keys = log_analytics_client.shared_keys.get_shared_keys( - workspace_rg_name, workspace_name) - if not shared_keys: - raise InvalidArgumentValueError('Fails to retrieve shared key for workspace {}'.format( - log_analytics_workspace)) + 'Failed to retrieve workspace by {}'.format(workspace_name)) + + # workspace key not used in case of AAD MSI auth + configuration_protected_settings['omsagent.secret.key'] = "" + if not useAADAuth: + shared_keys = log_analytics_client.shared_keys.get_shared_keys( + workspace_rg_name, workspace_name) + if not shared_keys: + raise InvalidArgumentValueError('Failed to retrieve shared key for workspace {}'.format( + log_analytics_workspace)) + configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key configuration_protected_settings['omsagent.secret.wsid'] = log_analytics_workspace.customer_id configuration_settings['logAnalyticsWorkspaceResourceID'] = workspace_resource_id - configuration_protected_settings['omsagent.secret.key'] = shared_keys.primary_shared_key + # set the domain for the ci agent for non azure public clouds cloud_name = cmd.cli_ctx.cloud.name if cloud_name.lower() == 'azurechinacloud': @@ -562,6 +566,9 @@ def _ensure_container_insights_dcr_for_monitoring(cmd, subscription_id, cluster_ try: resource = resources.get_by_id(workspace_resource_id, '2015-11-01-preview') workspace_region = resource.location + # location can have spaces for example 'East US' + # and some workspaces it will be "eastus" hence remove the spaces and converting lowercase + workspace_region = workspace_region.replace(" ", "").lower() except HttpResponseError as ex: raise ex