Component(s)

exporter/azuredataexplorer

Is your feature request related to a problem? Please describe.

exporter/azuredataexplorerexporter does not currently have support for Azure WorkloadIdentity.

Applications running on Kubernetes cannot yet securely export to Azure Data Explorer with this exporter. They would have to use a client secret to use this exporter, as opposed to using a managed identity. WorkloadIdentity is basically just another form of managed identity that is specific to Kubernetes. For more information see

• https://learn.microsoft.com/en-us/azure/aks/workload-identity-overview
• https://azure.github.io/azure-workload-identity/docs/quick-start.html

Currently if you configure the exporter with managed_identity_id:system you don't get the correct behavior when hosted in Kubernetes, the exporter attempts to pull a token from Azure Instance Metadata Service (i.e. from 169.254.169.254) and there is no such service in Kubernetes, that would only be appropriate on an Azure hosted VM.

Describe the solution you'd like

One solution would be to add a new managed_identity_id=workloadidentity configuration and use Azure Kusto Go's ConnectionStringBuilder.WithKubernetesWorkloadIdentity when that option is present instead of the other connectionstring buildsers currently used to handle managed identities.

Describe alternatives you've considered

n/a

Additional context

I've forked this repository and created a branch with the proposed solution at https://github.com/mipnw/opentelemetry-collector-contrib/tree/feature/azuredataexplorer_workloadidentity