feat: Support filtering app registrations by tag

dodevops · Jul 26, 2024 · 5292d93 · 5292d93
1 parent d4c05c4
commit 5292d93
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -22,3 +22,11 @@ The service authenticates against Azure using [Environmental Credentials](https:
 - AZURE_CLIENT_SECRET: one of the service principal's client secrets
 
 The Service Principal should have at least API permission `Application.Read.All` (Graph & Active Directory)
+
+## Filtering for tags
+
+While it is not officially possible to tag app registrations, you can still open the manifest json in the
+Azure portal, manually change the "tags" property and save it.
+
+Use the FILTER_TAGS environment variable with a comma separated list of tags to only retrive the app
+registrations that have one of the given tags attached.
diff --git a/charts/azure-app-exporter/Chart.yaml b/charts/azure-app-exporter/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: azure-app-exporter
 description: Exposing Prometheus Metrics for Azure Service Principals
 type: application
-version: 0.3.1
-appVersion: "0.1.36"
+version: 0.4.0
+appVersion: "0.2.0"
 keywords:
   - azure
   - prometheus

diff --git a/charts/azure-app-exporter/templates/deployment.yaml b/charts/azure-app-exporter/templates/deployment.yaml
@@ -62,6 +62,10 @@ spec:
                 secretKeyRef:
                   name: {{ template "azure-app-exporter.secretName" . }}
                   key: azure-tenant-id
+            {{- if .Values.azure.tagsFilter }}
+            - name: FILTER_TAGS
+              value: {{ .Values.azure.tagsFilter | join "," | quote }}
+            {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/charts/azure-app-exporter/values.yaml b/charts/azure-app-exporter/values.yaml
@@ -10,6 +10,8 @@ azure:
     secret: "-unset-"
   # -- Your Azure Tenant Id
   tenant: "-unset-"
+  # -- a list of tags. Only the apps having one of the tags are returned
+  tagsFilter: []
 
 metrics:
   # -- Enable Prometheus metrics

diff --git a/src/services/azure_app_service.py b/src/services/azure_app_service.py
@@ -1,3 +1,4 @@
+import os
 from datetime import datetime
 from typing import List, Optional
 
@@ -33,7 +34,16 @@ async def get_all(self) -> List[AppRegistration]:
         result = await self.client.applications.get()
         apps = []
         while result is not None:
-            apps += [await self._map_app(a) for a in result.value]
+            for app in result.value:
+                found = True
+                if "FILTER_TAGS" in os.environ:
+                    found = False
+                    for tag in os.environ.get('FILTER_TAGS').split(','):
+                        if tag in app.tags:
+                            found = True
+                            break
+                if found:
+                    apps += [await self._map_app(app)]
             if result.odata_next_link is None:
                 break
             result = await self.client.applications.with_url(result.odata_next_link).get()