LOG-7261: Implement AzureLogIngestion output in CLO

[Clee2691]

Description

This PR adds a new azureLogsIngestion output type that sends logs to Azure Monitor via the Logs Ingestion API.
The AzureMonitor output is deprecated and will be removed in a future release. Microsoft will retire the Data Collecter API in September 2026.

What's new:

• Output type AzureLogsIngestion with required DCR immutable ID, stream name, and URL, plus optional token scope, timestamp field, and tuning
• Two auth modes: clientSecret - long lived credentials and workloadIdentity - short lived tokens
• Functional tests using a Mockoon mock server (mocks both the OAuth2 token endpoint and the DCR ingestion
  endpoint over TLS)
• Refactored Azure test helpers into a shared test/helpers/azure/ package used by both azureMonitor and
  azureLogsIngestion
• Add deprecation API comment to AzureMonitor output

/cc @cahartma @vparfonov
/assign @jcantrill

Links

• JIRA: https://issues.redhat.com/browse/LOG-7261
• Enhancement proposal: https://github.com/openshift/enhancements/blob/master/enhancements/cluster-logging/workload-identity-auth-for-azure-monitor-logs.md

[Clee2691]

/test all

[openshift-ci-robot]

@Clee2691: This pull request references LOG-7261 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.8.0" version, but no target version was set.

Details

In response to this:

Description

This PR adds a new azureLogsIngestion output type that sends logs to Azure Monitor via the Logs Ingestion API.
The AzureMonitor output is deprecated and will be removed in a future release. Microsoft will retire the Data Collecter API in September 2026.

What's new:

• Output type AzureLogsIngestion with required DCR immutable ID, stream name, and URL, plus optional token scope, timestamp field, and tuning
• Two auth modes: clientSecret - long lived credentials and workloadIdentity - short lived tokens
• Functional tests using a Mockoon mock server (mocks both the OAuth2 token endpoint and the DCR ingestion
  endpoint over TLS)
• Refactored Azure test helpers into a shared test/helpers/azure/ package used by both azureMonitor and
  azureLogsIngestion
• Add deprecation API comment to AzureMonitor output

/cc @cahartma @vparfonov
/assign @jcantrill

Links

• JIRA: https://issues.redhat.com/browse/LOG-7261
• Enhancement proposal: https://github.com/openshift/enhancements/blob/master/enhancements/cluster-logging/workload-identity-auth-for-azure-monitor-logs.md

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[jcantrill]

Do we have any concerns this may get out of sync? Should we exclude it in favor of our reference doc?

[Clee2691]

What do you mean by reference doc? The API docs?

I think we should keep this as there is some background on the different API's (data collector, logs ingestion). This can be used to expand your below comment.

[jcantrill]

should we further expand that MS is dropping support Sept. 2026?

[Clee2691]

I think this is a good general statement and the doc created can shed more light into the change.

I also do think that someone who is forwarding to Azure now will (should) know about the removal of the data collector API as when they go to set it up, there are many warnings about it in their docs

[jcantrill]

Can these be replaced by "BaseSink"?

[Clee2691]

I was looking to see if I could BUT this sink does NOT support compression.

[jcantrill]

Do we know if the vector TLS config for azure supports the cipher and other profile change? Is it the same config as the other sinks?

[Clee2691]

Yes this is similar to other sinks and is valid.

See:https://vector.dev/docs/reference/configuration/sinks/azure_logs_ingestion/#tls

[jcantrill]

shouldnt need this at all with the new api changes

[jcantrill]

does this need to be public?

[jcantrill]

/hold
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Clee2691, jcantrill

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [jcantrill]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@Clee2691: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/functional-target	b69a8e3	link	true	/test functional-target
ci/prow/e2e-target	b69a8e3	link	true	/test e2e-target

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.