From 7aff63aa406a32924cf11d7325566bce252b4df9 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 02:01:56 -0700
Subject: [PATCH 1/7] add private link support for windows agent in msi auth

---
 .../plugins/go/src/ingestion_token_utils.go   | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index c96685042..2a7f3c484 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -27,6 +27,7 @@ var ChannelId string
 
 var IngestionAuthToken string
 var IngestionAuthTokenExpiration int64
+var AmcsEndpointHOST string = "global"
 
 type IMDSResponse struct {
 	AccessToken  string `json:"access_token"`
@@ -222,7 +223,8 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 	resourceId := os.Getenv("AKS_RESOURCE_ID")
 	resourceRegion := os.Getenv("AKS_REGION")
 	mcsEndpoint := os.Getenv("MCS_ENDPOINT")
-	amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?platform=%s&api-version=%s", resourceRegion, mcsEndpoint, resourceId, osType, AMCSAgentConfigAPIVersion)
+	amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+
 	amcs_endpoint, err = url.Parse(amcs_endpoint_string)
 	if err != nil {
 		Log("getAgentConfiguration: Error creating AMCS endpoint URL: %s", err.Error())
@@ -244,6 +246,31 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 	for retryCount := 0; retryCount < MaxRetries; retryCount++ {
 		resp, err = HTTPClient.Do(req)
 		if err != nil {
+		    if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
+				agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
+				if agentConfigEndpoint != "" {
+					endpoint, err := url.Parse(agentConfigEndpoint)
+					if err != nil {
+						message := fmt.Sprintf("getAgentConfiguration: Error Parsing value of x-ms-agent-config-endpoint: %s", err.Error())
+			            Log(message)
+			            SendException(message)
+					} else {
+						AmcsEndpointHOST = strings.Split(endpoint.Host, ".")[0]
+						// reconstruct request with redirected endpoint
+						var err error
+						redirected_amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+						var bearer = "Bearer " + imdsAccessToken
+						req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
+						if err != nil {
+							message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
+							Log(message)
+							return configurationId, channelId, err
+						}
+						req.Header.Set("Authorization", bearer)
+						continue
+					}
+				}
+			}
 			message := fmt.Sprintf("getAgentConfiguration: Error calling AMCS endpoint: %s", err.Error())
 			Log(message)
 			SendException(message)

From c97aca82d2036f333954035dd427850ea71d6cb4 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 14:32:08 -0700
Subject: [PATCH 2/7] remove Microsoft-KubeHealth

---
 scripts/dcr-onboarding/ci-extension-dcr.json     | 16 +++++++---------
 .../existingClusterOnboarding.json               |  2 --
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/scripts/dcr-onboarding/ci-extension-dcr.json b/scripts/dcr-onboarding/ci-extension-dcr.json
index f3fbec79b..6b6339de9 100644
--- a/scripts/dcr-onboarding/ci-extension-dcr.json
+++ b/scripts/dcr-onboarding/ci-extension-dcr.json
@@ -1,7 +1,7 @@
 {
     "location": "<workspace-region>",
     "properties": {
-      "dataSources": {       
+      "dataSources": {
           "extensions": [
               {
                   "name": "ContainerInsightsExtension",
@@ -9,22 +9,21 @@
                       "Microsoft-Perf",
                       "Microsoft-ContainerInventory",
                       "Microsoft-ContainerLog",
-                      "Microsoft-ContainerLogV2",                                                                                      
+                      "Microsoft-ContainerLogV2",
                       "Microsoft-ContainerNodeInventory",
                       "Microsoft-KubeEvents",
-                      "Microsoft-KubeHealth",
                       "Microsoft-KubeMonAgentEvents",
                       "Microsoft-KubeNodeInventory",
                       "Microsoft-KubePodInventory",
                       "Microsoft-KubePVInventory",
                       "Microsoft-KubeServices",
-                      "Microsoft-InsightsMetrics"                    
+                      "Microsoft-InsightsMetrics"
 
                   ],
                   "extensionName": "ContainerInsights"
               }
           ]
-      }, 
+      },
       "destinations": {
         "logAnalytics": [
           {
@@ -38,17 +37,16 @@
           "streams": [
             "Microsoft-Perf",
             "Microsoft-ContainerInventory",
-            "Microsoft-ContainerLog",    
-            "Microsoft-ContainerLogV2",                                                                                                     
+            "Microsoft-ContainerLog",
+            "Microsoft-ContainerLogV2",
             "Microsoft-ContainerNodeInventory",
             "Microsoft-KubeEvents",
-            "Microsoft-KubeHealth",
             "Microsoft-KubeMonAgentEvents",
             "Microsoft-KubeNodeInventory",
             "Microsoft-KubePodInventory",
             "Microsoft-KubePVInventory",
             "Microsoft-KubeServices",
-            "Microsoft-InsightsMetrics"                
+            "Microsoft-InsightsMetrics"
           ],
           "destinations": [
             "ciworkspace"
diff --git a/scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json b/scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json
index d5b613537..28996f4a1 100644
--- a/scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json
+++ b/scripts/onboarding/aks/onboarding-using-msi-auth/existingClusterOnboarding.json
@@ -84,7 +84,6 @@
                                             "Microsoft-ContainerLogV2",
                                             "Microsoft-ContainerNodeInventory",
                                             "Microsoft-KubeEvents",
-                                            "Microsoft-KubeHealth",
                                             "Microsoft-KubeMonAgentEvents",
                                             "Microsoft-KubeNodeInventory",
                                             "Microsoft-KubePodInventory",
@@ -113,7 +112,6 @@
                                         "Microsoft-ContainerLogV2",
                                         "Microsoft-ContainerNodeInventory",
                                         "Microsoft-KubeEvents",
-                                        "Microsoft-KubeHealth",
                                         "Microsoft-KubeMonAgentEvents",
                                         "Microsoft-KubeNodeInventory",
                                         "Microsoft-KubePodInventory",

From c6b3d893220c66750dbf9495a036f91565abeb49 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 16:05:04 -0700
Subject: [PATCH 3/7] add private link support for windows msi

---
 .../plugins/go/src/ingestion_token_utils.go   | 50 +++++++++----------
 1 file changed, 25 insertions(+), 25 deletions(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index 2a7f3c484..c01e622f4 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -246,31 +246,6 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 	for retryCount := 0; retryCount < MaxRetries; retryCount++ {
 		resp, err = HTTPClient.Do(req)
 		if err != nil {
-		    if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
-				agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
-				if agentConfigEndpoint != "" {
-					endpoint, err := url.Parse(agentConfigEndpoint)
-					if err != nil {
-						message := fmt.Sprintf("getAgentConfiguration: Error Parsing value of x-ms-agent-config-endpoint: %s", err.Error())
-			            Log(message)
-			            SendException(message)
-					} else {
-						AmcsEndpointHOST = strings.Split(endpoint.Host, ".")[0]
-						// reconstruct request with redirected endpoint
-						var err error
-						redirected_amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
-						var bearer = "Bearer " + imdsAccessToken
-						req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
-						if err != nil {
-							message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
-							Log(message)
-							return configurationId, channelId, err
-						}
-						req.Header.Set("Authorization", bearer)
-						continue
-					}
-				}
-			}
 			message := fmt.Sprintf("getAgentConfiguration: Error calling AMCS endpoint: %s", err.Error())
 			Log(message)
 			SendException(message)
@@ -280,6 +255,31 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 			defer resp.Body.Close()
 	    }
 		Log("getAgentConfiguration Response Status: %d", resp.StatusCode)
+		if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
+			agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
+			if agentConfigEndpoint != "" {
+				endpoint, err := url.Parse(agentConfigEndpoint)
+				if err != nil {
+					message := fmt.Sprintf("getAgentConfiguration: Error Parsing value of x-ms-agent-config-endpoint: %s", err.Error())
+					Log(message)
+					SendException(message)
+				} else {
+					AmcsEndpointHOST = strings.Split(endpoint.Host, ".")[0]
+					// reconstruct request with redirected endpoint
+					var err error
+					redirected_amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+					var bearer = "Bearer " + imdsAccessToken
+					req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
+					if err != nil {
+						message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
+						Log(message)
+						return configurationId, channelId, err
+					}
+					req.Header.Set("Authorization", bearer)
+					continue
+				}
+			}
+		}
 		if IsRetriableError(resp.StatusCode) {
 			message := fmt.Sprintf("getAgentConfiguration: Request failed with an error code: %d, retryCount: %d", resp.StatusCode, retryCount)
 			Log(message)

From ae999cb5e615cb02be35ed944c795a461d1a4c30 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 17:04:07 -0700
Subject: [PATCH 4/7] fix bug

---
 source/plugins/go/src/ingestion_token_utils.go | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index c01e622f4..bab7385e8 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -27,7 +27,7 @@ var ChannelId string
 
 var IngestionAuthToken string
 var IngestionAuthTokenExpiration int64
-var AmcsEndpointHOST string = "global"
+var AMCSRedirectedEndpoint string = ""
 
 type IMDSResponse struct {
 	AccessToken  string `json:"access_token"`
@@ -219,11 +219,17 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 	configurationId = ""
 	channelId = ""
 	var amcs_endpoint *url.URL
+	var AmcsEndpoint string
 	osType := os.Getenv("OS_TYPE")
 	resourceId := os.Getenv("AKS_RESOURCE_ID")
 	resourceRegion := os.Getenv("AKS_REGION")
 	mcsEndpoint := os.Getenv("MCS_ENDPOINT")
-	amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+
+	AmcsEndpoint = fmt.Sprintf("https://global.handler.control.%s", mcsEndpoint)
+	if AMCSRedirectedEndpoint != "" {
+		AmcsEndpoint = AMCSRedirectedEndpoint
+	}
+	amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
 
 	amcs_endpoint, err = url.Parse(amcs_endpoint_string)
 	if err != nil {
@@ -264,10 +270,10 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 					Log(message)
 					SendException(message)
 				} else {
-					AmcsEndpointHOST = strings.Split(endpoint.Host, ".")[0]
+					AMCSRedirectedEndpoint = endpoint.String()
 					// reconstruct request with redirected endpoint
 					var err error
-					redirected_amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpointHOST, mcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+					redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
 					var bearer = "Bearer " + imdsAccessToken
 					req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
 					if err != nil {

From ec1f9391e45de6f7bc908421d0e18782368cff4c Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 17:19:19 -0700
Subject: [PATCH 5/7] fix bug

---
 .../plugins/go/src/ingestion_token_utils.go   | 28 ++++++++-----------
 1 file changed, 11 insertions(+), 17 deletions(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index bab7385e8..31834fe0c 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -263,27 +263,21 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 		Log("getAgentConfiguration Response Status: %d", resp.StatusCode)
 		if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
 			agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
+			Log("getAgentConfiguration x-ms-agent-config-endpoint: %s", agentConfigEndpoint)
 			if agentConfigEndpoint != "" {
-				endpoint, err := url.Parse(agentConfigEndpoint)
+				AMCSRedirectedEndpoint = agentConfigEndpoint
+				// reconstruct request with redirected endpoint
+				var err error
+				redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+				var bearer = "Bearer " + imdsAccessToken
+				req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
 				if err != nil {
-					message := fmt.Sprintf("getAgentConfiguration: Error Parsing value of x-ms-agent-config-endpoint: %s", err.Error())
+					message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
 					Log(message)
-					SendException(message)
-				} else {
-					AMCSRedirectedEndpoint = endpoint.String()
-					// reconstruct request with redirected endpoint
-					var err error
-					redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
-					var bearer = "Bearer " + imdsAccessToken
-					req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
-					if err != nil {
-						message := fmt.Sprintf("getAgentConfiguration: Error creating HTTP request for AMCS endpoint: %s", err.Error())
-						Log(message)
-						return configurationId, channelId, err
-					}
-					req.Header.Set("Authorization", bearer)
-					continue
+					return configurationId, channelId, err
 				}
+				req.Header.Set("Authorization", bearer)
+				continue
 			}
 		}
 		if IsRetriableError(resp.StatusCode) {

From dc8a9292b9d527d015d3cdcc140f22ee98b9328b Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 17:22:37 -0700
Subject: [PATCH 6/7] fix bug

---
 source/plugins/go/src/ingestion_token_utils.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index 31834fe0c..32a2a4743 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -268,7 +268,7 @@ func getAgentConfiguration(imdsAccessToken string) (configurationId string, chan
 				AMCSRedirectedEndpoint = agentConfigEndpoint
 				// reconstruct request with redirected endpoint
 				var err error
-				redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
+				redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations?operatingLocation=%s&platform=%s&api-version=%s", AMCSRedirectedEndpoint, resourceId, resourceRegion, osType, AMCSAgentConfigAPIVersion)
 				var bearer = "Bearer " + imdsAccessToken
 				req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
 				if err != nil {

From 9b52a9ac27467c2f264da807e4820231582f98b3 Mon Sep 17 00:00:00 2001
From: Ganga Mahesh Siddem <gangams@microsoft.com>
Date: Fri, 18 Mar 2022 17:47:41 -0700
Subject: [PATCH 7/7] fix bug

---
 .../plugins/go/src/ingestion_token_utils.go   | 28 ++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/source/plugins/go/src/ingestion_token_utils.go b/source/plugins/go/src/ingestion_token_utils.go
index 32a2a4743..896930005 100644
--- a/source/plugins/go/src/ingestion_token_utils.go
+++ b/source/plugins/go/src/ingestion_token_utils.go
@@ -353,11 +353,18 @@ func getIngestionAuthToken(imdsAccessToken string, configurationId string, chann
 	ingestionAuthToken = ""
 	refreshInterval = 0
 	var amcs_endpoint *url.URL
+	var AmcsEndpoint string
 	osType := os.Getenv("OS_TYPE")
 	resourceId := os.Getenv("AKS_RESOURCE_ID")
 	resourceRegion := os.Getenv("AKS_REGION")
 	mcsEndpoint := os.Getenv("MCS_ENDPOINT")
-	amcs_endpoint_string := fmt.Sprintf("https://%s.handler.control.%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?platform=%s&api-version=%s", resourceRegion, mcsEndpoint, resourceId, configurationId, channelId, osType, AMCSIngestionTokenAPIVersion)
+
+	AmcsEndpoint = fmt.Sprintf("https://global.handler.control.%s", mcsEndpoint)
+	if AMCSRedirectedEndpoint != "" {
+		AmcsEndpoint = AMCSRedirectedEndpoint
+	}
+
+	amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?operatingLocation=%s&platform=%s&api-version=%s", AmcsEndpoint, resourceId, configurationId, channelId, resourceRegion, osType, AMCSIngestionTokenAPIVersion)
 	amcs_endpoint, err = url.Parse(amcs_endpoint_string)
 	if err != nil {
 		Log("getIngestionAuthToken: Error creating AMCS endpoint URL: %s", err.Error())
@@ -393,6 +400,25 @@ func getIngestionAuthToken(imdsAccessToken string, configurationId string, chann
 	    }
 
 		Log("getIngestionAuthToken Response Status: %d", resp.StatusCode)
+		if resp.StatusCode == 421 { // AMCS returns redirected endpoint incase of private link
+			agentConfigEndpoint := resp.Header.Get("x-ms-agent-config-endpoint")
+			Log("getIngestionAuthToken x-ms-agent-config-endpoint: %s", agentConfigEndpoint)
+			if agentConfigEndpoint != "" {
+				AMCSRedirectedEndpoint = agentConfigEndpoint
+				// reconstruct request with redirected endpoint
+				var err error
+				redirected_amcs_endpoint_string := fmt.Sprintf("%s%s/agentConfigurations/%s/channels/%s/issueIngestionToken?operatingLocation=%s&platform=%s&api-version=%s", AMCSRedirectedEndpoint, resourceId, configurationId, channelId, resourceRegion, osType, AMCSIngestionTokenAPIVersion)
+				var bearer = "Bearer " + imdsAccessToken
+				req, err = http.NewRequest("GET", redirected_amcs_endpoint_string, nil)
+				if err != nil {
+					message := fmt.Sprintf("getIngestionAuthToken: Error creating HTTP request for AMCS endpoint: %s", err.Error())
+					Log(message)
+					return ingestionAuthToken, refreshInterval, err
+				}
+				req.Header.Set("Authorization", bearer)
+				continue
+			}
+		}
 		if IsRetriableError(resp.StatusCode) {
 			message := fmt.Sprintf("getIngestionAuthToken: Request failed with an error code: %d, retryCount: %d", resp.StatusCode, retryCount)
 			Log(message)