Add Managed Identity (MSI) support for Azure Logs Ingestion output plugin #10777
Description
Is your feature request related to a problem? Please describe.
Currently, the Azure Logs Ingestion output plugin in Fluent Bit does not support Azure Managed Identity (MSI) for authentication. This requires users to manage and provide client secrets or certificates, which is less secure and more complex in cloud environments where MSI is available.
Describe the solution you'd like
Add support for using Azure Managed Identity (both system and user-assigned) in the Azure Logs Ingestion output plugin. If MSI is configured, the plugin should acquire tokens from the Azure Instance Metadata Service (IMDS) endpoint instead of Azure AD, similar to the implementation in the Azure Kusto output plugin. This should be controlled by a new config option (e.g., auth_type: managed_identity).
Describe alternatives you've considered
- Continue using client ID/secret authentication (not preferred for cloud-native deployments).
- Using workload identity or other federated identity mechanisms.
Additional context
- The Azure Kusto output plugin already supports Managed Identity and can serve as a reference implementation.
- Adding MSI support will improve security and ease of deployment for users running Fluent Bit on Azure resources.
- No open issues or PRs currently track this enhancement.