Azure API

Connect the Infinity data source to Azure management APIs to query subscriptions, resources, cost data, and security information.

Before you begin

Access to the Azure portal with permissions to create app registrations
Note your Azure Tenant ID

Create an Azure app registration

In the Azure portal, navigate to Microsoft Entra ID > App registrations.
Click New registration and create an application.
Navigate to Certificates & secrets and create a new client secret.
Note down the following values:
Value Location
Client ID Overview > Application (client) ID
Client Secret Certificates & secrets > Client secrets > Value
Tenant ID Overview > Directory (tenant) ID
Navigate to API permissions and verify the app has the required permissions.
Assign the app a role (for example, Reader or Monitoring Reader) on the subscriptions or resources you want to query.

Value	Location
Client ID	Overview > Application (client) ID
Client Secret	Certificates & secrets > Client secrets > Value
Tenant ID	Overview > Directory (tenant) ID

Configure the data source

In Grafana, navigate to Connections > Data sources.
Click Add new data source and select Infinity.
Expand the Authentication section and select OAuth2.
Select Client Credentials as the grant type.
Configure the following settings:
Setting Value
Client ID Your Azure app client ID
Client Secret Your Azure app client secret
Token URL https://login.microsoftonline.com/<TENANT_ID>/oauth2/token
Scopes Leave empty
Add an Endpoint parameter:
- Key: resource
- Value: https://management.azure.com/
In Allowed hosts, enter https://management.azure.com.
Click Save & test.

Setting	Value
Client ID	Your Azure app client ID
Client Secret	Your Azure app client secret
Token URL	`https://login.microsoftonline.com/<TENANT_ID>/oauth2/token`
Scopes	Leave empty

Query examples

List subscriptions

URL:

https://management.azure.com/subscriptions?api-version=2020-01-01

Configuration:

Type: JSON
Parser: Backend or UQL
Root selector: value

List resource groups

URL:

https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups?api-version=2021-04-01

UQL query:

parse-json
| scope "value"
| project "Name"="name", "Location"="location", "Provisioning State"="properties.provisioningState"

List virtual machines

URL:

https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Compute/virtualMachines?api-version=2023-03-01

UQL query:

parse-json
| scope "value"
| project "Name"="name", "Location"="location", "VM Size"="properties.hardwareProfile.vmSize", "OS"="properties.storageProfile.osDisk.osType"

Query cost data

URL:

https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.CostManagement/query?api-version=2023-03-01

Method: POST

Body (JSON):

{
  "type": "Usage",
  "timeframe": "MonthToDate",
  "dataset": {
    "granularity": "Daily",
    "aggregation": {
      "totalCost": {
        "name": "Cost",
        "function": "Sum"
      }
    }
  }
}

Provision the data source

Configure Azure OAuth2 authentication through provisioning:

apiVersion: 1
datasources:
  - name: Azure Infinity
    type: yesoreyeram-infinity-datasource
    jsonData:
      auth_method: oauth2
      oauth2:
        oauth2_type: client_credentials
        client_id: YOUR_CLIENT_ID
        token_url: https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/token
      oauthPassThru: false
      allowedHosts:
        - https://management.azure.com
    secureJsonData:
      oauth2ClientSecret: YOUR_CLIENT_SECRET

Troubleshoot

Issue	Cause	Solution
401 Unauthorized	Invalid or expired credentials	Regenerate client secret and update configuration
403 Forbidden	Missing role assignment	Assign Reader role to the app on the target subscription
Invalid token	Wrong token URL	Verify tenant ID in the token URL
Empty response	Wrong API version	Check Azure REST API docs for the correct `api-version`