Goals

1. Extend the ClusterLogging Operator's API with a new Azure output type utilizing the Log Ingestion API.
2. Allow authentication using short-lived federated token credentials with the Log Ingestion API.
3. Allow authentication using static long-lived credentials with the Log Ingestion API.

Motivation

Azure Monitor Logs is deprecated and intended to no longer be supported 2026-Sept. The Azure Log Ingestion API replaces Azure Monitor Logs and vector has a pending PR to support this sink. Additionally, implementing the new sink will allow us to design the CLF API to better support short-lived tokens and align the UX with other cloud providers (e.g. AWS).

Acceptance Criteria

• Verify log collectors can successfully forward to Azure Monitor Logs using the Log Ingestion API
• Verify log collectors can successfully forward logs to Azure Monitor Logs using long lived credentials via a credential secret.
• Verify log collectors can successfully forward logs to Azure Monitor Logs using the short lived token provided by a WIF enabled Azure provider

Risk and Assumptions

• As of v6.2, CLO relies on v0.37.1 of OpenShift Vector. OpenShift's Vector will have to be upgraded; however, the upgrade is currently blocked by the Rust version for RHEL.

Documentation

• Document the pre-reqs needed for an Azure WIF enabled platform to receive logs and provide authorization to the collector
• Document the support of using Azure Monitor Logs with a WIF enabled Azure
• Document this is only supported for deployments of vector as the log collection agent
• Document the long lived credential authorization pre-reqs for Azure Monitor Logs.