Microsoft Azure

Clanker CLI provides seamless integration with Microsoft Azure, enabling you to query resources, manage infrastructure, and interact with Azure services using natural language or direct commands.

Authentication

Clanker CLI uses the az CLI for all Azure operations. You must be authenticated with Azure CLI before using Clanker.

az login

Subscription configuration

Configure your Azure subscription ID in one of the following ways:

.clanker.yaml

infra:
  azure:
    subscription_id: "your-subscription-id"

Or set via environment variables:

export AZURE_SUBSCRIPTION_ID="your-subscription-id"
export AZ_SUBSCRIPTION_ID="your-subscription-id"

Clanker resolves the subscription ID in this order:

Configuration file (infra.azure.subscription_id)
AZURE_SUBSCRIPTION_ID environment variable
AZ_SUBSCRIPTION_ID environment variable

Service principal authentication

When using backend-provided credentials, you can authenticate using a service principal:

creds := &azure.BackendAzureCredentials{
    SubscriptionID: "subscription-id",
    TenantID:       "tenant-id",
    ClientID:       "client-id",
    ClientSecret:   "client-secret",
}

client, err := azure.NewClientWithCredentials(creds, debug)
if err != nil {
    log.Fatal(err)
}

From internal/azure/client.go:51:

// NewClientWithCredentials creates a new Azure client using credentials from the backend.
// If service principal credentials are provided (TenantID, ClientID, ClientSecret),
// it performs az login with the service principal.
func NewClientWithCredentials(creds *BackendAzureCredentials, debug bool) (*Client, error)

Querying infrastructure

Natural language queries

Ask questions about your Azure infrastructure using natural language:

clanker ask "what app services are deployed?"
clanker ask "list all virtual machines"
clanker ask "show me AKS clusters"

Context gathering

Clanker automatically gathers relevant Azure context based on your query:

# Only fetches App Services data
clanker ask "how many app services do I have?"

Supported resource types

Clanker can query these Azure resources:

Compute

Virtual Machines (VMs)
AKS (Azure Kubernetes Service) clusters
App Services (Web Apps)
Function Apps

Storage & Data

Storage Accounts
Cosmos DB accounts
Key Vaults

Networking

Virtual Networks (VNets)
Network Security Groups (NSGs)
Public IP addresses
Load Balancers

Management

Resource Groups
Azure Account information
All ARM resources

Direct commands

Use the clanker azure list command to query resources directly:

# List all resource groups
clanker azure list groups

# List virtual machines with detailed info
clanker azure list vms

# List AKS clusters
clanker azure list aks

# List storage accounts
clanker azure list storage

Available list commands

Account & Groups

account - Current account context
groups / rg - Resource groups
resources - All ARM resources (top 200)

Compute

vms - Virtual machines
aks - AKS clusters

App Services

webapps - App Services
functionapps - Function Apps

Storage & Security

storage - Storage accounts
keyvaults - Key Vaults
cosmosdb - Cosmos DB

Networking

vnets - Virtual networks
nsgs - Network security groups
public-ips - Public IPs
load-balancers / lbs - Load balancers

Command options

# Use a different subscription
clanker azure list vms --subscription "other-subscription-id"

# List all resources in subscription
clanker azure list resources

Error handling

Clanker provides intelligent error hints for Azure operations:

# Error: az login required
# (hint: run az login)

Retry mechanism

Clanker automatically retries failed az commands with exponential backoff for:

Rate limiting (429 errors)
Timeout errors
Too many requests
Temporarily unavailable services

Retries occur at 200ms, 500ms, and 1200ms intervals.

Implementation details

Client initialization

From internal/azure/client.go:33:

func NewClient(subscriptionID string, debug bool) (*Client, error) {
    if strings.TrimSpace(subscriptionID) == "" {
        return nil, fmt.Errorf("azure subscription_id is required")
    }
    return &Client{subscriptionID: strings.TrimSpace(subscriptionID), debug: debug}, nil
}

Command execution

All Azure operations use the execAz method which:

Verifies az CLI is installed
Appends the subscription ID and --only-show-errors flag
Implements retry logic for transient failures
Provides contextual error hints

From internal/azure/client.go:90:

func (c *Client) execAz(ctx context.Context, args ...string) (string, error) {
    if _, err := exec.LookPath("az"); err != nil {
        return "", fmt.Errorf("az not found in PATH")
    }
    if c.subscriptionID != "" && !hasFlag(args, "--subscription") {
        args = append(args, "--subscription", c.subscriptionID)
    }
    // ... retry logic ...
}

Context gathering

When you ask questions, Clanker gathers context from relevant Azure resources. Default sections include:

Azure Account details
Resource Groups

Query-specific sections are added based on keywords in your question. From internal/azure/client.go:167:

func (c *Client) GetRelevantContext(ctx context.Context, question string) (string, error) {
    // Analyzes question and fetches relevant Azure resources
    // Returns formatted context for LLM
}

Best practices

Set default subscription

Configure your subscription ID in .clanker.yaml to avoid specifying it on every command.

Use RBAC properly

Ensure your account or service principal has Reader permissions on resources you want to query.

Specific queries

Ask about specific resources to get faster results instead of broad queries.

Service principals for automation

Use service principals with minimal required permissions for automated workflows.

Examples

List virtual machines

clanker azure list vms

Output:

Name          ResourceGroup    Location    PowerState
web-vm-1      production-rg    eastus      VM running
api-vm-1      production-rg    westus2     VM running

Query App Services

clanker ask "show me all app services in production"

Check AKS clusters

clanker azure list aks

Output:

Name              ResourceGroup    Location    KubernetesVersion
prod-aks-cluster  k8s-rg           eastus      1.27.7

List storage accounts

clanker azure list storage

Output:

Name                  ResourceGroup  Location  Kind         AccessTier
prodstorageacct123    storage-rg     eastus    StorageV2    Hot

View current account

clanker azure list account

Output (JSON):

{
  "name": "Production Subscription",
  "id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
  "state": "Enabled",
  "user": {
    "name": "[email protected]",
    "type": "user"
  }
}

Azure integration requires the az CLI to be installed and authenticated. Run az login before using Clanker with Azure.

Get Started

Core Concepts

AWS

Kubernetes

Cloud Providers

Integrations

Advanced

​Authentication

​Login to Azure

​Subscription configuration

​Service principal authentication

​Querying infrastructure

​Natural language queries

​Context gathering

​Supported resource types

​Direct commands

​Available list commands

Account & Groups

Compute

App Services

Storage & Security

Networking

​Command options

​Error handling

​Retry mechanism

​Implementation details

​Client initialization

​Command execution

​Context gathering

​Best practices

Set default subscription

Use RBAC properly

Specific queries

Service principals for automation

​Examples

​List virtual machines

​Query App Services

​Check AKS clusters

​List storage accounts

​View current account

Build docs developers (and LLMs) love

Authentication

Login to Azure

Subscription configuration

Service principal authentication

Querying infrastructure

Natural language queries

Context gathering

Supported resource types

Direct commands

Available list commands

Command options

Error handling

Retry mechanism

Implementation details

Client initialization

Command execution

Context gathering

Best practices

Examples

List virtual machines

Query App Services

Check AKS clusters

List storage accounts

View current account