Allow environment variables for Azure storage credentials

[zalegrala]

What this PR does:
Allow default values for Azure storage to be pulled from the environment.
Update examples and operations to use the newer backend-agnostic metric name.

Checklist

• Tests updated
• Documentation added
• CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

[joe-elliott]

Does the Azure client not pick these up automatically? The AWS client will check all the standard methods of providing auth including env vars if they are not explicitly provided.

[zalegrala]

I'll look again because that would be my preference also. Doing it here means that the current client implementation can remain the same.

https://github.com/grafana/tempo/blob/main/tempodb/backend/azure/azure_helpers.go#L23

I also looked briefly at updating the client, since the one we are using seems to be deprecated, or at least they are encouraging users to migrate. But I didn't have the context on all the changes in that update since I'm new to Azure and learning.

[zalegrala]

If they are loading environment variables in the client, I don't see where. And they don't make it easy to find if they support some. I think the updated client might though.

[joe-elliott]

Instead of setting the defaults I would prefer checking for values during the creation of the backend. If these two config fields are not set at that time then checking the env vars.

Also, any idea what the standards are here? It seems like the cli uses different env vars:
Azure/azure-cli#5358
and thanos uses different ones as well:
https://github.com/thanos-io/thanos/blob/main/pkg/objstore/azure/azure.go#L425-L426

Also note that this can already be done b/c Tempo can interpolate env vars into the config if you set the --config.expand-env parameter. However, if there is an actual standard here I don't mind supporting it directly.

[zalegrala]

https://docs.microsoft.com/en-us/cli/azure/storage?view=azure-cli-latest#az_storage_remove-optional-parameters

Good call on checking the CLI, we can use that our standard.

I saw the config.expand-env bit from some Loki references but it seemed to make the jsonnet a more verbose. I'll test that to find out if that's true and drop the commit from this PR if we don't need it. In the meantime I've updated the PR to use the CLI values. I'll deploy a canary tomorrow.

[zalegrala]

Oh to your other point about relocating the loading, I'll follow up on that too. I noticed that if those values aren't set, we could improve the error.

[zalegrala]

I've moved the environment loading where we make use of the variables. If we'd prefer to move that to the New(), I can do that.

[joe-elliott]

This is looking really good. I have one more ask and then we'll merge. Can you please add azure docs similar to our S3/GCS docs. You don't need to include all the permissions if you don't know them right now (but I'd ask that you come back and add them in the future):

Link to them here:

tempo/docs/tempo/website/configuration/_index.md

Lines 288 to 290 in 35574f7

	The following example shows common options. For further platform-specific information refer to the following:
	* [GCS](gcs/)
	* [S3](s3/)

and then add a doc similar to this:

https://grafana.com/docs/tempo/latest/configuration/s3/

[zalegrala]

I've included some initial docs for what we have currently. I'll also keep them updated as I find new information, but I think that should get us going.