Add support for "sovereign" Azure cloud environments (#4997)

* Add support for "sovereign" Azure cloud environments * Shorten variable names
hashicorp · Aug 15, 2018 · d74fae4 · d74fae4
1 parent d5403f7
commit d74fae4
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 3 deletions.
diff --git a/physical/azure/azure.go b/physical/azure/azure.go
@@ -12,6 +12,7 @@ import (
 	"time"
 
 	storage "github.com/Azure/azure-sdk-for-go/storage"
+	"github.com/Azure/go-autorest/autorest/azure"
 	"github.com/armon/go-metrics"
 	"github.com/hashicorp/errwrap"
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
@@ -66,7 +67,21 @@ func NewAzureBackend(conf map[string]string, logger log.Logger) (physical.Backen
 		}
 	}
 
-	client, err := storage.NewBasicClient(accountName, accountKey)
+	environmentName := os.Getenv("AZURE_ENVIRONMENT")
+	if environmentName == "" {
+		environmentName = conf["environment"]
+		if environmentName == "" {
+			environmentName = "AzurePublicCloud"
+		}
+	}
+	environment, err := azure.EnvironmentFromName(environmentName)
+	if err != nil {
+		errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}",
+			environmentName)
+		return nil, errwrap.Wrapf(errorMsg, err)
+	}
+
+	client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, environment)
 	if err != nil {
 		return nil, errwrap.Wrapf("failed to create Azure client: {{err}}", err)
 	}

diff --git a/physical/azure/azure_test.go b/physical/azure/azure_test.go
@@ -9,12 +9,20 @@ import (
 	"time"
 
 	storage "github.com/Azure/azure-sdk-for-go/storage"
+	"github.com/Azure/go-autorest/autorest/azure"
 	cleanhttp "github.com/hashicorp/go-cleanhttp"
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/helper/logging"
 	"github.com/hashicorp/vault/physical"
 )
 
+func environmentForCleanupClient(name string) (azure.Environment, error) {
+	if name == "" {
+		return azure.EnvironmentFromName("AzurePublicCloud")
+	}
+	return azure.EnvironmentFromName(name)
+}
+
 func TestAzureBackend(t *testing.T) {
 	if os.Getenv("AZURE_ACCOUNT_NAME") == "" ||
 		os.Getenv("AZURE_ACCOUNT_KEY") == "" {
@@ -23,11 +31,16 @@ func TestAzureBackend(t *testing.T) {
 
 	accountName := os.Getenv("AZURE_ACCOUNT_NAME")
 	accountKey := os.Getenv("AZURE_ACCOUNT_KEY")
+	environmentName := os.Getenv("AZURE_ENVIRONMENT")
 
 	ts := time.Now().UnixNano()
 	name := fmt.Sprintf("vault-test-%d", ts)
 
-	cleanupClient, _ := storage.NewBasicClient(accountName, accountKey)
+	cleanupEnvironment, err := environmentForCleanupClient(environmentName)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment)
 	cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient()
 
 	logger := logging.NewVaultLogger(log.Debug)
@@ -36,6 +49,7 @@ func TestAzureBackend(t *testing.T) {
 		"container":   name,
 		"accountName": accountName,
 		"accountKey":  accountKey,
+		"environment": environmentName,
 	}, logger)
 
 	defer func() {
@@ -60,11 +74,16 @@ func TestAzureBackend_ListPaging(t *testing.T) {
 
 	accountName := os.Getenv("AZURE_ACCOUNT_NAME")
 	accountKey := os.Getenv("AZURE_ACCOUNT_KEY")
+	environmentName := os.Getenv("AZURE_ENVIRONMENT")
 
 	ts := time.Now().UnixNano()
 	name := fmt.Sprintf("vault-test-%d", ts)
 
-	cleanupClient, _ := storage.NewBasicClient(accountName, accountKey)
+	cleanupEnvironment, err := environmentForCleanupClient(environmentName)
+	if err != nil {
+		t.Fatalf("err: %s", err)
+	}
+	cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment)
 	cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient()
 
 	logger := logging.NewVaultLogger(log.Debug)
@@ -73,6 +92,7 @@ func TestAzureBackend_ListPaging(t *testing.T) {
 		"container":   name,
 		"accountName": accountName,
 		"accountKey":  accountKey,
+		"environment": environmentName,
 	}, logger)
 
 	defer func() {

diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md
@@ -28,6 +28,7 @@ storage "azure" {
   accountName = "my-storage-account"
   accountKey  = "abcd1234"
   container   = "container-efgh5678"
+  environment = "AzurePublicCloud"
 }
 ```
 
@@ -43,6 +44,10 @@ The current implementation is limited to a maximum of 4 megabytes per blob.
 - `container` `(string: <required>)` – Specifies the Azure Storage Blob
   container name.
 
+- `environment` `(string: "AzurePublicCloud")` - Specifies the cloud
+   environment the storage account belongs to by way of the case-insensitive
+   name defined in the [Azure Go SDK][azure-environment].
+
 - `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent
   requests to Azure.
 
@@ -61,3 +66,4 @@ storage "azure" {
 ```
 
 [azure-storage]: https://azure.microsoft.com/en-us/services/storage/
+[azure-environment]: https://godoc.org/github.com/Azure/go-autorest/autorest/azure#pkg-variables