From d74fae41efc3a596da61005e435ca15f792a24fd Mon Sep 17 00:00:00 2001 From: Christoph Ludwig Date: Thu, 16 Aug 2018 01:40:36 +0200 Subject: [PATCH] Add support for "sovereign" Azure cloud environments (#4997) * Add support for "sovereign" Azure cloud environments * Shorten variable names --- physical/azure/azure.go | 17 ++++++++++++- physical/azure/azure_test.go | 24 +++++++++++++++++-- .../docs/configuration/storage/azure.html.md | 6 +++++ 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/physical/azure/azure.go b/physical/azure/azure.go index 08ace98f9e2bd..17e7eee9e7256 100644 --- a/physical/azure/azure.go +++ b/physical/azure/azure.go @@ -12,6 +12,7 @@ import ( "time" storage "github.com/Azure/azure-sdk-for-go/storage" + "github.com/Azure/go-autorest/autorest/azure" "github.com/armon/go-metrics" "github.com/hashicorp/errwrap" cleanhttp "github.com/hashicorp/go-cleanhttp" @@ -66,7 +67,21 @@ func NewAzureBackend(conf map[string]string, logger log.Logger) (physical.Backen } } - client, err := storage.NewBasicClient(accountName, accountKey) + environmentName := os.Getenv("AZURE_ENVIRONMENT") + if environmentName == "" { + environmentName = conf["environment"] + if environmentName == "" { + environmentName = "AzurePublicCloud" + } + } + environment, err := azure.EnvironmentFromName(environmentName) + if err != nil { + errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}", + environmentName) + return nil, errwrap.Wrapf(errorMsg, err) + } + + client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, environment) if err != nil { return nil, errwrap.Wrapf("failed to create Azure client: {{err}}", err) } diff --git a/physical/azure/azure_test.go b/physical/azure/azure_test.go index a2929b194f79c..5b72f6027325a 100644 --- a/physical/azure/azure_test.go +++ b/physical/azure/azure_test.go @@ -9,12 +9,20 @@ import ( "time" storage "github.com/Azure/azure-sdk-for-go/storage" + "github.com/Azure/go-autorest/autorest/azure" cleanhttp "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/helper/logging" "github.com/hashicorp/vault/physical" ) +func environmentForCleanupClient(name string) (azure.Environment, error) { + if name == "" { + return azure.EnvironmentFromName("AzurePublicCloud") + } + return azure.EnvironmentFromName(name) +} + func TestAzureBackend(t *testing.T) { if os.Getenv("AZURE_ACCOUNT_NAME") == "" || os.Getenv("AZURE_ACCOUNT_KEY") == "" { @@ -23,11 +31,16 @@ func TestAzureBackend(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") + environmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupClient, _ := storage.NewBasicClient(accountName, accountKey) + cleanupEnvironment, err := environmentForCleanupClient(environmentName) + if err != nil { + t.Fatalf("err: %s", err) + } + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) @@ -36,6 +49,7 @@ func TestAzureBackend(t *testing.T) { "container": name, "accountName": accountName, "accountKey": accountKey, + "environment": environmentName, }, logger) defer func() { @@ -60,11 +74,16 @@ func TestAzureBackend_ListPaging(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") + environmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupClient, _ := storage.NewBasicClient(accountName, accountKey) + cleanupEnvironment, err := environmentForCleanupClient(environmentName) + if err != nil { + t.Fatalf("err: %s", err) + } + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) @@ -73,6 +92,7 @@ func TestAzureBackend_ListPaging(t *testing.T) { "container": name, "accountName": accountName, "accountKey": accountKey, + "environment": environmentName, }, logger) defer func() { diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md index f8a272048ab36..d249c936595a0 100644 --- a/website/source/docs/configuration/storage/azure.html.md +++ b/website/source/docs/configuration/storage/azure.html.md @@ -28,6 +28,7 @@ storage "azure" { accountName = "my-storage-account" accountKey = "abcd1234" container = "container-efgh5678" + environment = "AzurePublicCloud" } ``` @@ -43,6 +44,10 @@ The current implementation is limited to a maximum of 4 megabytes per blob. - `container` `(string: )` – Specifies the Azure Storage Blob container name. +- `environment` `(string: "AzurePublicCloud")` - Specifies the cloud + environment the storage account belongs to by way of the case-insensitive + name defined in the [Azure Go SDK][azure-environment]. + - `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent requests to Azure. @@ -61,3 +66,4 @@ storage "azure" { ``` [azure-storage]: https://azure.microsoft.com/en-us/services/storage/ +[azure-environment]: https://godoc.org/github.com/Azure/go-autorest/autorest/azure#pkg-variables \ No newline at end of file