Sovereign Cloud Support: Specific Updates#1729
Merged
Conversation
github-actions
Bot
added
tools-AppLens
tools-ApplicationInsights
… Redis or Postgres)
jairmyree
force-pushed
the
jairmyree/sov-cloud-no-multicloud
branch
from
9a497ee to
e41d678
Compare
…e/sov-cloud-no-multicloud
jairmyree
force-pushed
the
jairmyree/sov-cloud-no-multicloud
branch
from
179a12c to
18efb7c
Compare
jairmyree
requested review from
a team,
KarishmaGhiya,
ivarprudnikov,
meirloichter,
msalaman,
srnagar,
taicchoumsft,
vcolin7,
wbreza and
xiaomi7732
as code owners
Contributor
There was a problem hiding this comment.
Pull request overview
This PR extends sovereign cloud support (Azure China and Azure US Government) by making endpoint and token-scope selection cloud-aware across multiple tool services, anchored by a new CloudType concept in the core Azure cloud configuration.
Changes:
- Add
AzureCloudConfiguration.AzureCloud+CloudTypeto core cloud configuration and expose it viaIAzureCloudConfiguration. - Update multiple tool services to dynamically select correct endpoints/scopes for Public/China/USGov clouds.
- Adjust quota/resource health components and recordings to be cloud-aware and more deterministic in test proxy scenarios.
Reviewed changes
Copilot reviewed 42 out of 42 changed files in this pull request and generated 19 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/Azure.Mcp.Tools.Storage/src/Services/StorageService.cs | Storage blob/table endpoints now vary by cloud type. |
| tools/Azure.Mcp.Tools.Speech/src/Services/Synthesizers/RealtimeTtsSynthesizer.cs | Cognitive Services scope now varies by cloud type for TTS. |
| tools/Azure.Mcp.Tools.Speech/src/Services/Recognizers/RealtimeTranscriptionRecognizer.cs | Cognitive Services scope now varies by cloud type for realtime STT. |
| tools/Azure.Mcp.Tools.Speech/src/Services/Recognizers/FastTranscriptionRecognizer.cs | Cognitive Services scope now varies by cloud type for fast STT. |
| tools/Azure.Mcp.Tools.ServiceFabric/src/Services/ServiceFabricService.cs | ARM base URL and scope now derived from cloud configuration. |
| tools/Azure.Mcp.Tools.Search/src/Services/SearchService.cs | Search service endpoint now varies by cloud type. |
| tools/Azure.Mcp.Tools.ResourceHealth/tests/Azure.Mcp.Tools.ResourceHealth.UnitTests/Services/ResourceHealthServiceSsrfValidationTests.cs | Unit tests updated to mock cloud configuration for ARM env. |
| tools/Azure.Mcp.Tools.ResourceHealth/src/Services/ResourceHealthService.cs | ARM endpoint/scope now derived from cloud configuration. |
| tools/Azure.Mcp.Tools.Quota/tests/Azure.Mcp.Tools.Quota.LiveTests/assets.json | Test proxy assets tag updated. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/StorageUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/SearchUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/PostgreSQLUsageChecker.cs | ARM endpoint/scope now derived from cloud configuration. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/NetworkUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/MachineLearningUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/HDInsightUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/ContainerInstanceUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/ContainerAppUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/ComputeUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/Usage/CognitiveServicesUsageChecker.cs | Usage checker now receives tenant service for cloud-aware ARM config. |
| tools/Azure.Mcp.Tools.Quota/src/Services/Util/AzureUsageChecker.cs | ARM client now configured with cloud environment; factory updated for tenant service. |
| tools/Azure.Mcp.Tools.Quota/src/Services/QuotaService.cs | Pass tenant service through quota utility for cloud-aware behavior. |
| tools/Azure.Mcp.Tools.Pricing/src/Services/PricingService.cs | Pricing endpoint now selected per cloud type. |
| tools/Azure.Mcp.Tools.Postgres/src/Services/PostgresService.cs | Postgres server DNS suffix now selected per cloud type. |
| tools/Azure.Mcp.Tools.MySql/src/Services/MySqlService.cs | OSS RDBMS scope + MySQL DNS suffix now selected per cloud type. |
| tools/Azure.Mcp.Tools.Monitor/src/Services/MonitorService.cs | Activity log endpoint and ARM scope now selected per cloud type/env. |
| tools/Azure.Mcp.Tools.Monitor/src/Services/MonitorHealthModelService.cs | Control-plane endpoint and dataplane scopes now selected per cloud type. |
| tools/Azure.Mcp.Tools.Marketplace/tests/Azure.Mcp.Tools.Marketplace.LiveTests/assets.json | Test proxy assets tag updated. |
| tools/Azure.Mcp.Tools.Marketplace/src/Services/MarketplaceService.cs | ARM base URL and scope now derived from cloud configuration. |
| tools/Azure.Mcp.Tools.KeyVault/tests/Azure.Mcp.Tools.KeyVault.LiveTests/assets.json | Test proxy assets tag updated. |
| tools/Azure.Mcp.Tools.KeyVault/tests/Azure.Mcp.Tools.KeyVault.LiveTests/KeyVaultCommandTests.cs | Recording matcher behavior adjusted for consistency. |
| tools/Azure.Mcp.Tools.KeyVault/src/Services/KeyVaultService.cs | Key Vault + Managed HSM URIs now vary by cloud type. |
| tools/Azure.Mcp.Tools.Extension/src/Services/CliGenerateService.cs | CLI copilot endpoint now varies by cloud type. |
| tools/Azure.Mcp.Tools.EventHubs/tests/Azure.Mcp.Tools.EventHubs.LiveTests/assets.json | Test proxy assets tag updated. |
| tools/Azure.Mcp.Tools.EventHubs/src/Services/EventHubsService.cs | Subscription resolution adjusted to avoid non-deterministic recordings. |
| tools/Azure.Mcp.Tools.Cosmos/src/Services/CosmosService.cs | Cosmos DB endpoint format now varies by cloud type. |
| tools/Azure.Mcp.Tools.ConfidentialLedger/src/Services/ConfidentialLedgerService.cs | Confidential Ledger dataplane URI now varies by cloud type. |
| tools/Azure.Mcp.Tools.ApplicationInsights/src/Services/ProfilerDataService.cs | Diagnostic services endpoint/scope now varies by cloud type. |
| tools/Azure.Mcp.Tools.AppService/src/Services/AppServiceService.cs | CosmosDB connection string generation now varies by cloud type. |
| tools/Azure.Mcp.Tools.AppLens/src/Services/AppLensService.cs | AppLens endpoints/origin/scope now vary by cloud type. |
| servers/Azure.Mcp.Server/changelog-entries/1771617105575.yaml | Changelog entry for sovereign endpoint support. |
| core/Microsoft.Mcp.Core/src/Services/Azure/Authentication/IAzureCloudConfiguration.cs | Add CloudType to cloud configuration interface. |
| core/Microsoft.Mcp.Core/src/Services/Azure/Authentication/AzureCloudConfiguration.cs | Add cloud enum + parsing to expose CloudType. |
Comments suppressed due to low confidence (2)
tools/Azure.Mcp.Tools.Marketplace/src/Services/MarketplaceService.cs:221
- Repo guidance recommends using named arguments when passing cancellation tokens to Azure SDK APIs (e.g.,
cancellationToken: cancellationToken). ThisGetTokenAsynccall passes the token positionally; please switch to the named argument form (see servers/Azure.Mcp.Server/docs/new-command.md around the CancellationToken requirements).
return await tokenCredential
.GetTokenAsync(tokenRequestContext, cancellationToken);
}
tools/Azure.Mcp.Tools.ApplicationInsights/src/Services/ProfilerDataService.cs:127
- Repo guidance recommends using named arguments when passing cancellation tokens to Azure SDK APIs (e.g.,
cancellationToken: cancellationToken). ThisGetTokenAsynccall passes the token positionally; please switch to the named argument form (see servers/Azure.Mcp.Server/docs/new-command.md around the CancellationToken requirements).
TokenRequestContext tokenRequestContext = new(scopes, clientRequestIdLocal);
TokenCredential tokenCredential = await GetCredential(cancellationToken).ConfigureAwait(false);
AccessToken accessToken = await tokenCredential.GetTokenAsync(tokenRequestContext, cancellationToken).ConfigureAwait(false);
Contributor
|
@jairmyree I've opened a new pull request, #1789, to work on those changes. Once the pull request is ready, I'll request review from you. |
Contributor
|
@jairmyree I've opened a new pull request, #1790, to work on those changes. Once the pull request is ready, I'll request review from you. |
…1790) * Initial plan * Update URI methods to return string and use new Uri() at call sites Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com>
…rning `string` (#1789) * Initial plan * Rename GetOpenSourceRDBMSEndpoint to GetOpenSourceRDBMSScope returning string Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> Co-authored-by: Jair Myree <jair.myree@gmail.com>
jairmyree
requested review from
akshayrohilla,
danield137 and
prvavill
as code owners
alzimmermsft
approved these changes
Feb 23, 2026
colbytimm
pushed a commit
to colbytimm/microsoft-mcp
that referenced
this pull request
Apr 20, 2026
* Sovereign clouds support for libraries requiring specific changes (No Redis or Postgres) * Update test configuration * Updating recordings * Updating recordings * Updating assets.json for EventHubs * EventHubs test Updates * Additional services that need updates * Changelog Updates * Refactor cloud endpoint methods to return `string` instead of `Uri` (microsoft#1790) * Initial plan * Update URI methods to return string and use new Uri() at call sites Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> * Rename `GetOpenSourceRDBMSEndpoint` to `GetOpenSourceRDBMSScope` returning `string` (microsoft#1789) * Initial plan * Rename GetOpenSourceRDBMSEndpoint to GetOpenSourceRDBMSScope returning string Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: jairmyree <67484440+jairmyree@users.noreply.github.com> Co-authored-by: Jair Myree <jair.myree@gmail.com> * Updates from PR review * Additional updates for remaining libraries --------- Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for sovereign Azure clouds (China and US Government) across several services by making cloud-specific endpoint and scope selection dynamic. The changes add an explicit cloud type to the core authentication configuration and propagate this awareness through dependent services, ensuring correct endpoints and tokens are used for each cloud environment.
Key changes include:
Core authentication enhancements:
AzureCloudenum and a newCloudTypeproperty toAzureCloudConfiguration, updating its logic to parse and expose the current cloud environment. This is also reflected in theIAzureCloudConfigurationinterface. [1] [2] [3] [4]Cloud-aware endpoint and scope selection:
AppLensService,ProfilerDataService,AppServiceService, andConfidentialLedgerServiceto use the detected cloud type from the tenant service, dynamically selecting the correct endpoints and token scopes for public, China, and US Government clouds. This includes methods for resolving management, diagnostics, and CosmosDB endpoints. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]Service-specific improvements:
AppServiceService, CosmosDB connection string generation is now cloud-aware, ensuring correct domain suffixes for each environment.ConfidentialLedgerService, the ledger URI is now built with the appropriate domain for the current cloud.These changes collectively enable multi-cloud support, allowing the codebase to function correctly in Azure Public, China, and US Government environments.