Add config parameter to Azure storage backend to allow specifying the…

… ARM endpoint to support Azure Stack. (#7567)
hashicorp · Oct 8, 2019 · aa251e2 · aa251e2
1 parent 165b264
commit aa251e2
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 17 deletions.
diff --git a/physical/azure/azure.go b/physical/azure/azure.go
@@ -74,11 +74,29 @@ func NewAzureBackend(conf map[string]string, logger log.Logger) (physical.Backen
 			environmentName = "AzurePublicCloud"
 		}
 	}
-	environment, err := azure.EnvironmentFromName(environmentName)
-	if err != nil {
-		errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}",
-			environmentName)
-		return nil, errwrap.Wrapf(errorMsg, err)
+
+	environmentUrl := os.Getenv("AZURE_ARM_ENDPOINT")
+	if environmentUrl == "" {
+		environmentUrl = conf["arm_endpoint"]
+	}
+
+	var environment azure.Environment
+	var err error
+
+	if environmentUrl != "" {
+		environment, err = azure.EnvironmentFromURL(environmentUrl)
+		if err != nil {
+			errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for URL %q: {{err}}",
+			environmentUrl)
+			return nil, errwrap.Wrapf(errorMsg, err)
+		}
+	} else {
+		environment, err = azure.EnvironmentFromName(environmentName)
+		if err != nil {
+			errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}",
+				environmentName)
+			return nil, errwrap.Wrapf(errorMsg, err)
+		}
 	}
 
 	client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, environment)

diff --git a/physical/azure/azure_test.go b/physical/azure/azure_test.go
@@ -16,9 +16,12 @@ import (
 	"github.com/hashicorp/vault/sdk/physical"
 )
 
-func environmentForCleanupClient(name string) (azure.Environment, error) {
+func environmentForCleanupClient(name string, armUrl string) (azure.Environment, error) {
+	if armUrl != "" {
+		return azure.EnvironmentFromURL(armUrl)
+	}
 	if name == "" {
-		return azure.EnvironmentFromName("AzurePublicCloud")
+		name = "AzurePublicCloud"
 	}
 	return azure.EnvironmentFromName(name)
 }
@@ -32,11 +35,12 @@ func TestAzureBackend(t *testing.T) {
 	accountName := os.Getenv("AZURE_ACCOUNT_NAME")
 	accountKey := os.Getenv("AZURE_ACCOUNT_KEY")
 	environmentName := os.Getenv("AZURE_ENVIRONMENT")
+	environmentUrl := os.Getenv("AZURE_ARM_ENDPOINT")
 
 	ts := time.Now().UnixNano()
 	name := fmt.Sprintf("vault-test-%d", ts)
 
-	cleanupEnvironment, err := environmentForCleanupClient(environmentName)
+	cleanupEnvironment, err := environmentForCleanupClient(environmentName, environmentUrl)
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
@@ -46,10 +50,11 @@ func TestAzureBackend(t *testing.T) {
 	logger := logging.NewVaultLogger(log.Debug)
 
 	backend, err := NewAzureBackend(map[string]string{
-		"container":   name,
-		"accountName": accountName,
-		"accountKey":  accountKey,
-		"environment": environmentName,
+		"container":    name,
+		"accountName":  accountName,
+		"accountKey":   accountKey,
+		"environment":  environmentName,
+		"arm_endpoint": environmentUrl,
 	}, logger)
 
 	defer func() {
@@ -75,11 +80,12 @@ func TestAzureBackend_ListPaging(t *testing.T) {
 	accountName := os.Getenv("AZURE_ACCOUNT_NAME")
 	accountKey := os.Getenv("AZURE_ACCOUNT_KEY")
 	environmentName := os.Getenv("AZURE_ENVIRONMENT")
+	environmentUrl := os.Getenv("AZURE_ARM_ENDPOINT")
 
 	ts := time.Now().UnixNano()
 	name := fmt.Sprintf("vault-test-%d", ts)
 
-	cleanupEnvironment, err := environmentForCleanupClient(environmentName)
+	cleanupEnvironment, err := environmentForCleanupClient(environmentName, environmentUrl)
 	if err != nil {
 		t.Fatalf("err: %s", err)
 	}
@@ -89,10 +95,11 @@ func TestAzureBackend_ListPaging(t *testing.T) {
 	logger := logging.NewVaultLogger(log.Debug)
 
 	backend, err := NewAzureBackend(map[string]string{
-		"container":   name,
-		"accountName": accountName,
-		"accountKey":  accountKey,
-		"environment": environmentName,
+		"container":    name,
+		"accountName":  accountName,
+		"accountKey":   accountKey,
+		"environment":  environmentName,
+		"arm_endpoint": environmentUrl,
 	}, logger)
 
 	defer func() {

diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md
@@ -49,6 +49,10 @@ The current implementation is limited to a maximum of 4 megabytes per blob.
    environment the storage account belongs to by way of the case-insensitive
    name defined in the [Azure Go SDK][azure-environment].
 
+- `arm_endpoint` `(string: "")` - Specifies the cloud environment
+  the storage account belongs to by way of the Azure Resource Manager endpoint
+  URL.
+
 - `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent
   requests to Azure.