improvement: Add compatibility with Azure Secret (aka USSec) region. #7
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds support for interpreting azure secret cloud from the AZURE_ENVIRONMENT variable. When using the secret cloud region you will need to additionally pass in AZURE_CLOUD_CONFIG similar to private azure cloud since the secret region endpoints themselves are considered PROPIN by Microsoft.
dtrejod
commented
Aug 21, 2024
Comment on lines
-52
to
-57
| | `AZURE_ENVIRONMENT` | Description | | ||
| |------------------------|----------------------------------------------------------------------------------------------| | ||
| | `AzurePublicCloud` | Default Azure cloud, using https://portal.azure.com | | ||
| | `AzureChinaCloud` | Azure cloud in China, using https://porta.azure.cn | | ||
| | `AzureGovernmentCloud` | US Government Azure cloud | | ||
| | `AzurePrivateCloud` | Private on-premise installation of Azure Cloud, needs additional configuration for endpoints | |
Contributor
Author
There was a problem hiding this comment.
I updated this table to better match the logic in the below switch statement where we match on "aliased" versions of the envvar.
Contributor
Author
|
@mblaschke is it possible to get a review of this contribution PR? |
mblaschke
approved these changes
Oct 4, 2024
This was referenced Oct 7, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
This go-common is used by https://github.com/webdevops/azure-metrics-exporter in order to collect metrics from azure and make them available to Prometheus. Today this wrapper around the azure sdk does not support Azure's secret region.
https://azure.microsoft.com/en-us/explore/global-infrastructure/government/national-security
Proposal
This PR attempts to add preliminary support for the secret region. I can't share the exact endpoints but in effort to support this new region we can reuse some functionality already present in this repo for reading in secret endpoints via the AZURE_CLOUD_CONFIG envvar.
Adds support for interpreting azure secret cloud from the AZURE_ENVIRONMENT variable. When using the secret cloud region you will need to additionally pass in AZURE_CLOUD_CONFIG similar to private azure cloud since the secret region endpoints themselves are considered PROPIN by Microsoft.
Notes for reviewer
This only adds support for the Azure secret region. There is a TS region as well but i'm purposefully leaving that out of this PR for now since I'm not sure what the AZURE_ENVIRONMENT envvar for this region is expected to be myself yet.
https://azure.microsoft.com/en-us/blog/azure-government-top-secret-now-generally-available-for-us-national-security-missions/