go-cloud icon indicating copy to clipboard operation
go-cloud copied to clipboard
verified publisher icon google

azure: automatically detect AZURE_STORAGE_DOMAIN when logged in using az login

Open tgummerer opened this issue 7 months ago • 2 comments

Please use a title starting with the name of the affected package, or "all", followed by a colon, followed by a short summary of the feature request. Example: blob/gcsblob: add support for more blobbing.

Is your feature request related to a problem? Please describe.

When logged in using az login, go-cloud by default still uses the blob.core.windows.net, even if the cloud the user is logged into is a different one, e.g. the Azure US Government cloud.

Describe the solution you'd like

It would be nice if we could automatically detect the right backend URL to use when the user is logged into a different Azure Cloud.

Additional context

This came up in https://github.com/pulumi/pulumi/issues/20176

tgummerer avatar Jul 31 '25 12:07 tgummerer

How would we detect this? PR is welcome.

vangent avatar Jul 31 '25 16:07 vangent

I think this is a broader question of the Go CDK intends to support working in the Azure government cloud? If so, it should leverage the information returned from az cloud show when a user is logged in. An example for the US Government cloud -

PS C:\source\infrastructure\src\Core> az cloud show
{
  "endpoints": {
    "activeDirectory": "https://login.microsoftonline.us",
    "activeDirectoryDataLakeResourceId": null,
    "activeDirectoryGraphResourceId": "https://graph.windows.net/",
    "activeDirectoryResourceId": "https://management.core.usgovcloudapi.net/",
    "appInsightsResourceId": "https://api.applicationinsights.us",
    "appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.us/v2/track",
    "attestationResourceId": null,
    "azmirrorStorageAccountResourceId": null,
    "batchResourceId": "https://batch.core.usgovcloudapi.net/",
    "gallery": "https://gallery.usgovcloudapi.net/",
    "logAnalyticsResourceId": "https://api.loganalytics.us",
    "management": "https://management.core.usgovcloudapi.net/",
    "mediaResourceId": "https://rest.media.usgovcloudapi.net",
    "microsoftGraphResourceId": "https://graph.microsoft.us/",
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.usgovcloudapi.net",
    "portal": "https://portal.azure.us",
    "resourceManager": "https://management.usgovcloudapi.net/",
    "sqlManagement": "https://management.core.usgovcloudapi.net:8443/",
    "synapseAnalyticsResourceId": "https://dev.azuresynapse.usgovcloudapi.net",
    "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/arm-compute/quickstart-templates/aliases.json"
  },
  "isActive": true,
  "name": "AzureUSGovernment",
  "profile": "latest",
  "suffixes": {
    "acrLoginServerEndpoint": ".azurecr.us",
    "attestationEndpoint": null,
    "azureDatalakeAnalyticsCatalogAndJobEndpoint": null,
    "azureDatalakeStoreFileSystemEndpoint": null,
    "keyvaultDns": ".vault.usgovcloudapi.net",
    "mariadbServerEndpoint": ".mariadb.database.usgovcloudapi.net",
    "mhsmDns": ".managedhsm.usgovcloudapi.net",
    "mysqlServerEndpoint": ".mysql.database.usgovcloudapi.net",
    "postgresqlServerEndpoint": ".postgres.database.usgovcloudapi.net",
    "sqlServerHostname": ".database.usgovcloudapi.net",
    "storageEndpoint": "core.usgovcloudapi.net",
    "storageSyncEndpoint": "afs.azure.us",
    "synapseAnalyticsEndpoint": ".dev.azuresynapse.usgovcloudapi.net"
  }
}

tvenhaus avatar Jul 31 '25 16:07 tvenhaus