From 527a55f1aeb4ceff68d81f66c51d0e2137b4e3e7 Mon Sep 17 00:00:00 2001 From: Christoph Ludwig Date: Wed, 25 Jul 2018 11:55:40 +0200 Subject: [PATCH 1/2] Add support for "sovereign" Azure cloud environments --- physical/azure/azure.go | 17 ++++++++- physical/azure/azure_test.go | 36 ++++++++++++++----- .../docs/configuration/storage/azure.html.md | 6 ++++ 3 files changed, 50 insertions(+), 9 deletions(-) diff --git a/physical/azure/azure.go b/physical/azure/azure.go index 08ace98f9e2b..93163df01a8b 100644 --- a/physical/azure/azure.go +++ b/physical/azure/azure.go @@ -12,6 +12,7 @@ import ( "time" storage "github.com/Azure/azure-sdk-for-go/storage" + "github.com/Azure/go-autorest/autorest/azure" "github.com/armon/go-metrics" "github.com/hashicorp/errwrap" cleanhttp "github.com/hashicorp/go-cleanhttp" @@ -66,7 +67,21 @@ func NewAzureBackend(conf map[string]string, logger log.Logger) (physical.Backen } } - client, err := storage.NewBasicClient(accountName, accountKey) + cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") + if cloudEnvironmentName == "" { + cloudEnvironmentName = conf["cloudEnvironment"] + if cloudEnvironmentName == "" { + cloudEnvironmentName = "AzurePublicCloud" + } + } + cloudEnvironment, err := azure.EnvironmentFromName(cloudEnvironmentName) + if err != nil { + errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}", + cloudEnvironmentName) + return nil, errwrap.Wrapf(errorMsg, err) + } + + client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cloudEnvironment) if err != nil { return nil, errwrap.Wrapf("failed to create Azure client: {{err}}", err) } diff --git a/physical/azure/azure_test.go b/physical/azure/azure_test.go index a2929b194f79..db7d3e33485c 100644 --- a/physical/azure/azure_test.go +++ b/physical/azure/azure_test.go @@ -9,12 +9,20 @@ import ( "time" storage "github.com/Azure/azure-sdk-for-go/storage" + "github.com/Azure/go-autorest/autorest/azure" cleanhttp "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/helper/logging" "github.com/hashicorp/vault/physical" ) +func cloudEnvironmentForCleanupClient(name string) (azure.Environment, error) { + if name == "" { + return azure.EnvironmentFromName("AzurePublicCloud") + } + return azure.EnvironmentFromName(name) +} + func TestAzureBackend(t *testing.T) { if os.Getenv("AZURE_ACCOUNT_NAME") == "" || os.Getenv("AZURE_ACCOUNT_KEY") == "" { @@ -23,19 +31,25 @@ func TestAzureBackend(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") + cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupClient, _ := storage.NewBasicClient(accountName, accountKey) + cleanupCloudEnvironment, err := cloudEnvironmentForCleanupClient(cloudEnvironmentName) + if err != nil { + t.Fatalf("err: %s", err) + } + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupCloudEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) backend, err := NewAzureBackend(map[string]string{ - "container": name, - "accountName": accountName, - "accountKey": accountKey, + "container": name, + "accountName": accountName, + "accountKey": accountKey, + "cloudEnvironment": cloudEnvironmentName, }, logger) defer func() { @@ -60,19 +74,25 @@ func TestAzureBackend_ListPaging(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") + cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupClient, _ := storage.NewBasicClient(accountName, accountKey) + cleanupCloudEnvironment, err := cloudEnvironmentForCleanupClient(cloudEnvironmentName) + if err != nil { + t.Fatalf("err: %s", err) + } + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupCloudEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) backend, err := NewAzureBackend(map[string]string{ - "container": name, - "accountName": accountName, - "accountKey": accountKey, + "container": name, + "accountName": accountName, + "accountKey": accountKey, + "cloudEnvironment": cloudEnvironmentName, }, logger) defer func() { diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md index f8a272048ab3..89febd3e1346 100644 --- a/website/source/docs/configuration/storage/azure.html.md +++ b/website/source/docs/configuration/storage/azure.html.md @@ -28,6 +28,7 @@ storage "azure" { accountName = "my-storage-account" accountKey = "abcd1234" container = "container-efgh5678" + cloudEnvironment = "AzurePublicCloud" } ``` @@ -43,6 +44,10 @@ The current implementation is limited to a maximum of 4 megabytes per blob. - `container` `(string: )` – Specifies the Azure Storage Blob container name. +- `cloudEnvironment` `(string: "AzurePublicCloud")` - Specifies the cloud + environment the storage account belongs to by way of the case-insensitive + name defined in the [Azure Go SDK][azure-environment]. + - `max_parallel` `(string: "128")` – Specifies The maximum number of concurrent requests to Azure. @@ -61,3 +66,4 @@ storage "azure" { ``` [azure-storage]: https://azure.microsoft.com/en-us/services/storage/ +[azure-environment]: https://godoc.org/github.com/Azure/go-autorest/autorest/azure#pkg-variables \ No newline at end of file From 6aaef8aa139f45da181c49c707500436fa7d045c Mon Sep 17 00:00:00 2001 From: Christoph Ludwig Date: Sun, 29 Jul 2018 20:03:23 +0200 Subject: [PATCH 2/2] Shorten variable names --- physical/azure/azure.go | 16 +++++----- physical/azure/azure_test.go | 30 +++++++++---------- .../docs/configuration/storage/azure.html.md | 4 +-- 3 files changed, 25 insertions(+), 25 deletions(-) diff --git a/physical/azure/azure.go b/physical/azure/azure.go index 93163df01a8b..17e7eee9e725 100644 --- a/physical/azure/azure.go +++ b/physical/azure/azure.go @@ -67,21 +67,21 @@ func NewAzureBackend(conf map[string]string, logger log.Logger) (physical.Backen } } - cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") - if cloudEnvironmentName == "" { - cloudEnvironmentName = conf["cloudEnvironment"] - if cloudEnvironmentName == "" { - cloudEnvironmentName = "AzurePublicCloud" + environmentName := os.Getenv("AZURE_ENVIRONMENT") + if environmentName == "" { + environmentName = conf["environment"] + if environmentName == "" { + environmentName = "AzurePublicCloud" } } - cloudEnvironment, err := azure.EnvironmentFromName(cloudEnvironmentName) + environment, err := azure.EnvironmentFromName(environmentName) if err != nil { errorMsg := fmt.Sprintf("failed to look up Azure environment descriptor for name %q: {{err}}", - cloudEnvironmentName) + environmentName) return nil, errwrap.Wrapf(errorMsg, err) } - client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cloudEnvironment) + client, err := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, environment) if err != nil { return nil, errwrap.Wrapf("failed to create Azure client: {{err}}", err) } diff --git a/physical/azure/azure_test.go b/physical/azure/azure_test.go index db7d3e33485c..5b72f6027325 100644 --- a/physical/azure/azure_test.go +++ b/physical/azure/azure_test.go @@ -16,7 +16,7 @@ import ( "github.com/hashicorp/vault/physical" ) -func cloudEnvironmentForCleanupClient(name string) (azure.Environment, error) { +func environmentForCleanupClient(name string) (azure.Environment, error) { if name == "" { return azure.EnvironmentFromName("AzurePublicCloud") } @@ -31,25 +31,25 @@ func TestAzureBackend(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") - cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") + environmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupCloudEnvironment, err := cloudEnvironmentForCleanupClient(cloudEnvironmentName) + cleanupEnvironment, err := environmentForCleanupClient(environmentName) if err != nil { t.Fatalf("err: %s", err) } - cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupCloudEnvironment) + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) backend, err := NewAzureBackend(map[string]string{ - "container": name, - "accountName": accountName, - "accountKey": accountKey, - "cloudEnvironment": cloudEnvironmentName, + "container": name, + "accountName": accountName, + "accountKey": accountKey, + "environment": environmentName, }, logger) defer func() { @@ -74,25 +74,25 @@ func TestAzureBackend_ListPaging(t *testing.T) { accountName := os.Getenv("AZURE_ACCOUNT_NAME") accountKey := os.Getenv("AZURE_ACCOUNT_KEY") - cloudEnvironmentName := os.Getenv("AZURE_ENVIRONMENT") + environmentName := os.Getenv("AZURE_ENVIRONMENT") ts := time.Now().UnixNano() name := fmt.Sprintf("vault-test-%d", ts) - cleanupCloudEnvironment, err := cloudEnvironmentForCleanupClient(cloudEnvironmentName) + cleanupEnvironment, err := environmentForCleanupClient(environmentName) if err != nil { t.Fatalf("err: %s", err) } - cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupCloudEnvironment) + cleanupClient, _ := storage.NewBasicClientOnSovereignCloud(accountName, accountKey, cleanupEnvironment) cleanupClient.HTTPClient = cleanhttp.DefaultPooledClient() logger := logging.NewVaultLogger(log.Debug) backend, err := NewAzureBackend(map[string]string{ - "container": name, - "accountName": accountName, - "accountKey": accountKey, - "cloudEnvironment": cloudEnvironmentName, + "container": name, + "accountName": accountName, + "accountKey": accountKey, + "environment": environmentName, }, logger) defer func() { diff --git a/website/source/docs/configuration/storage/azure.html.md b/website/source/docs/configuration/storage/azure.html.md index 89febd3e1346..d249c936595a 100644 --- a/website/source/docs/configuration/storage/azure.html.md +++ b/website/source/docs/configuration/storage/azure.html.md @@ -28,7 +28,7 @@ storage "azure" { accountName = "my-storage-account" accountKey = "abcd1234" container = "container-efgh5678" - cloudEnvironment = "AzurePublicCloud" + environment = "AzurePublicCloud" } ``` @@ -44,7 +44,7 @@ The current implementation is limited to a maximum of 4 megabytes per blob. - `container` `(string: )` – Specifies the Azure Storage Blob container name. -- `cloudEnvironment` `(string: "AzurePublicCloud")` - Specifies the cloud +- `environment` `(string: "AzurePublicCloud")` - Specifies the cloud environment the storage account belongs to by way of the case-insensitive name defined in the [Azure Go SDK][azure-environment].