Add support for all Azure Clouds

[frey0814]

To support aad authentication in other Azure Clouds, the scope needs to be updated for the the destination Azure Cloud.

To support detection of which cloud is being used, the code references the Terraform azurerm provider environment variable ARM_ENVIRONMENT.

It is likely this URL could be grabbed from the Azure go SDK since it is available via the az CLI.

az cloud show --name AzureCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.windows.net",
az cloud show --name AzureChinaCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.chinacloudapi.cn",
az cloud show --name AzureUSGovernment |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.usgovcloudapi.net"
az cloud show --name AzureGermanCloud |grep ossrdbms
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.cloudapi.de"

I have been able to test this successfully using AzureCloud and AzureChinaCLoud.

Without this fix when running against AzureChinaCloud terraform would generate the following error when it tries to refresh the resource.

│ Error: failed to get token from Azure AD DefaultAzureCredential: failed to acquire a token.
│ Attempted credentials:
│       EnvironmentCredential: missing environment variable AZURE_TENANT_ID
│       WorkloadIdentityCredential: no client ID specified. Check pod configuration or set ClientID in the options
│       ManagedIdentityCredential: managed identity timed out. See https://aka.ms/azsdk/go/identity/troubleshoot#dac for more information
│       AzureCLICredential: ERROR: AADSTS500011: The resource principal named https://ossrdbms-aad.database.windows.net/ was not found in the tenant named PVUECN. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Trace ID: 982556b8-904c-402e-b93e-935933478800 Correlation ID: ccd73ba7-a547-4a08-b614-8fddd1f41fce Timestamp: 2024-03-26 19:35:16Z
│ Interactive authentication is needed. Please run:
│ az login --scope https://ossrdbms-aad.database.windows.net/.default
│
│       AzureDeveloperCLICredential: Azure Developer CLI not found on path
│
│   with provider["registry.terraform.io/petoju/mysql"].aad,

[petoju]

I should have probably asked for updated doc, but I merged and already released it in 3.0.53.

[frey0814]

Yeah, I saw you merged. Thanks. I have already tested the new version and all is good. As far as the documentation goes, it looks like we are good because the current docs just link you to Microsoft documentation for AAD authentication. " See also: Azure Active Directory authentication for MySQL <https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad> ." Thanks! - Doug

…

On Thu, Mar 28, 2024 at 3:51 PM petoju ***@***.***> wrote: I should have probably asked for updated doc, but I merged and already released it in 3.0.53. — Reply to this email directly, view it on GitHub <#130 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACDHCREEFA36QXBS5GSXVXTY2RYE3AVCNFSM6AAAAABFLVRGZ6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMRWGA4TENZUGQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>