provider/azurerm: support non public clouds (#11026)

* vendor: update jen20/riviera to pull in endpoints change

* provider/auzrerm: support non public clouds

Ran tests below with ARM_ENVIRONMENT=german and changes the location to Germany
Central in the test config. The virtual network tests cover both Riviera (resource
groups) and the official SDK client.

TF_ACC=1 go test ./builtin/providers/azurerm -v -run TestAccAzureRMVirtualNetwork_ -timeout 120m
=== RUN   TestAccAzureRMVirtualNetwork_importBasic
--- PASS: TestAccAzureRMVirtualNetwork_importBasic (81.84s)
=== RUN   TestAccAzureRMVirtualNetwork_basic
--- PASS: TestAccAzureRMVirtualNetwork_basic (78.14s)
=== RUN   TestAccAzureRMVirtualNetwork_disappears
--- PASS: TestAccAzureRMVirtualNetwork_disappears (78.45s)
=== RUN   TestAccAzureRMVirtualNetwork_withTags
--- PASS: TestAccAzureRMVirtualNetwork_withTags (81.78s)
PASS
ok  	github.com/hashicorp/terraform/builtin/providers/azurerm	320.310s

builtin/providers/azurerm/config.go

@@ -138,18 +138,31 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 		subscriptionId: c.SubscriptionID,
 	}
 
+	// detect cloud from environment
+	env, envErr := azure.EnvironmentFromName(c.Environment)
+	if envErr != nil {
+		// try again with wrapped value to support readable values like german instead of AZUREGERMANCLOUD
+		wrapped := fmt.Sprintf("AZURE%sCLOUD", c.Environment)
+		var innerErr error
+		if env, innerErr = azure.EnvironmentFromName(wrapped); innerErr != nil {
+			return nil, envErr
+		}
+	}
+
 	rivieraClient, err := riviera.NewClient(&riviera.AzureResourceManagerCredentials{
-		ClientID:       c.ClientID,
+		ClientID:                c.ClientID,
-		ClientSecret:   c.ClientSecret,
+		ClientSecret:            c.ClientSecret,
-		TenantID:       c.TenantID,
+		TenantID:                c.TenantID,
-		SubscriptionID: c.SubscriptionID,
+		SubscriptionID:          c.SubscriptionID,
+		ResourceManagerEndpoint: env.ResourceManagerEndpoint,
+		ActiveDirectoryEndpoint: env.ActiveDirectoryEndpoint,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("Error creating Riviera client: %s", err)
 	}
 	client.rivieraClient = rivieraClient
 
-	oauthConfig, err := azure.PublicCloud.OAuthConfigForTenant(c.TenantID)
+	oauthConfig, err := env.OAuthConfigForTenant(c.TenantID)
 	if err != nil {
 		return nil, err
 	}
@@ -159,267 +172,268 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 		return nil, fmt.Errorf("Unable to configure OAuthConfig for tenant %s", c.TenantID)
 	}
 
-	spt, err := azure.NewServicePrincipalToken(*oauthConfig, c.ClientID, c.ClientSecret,
+	spt, err := azure.NewServicePrincipalToken(*oauthConfig, c.ClientID, c.ClientSecret, env.ResourceManagerEndpoint)
-		azure.PublicCloud.ResourceManagerEndpoint)
 	if err != nil {
 		return nil, err
 	}
 
+	endpoint := env.ResourceManagerEndpoint
+
 	// NOTE: these declarations should be left separate for clarity should the
 	// clients be wished to be configured with custom Responders/PollingModess etc...
-	asc := compute.NewAvailabilitySetsClient(c.SubscriptionID)
+	asc := compute.NewAvailabilitySetsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&asc.Client)
 	asc.Authorizer = spt
 	asc.Sender = autorest.CreateSender(withRequestLogging())
 	client.availSetClient = asc
 
-	uoc := compute.NewUsageOperationsClient(c.SubscriptionID)
+	uoc := compute.NewUsageOperationsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&uoc.Client)
 	uoc.Authorizer = spt
 	uoc.Sender = autorest.CreateSender(withRequestLogging())
 	client.usageOpsClient = uoc
 
-	vmeic := compute.NewVirtualMachineExtensionImagesClient(c.SubscriptionID)
+	vmeic := compute.NewVirtualMachineExtensionImagesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vmeic.Client)
 	vmeic.Authorizer = spt
 	vmeic.Sender = autorest.CreateSender(withRequestLogging())
 	client.vmExtensionImageClient = vmeic
 
-	vmec := compute.NewVirtualMachineExtensionsClient(c.SubscriptionID)
+	vmec := compute.NewVirtualMachineExtensionsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vmec.Client)
 	vmec.Authorizer = spt
 	vmec.Sender = autorest.CreateSender(withRequestLogging())
 	client.vmExtensionClient = vmec
 
-	vmic := compute.NewVirtualMachineImagesClient(c.SubscriptionID)
+	vmic := compute.NewVirtualMachineImagesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vmic.Client)
 	vmic.Authorizer = spt
 	vmic.Sender = autorest.CreateSender(withRequestLogging())
 	client.vmImageClient = vmic
 
-	vmssc := compute.NewVirtualMachineScaleSetsClient(c.SubscriptionID)
+	vmssc := compute.NewVirtualMachineScaleSetsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vmssc.Client)
 	vmssc.Authorizer = spt
 	vmssc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vmScaleSetClient = vmssc
 
-	vmc := compute.NewVirtualMachinesClient(c.SubscriptionID)
+	vmc := compute.NewVirtualMachinesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vmc.Client)
 	vmc.Authorizer = spt
 	vmc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vmClient = vmc
 
-	agc := network.NewApplicationGatewaysClient(c.SubscriptionID)
+	agc := network.NewApplicationGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&agc.Client)
 	agc.Authorizer = spt
 	agc.Sender = autorest.CreateSender(withRequestLogging())
 	client.appGatewayClient = agc
 
-	crc := containerregistry.NewRegistriesClient(c.SubscriptionID)
+	crc := containerregistry.NewRegistriesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&crc.Client)
 	crc.Authorizer = spt
 	crc.Sender = autorest.CreateSender(withRequestLogging())
 	client.containerRegistryClient = crc
 
-	ehc := eventhub.NewEventHubsClient(c.SubscriptionID)
+	ehc := eventhub.NewEventHubsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&ehc.Client)
 	ehc.Authorizer = spt
 	ehc.Sender = autorest.CreateSender(withRequestLogging())
 	client.eventHubClient = ehc
 
-	chcgc := eventhub.NewConsumerGroupsClient(c.SubscriptionID)
+	chcgc := eventhub.NewConsumerGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&chcgc.Client)
 	chcgc.Authorizer = spt
 	chcgc.Sender = autorest.CreateSender(withRequestLogging())
 	client.eventHubConsumerGroupClient = chcgc
 
-	ehnc := eventhub.NewNamespacesClient(c.SubscriptionID)
+	ehnc := eventhub.NewNamespacesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&ehnc.Client)
 	ehnc.Authorizer = spt
 	ehnc.Sender = autorest.CreateSender(withRequestLogging())
 	client.eventHubNamespacesClient = ehnc
 
-	ifc := network.NewInterfacesClient(c.SubscriptionID)
+	ifc := network.NewInterfacesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&ifc.Client)
 	ifc.Authorizer = spt
 	ifc.Sender = autorest.CreateSender(withRequestLogging())
 	client.ifaceClient = ifc
 
-	lbc := network.NewLoadBalancersClient(c.SubscriptionID)
+	lbc := network.NewLoadBalancersClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&lbc.Client)
 	lbc.Authorizer = spt
 	lbc.Sender = autorest.CreateSender(withRequestLogging())
 	client.loadBalancerClient = lbc
 
-	lgc := network.NewLocalNetworkGatewaysClient(c.SubscriptionID)
+	lgc := network.NewLocalNetworkGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&lgc.Client)
 	lgc.Authorizer = spt
 	lgc.Sender = autorest.CreateSender(withRequestLogging())
 	client.localNetConnClient = lgc
 
-	pipc := network.NewPublicIPAddressesClient(c.SubscriptionID)
+	pipc := network.NewPublicIPAddressesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&pipc.Client)
 	pipc.Authorizer = spt
 	pipc.Sender = autorest.CreateSender(withRequestLogging())
 	client.publicIPClient = pipc
 
-	sgc := network.NewSecurityGroupsClient(c.SubscriptionID)
+	sgc := network.NewSecurityGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&sgc.Client)
 	sgc.Authorizer = spt
 	sgc.Sender = autorest.CreateSender(withRequestLogging())
 	client.secGroupClient = sgc
 
-	src := network.NewSecurityRulesClient(c.SubscriptionID)
+	src := network.NewSecurityRulesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&src.Client)
 	src.Authorizer = spt
 	src.Sender = autorest.CreateSender(withRequestLogging())
 	client.secRuleClient = src
 
-	snc := network.NewSubnetsClient(c.SubscriptionID)
+	snc := network.NewSubnetsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&snc.Client)
 	snc.Authorizer = spt
 	snc.Sender = autorest.CreateSender(withRequestLogging())
 	client.subnetClient = snc
 
-	vgcc := network.NewVirtualNetworkGatewayConnectionsClient(c.SubscriptionID)
+	vgcc := network.NewVirtualNetworkGatewayConnectionsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vgcc.Client)
 	vgcc.Authorizer = spt
 	vgcc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vnetGatewayConnectionsClient = vgcc
 
-	vgc := network.NewVirtualNetworkGatewaysClient(c.SubscriptionID)
+	vgc := network.NewVirtualNetworkGatewaysClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vgc.Client)
 	vgc.Authorizer = spt
 	vgc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vnetGatewayClient = vgc
 
-	vnc := network.NewVirtualNetworksClient(c.SubscriptionID)
+	vnc := network.NewVirtualNetworksClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vnc.Client)
 	vnc.Authorizer = spt
 	vnc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vnetClient = vnc
 
-	vnpc := network.NewVirtualNetworkPeeringsClient(c.SubscriptionID)
+	vnpc := network.NewVirtualNetworkPeeringsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&vnpc.Client)
 	vnpc.Authorizer = spt
 	vnpc.Sender = autorest.CreateSender(withRequestLogging())
 	client.vnetPeeringsClient = vnpc
 
-	rtc := network.NewRouteTablesClient(c.SubscriptionID)
+	rtc := network.NewRouteTablesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&rtc.Client)
 	rtc.Authorizer = spt
 	rtc.Sender = autorest.CreateSender(withRequestLogging())
 	client.routeTablesClient = rtc
 
-	rc := network.NewRoutesClient(c.SubscriptionID)
+	rc := network.NewRoutesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&rc.Client)
 	rc.Authorizer = spt
 	rc.Sender = autorest.CreateSender(withRequestLogging())
 	client.routesClient = rc
 
-	rgc := resources.NewGroupsClient(c.SubscriptionID)
+	rgc := resources.NewGroupsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&rgc.Client)
 	rgc.Authorizer = spt
 	rgc.Sender = autorest.CreateSender(withRequestLogging())
 	client.resourceGroupClient = rgc
 
-	pc := resources.NewProvidersClient(c.SubscriptionID)
+	pc := resources.NewProvidersClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&pc.Client)
 	pc.Authorizer = spt
 	pc.Sender = autorest.CreateSender(withRequestLogging())
 	client.providers = pc
 
-	tc := resources.NewTagsClient(c.SubscriptionID)
+	tc := resources.NewTagsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&tc.Client)
 	tc.Authorizer = spt
 	tc.Sender = autorest.CreateSender(withRequestLogging())
 	client.tagsClient = tc
 
-	rf := resources.NewClient(c.SubscriptionID)
+	rf := resources.NewClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&rf.Client)
 	rf.Authorizer = spt
 	rf.Sender = autorest.CreateSender(withRequestLogging())
 	client.resourceFindClient = rf
 
-	jc := scheduler.NewJobsClient(c.SubscriptionID)
+	jc := scheduler.NewJobsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&jc.Client)
 	jc.Authorizer = spt
 	jc.Sender = autorest.CreateSender(withRequestLogging())
 	client.jobsClient = jc
 
-	jcc := scheduler.NewJobCollectionsClient(c.SubscriptionID)
+	jcc := scheduler.NewJobCollectionsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&jcc.Client)
 	jcc.Authorizer = spt
 	jcc.Sender = autorest.CreateSender(withRequestLogging())
 	client.jobsCollectionsClient = jcc
 
-	ssc := storage.NewAccountsClient(c.SubscriptionID)
+	ssc := storage.NewAccountsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&ssc.Client)
 	ssc.Authorizer = spt
 	ssc.Sender = autorest.CreateSender(withRequestLogging())
 	client.storageServiceClient = ssc
 
-	suc := storage.NewUsageOperationsClient(c.SubscriptionID)
+	suc := storage.NewUsageOperationsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&suc.Client)
 	suc.Authorizer = spt
 	suc.Sender = autorest.CreateSender(withRequestLogging())
 	client.storageUsageClient = suc
 
-	cpc := cdn.NewProfilesClient(c.SubscriptionID)
+	cpc := cdn.NewProfilesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&cpc.Client)
 	cpc.Authorizer = spt
 	cpc.Sender = autorest.CreateSender(withRequestLogging())
 	client.cdnProfilesClient = cpc
 
-	cec := cdn.NewEndpointsClient(c.SubscriptionID)
+	cec := cdn.NewEndpointsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&cec.Client)
 	cec.Authorizer = spt
 	cec.Sender = autorest.CreateSender(withRequestLogging())
 	client.cdnEndpointsClient = cec
 
-	dc := resources.NewDeploymentsClient(c.SubscriptionID)
+	dc := resources.NewDeploymentsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&dc.Client)
 	dc.Authorizer = spt
 	dc.Sender = autorest.CreateSender(withRequestLogging())
 	client.deploymentsClient = dc
 
-	tmpc := trafficmanager.NewProfilesClient(c.SubscriptionID)
+	tmpc := trafficmanager.NewProfilesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&tmpc.Client)
 	tmpc.Authorizer = spt
 	tmpc.Sender = autorest.CreateSender(withRequestLogging())
 	client.trafficManagerProfilesClient = tmpc
 
-	tmec := trafficmanager.NewEndpointsClient(c.SubscriptionID)
+	tmec := trafficmanager.NewEndpointsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&tmec.Client)
 	tmec.Authorizer = spt
 	tmec.Sender = autorest.CreateSender(withRequestLogging())
 	client.trafficManagerEndpointsClient = tmec
 
-	rdc := redis.NewClient(c.SubscriptionID)
+	rdc := redis.NewClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&rdc.Client)
 	rdc.Authorizer = spt
 	rdc.Sender = autorest.CreateSender(withRequestLogging())
 	client.redisClient = rdc
 
-	sbnc := servicebus.NewNamespacesClient(c.SubscriptionID)
+	sbnc := servicebus.NewNamespacesClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&sbnc.Client)
 	sbnc.Authorizer = spt
 	sbnc.Sender = autorest.CreateSender(withRequestLogging())
 	client.serviceBusNamespacesClient = sbnc
 
-	sbtc := servicebus.NewTopicsClient(c.SubscriptionID)
+	sbtc := servicebus.NewTopicsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&sbtc.Client)
 	sbtc.Authorizer = spt
 	sbtc.Sender = autorest.CreateSender(withRequestLogging())
 	client.serviceBusTopicsClient = sbtc
 
-	sbsc := servicebus.NewSubscriptionsClient(c.SubscriptionID)
+	sbsc := servicebus.NewSubscriptionsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&sbsc.Client)
 	sbsc.Authorizer = spt
 	sbsc.Sender = autorest.CreateSender(withRequestLogging())
 	client.serviceBusSubscriptionsClient = sbsc
 
-	kvc := keyvault.NewVaultsClient(c.SubscriptionID)
+	kvc := keyvault.NewVaultsClientWithBaseURI(endpoint, c.SubscriptionID)
 	setUserAgent(&kvc.Client)
 	kvc.Authorizer = spt
 	kvc.Sender = autorest.CreateSender(withRequestLogging())

builtin/providers/azurerm/provider.go

@@ -45,6 +45,12 @@ func Provider() terraform.ResourceProvider {
 				DefaultFunc: schema.EnvDefaultFunc("ARM_TENANT_ID", ""),
 			},
 
+			"environment": {
+				Type:        schema.TypeString,
+				Required:    true,
+				DefaultFunc: schema.EnvDefaultFunc("ARM_ENVIRONMENT", "public"),
+			},
+
 			"skip_provider_registration": {
 				Type:        schema.TypeBool,
 				Optional:    true,
@@ -134,6 +140,7 @@ type Config struct {
 	ClientID                 string
 	ClientSecret             string
 	TenantID                 string
+	Environment              string
 	SkipProviderRegistration bool
 
 	validateCredentialsOnce sync.Once
@@ -154,6 +161,9 @@ func (c *Config) validate() error {
 	if c.TenantID == "" {
 		err = multierror.Append(err, fmt.Errorf("Tenant ID must be configured for the AzureRM provider"))
 	}
+	if c.Environment == "" {
+		err = multierror.Append(err, fmt.Errorf("Environment must be configured for the AzureRM provider"))
+	}
 
 	return err.ErrorOrNil()
 }
@@ -165,6 +175,7 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
 			ClientID:                 d.Get("client_id").(string),
 			ClientSecret:             d.Get("client_secret").(string),
 			TenantID:                 d.Get("tenant_id").(string),
+			Environment:              d.Get("environment").(string),
 			SkipProviderRegistration: d.Get("skip_provider_registration").(bool),
 		}
 

vendor/github.com/jen20/riviera/azure/client.go

@@ -12,7 +12,8 @@ import (
 type Client struct {
 	logger *log.Logger
 
-	subscriptionID string
+	subscriptionID          string
+	resourceManagerEndpoint string
 
 	tokenRequester *tokenRequester
 	httpClient     *retryablehttp.Client
@@ -24,13 +25,21 @@ func NewClient(creds *AzureResourceManagerCredentials) (*Client, error) {
 	httpClient := retryablehttp.NewClient()
 	httpClient.Logger = defaultLogger
 
-	tr := newTokenRequester(httpClient, creds.ClientID, creds.ClientSecret, creds.TenantID)
+	if creds.ResourceManagerEndpoint == "" {
+		creds.ResourceManagerEndpoint = defaultResourceManagerEndpoint
+	}
+	if creds.ActiveDirectoryEndpoint == "" {
+		creds.ActiveDirectoryEndpoint = defaultActiveDirectoryEndpoint
+	}
+
+	tr := newTokenRequester(httpClient, creds)
 
 	return &Client{
-		subscriptionID: creds.SubscriptionID,
+		subscriptionID:          creds.SubscriptionID,
-		httpClient:     httpClient,
+		resourceManagerEndpoint: creds.ResourceManagerEndpoint,
-		tokenRequester: tr,
+		httpClient:              httpClient,
-		logger:         defaultLogger,
+		tokenRequester:          tr,
+		logger:                  defaultLogger,
 	}, nil
 }
 

vendor/github.com/jen20/riviera/azure/credentials.go

@@ -1,8 +1,17 @@
 package azure
 
+const (
+	defaultResourceManagerEndpoint = "https://management.azure.com"
+	defaultActiveDirectoryEndpoint = "https://login.microsoftonline.com"
+)
+
 type AzureResourceManagerCredentials struct {
 	ClientID       string
 	ClientSecret   string
 	TenantID       string
 	SubscriptionID string
+
+	// can be overridden for non public clouds
+	ResourceManagerEndpoint string
+	ActiveDirectoryEndpoint string
 }

vendor/github.com/jen20/riviera/azure/endpoints.go

@@ -1,43 +0,0 @@
-package azure
-
-import (
-	"reflect"
-	"strings"
-)
-
-type Endpoints struct {
-	resourceManagerEndpointUrl string
-	activeDirectoryEndpointUrl string
-}
-
-var (
-	ChineseEndpoints = Endpoints{"https://management.chinacloudapi.cn", "https://login.chinacloudapi.cn"}
-	DefaultEndpoints = Endpoints{"https://management.azure.com", "https://login.microsoftonline.com"}
-	GermanEndpoints  = Endpoints{"https://management.microsoftazure.de", "https://login.microsoftonline.de"}
-	USGovEndpoints   = Endpoints{"https://management.usgovcloudapi.net", "https://login.microsoftonline.com"}
-)
-
-func GetEndpointsForLocation(location string) Endpoints {
-	location = strings.Replace(strings.ToLower(location), " ", "", -1)
-
-	switch location {
-	case GermanyCentral, GermanyEast:
-		return GermanEndpoints
-	case ChinaEast, ChinaNorth:
-		return ChineseEndpoints
-	case USGovIowa, USGovVirginia:
-		return USGovEndpoints
-	default:
-		return DefaultEndpoints
-	}
-}
-
-func GetEndpointsForCommand(command APICall) Endpoints {
-	locationField := reflect.Indirect(reflect.ValueOf(command)).FieldByName("Location")
-	if locationField.IsValid() {
-		location := locationField.Interface().(string)
-		return GetEndpointsForLocation(location)
-	}
-
-	return DefaultEndpoints
-}

vendor/github.com/jen20/riviera/azure/get_resource_provider.go

@@ -0,0 +1,26 @@
+package azure
+
+import "fmt"
+
+type GetResourceProviderResponse struct {
+	ID                *string `mapstructure:"id"`
+	Namespace         *string `mapstructure:"namespace"`
+	RegistrationState *string `mapstructure:"registrationState"`
+}
+
+type GetResourceProvider struct {
+	Namespace string `json:"-"`
+}
+
+func (command GetResourceProvider) APIInfo() APIInfo {
+	return APIInfo{
+		APIVersion: resourceGroupAPIVersion,
+		Method:     "GET",
+		URLPathFunc: func() string {
+			return fmt.Sprintf("providers/%s", command.Namespace)
+		},
+		ResponseTypeFunc: func() interface{} {
+			return &GetResourceProviderResponse{}
+		},
+	}
+}

vendor/github.com/jen20/riviera/azure/register_resource_provider.go

@@ -9,7 +9,6 @@ type RegisterResourceProviderResponse struct {
 	ApplicationID     *string `mapstructure:"applicationId"`
 }
 
-// TODO: Investigate RegistrationState response polling
 type RegisterResourceProvider struct {
 	Namespace string `json:"-"`
 }

vendor/github.com/jen20/riviera/azure/request.go

@@ -75,8 +75,7 @@ func (request *Request) pollForAsynchronousResponse(acceptedResponse *http.Respo
 			return nil, err
 		}
 
-		endpoints := GetEndpointsForCommand(request.Command)
+		err = request.client.tokenRequester.addAuthorizationToRequest(req)
-		err = request.client.tokenRequester.addAuthorizationToRequest(req, endpoints)
 		if err != nil {
 			return nil, err
 		}
@@ -116,11 +115,9 @@ func defaultARMRequestSerialize(body interface{}) (io.ReadSeeker, error) {
 func (request *Request) Execute() (*Response, error) {
 	apiInfo := request.Command.APIInfo()
 
-	endpoints := GetEndpointsForCommand(request.Command)
-
 	var urlString string
 
-	urlObj, _ := url.Parse(endpoints.resourceManagerEndpointUrl)
+	urlObj, _ := url.Parse(request.client.resourceManagerEndpoint)
 
 	// Determine whether to use the URLPathFunc or the URI explicitly set in the request
 	if request.URI == nil {
@@ -166,7 +163,7 @@ func (request *Request) Execute() (*Response, error) {
 		req.Header.Add("Content-Type", "application/json")
 	}
 
-	err = request.client.tokenRequester.addAuthorizationToRequest(req, endpoints)
+	err = request.client.tokenRequester.addAuthorizationToRequest(req)
 	if err != nil {
 		return nil, err
 	}

vendor/github.com/jen20/riviera/azure/token.go

@@ -19,6 +19,9 @@ func init() {
 }
 
 type tokenRequester struct {
+	activeDirectoryEndpoint string
+	resourceManagerEndpoint string
+
 	clientID     string
 	clientSecret string
 	tenantID     string
@@ -31,21 +34,23 @@ type tokenRequester struct {
 	currentToken *token
 }
 
-func newTokenRequester(client *retryablehttp.Client, clientID, clientSecret, tenantID string) *tokenRequester {
+func newTokenRequester(client *retryablehttp.Client, creds *AzureResourceManagerCredentials) *tokenRequester {
 	return &tokenRequester{
-		clientID:      clientID,
+		activeDirectoryEndpoint: creds.ActiveDirectoryEndpoint,
-		clientSecret:  clientSecret,
+		resourceManagerEndpoint: creds.ResourceManagerEndpoint,
-		tenantID:      tenantID,
+		clientID:                creds.ClientID,
-		refreshWithin: 5 * time.Minute,
+		clientSecret:            creds.ClientSecret,
-		httpClient:    client,
+		tenantID:                creds.TenantID,
+		refreshWithin:           5 * time.Minute,
+		httpClient:              client,
 	}
 }
 
 // addAuthorizationToRequest adds an Authorization header to an http.Request, having ensured
 // that the token is sufficiently fresh. This may invoke network calls, so should not be
 // relied on to return quickly.
-func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Request, endpoints Endpoints) error {
+func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Request) error {
-	token, err := tr.getUsableToken(endpoints)
+	token, err := tr.getUsableToken()
 	if err != nil {
 		return fmt.Errorf("Error obtaining authorization token: %s", err)
 	}
@@ -54,7 +59,7 @@ func (tr *tokenRequester) addAuthorizationToRequest(request *retryablehttp.Reque
 	return nil
 }
 
-func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
+func (tr *tokenRequester) getUsableToken() (*token, error) {
 	tr.l.Lock()
 	defer tr.l.Unlock()
 
@@ -62,7 +67,7 @@ func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
 		return tr.currentToken, nil
 	}
 
-	newToken, err := tr.refreshToken(endpoints)
+	newToken, err := tr.refreshToken()
 	if err != nil {
 		return nil, fmt.Errorf("Error refreshing token: %s", err)
 	}
@@ -71,14 +76,14 @@ func (tr *tokenRequester) getUsableToken(endpoints Endpoints) (*token, error) {
 	return newToken, nil
 }
 
-func (tr *tokenRequester) refreshToken(endpoints Endpoints) (*token, error) {
+func (tr *tokenRequester) refreshToken() (*token, error) {
-	oauthURL := fmt.Sprintf("%s/%s/oauth2/%s?api-version=1.0", endpoints.activeDirectoryEndpointUrl, tr.tenantID, "token")
+	oauthURL := fmt.Sprintf("%s/%s/oauth2/%s?api-version=1.0", tr.activeDirectoryEndpoint, tr.tenantID, "token")
 
 	v := url.Values{}
 	v.Set("client_id", tr.clientID)
 	v.Set("client_secret", tr.clientSecret)
 	v.Set("grant_type", "client_credentials")
-	v.Set("resource", strings.TrimSuffix(endpoints.resourceManagerEndpointUrl, "/")+"/")
+	v.Set("resource", strings.TrimSuffix(tr.resourceManagerEndpoint, "/")+"/")
 
 	var newToken token
 	response, err := tr.httpClient.PostForm(oauthURL, v)

vendor/vendor.json

@@ -1863,34 +1863,34 @@
 			"revisionTime": "2017-01-03T19:23:32Z"
 		},
 		{
-			"checksumSHA1": "tRK0n/cIjBCYjnumPiP9cCS2CnA=",
+			"checksumSHA1": "hD8LA+lIAv6MB82Db29L71c2Jjc=",
 			"path": "github.com/jen20/riviera/azure",
-			"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
+			"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
-			"revisionTime": "2016-11-01T10:00:17Z"
+			"revisionTime": "2017-01-04T10:03:54Z"
 		},
 		{
 			"checksumSHA1": "ncdT+1PFEF5ly0niXuQc9/pKzT0=",
 			"path": "github.com/jen20/riviera/dns",
-			"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
+			"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
-			"revisionTime": "2016-11-01T10:00:17Z"
+			"revisionTime": "2017-01-04T10:03:54Z"
 		},
 		{
 			"checksumSHA1": "zVXx6ha3bt0N4ukRbRHXjSl91S4=",
 			"path": "github.com/jen20/riviera/search",
-			"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
+			"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
-			"revisionTime": "2016-11-01T10:00:17Z"
+			"revisionTime": "2017-01-04T10:03:54Z"
 		},
 		{
 			"checksumSHA1": "mD+brnqSfkLheYdGzTUqUi6VWgw=",
 			"path": "github.com/jen20/riviera/sql",
-			"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
+			"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
-			"revisionTime": "2016-11-01T10:00:17Z"
+			"revisionTime": "2017-01-04T10:03:54Z"
 		},
 		{
 			"checksumSHA1": "nKUCquNpJ9ifHgkXoT4K3Xar6R8=",
 			"path": "github.com/jen20/riviera/storage",
-			"revision": "04d3aa8ac7df6c05dbfeaf5344f754f31a7e711f",
+			"revision": "7ee711f4d8cc27b811bde3907614ecd86e98c9bc",
-			"revisionTime": "2016-11-01T10:00:17Z"
+			"revisionTime": "2017-01-04T10:03:54Z"
 		},
 		{
 			"comment": "0.2.2-2-gc01cf91",

website/source/docs/providers/azurerm/index.html.markdown

@@ -76,6 +76,13 @@ The following arguments are supported:
 * `tenant_id` - (Optional) The tenant ID to use. It can also be sourced from the
   `ARM_TENANT_ID` environment variable.
 
+* `environment` - (Optional) The cloud environment to use. It can also be sourced
+  from the `ARM_ENVIRONMENT` environment variable. Supported values are:
+  * `public` (default)
+  * `usgovernment`
+  * `german`
+  * `china`
+  
 * `skip_provider_registration` - (Optional) Prevents the provier from registering
   the ARM provider namespaces, this can be used if you don't wish to give the Active
   Directory Application permission to register resource providers. It can also be