[QUERY] What is the recommended way to configure a BlobContainerClientBuilder to use a non-public cloud?

[fabiim]

Query/Question
Hi all, I'm a bit lost on how to configure a BlobContainerClientBuilder to connect to different clouds.

1. Is there any way I can use the AZURE_CLOUD environment variable for that?
2. If I can't use the environment variable do I need to do anything other than setup the endpoint AND the authority host (in DefaultAzureCredentialBuilder()) ?

Setup (please complete the following information if applicable):

• Library/Libraries: latest

Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

• Query Added
• Setup information Added

[joshfree]

Here's a quick example of how to override the end points. You can also use the com.azure.core.amangement.AzureEnvironment class to get different endpoints.

import com.azure.storage.blob.BlobContainerClientBuilder;
import com.azure.identity.ManagedIdentityCredential;
import com.azure.identity.ManagedIdentityCredentialBuilder;

public class BlobStorageConfig {
    /**
     * Configures a BlobContainerClientBuilder using Managed Identity authentication.
     *
     * @param containerName The name of the blob container. Must be between 3-63 characters,
     *                     start with a letter or number, and can contain only lowercase letters,
     *                     numbers, and dashes. Example: "my-container-name"
     * 
     * @param endpointUrl The complete URL to your blob storage endpoint. Format varies by environment:
     *                    - Azure Stack Hub: 
     *                      https://[account-name].blob.[region].[stack-domain]
     *                      Example: https://myaccount.blob.east.azurestack.contoso.com
     *                    
     *                    - Private Azure Cloud: 
     *                      https://[account-name].blob.core.[private-dns-zone]
     *                      Example: https://myaccount.blob.core.private.cloud.contoso.com
     *                    
     *                    - Custom Endpoint:
     *                      Any valid HTTPS endpoint that accepts Azure Blob storage API requests
     *                      Example: https://storage.internal.company.com
     *
     * @param clientId Optional: The client ID of a user-assigned managed identity.
     *                Pass null to use system-assigned managed identity.
     * 
     * @return Configured BlobContainerClientBuilder instance
     */
    public BlobContainerClientBuilder configureBlobClient(
            String containerName,
            String endpointUrl,
            String clientId) {
        
        // Create ManagedIdentityCredential
        ManagedIdentityCredential credential;
        if (clientId != null && !clientId.isEmpty()) {
            // Use user-assigned managed identity
            credential = new ManagedIdentityCredentialBuilder()
                .clientId(clientId)
                .build();
        } else {
            // Use system-assigned managed identity
            credential = new ManagedIdentityCredentialBuilder()
                .build();
        }

        // Configure the blob container client builder
        return new BlobContainerClientBuilder()
            .credential(credential)
            .containerName(containerName)
            .endpoint(endpointUrl);
    }

    // Example usage
    public static void main(String[] args) {
        // Container name example: lowercase letters, numbers, and dashes only
        String containerName = "user-uploads-2024";

        // Example endpoint URLs for different environments:
        
        // Azure Stack Hub example
        String azureStackEndpoint = "https://myaccount.blob.eastus.azurestack.contoso.com";
        
        // Private cloud example
        String privateCloudEndpoint = "https://myaccount.blob.core.private.cloud.contoso.com";
        
        // Custom endpoint example
        String customEndpoint = "https://storage.internal.company.com";

        // Choose the appropriate endpoint for your environment
        String endpointUrl = azureStackEndpoint;  // Change this to your actual endpoint
        
        // Optional: client ID for user-assigned managed identity
        String clientId = null;

        BlobStorageConfig config = new BlobStorageConfig();
        BlobContainerClientBuilder builder = config.configureBlobClient(
            containerName,
            endpointUrl,
            clientId
        );

        // Create the client
        BlobContainerClient containerClient = builder.buildClient();
    }
}

[github-actions]

Hi @fabiim. Thank you for opening this issue and giving us the opportunity to assist. We believe that this has been addressed. If you feel that further discussion is needed, please add a comment with the text "/unresolve" to remove the "issue-addressed" label and continue the conversation.

[fabiim]

/unresolve

Thanks for the help @joshfree . I missed that you can have different blob DNS names beyond the variation of the other cloud types (like gov).

I am still unsure what to do about authentication.
In my case, the user will launch my app and can configure the credentials through whatever is supported by DefaultAzureCredential. If the user uses a non-public cloud setup, he can specify the blob storage endpoint. Will he need to give me the authorityHost endpoint (the one I pass to DefaultAzureCredentialBuilder#authorityHost for some or all types of authentication?