Support for Azure Government Cloud in azure-blob CAS backend

[JeffResc]

Summary

Currently, the chainloop cas-backend add azure-blob command only works with the default commercial Azure environment (*.blob.core.windows.net).
When attempting to register an Azure Blob backend in the Azure Government Cloud (*.blob.core.usgovcloudapi.net), Chainloop fails with DNS resolution errors:

failed to create Blob storage Container: 
Put "https://<account>.blob.core.windows.net/...": 
dial tcp: lookup <account>.blob.core.windows.net: no such host

This happens because Chainloop always assumes the public Azure cloud endpoint and does not provide a way to specify an alternate endpoint or cloud environment.

Steps to Reproduce

chainloop cas-backend add azure-blob \
  --client-id <client-id> \
  --client-secret <secret> \
  --tenant <tenant-id> \
  --storage-account <gov-storage-account> \
  --container chainloop-cas \
  --name azure-blob-usgov

Result:
Fails with DNS error because it tries to reach .blob.core.windows.net instead of .blob.core.usgovcloudapi.net.

Expected Behavior

Allow specifying Azure sovereign cloud environments, at minimum, the Azure Government endpoint (core.usgovcloudapi.net), so that users with US Gov storage accounts can register them as valid CAS backends.

Proposed Solution

Add one of the following:

• A new flag, e.g.:
  • --endpoint-suffix core.usgovcloudapi.net
  • or --cloud azuregovernment

[migmartri]

Thanks @JeffResc

Would you be interested in contributing to this? We could assist.

We have a similar functionality in AWS provider, where you can add a hostname to support any s3 compatible backend i.e minio, cloudflare, etc. So I believe we could follow the same pattern.

Just let me know and we'll be happy to send you some pointers. In the meantime, this would be a good place to start.