diff --git a/changelog/unreleased/issue-2468 b/changelog/unreleased/issue-2468 new file mode 100644 index 000000000..56555a136 --- /dev/null +++ b/changelog/unreleased/issue-2468 @@ -0,0 +1,10 @@ +Enhancement: Add support for non-global Azure clouds + +Restic backups on Azure only supported storages using the global domain +`core.windows.net`. This meant that backups to other domains such as Azure +China (`core.chinacloudapi.cn') or Azure Germany (`core.cloudapi.de`) were +not supported. Restic now allows overriding the global domain using the +environment variable `AZURE_ENDPOINT_SUFFIX'. + +https://github.com/restic/restic/issues/2468 +https://github.com/restic/restic/pull/4387 diff --git a/doc/030_preparing_a_new_repo.rst b/doc/030_preparing_a_new_repo.rst index a871ee507..c944264c8 100644 --- a/doc/030_preparing_a_new_repo.rst +++ b/doc/030_preparing_a_new_repo.rst @@ -537,6 +537,13 @@ or $ export AZURE_ACCOUNT_NAME= $ export AZURE_ACCOUNT_SAS= +Restic will by default use Azure's global domain ``core.windows.net`` as endpoint suffix. +You can specify other suffixes as follows: + +.. code-block:: console + + $ export AZURE_ENDPOINT_SUFFIX= + Afterwards you can initialize a repository in a container called ``foo`` in the root path like this: diff --git a/doc/040_backup.rst b/doc/040_backup.rst index c09307da0..7856875f0 100644 --- a/doc/040_backup.rst +++ b/doc/040_backup.rst @@ -614,6 +614,7 @@ environment variables. The following lists these environment variables: AZURE_ACCOUNT_NAME Account name for Azure AZURE_ACCOUNT_KEY Account key for Azure AZURE_ACCOUNT_SAS Shared access signatures (SAS) for Azure + AZURE_ENDPOINT_SUFFIX Endpoint suffix for Azure Storage (default: core.windows.net) GOOGLE_PROJECT_ID Project ID for Google Cloud Storage GOOGLE_APPLICATION_CREDENTIALS Application Credentials for Google Cloud Storage (e.g. $HOME/.config/gs-secret-restic-key.json) diff --git a/internal/backend/azure/azure.go b/internal/backend/azure/azure.go index a9267a945..661dd505d 100644 --- a/internal/backend/azure/azure.go +++ b/internal/backend/azure/azure.go @@ -53,7 +53,13 @@ func open(cfg Config, rt http.RoundTripper) (*Backend, error) { var client *azContainer.Client var err error - url := fmt.Sprintf("https://%s.blob.core.windows.net/%s", cfg.AccountName, cfg.Container) + var endpointSuffix string + if cfg.EndpointSuffix != "" { + endpointSuffix = cfg.EndpointSuffix + } else { + endpointSuffix = "core.windows.net" + } + url := fmt.Sprintf("https://%s.blob.%s/%s", cfg.AccountName, endpointSuffix, cfg.Container) opts := &azContainer.ClientOptions{ ClientOptions: azcore.ClientOptions{ Transport: &http.Client{Transport: rt}, diff --git a/internal/backend/azure/config.go b/internal/backend/azure/config.go index 6786ec626..d819b35aa 100644 --- a/internal/backend/azure/config.go +++ b/internal/backend/azure/config.go @@ -13,11 +13,12 @@ import ( // Config contains all configuration necessary to connect to an azure compatible // server. type Config struct { - AccountName string - AccountSAS options.SecretString - AccountKey options.SecretString - Container string - Prefix string + AccountName string + AccountSAS options.SecretString + AccountKey options.SecretString + EndpointSuffix string + Container string + Prefix string Connections uint `option:"connections" help:"set a limit for the number of concurrent connections (default: 5)"` } @@ -71,4 +72,8 @@ func (cfg *Config) ApplyEnvironment(prefix string) { if cfg.AccountSAS.String() == "" { cfg.AccountSAS = options.NewSecretString(os.Getenv(prefix + "AZURE_ACCOUNT_SAS")) } + + if cfg.EndpointSuffix == "" { + cfg.EndpointSuffix = os.Getenv(prefix + "AZURE_ENDPOINT_SUFFIX") + } }