feat: C.2 - Add Azure support (Key Vault + App Configuration) #136
Description
Parent Issue
Part of #128
Summary
Add support for Azure Key Vault (secrets) and Azure App Configuration (parameters).
Prerequisites
- All Phase A issues (feat: A.1 - Define Scope type for multi-cloud support #132, feat: A.2 - Define Model types (Parameter, Secret) #134, feat: A.3 - Define Provider interfaces #137)
- All Phase B issues (feat: B.1 - Implement AWS Adapter #133, feat: B.2 - Add Scope support to Store #138, feat: B.3 - Update UseCase layer to use Model types #139)
CLI Commands
Key Vault (Secrets)
suve azure --resource-group=my-rg keyvault --vault=my-vault show my-secret
suve azure --resource-group=my-rg keyvault --vault=my-vault log my-secret
suve azure --resource-group=my-rg keyvault --vault=my-vault diff my-secret
suve azure --resource-group=my-rg keyvault --vault=my-vault list
# Staging
suve azure --resource-group=my-rg keyvault --vault=my-vault stage add my-secret
# Alias
suve az --resource-group=my-rg keyvault --vault=my-vault show my-secretApp Configuration (Parameters)
suve azure --resource-group=my-rg appconfig --store=my-store show my-key
suve azure --resource-group=my-rg appconfig --store=my-store list
# Staging
suve azure --resource-group=my-rg appconfig --store=my-store stage add my-key
# Alias
suve az --resource-group=my-rg appconfig --store=my-store show my-keyVersion Specification
| Service | Version Format | Notes |
|---|---|---|
| Key Vault | UUID-like (hex) | No labels |
| App Configuration | None | Snapshots only, no versioning |
Directory Structure
internal/
├── provider/
│ └── azure/
│ ├── keyvault/
│ │ ├── adapter.go
│ │ └── convert.go
│ └── appconfig/
│ ├── adapter.go
│ └── convert.go
├── version/
│ └── azurekeyvaultversion/
│ └── parser.go
└── cli/
└── commands/
└── azure/
├── app.go
├── keyvault/
│ ├── show.go
│ ├── log.go
│ ├── diff.go
│ └── list.go
└── appconfig/
├── show.go
└── list.go
Flag Resolution
Resource Group
func resolveResourceGroup(flag string) (string, error) {
if flag != "" {
return flag, nil
}
if v := os.Getenv("AZURE_DEFAULTS_GROUP"); v != "" {
return v, nil
}
out, err := exec.Command("az", "config", "get", "defaults.group", "-o", "tsv").Output()
if err == nil && len(out) > 0 {
return strings.TrimSpace(string(out)), nil
}
return "", errors.New("--resource-group required")
}Vault (no default)
func resolveVault(flag string) (string, error) {
if flag != "" {
return flag, nil
}
return "", errors.New("--vault required")
}Store
func resolveStore(flag string) (string, error) {
if flag != "" {
return flag, nil
}
out, err := exec.Command("az", "config", "get", "defaults.app_configuration_store", "-o", "tsv").Output()
if err == nil && len(out) > 0 {
return strings.TrimSpace(string(out)), nil
}
return "", errors.New("--store required")
}Scope
Key Vault
- Implement
internal/provider/azure/keyvault/adapter - Add version spec parser for Key Vault
- Implement staging support
App Configuration
- Implement
internal/provider/azure/appconfig/adapter - Handle lack of versioning (snapshots only)
- Implement staging support
Common
- Add
azurecommand withazalias - Add E2E tests with emulators