[New API] Tables Sovereign Cloud Support (Azure#45246)

* Introducing TableAudience

* Adding tests and updating TableAudience api

* Update spacing

* Add Javadoc for `getDefaultScope`

* Fixing checkstyle violations

* Adding license header

* Removing necessary comment

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/TableClientBuilder.java

Co-authored-by: vcolin7 <[email protected]>

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/TableServiceClientBuilder.java

Co-authored-by: vcolin7 <[email protected]>

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/models/TableAudience.java

Co-authored-by: vcolin7 <[email protected]>

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/models/TableAudience.java

Co-authored-by: vcolin7 <[email protected]>

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/models/TableAudience.java

Co-authored-by: vcolin7 <[email protected]>

* Update sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/models/TableAudience.java

Co-authored-by: vcolin7 <[email protected]>

* Changes from feedback from Alan and Victor

* Spotless updates

* Fixing checkstyle violation

---------

Co-authored-by: vcolin7 <[email protected]>

Author: jairmyree

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/BuilderHelper.java

@@ -34,10 +34,9 @@
 import com.azure.data.tables.implementation.NullHttpClient;
 import com.azure.data.tables.implementation.StorageAuthenticationSettings;
 import com.azure.data.tables.implementation.StorageConnectionString;
-import com.azure.data.tables.implementation.StorageConstants;
 import com.azure.data.tables.implementation.TableBearerTokenChallengeAuthorizationPolicy;
 import com.azure.data.tables.implementation.TableUtils;
-import com.azure.data.tables.implementation.TablesConstants;
+import com.azure.data.tables.models.TableAudience;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -61,10 +60,12 @@ static HttpPipeline buildPipeline(AzureNamedKeyCredential azureNamedKeyCredentia
         RetryPolicy retryPolicy, RetryOptions retryOptions, HttpLogOptions logOptions, ClientOptions clientOptions,
         HttpClient httpClient, List<HttpPipelinePolicy> perCallAdditionalPolicies,
         List<HttpPipelinePolicy> perRetryAdditionalPolicies, Configuration configuration, ClientLogger logger,
-        boolean enableTenantDiscovery) {
+        boolean enableTenantDiscovery, TableAudience audience) {
         configuration = (configuration == null) ? Configuration.getGlobalConfiguration() : configuration;
         logOptions = (logOptions == null) ? new HttpLogOptions() : logOptions;
 
+        audience = (audience != null) ? audience : getDefaulTableAudience(TableUtils.isCosmosEndpoint(endpoint));
+
         if (retryPolicy != null && retryOptions != null) {
             throw logger.logExceptionAsWarning(
                 new IllegalStateException("'retryPolicy' and 'retryOptions' cannot both be set"));
@@ -115,7 +116,7 @@ static HttpPipeline buildPipeline(AzureNamedKeyCredential azureNamedKeyCredentia
             credentialPolicy = new AzureSasCredentialPolicy(new AzureSasCredential(sasToken), false);
         } else if (tokenCredential != null) {
             credentialPolicy = new TableBearerTokenChallengeAuthorizationPolicy(tokenCredential, enableTenantDiscovery,
-                TableUtils.isCosmosEndpoint(endpoint) ? TablesConstants.COSMOS_SCOPE : StorageConstants.STORAGE_SCOPE);
+                audience.getDefaultScope());
         } else {
             throw logger.logExceptionAsError(
                 new IllegalStateException("A form of authentication is required to create a client. Use a builder's "
@@ -210,4 +211,8 @@ private static Tracer createTracer(ClientOptions clientOptions) {
         return TracerProvider.getDefaultProvider()
             .createTracer(CLIENT_NAME, CLIENT_VERSION, TABLES_TRACING_NAMESPACE_VALUE, tracingOptions);
     }
+
+    private static TableAudience getDefaulTableAudience(boolean isCosmosEndpoint) {
+        return isCosmosEndpoint ? TableAudience.AZURE_COSMOS_PUBLIC_CLOUD : TableAudience.AZURE_STORAGE_PUBLIC_CLOUD;
+    }
 }

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/TableClientBuilder.java

@@ -31,6 +31,7 @@
 import com.azure.data.tables.implementation.StorageEndpoint;
 import com.azure.data.tables.implementation.TablesJacksonSerializer;
 import com.azure.data.tables.implementation.TablesMultipartSerializer;
+import com.azure.data.tables.models.TableAudience;
 
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -194,6 +195,7 @@ public final class TableClientBuilder
     private RetryPolicy retryPolicy;
     private RetryOptions retryOptions;
     private boolean enableTenantDiscovery;
+    private TableAudience audience;
 
     /**
      * Creates a builder instance that is able to configure and construct {@link TableClient} and
@@ -273,7 +275,7 @@ public TableClient buildClient() {
             : BuilderHelper.buildPipeline(namedKeyCredential != null ? namedKeyCredential : azureNamedKeyCredential,
                 azureSasCredential, tokenCredential, sasToken, endpoint, retryPolicy, retryOptions, httpLogOptions,
                 clientOptions, httpClient, perCallPolicies, perRetryPolicies, configuration, logger,
-                enableTenantDiscovery);
+                enableTenantDiscovery, audience);
 
         return new TableClient(tableName, pipeline, endpoint, serviceVersion, TABLES_SERIALIZER,
             TRANSACTIONAL_BATCH_SERIALIZER);
@@ -350,7 +352,7 @@ public TableAsyncClient buildAsyncClient() {
             : BuilderHelper.buildPipeline(namedKeyCredential != null ? namedKeyCredential : azureNamedKeyCredential,
                 azureSasCredential, tokenCredential, sasToken, endpoint, retryPolicy, retryOptions, httpLogOptions,
                 clientOptions, httpClient, perCallPolicies, perRetryPolicies, configuration, logger,
-                enableTenantDiscovery);
+                enableTenantDiscovery, audience);
 
         return new TableAsyncClient(tableName, pipeline, endpoint, serviceVersion, TABLES_SERIALIZER,
             TRANSACTIONAL_BATCH_SERIALIZER);
@@ -744,4 +746,17 @@ public TableClientBuilder enableTenantDiscovery() {
 
         return this;
     }
+
+    /**
+     * Sets the {@link TableAudience} to use when authenticating with the Azure Tables service.
+     *
+     * @param audience The {@link TableAudience} to use when authenticating with the Table Service.
+     *
+     * @return The updated {@link TableClientBuilder}.
+     */
+    public TableClientBuilder audience(TableAudience audience) {
+        this.audience = audience;
+
+        return this;
+    }
 }

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/TableServiceClientBuilder.java

@@ -30,6 +30,7 @@
 import com.azure.data.tables.implementation.StorageAuthenticationSettings;
 import com.azure.data.tables.implementation.StorageConnectionString;
 import com.azure.data.tables.implementation.StorageEndpoint;
+import com.azure.data.tables.models.TableAudience;
 
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -184,6 +185,7 @@ public final class TableServiceClientBuilder implements TokenCredentialTrait<Tab
     private RetryPolicy retryPolicy;
     private RetryOptions retryOptions;
     private boolean enableTenantDiscovery;
+    private TableAudience audience;
 
     /**
      * Creates a builder instance that is able to configure and construct {@link TableServiceClient} and
@@ -286,7 +288,7 @@ private HttpPipeline prepareClient() {
             : BuilderHelper.buildPipeline(namedKeyCredential != null ? namedKeyCredential : azureNamedKeyCredential,
                 azureSasCredential, tokenCredential, sasToken, endpoint, retryPolicy, retryOptions, httpLogOptions,
                 clientOptions, httpClient, perCallPolicies, perRetryPolicies, configuration, logger,
-                enableTenantDiscovery);
+                enableTenantDiscovery, audience);
 
         return pipeline;
     }
@@ -655,4 +657,16 @@ public TableServiceClientBuilder enableTenantDiscovery() {
 
         return this;
     }
+
+    /**
+     * Sets the {@link TableAudience audience} for the Azure Tables service.
+     *
+     * @param audience The {@link TableAudience audience} for the Azure Tables service.
+     * @return The updated {@link TableServiceClientBuilder}.
+     */
+    public TableServiceClientBuilder audience(TableAudience audience) {
+        this.audience = audience;
+
+        return this;
+    }
 }

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/implementation/StorageConstants.java

@@ -72,8 +72,6 @@ private StorageConstants() {
      */
     public static final int BUFFER_COPY_LENGTH = 8 * KB;
 
-    public static final String STORAGE_SCOPE = "https://storage.azure.com/.default";
-
     public static final String STORAGE_LOG_STRING_TO_SIGN = "Azure-Storage-Log-String-To-Sign";
 
     /**

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/implementation/TablesConstants.java

@@ -71,7 +71,7 @@ public final class TablesConstants {
     /**
      * Scope for Cosmos endpoints.
      */
-    public static final String COSMOS_SCOPE = "https://cosmos.azure.com/.default";
+    public static final String DEFAULT_SCOPE = "/.default";
 
     /**
      * Private constructor so this class cannot be instantiated.

sdk/tables/azure-data-tables/src/main/java/com/azure/data/tables/models/TableAudience.java

@@ -0,0 +1,100 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+package com.azure.data.tables.models;
+
+import com.azure.core.util.ExpandableStringEnum;
+import com.azure.core.util.logging.ClientLogger;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+
+/**
+ * Defines the audience for the Azure Tables service.
+ * <p>
+ * This class is used to specify the audience when creating clients.
+ * <p>
+ * The audience can be one of the following:
+ * <ul>
+ *     <li>AZURE_STORAGE_PUBLIC_CLOUD</li>
+ *     <li>AZURE_STORAGE_CHINA</li>
+ *     <li>AZURE_STORAGE_US_GOVERNMENT</li>
+ *     <li>AZURE_COSMOS_PUBLIC_CLOUD</li>
+ *     <li>AZURE_COSMOS_CHINA</li>
+ *     <li>AZURE_COSMOS_US_GOVERNMENT</li>
+ * </ul>
+ */
+public class TableAudience extends ExpandableStringEnum<TableAudience> {
+
+    /**
+     * The audience for the Azure Storage service in the public cloud.
+     */
+    public static final TableAudience AZURE_STORAGE_PUBLIC_CLOUD = fromString("https://storage.azure.com");
+
+    /**
+     * The audience for the Azure Storage service in China.
+     */
+    public static final TableAudience AZURE_STORAGE_CHINA = fromString("https://storage.azure.cn");
+
+    /**
+     * The audience for the Azure Storage service in the US government cloud.
+     */
+    public static final TableAudience AZURE_STORAGE_US_GOVERNMENT = fromString("https://storage.azure.us");
+
+    /**
+     * The audience for the Azure Cosmos service in the public cloud.
+     */
+    public static final TableAudience AZURE_COSMOS_PUBLIC_CLOUD = fromString("https://cosmos.azure.com");
+    /**
+     * The audience for the Azure Cosmos service in China.
+     */
+    public static final TableAudience AZURE_COSMOS_CHINA = fromString("https://cosmos.azure.cn");
+    /**
+     * The audience for the Azure Cosmos service in the US government cloud.
+     */
+    public static final TableAudience AZURE_COSMOS_US_GOVERNMENT = fromString("https://cosmos.azure.us");
+
+    private static final ClientLogger LOGGER = new ClientLogger(TableAudience.class);
+
+    /**
+     * @deprecated The audience is for the public.
+     */
+    @Deprecated
+    TableAudience() {
+        // This constructor is deprecated and should not be used.
+    }
+
+    /**
+     * Gets the default scope for the audience.
+     * <p>
+     * The default scope is the audience URI string with "/.default" appended to it.
+     *
+     * @return The default scope for the audience as a string.
+     */
+    public String getDefaultScope() {
+        try {
+            URI uri = new URI(this.toString());
+            String scheme = uri.getScheme();
+            String host = uri.getHost();
+            if (scheme != null && host != null) {
+                return scheme + "://" + host + "/.default";
+            } else {
+                throw LOGGER.logExceptionAsError(new IllegalArgumentException("Invalid scope: " + this.toString()));
+            }
+        } catch (URISyntaxException e) {
+            // Handle the exception
+            throw LOGGER.logExceptionAsError(new RuntimeException("Invalid URI syntax: " + this.toString(), e));
+
+        }
+    }
+
+    /**
+     * Creates a new instance of TableAudience.
+     *
+     * @param audience The audience string.
+     * @return A new instance of TableAudience.
+     */
+    public static TableAudience fromString(String audience) {
+        return fromString(audience, TableAudience.class);
+    }
+
+}

sdk/tables/azure-data-tables/src/test/java/com/azure/data/tables/TableAudienceTests.java

@@ -0,0 +1,51 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+package com.azure.data.tables;
+
+import com.azure.data.tables.models.TableAudience;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.CsvSource;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class TableAudienceTests {
+
+    @Test
+    public void testStorageAudiences() {
+        TableAudience audience = TableAudience.AZURE_STORAGE_PUBLIC_CLOUD;
+        assertEquals("https://storage.azure.com/.default", audience.getDefaultScope());
+
+        audience = TableAudience.AZURE_STORAGE_CHINA;
+        assertEquals("https://storage.azure.cn/.default", audience.getDefaultScope());
+
+        audience = TableAudience.AZURE_STORAGE_US_GOVERNMENT;
+        assertEquals("https://storage.azure.us/.default", audience.getDefaultScope());
+    }
+
+    @Test
+    public void testCosmosAudiences() {
+        TableAudience audience = TableAudience.AZURE_COSMOS_PUBLIC_CLOUD;
+        assertEquals("https://cosmos.azure.com/.default", audience.getDefaultScope());
+
+        audience = TableAudience.AZURE_COSMOS_CHINA;
+        assertEquals("https://cosmos.azure.cn/.default", audience.getDefaultScope());
+
+        audience = TableAudience.AZURE_COSMOS_US_GOVERNMENT;
+        assertEquals("https://cosmos.azure.us/.default", audience.getDefaultScope());
+    }
+
+    @ParameterizedTest
+    @CsvSource({
+        "https://cosmos.azure.nz/, https://cosmos.azure.nz/.default",
+        "https://cosmos.azure.nz, https://cosmos.azure.nz/.default",
+        "https://cosmos.azure.nz/.default, https://cosmos.azure.nz/.default",
+        "https://storage.azure.nz/, https://storage.azure.nz/.default",
+        "https://storage.azure.nz, https://storage.azure.nz/.default",
+        "https://storage.azure.nz/.default, https://storage.azure.nz/.default" })
+    public void testCustomAudience(String customAudienceString, String expectedDefaultScope) {
+        TableAudience audience = TableAudience.fromString(customAudienceString);
+        assertEquals(expectedDefaultScope, audience.getDefaultScope());
+    }
+
+}