Allow usage in non-public clouds (Azure#45310)

* Allow usage in non-public clouds

* Changelogs

* Update sdk/cosmos/azure-cosmos-spark_3_2-12/src/test/scala/com/azure/cosmos/spark/CosmosConfigSpec.scala

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update ClientMetricsTest.java

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

Author: FabianMeiswinkel

sdk/cosmos/azure-cosmos-spark_3-3_2-12/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ### 4.37.2 (2025-05-13)
 
+#### Features Added
+* Added option to use the connector in non-public Azure clouds. - See [PR 45310](https://github.com/Azure/azure-sdk-for-java/pull/45310)
+
 #### Bugs Fixed
 * Fixed an issue during bulk write operations that could result in failing the Spark job in `BulkWriter.flushAndClose` too eagerly in certain cases. - See [PR 44992](https://github.com/Azure/azure-sdk-for-java/pull/44992)
 * Fixed hang issue in `CosmosPagedIterable#handle` by preventing race conditions in underlying subscription of `Flux<FeedResponse>`. - [PR 45290](https://github.com/Azure/azure-sdk-for-java/pull/45290)

sdk/cosmos/azure-cosmos-spark_3-4_2-12/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ### 4.37.2 (2025-05-13)
 
+#### Features Added
+* Added option to use the connector in non-public Azure clouds. - See [PR 45310](https://github.com/Azure/azure-sdk-for-java/pull/45310)
+
 #### Bugs Fixed
 * Fixed an issue during bulk write operations that could result in failing the Spark job in `BulkWriter.flushAndClose` too eagerly in certain cases. - See [PR 44992](https://github.com/Azure/azure-sdk-for-java/pull/44992)
 * Fixed hang issue in `CosmosPagedIterable#handle` by preventing race conditions in underlying subscription of `Flux<FeedResponse>`. - [PR 45290](https://github.com/Azure/azure-sdk-for-java/pull/45290)

sdk/cosmos/azure-cosmos-spark_3-5_2-12/CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ### 4.37.2 (2025-05-13)
 
+#### Features Added
+* Added option to use the connector in non-public Azure clouds. - See [PR 45310](https://github.com/Azure/azure-sdk-for-java/pull/45310)
+
 #### Bugs Fixed
 * Fixed an issue during bulk write operations that could result in failing the Spark job in `BulkWriter.flushAndClose` too eagerly in certain cases. - See [PR 44992](https://github.com/Azure/azure-sdk-for-java/pull/44992)
 * Fixed hang issue in `CosmosPagedIterable#handle` by preventing race conditions in underlying subscription of `Flux<FeedResponse>`. - [PR 45290](https://github.com/Azure/azure-sdk-for-java/pull/45290)

sdk/cosmos/azure-cosmos-spark_3_2-12/docs/AAD-Auth.md

@@ -33,6 +33,13 @@ To enable managed identity support out-of-the-box, the Spark environment needs t
 | `spark.cosmos.account.tenantId`          | None        | The `AAD TenantId` of the Azure Cosmos DB account resource specified under `spark.cosmos.accountEndpoint`. This parameter is required for all management operations when using AAD / Microsoft Entra ID authentication.                                           |
 | `spark.cosmos.account.resourceGroupName` | None        | The  simple resource group name (not the full qualified one) of the Azure Cosmos DB account resource specified under `spark.cosmos.accountEndpoint`. This parameter is required for all management operations when using AAD / Microsoft Entra ID authentication. |
 
+#### Non-public clouds
+For non-public clouds the `spark.cosmos.account.azureEnvironment` config value need to be set to `Custom`and the config entries `spark.cosmos.account.azureEnvironment.management` and `spark.cosmos.account.azureEnvironment.aad` have to be specified to the correct values for the non-public cloud.
+
+| Config Property Name                               | Default | Description                                                                                                                                               |
+|:---------------------------------------------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `spark.cosmos.account.azureEnvironment.management` | None    | The Uri of the ARM (Resource Manager) endpoint in the custom cloud - e.g. the corresponding value to `https://management.azure.com/` in the public cloud. |
+| `spark.cosmos.account.azureEnvironment.aad`        | None    | The Uri of the AAD endpoint in the custom cloud - e.g. the corresponding value to `https://login.microsoftonline.com/` in the public cloud.               |
 
 #### Environment variables or system properties
 

sdk/cosmos/azure-cosmos-spark_3_2-12/docs/configuration-reference.md

@@ -2,16 +2,18 @@
 
 
 ## Generic Configuration
-| Config Property Name                     | Default  | Description                                                                                                 |
-|:-----------------------------------------|:---------|:------------------------------------------------------------------------------------------------------------| 
-| `spark.cosmos.accountEndpoint`           | None     | Cosmos DB Account Endpoint Uri                                                                              |
-| `spark.cosmos.accountKey`                | None     | Cosmos DB Account Key                                                                                       |
-| `spark.cosmos.database`                  | None     | Cosmos DB database name                                                                                     |
-| `spark.cosmos.container`                 | None     | Cosmos DB container name                                                                                    |
-| `spark.cosmos.account.subscriptionId`    | None     | The subscriptionId of the Cosmos DB account. Required for `ServicePrincipal` authentication.                |
-| `spark.cosmos.account.tenantId`          | None     | The tenantId of the Cosmos DB account. Required for `ServicePrincipal` authentication.                      |
-| `spark.cosmos.account.resourceGroupName` | None     | The resource group of the Cosmos DB account. Required for `ServicePrincipal` authentication.                |
-| `spark.cosmos.account.azureEnvironment`  | `Azure`  | The azure environment of the Cosmos DB account: `Azure`, `AzureChina`, `AzureUsGovernment`, `AzureGermany`. |
+| Config Property Name                               | Default | Description                                                                                                                                                                                                                                                                                                                       |
+|:---------------------------------------------------|:--------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 
+| `spark.cosmos.accountEndpoint`                     | None    | Cosmos DB Account Endpoint Uri                                                                                                                                                                                                                                                                                                    |
+| `spark.cosmos.accountKey`                          | None    | Cosmos DB Account Key                                                                                                                                                                                                                                                                                                             |
+| `spark.cosmos.database`                            | None    | Cosmos DB database name                                                                                                                                                                                                                                                                                                           |
+| `spark.cosmos.container`                           | None    | Cosmos DB container name                                                                                                                                                                                                                                                                                                          |
+| `spark.cosmos.account.subscriptionId`              | None    | The subscriptionId of the Cosmos DB account. Required for `ServicePrincipal` authentication.                                                                                                                                                                                                                                      |
+| `spark.cosmos.account.tenantId`                    | None    | The tenantId of the Cosmos DB account. Required for `ServicePrincipal` authentication.                                                                                                                                                                                                                                            |
+| `spark.cosmos.account.resourceGroupName`           | None    | The resource group of the Cosmos DB account. Required for `ServicePrincipal` authentication.                                                                                                                                                                                                                                      |
+| `spark.cosmos.account.azureEnvironment`            | `Azure` | The azure environment of the Cosmos DB account: `Azure`, `AzureChina`, `AzureUsGovernment`, `AzureGermany` or `Custom` - when using `Custom` (only needed for non-public clouds) the config entries `spark.cosmos.account.azureEnvironment.management` and `spark.cosmos.account.azureEnvironment.aad` have to also be specified. |
+| `spark.cosmos.account.azureEnvironment.management` | None    | The Uri of the ARM (Resource Manager) endpoint in the custom cloud - e.g. the corresponding value to `https://management.azure.com/` in the public cloud.                                                                                                                                                                         |
+| `spark.cosmos.account.azureEnvironment.aad`        | None    | The Uri of the AAD endpoint in the custom cloud - e.g. the corresponding value to `https://login.microsoftonline.com/` in the public cloud.                                                                                                                                                                                       |
 
 ### AAD Auth Config
 | Config Property Name                 | Default     | Description                                                                                                                                                                                                                                                                                                                                                                                      |

sdk/cosmos/azure-cosmos-spark_3_2-12/src/main/scala/com/azure/cosmos/spark/CosmosConfig.scala

@@ -31,6 +31,7 @@ import org.apache.spark.sql.types.{DataType, NumericType, StructType}
 import java.net.{URI, URISyntaxException, URL}
 import java.time.format.DateTimeFormatter
 import java.time.{Duration, Instant}
+import java.util
 import java.util.{Locale, ServiceLoader}
 import scala.collection.concurrent.TrieMap
 import scala.collection.immutable.{HashSet, List, Map}
@@ -48,6 +49,8 @@ private[spark] object CosmosConfigNames {
   val TenantId = "spark.cosmos.account.tenantId"
   val ResourceGroupName = "spark.cosmos.account.resourceGroupName"
   val AzureEnvironment = "spark.cosmos.account.azureEnvironment"
+  val AzureEnvironmentAAD = "spark.cosmos.account.azureEnvironment.aad"
+  val AzureEnvironmentManagement = "spark.cosmos.account.azureEnvironment.management"
   val AuthType = "spark.cosmos.auth.type"
   val ClientId = "spark.cosmos.auth.aad.clientId"
   val ResourceId = "spark.cosmos.auth.aad.resourceId"
@@ -160,6 +163,8 @@ private[spark] object CosmosConfigNames {
     ClientCertPemBase64,
     ClientCertSendChain,
     AzureEnvironment,
+    AzureEnvironmentAAD,
+    AzureEnvironmentManagement,
     Database,
     Container,
     PreferredRegionsList,
@@ -615,6 +620,18 @@ private object CosmosAccountConfig extends BasicLoggingTrait {
       parseFromStringFunction = resourceGroupName => resourceGroupName,
       helpMessage = "The resource group of the CosmosDB account. Required for `ServicePrincipal` authentication.")
 
+  private val AzureEnvironmentManagementUri = CosmosConfigEntry[String](key = CosmosConfigNames.AzureEnvironmentManagement,
+    defaultValue = None,
+    mandatory = false,
+    parseFromStringFunction = managementUri => managementUri,
+    helpMessage = "The ARM management endpoint to be used when selecting AzureEnvironment `Custom`.")
+
+  private val AzureEnvironmentAadUri = CosmosConfigEntry[String](key = CosmosConfigNames.AzureEnvironmentAAD,
+    defaultValue = None,
+    mandatory = false,
+    parseFromStringFunction = aadUri => aadUri,
+    helpMessage = "The AAD endpoint to be used when selecting AzureEnvironment `Custom`.")
+
   private val AzureEnvironmentTypeEnum = CosmosConfigEntry[java.util.Map[String, String]](key = CosmosConfigNames.AzureEnvironment,
       defaultValue = Option.apply(AzureEnvironment.AZURE.getEndpoints),
       mandatory = false,
@@ -671,7 +688,6 @@ private object CosmosAccountConfig extends BasicLoggingTrait {
     val subscriptionIdOpt = CosmosConfigEntry.parse(cfg, SubscriptionId)
     val resourceGroupNameOpt = CosmosConfigEntry.parse(cfg, ResourceGroupName)
     val tenantIdOpt = CosmosConfigEntry.parse(cfg, TenantId)
-    val azureEnvironmentOpt = CosmosConfigEntry.parse(cfg, AzureEnvironmentTypeEnum)
     val clientBuilderInterceptors = CosmosConfigEntry.parse(cfg, ClientBuilderInterceptors)
     val clientInterceptors = CosmosConfigEntry.parse(cfg, ClientInterceptors)
 
@@ -683,6 +699,34 @@ private object CosmosAccountConfig extends BasicLoggingTrait {
       SparkBridgeImplementationInternal.configureSimpleObjectMapper(true)
     }
 
+    val azureEnvironmentOpt : Option[util.Map[String, String]] = if (cfg.exists(kvp =>
+        CosmosConfigNames.AzureEnvironment.equalsIgnoreCase(kvp._1)
+        && "Custom".equalsIgnoreCase(kvp._2))) {
+
+      val endpoints: util.Map[String, String] = new util.HashMap[String, String]()
+      val mgmtEndpoint = CosmosConfigEntry.parse(cfg, AzureEnvironmentManagementUri)
+      if (mgmtEndpoint.isDefined) {
+        endpoints.put("resourceManagerEndpointUrl", mgmtEndpoint.get)
+      } else {
+        throw new IllegalArgumentException(
+          s"The configuration '${CosmosConfigNames.AzureEnvironmentManagement}' is required when "
+            + "choosing AzureEnvironment 'Custom'.")
+      }
+
+      val aadEndpoint = CosmosConfigEntry.parse(cfg, AzureEnvironmentAadUri)
+      if (aadEndpoint.isDefined) {
+        endpoints.put("activeDirectoryEndpointUrl", aadEndpoint.get)
+      } else {
+        throw new IllegalArgumentException(
+          s"The configuration '${CosmosConfigNames.AzureEnvironmentAAD}' is required when "
+            + "choosing AzureEnvironment 'Custom'.")
+      }
+
+      Option.apply(endpoints)
+    } else {
+      CosmosConfigEntry.parse(cfg, AzureEnvironmentTypeEnum)
+    }
+
     // parsing above already validated these assertions
     assert(endpointOpt.isDefined, s"Parameter '${CosmosConfigNames.AccountEndpoint}' (Uri) is missing.")
     assert(accountName.isDefined, s"Parameter '${CosmosConfigNames.AccountEndpoint}' is missing.")

sdk/cosmos/azure-cosmos-spark_3_2-12/src/test/scala/com/azure/cosmos/spark/CosmosConfigSpec.scala

@@ -227,6 +227,61 @@ class CosmosConfigSpec extends UnitSpec with BasicLoggingTrait {
     }
   }
 
+  "Config Parser" should "parse custom azure environment" in {
+
+    for (authType <- Array("ServicePrinciple", "ServicePrincipal")) {
+      val userConfig = Map(
+        "spark.cosmos.accountEndpoint" -> "https://boson-test.documents.azure.com:443/",
+        "spark.cosmos.auth.type" -> authType,
+        "spark.cosmos.account.subscriptionId" -> testAccountSubscriptionId,
+        "spark.cosmos.account.tenantId" -> testAccountTenantId,
+        "spark.cosmos.account.resourceGroupName" -> testAccountResourceGroupName,
+        "spark.cosmos.auth.aad.clientId" -> testServicePrincipalClientId,
+        "spark.cosmos.auth.aad.clientSecret" -> testServicePrincipalClientSecret,
+        "spark.cosmos.account.azureEnvironment" -> "CuSTom",
+        "spark.cosmos.account.azureEnvironment.AaD" -> "CustomAadEndpoint",
+        "spark.cosmos.account.azureEnvironment.mANagement" -> "CustomARMEndpoint"
+      )
+
+      val userCfgMissingAadEndpoint = userConfig.toMap.filter { case (key, _) => key != "spark.cosmos.account.azureEnvironment.AaD" }
+      try {
+        CosmosAccountConfig.parseCosmosAccountConfig(userCfgMissingAadEndpoint)
+        throw new  IllegalStateException("Should never reach here when AAD endpoint config is missing")
+      } catch {
+        case _: IllegalArgumentException =>
+        case otherError: Throwable => throw otherError
+      }
+
+      val userCfgMissingArmEndpoint = userConfig.toMap.filterKeys(_ != "spark.cosmos.account.azureEnvironment.mANagement")
+      try {
+        CosmosAccountConfig.parseCosmosAccountConfig(userCfgMissingArmEndpoint)
+        throw new IllegalStateException("Should never reach here when ARM endpoint config is missing")
+      } catch {
+        case _: IllegalArgumentException =>
+        case otherError: Throwable => throw otherError
+      }
+
+      val endpointConfig = CosmosAccountConfig.parseCosmosAccountConfig(userConfig)
+
+      endpointConfig.endpoint shouldEqual sampleProdEndpoint
+
+      val servicePrincipalAuthConfig = endpointConfig.authConfig.asInstanceOf[CosmosServicePrincipalAuthConfig]
+      endpointConfig.subscriptionId.get shouldEqual testAccountSubscriptionId
+      servicePrincipalAuthConfig.tenantId shouldEqual testAccountTenantId
+      endpointConfig.resourceGroupName.get shouldEqual testAccountResourceGroupName
+      servicePrincipalAuthConfig.clientId shouldEqual testServicePrincipalClientId
+      servicePrincipalAuthConfig.clientSecret.isDefined shouldEqual true
+      servicePrincipalAuthConfig.clientSecret.get shouldEqual testServicePrincipalClientSecret
+      servicePrincipalAuthConfig.clientCertPemBase64.isDefined shouldEqual false
+      servicePrincipalAuthConfig.sendChain shouldEqual false
+      endpointConfig.accountName shouldEqual "boson-test"
+      endpointConfig.azureEnvironmentEndpoints should not be null
+      endpointConfig.azureEnvironmentEndpoints.size() shouldEqual 2
+      endpointConfig.azureEnvironmentEndpoints.get("activeDirectoryEndpointUrl") shouldEqual "CustomAadEndpoint"
+      endpointConfig.azureEnvironmentEndpoints.get("resourceManagerEndpointUrl") shouldEqual "CustomARMEndpoint"
+    }
+  }
+
   it should "validate account endpoint" in {
     val userConfig = Map(
       "spark.cosmos.accountEndpoint" -> "invalidUrl",

sdk/cosmos/azure-cosmos-spark_3_2-12/test-databricks/notebooks/basicScenarioAad.scala

@@ -23,6 +23,9 @@ val cfg = Map("spark.cosmos.accountEndpoint" -> cosmosEndpoint,
     "spark.cosmos.account.subscriptionId" -> subscriptionId,
     "spark.cosmos.account.tenantId" -> tenantId,
     "spark.cosmos.account.resourceGroupName" -> resourceGroupName,
+    "spark.cosmos.account.azureEnvironment" -> "Custom",
+    "spark.cosmos.account.azureEnvironment.management" -> "https://management.azure.com/",
+    "spark.cosmos.account.azureEnvironment.aad" -> "https://login.microsoftonline.com/",
     "spark.cosmos.auth.aad.clientId" -> clientId,
     "spark.cosmos.auth.aad.clientSecret" -> clientSecret,
     "spark.cosmos.database" -> cosmosDatabaseName,
@@ -40,7 +43,10 @@ val cfgWithAutoSchemaInference = Map("spark.cosmos.accountEndpoint" -> cosmosEnd
     "spark.cosmos.database" -> cosmosDatabaseName,
     "spark.cosmos.container" -> cosmosContainerName,
     "spark.cosmos.read.inferSchema.enabled" -> "true",
-    "spark.cosmos.enforceNativeTransport" -> "true"
+    "spark.cosmos.enforceNativeTransport" -> "true",
+    "spark.cosmos.account.azureEnvironment" -> "Custom",
+    "spark.cosmos.account.azureEnvironment.management" -> "https://management.azure.com/",
+    "spark.cosmos.account.azureEnvironment.aad" -> "https://login.microsoftonline.com/"
 )
 
 // COMMAND ----------