out_azure_kusto: add region-based auth for global and China cloud

[venkatesu-t]

Added Authentication based on two different clouds, Azure global and Azure china

Direct log ingestion from Fluent Bit to Azure Data Explorer via the azure_kusto plugin previously supported only Azure Global, as token generation relied on the Global Azure authentication authority.

Azure China uses a different authentication host, which was not supported by the existing Fluent Bit image, preventing direct ingestion into China cloud clusters.

This change adds support for Azure China cloud by updating the authentication configuration, enabling direct ingestion to Azure Data Explorer in China cloud.

Testing
Before we can approve your change; please submit the following in a comment:

• [ N/A] Example configuration file for the change
• Debug log output from testing the change
  Use case1: Using Global ingestion endpoint
  Config file used

Output :

Use case2: Using China ingestion endpoint
Config file used

Output:

• [ N/A] Attached Valgrind output that shows no leaks or memory corruption was found

If this is a change to packaging of containers or native binaries then please confirm it works for all targets.

Backporting

• Backport to latest stable release.

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• New Features

  • Added explicit support for Azure China cloud alongside Azure Global.

• Improvements

  • Automatic cloud environment detection from ingestion endpoint.
  • Cloud-aware authentication: scopes, token endpoints and managed identity resource selection adapt per cloud at runtime.
  • OAuth/MSI URL construction now adjusts to the detected cloud.

• Tests

  • Added tests validating cloud environment inference for Global and China.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds cloud-environment awareness to the Azure Kusto plugin: new cloud enum and per-cloud macros/helpers, detection of Global vs China from ingestion endpoints, and runtime selection of cloud-specific MSAL auth URL templates, OAuth scopes, and IMDS resources across config, MSI, and OAuth flows. Two tests added to validate cloud inference.

Changes

Cohort / File(s)	Summary
Cloud Environment Configuration Infrastructure plugins/out_azure_kusto/azure_kusto.h	Add flb_azure_cloud_environment enum; per-cloud macros for Kusto scope, MSAL auth URL templates, and IMDS resources; add cloud_environment to struct flb_azure_kusto; add static inline helpers to retrieve scope and IMDS resource by cloud.
Dynamic Scope Usage in Plugin Core plugins/out_azure_kusto/azure_kusto.c	Replace hard-coded OAuth2 scope with runtime scope from flb_azure_kusto_get_scope(ctx->cloud_environment) and use actual scope length when building token payload.
Config, Detection and URL Construction plugins/out_azure_kusto/azure_kusto_conf.c	Infer cloud_environment from ingestion_endpoint (detect chinacloudapi.cn); select MSAL auth URL template and IMDS resource per cloud; allocate and build OAuth/MSI URLs using the chosen templates/resources.
MSI / Workload Identity Auth Adjustments plugins/out_azure_kusto/azure_msiauth.c, plugins/out_azure_kusto/azure_msiauth.h	Replace fixed scope in workload identity token flows with cloud-aware scope selection; parameterize MSI auth URL template resource field (%s) to substitute IMDS resource dynamically.
Tests — Cloud Inference tests/runtime/out_azure_kusto.c	Add tests flb_test_azure_kusto_cloud_global_inference and flb_test_azure_kusto_cloud_china_inference, and register them in TEST_LIST to validate cloud detection and behavior.

Sequence Diagram

sequenceDiagram
    participant Config as Configuration Handler
    participant Detector as Cloud Detector
    participant Helpers as Cloud Helpers
    participant Auth as OAuth/MSI Client

    Config->>Detector: parse ingestion_endpoint
    Detector-->>Config: return cloud_environment (GLOBAL / CHINA)
    Config->>Helpers: request MSAL template, IMDS resource, scope (cloud_environment)
    Helpers-->>Config: return template / resource / scope
    Config->>Auth: build OAuth/MSI request with returned values
    Auth->>Auth: append cloud-specific scope/resource and request token

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Suggested reviewers

• edsiper
• cosmo0920
• patrick-stephens

Poem

🐰 I sniffed endpoints beneath the moonlit log,
Two cloud trails split the auth-bound fog.
I swapped the scope and tuned each URL fine,
From global plains to chinacloud's brine.
The rabbit hops — the tokens hum and shine.

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 54.55% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (122 files): ⚔️ .github/scripts/commit_prefix_check.py (content) ⚔️ .github/scripts/tests/test_commit_lint.py (content) ⚔️ .github/workflows/call-build-windows.yaml (content) ⚔️ .github/workflows/call-windows-unit-tests.yaml (content) ⚔️ .github/workflows/cron-unstable-build.yaml (content) ⚔️ CMakeLists.txt (content) ⚔️ benchmarks/CMakeLists.txt (content) ⚔️ cmake/libraries.cmake (content) ⚔️ cmake/plugins_options.cmake (content) ⚔️ cmake/windows-setup.cmake (content) ⚔️ dockerfiles/Dockerfile.centos7 (content) ⚔️ include/CMakeLists.txt (content) ⚔️ include/fluent-bit/flb_config_map.h (content) ⚔️ lib/cmetrics/CMakeLists.txt (content) ⚔️ lib/cmetrics/src/cmt_encode_opentelemetry.c (content) ⚔️ lib/cprofiles/.github/workflows/build.yaml (content) ⚔️ lib/cprofiles/.github/workflows/lint.yaml (content) ⚔️ lib/cprofiles/.github/workflows/packages.yaml (content) ⚔️ lib/cprofiles/CMakeLists.txt (content) ⚔️ lib/cprofiles/include/cprofiles/cprof_encode_text.h (content) ⚔️ lib/cprofiles/src/cprof_decode_opentelemetry.c (content) ⚔️ lib/cprofiles/src/cprof_encode_opentelemetry.c (content) ⚔️ lib/cprofiles/src/cprof_encode_text.c (content) ⚔️ lib/cprofiles/src/cprof_opentelemetry_variant_helpers.c (content) ⚔️ lib/cprofiles/src/cprof_profile.c (content) ⚔️ lib/cprofiles/src/cprof_sample.c (content) ⚔️ lib/cprofiles/tests/CMakeLists.txt (content) ⚔️ lib/cprofiles/tests/opentelemetry_transcoder.c (content) ⚔️ lib/ctraces/.github/workflows/build.yaml (content) ⚔️ lib/ctraces/.github/workflows/lint.yaml (content) ⚔️ lib/ctraces/.github/workflows/packages.yaml (content) ⚔️ lib/ctraces/CMakeLists.txt (content) ⚔️ lib/fluent-otel-proto/CMakeLists.txt (content) ⚔️ lib/fluent-otel-proto/README.md (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/logs/v1/logs_service.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/logs/v1/logs_service.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/metrics/v1/metrics_service.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/metrics/v1/metrics_service.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/profiles/v1development/profiles_service.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/profiles/v1development/profiles_service.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/trace/v1/trace_service.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/collector/trace/v1/trace_service.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/common/v1/common.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/common/v1/common.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/logs/v1/logs.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/logs/v1/logs.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/metrics/v1/metrics.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/metrics/v1/metrics.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/profiles/v1development/profiles.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/profiles/v1development/profiles.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/resource/v1/resource.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/resource/v1/resource.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/trace/v1/trace.pb-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/opentelemetry/proto/trace/v1/trace.pb-c.h (content) ⚔️ lib/fluent-otel-proto/proto_c/protobuf-c/protobuf-c.c (content) ⚔️ lib/fluent-otel-proto/proto_c/protobuf-c/protobuf-c.h (content) ⚔️ lib/fluent-otel-proto/src/CMakeLists.txt (content) ⚔️ packaging/distros/centos/Dockerfile (content) ⚔️ plugins/CMakeLists.txt (content) ⚔️ plugins/custom_calyptia/calyptia.c (content) ⚔️ plugins/filter_kubernetes/kube_conf.c (content) ⚔️ plugins/filter_log_to_metrics/log_to_metrics.c (content) ⚔️ plugins/filter_log_to_metrics/log_to_metrics.h (content) ⚔️ plugins/in_collectd/netprot.c (content) ⚔️ plugins/in_http/http.c (content) ⚔️ plugins/in_http/http.h (content) ⚔️ plugins/in_http/http_prot.c (content) ⚔️ plugins/in_kubernetes_events/kubernetes_events.c (content) ⚔️ plugins/in_opentelemetry/opentelemetry.c (content) ⚔️ plugins/in_opentelemetry/opentelemetry_logs.c (content) ⚔️ plugins/in_opentelemetry/opentelemetry_prot.c (content) ⚔️ plugins/in_splunk/splunk.c (content) ⚔️ plugins/in_storage_backlog/sb.c (content) ⚔️ plugins/in_tail/tail.c (content) ⚔️ plugins/in_tail/tail_config.c (content) ⚔️ plugins/in_tail/tail_config.h (content) ⚔️ plugins/in_tail/tail_db.c (content) ⚔️ plugins/in_tail/tail_file.c (content) ⚔️ plugins/in_winevtlog/in_winevtlog.c (content) ⚔️ plugins/in_winevtlog/pack.c (content) ⚔️ plugins/in_winevtlog/winevtlog.c (content) ⚔️ plugins/in_winevtlog/winevtlog.h (content) ⚔️ plugins/out_azure_kusto/azure_kusto.c (content) ⚔️ plugins/out_azure_kusto/azure_kusto.h (content) ⚔️ plugins/out_azure_kusto/azure_kusto_conf.c (content) ⚔️ plugins/out_azure_kusto/azure_kusto_ingest.c (content) ⚔️ plugins/out_azure_kusto/azure_msiauth.c (content) ⚔️ plugins/out_azure_kusto/azure_msiauth.h (content) ⚔️ plugins/out_cloudwatch_logs/cloudwatch_api.c (content) ⚔️ plugins/out_datadog/datadog_remap.c (content) ⚔️ plugins/out_oracle_log_analytics/oci_logan_conf.c (content) ⚔️ plugins/out_stackdriver/stackdriver.c (content) ⚔️ plugins/out_stackdriver/stackdriver.h (content) ⚔️ plugins/out_stackdriver/stackdriver_conf.c (content) ⚔️ plugins/out_stdout/stdout.c (content) ⚔️ plugins/processor_content_modifier/cm_traces.c (content) ⚔️ plugins/processor_labels/labels.c (content) ⚔️ plugins/processor_sampling/sampling_tail.c (content) ⚔️ src/CMakeLists.txt (content) ⚔️ src/aws/flb_aws_util.c (content) ⚔️ src/flb_filter.c (content) ⚔️ src/flb_lock.c (content) ⚔️ src/flb_log.c (content) ⚔️ src/flb_log_event_encoder.c (content) ⚔️ src/flb_metrics.c (content) ⚔️ src/flb_processor.c (content) ⚔️ src/flb_sds.c (content) ⚔️ src/fluent-bit.c (content) ⚔️ src/tls/flb_tls.c (content) ⚔️ src/tls/openssl.c (content) ⚔️ tests/internal/CMakeLists.txt (content) ⚔️ tests/internal/aws_util.c (content) ⚔️ tests/internal/flb_tests_internal.h.in (content) ⚔️ tests/internal/input_chunk.c (content) ⚔️ tests/internal/input_chunk_routes.c (content) ⚔️ tests/runtime/core_internal_logger.c (content) ⚔️ tests/runtime/custom_calyptia_registration_retry_test.c (content) ⚔️ tests/runtime/in_forward.c (content) ⚔️ tests/runtime/in_http.c (content) ⚔️ tests/runtime/in_podman_metrics.c (content) ⚔️ tests/runtime/out_azure_kusto.c (content) ⚔️ tests/runtime_shell/processor_conditional.sh (content) These conflicts must be resolved before merging into master.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding region-based authentication support for both Global and China clouds in the Azure Kusto plugin.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

fluent-bit/plugins/out_azure_kusto/azure_kusto_conf.c

Lines 836 to 837 in 10ec400

	flb_sds_snprintf(&ctx->oauth_url, flb_sds_alloc(ctx->oauth_url),
	FLB_AZURE_MSIAUTH_URL_TEMPLATE, "", "");

Pass resource arg when formatting MSI auth URL

The MSI URL template now includes a third %s for the IMDS resource (FLB_AZURE_MSIAUTH_URL_TEMPLATE in azure_msiauth.h), but this call (and the user-assigned branch below) still passes only two arguments. With the extra %s, vsnprintf reads an invalid pointer, producing a corrupted URL or crashing, so managed-identity auth will fail (both global and China). Please pass the resource string (e.g., get_imds_resource(ctx->cloud_environment)) when formatting.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@plugins/out_azure_kusto/azure_msiauth.c`:
- Around line 180-188: The two flb_sds_cat calls in azure_msiauth.c are passing
-1 which causes memcpy overflow; update the first call to pass the literal byte
length of the constant (use (int)(sizeof("&scope=") - 1)) instead of -1, and
ensure the second flb_sds_cat uses (int)strlen(scope) (or equivalent) rather
than relying on -1/implicit conversion; modify the calls that construct body
(referencing flb_sds_cat and flb_azure_kusto_get_scope) to use explicit positive
int lengths for both the "&scope=" string and the scope variable.

In `@plugins/out_azure_kusto/azure_msiauth.h`:
- Around line 23-24: The FLB_AZURE_MSIAUTH_URL_TEMPLATE has three %s
placeholders but the two call sites in azure_kusto_conf.c use only two
arguments; update both sprintf/http URL constructions that reference
FLB_AZURE_MSIAUTH_URL_TEMPLATE to pass the resource parameter as the third
argument (e.g., use the existing resource variable in the context such as
ctx->resource or the constant used for Kusto/AAD resource) so the format
receives three strings: the optional prefix ("", "&client_id="), the client_id
when applicable, and the resource string.

[venkatesu-t]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/out_azure_kusto/azure_kusto_conf.c (1)

833-868: Fix oauth_url sizing: pointer sizeof and missing imds_resource length

Line 860 uses sizeof(tmpl) where tmpl is a const char* pointer (returns ~8 bytes instead of actual string length). Additionally, lines 834, 845, and 860 don't account for imds_resource length in size calculations. Though flb_sds_snprintf has retry logic that auto-grows, undersized allocations trigger unnecessary reallocations.

🛠️ Proposed fix

-            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1);
+            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
+                                                strlen(imds_resource));
 ...
-            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
-                                                sizeof("&client_id=") - 1 +
-                                                flb_sds_len(ctx->client_id));
+            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
+                                                sizeof("&client_id=") - 1 +
+                                                flb_sds_len(ctx->client_id) +
+                                                strlen(imds_resource));
 ...
-        ctx->oauth_url = flb_sds_create_size(sizeof(tmpl) - 1 + flb_sds_len(ctx->tenant_id));
+        ctx->oauth_url = flb_sds_create_size(strlen(tmpl) + flb_sds_len(ctx->tenant_id));

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/out_azure_kusto/azure_kusto_conf.c (1)

833-856: MSI OAuth URL buffer size ignores imds_resource length.

Line 834 and Line 845 allocate based on the template and client_id only. The template now includes a %s for imds_resource, so the buffer can be too small and flb_sds_snprintf may truncate the URL, breaking MSI auth (especially for China endpoints). Include strlen(imds_resource) in the size.

🐛 Proposed fix

-            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1);
+            ctx->oauth_url = flb_sds_create_size(strlen(FLB_AZURE_MSIAUTH_URL_TEMPLATE) +
+                                                 strlen(imds_resource) + 1);
...
-            ctx->oauth_url = flb_sds_create_size(sizeof(FLB_AZURE_MSIAUTH_URL_TEMPLATE) - 1 +
-                                                sizeof("&client_id=") - 1 +
-                                                flb_sds_len(ctx->client_id));
+            ctx->oauth_url = flb_sds_create_size(strlen(FLB_AZURE_MSIAUTH_URL_TEMPLATE) +
+                                                 strlen("&client_id=") +
+                                                 flb_sds_len(ctx->client_id) +
+                                                 strlen(imds_resource) + 1);

🧹 Nitpick comments (1)

plugins/out_azure_kusto/azure_kusto_conf.c (1)

35-52: Remove or use the unused get_kusto_scope helper.

get_kusto_scope isn’t referenced in this file, so a -Wunused-function build can warn/fail. Either wire it into call sites or drop it.

♻️ Proposed cleanup

-static const char *get_kusto_scope(int cloud_env)
-{
-    return flb_azure_kusto_get_scope(cloud_env);
-}
-

[venkatesu-t]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[venkatesu-t]

@cosmo0920 , @edsiper can you please review this PR as this fixes the issue of not able to connect to China azure cloud.

[cosmo0920]

The patch mostly looks good but I found several coding style issues.
Could you take a look them?

[cosmo0920]

Also, our commit linter complains as follows:

 ❌ Commit e9057b757a failed:
Missing prefix in commit subject: 'correct OAuth URL size calculation in Azure Kusto configuration for MSAL'

❌ Commit cbfaf63dd8 failed:
Subject prefix 'fix:' does not match files changed.
Expected one of: out_azure_kusto:

❌ Commit 7e65d49792 failed:
Subject prefix 'fix:' does not match files changed.
Expected one of: out_azure_kusto:

❌ Commit 6185e2b74a failed:
Subject prefix 'azure_kusto:' does not match files changed.
Expected one of: out_azure_kusto:

❌ Commit d880763b71 failed:
Commit subject too long (>80 chars): 'azure_kusto: Added support for region-based(Global and China cloud) authentication for Azure Kusto'

We need to suppress these linter errors.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/out_azure_kusto/azure_msiauth.c (1)

162-162: ⚠️ Potential issue | 🟠 Major

Avoid logging the federated token at info level.

Line 162 logs the full federated token content via %s. This is a bearer credential — logging it even at info level risks credential leakage in production log files.

Suggested fix

-    flb_info("[azure workload identity] after read token from file %s", federated_token);
+    flb_debug("[azure workload identity] federated token read from file (len=%zu)", flb_sds_len(federated_token));

🧹 Nitpick comments (2)

plugins/out_azure_kusto/azure_msiauth.c (1)

180-189: Cloud inference from OAuth2 URL strings is fragile — consider passing cloud_env explicitly.

The flb_oauth2 context doesn't carry cloud_environment, so you're re-deriving it from ctx->host/ctx->uri. This works today because the MSAL host for China contains chinacloudapi.cn, but it couples scope selection to URL substring matching rather than the authoritative cloud_environment value already determined in flb_azure_kusto.

Consider threading cloud_env (or the scope string itself) through the function signature so it doesn't need to be re-inferred:

Sketch

-int flb_azure_workload_identity_token_get(struct flb_oauth2 *ctx, const char *token_file, const char *client_id, const char *tenant_id)
+int flb_azure_workload_identity_token_get(struct flb_oauth2 *ctx, const char *token_file, const char *client_id, const char *tenant_id, int cloud_env)

Then use cloud_env directly instead of the strstr checks.

tests/runtime/out_azure_kusto.c (1)

219-285: Tests only verify startup — no assertion on inferred cloud_environment value.

Both new tests check that flb_start succeeds but never verify that the plugin actually inferred FLB_AZURE_CLOUD_GLOBAL or FLB_AZURE_CLOUD_CHINA. A misconfigured inference (e.g., always defaulting to GLOBAL) would still pass these tests.

If the test harness allows it, consider adding an assertion on the resolved cloud environment or at minimum checking a debug log message that confirms the inferred cloud. Otherwise, acknowledge these are startup-only smoke tests.

[venkatesu-t]

@cosmo0920 , I have addressed the comments mentioned by you. Can you please recheck this PR