Azure Creds: Honors the documented default behavior (again) (hashicor…

…p#2190)

Fixes hashicorp#2189: `environment` defaults to Azure Public Cloud

Ideally this would be drawn from Vault Server, but the documented
default there is to point at Azure Public Cloud. This seems like a
decent compromise.

Signed-off-by: David Alexander <opensource@thelonelyghost.com>

CHANGELOG.md

@@ -1,5 +1,8 @@
 ## Unreleased
 
+BUGS:
+* fix `vault_azure_access_credentials` to default to Azure Public Cloud ([#2190](https://github.com/hashicorp/terraform-provider-vault/pull/2190))
+
 ## 4.0.0 (Mar 13, 2024)
 
 **Important**: This release requires read policies to be set at the path level for mount metadata.

vault/data_source_azure_access_credentials.go

@@ -125,7 +125,7 @@ func azureAccessCredentialsDataSource() *schema.Resource {
 				Type:     schema.TypeString,
 				Optional: true,
 				Description: `The Azure environment to use during credential validation.
-Defaults to the environment configured in the Vault backend.
+Defaults to the Azure Public Cloud.
 Some possible values: AzurePublicCloud, AzureUSGovernmentCloud`,
 			},
 		},
@@ -313,6 +313,9 @@ func azureAccessCredentialsDataSourceRead(ctx context.Context, d *schema.Resourc
 }
 
 func getAzureCloudConfigFromName(name string) (cloud.Configuration, error) {
+	if name == "" {
+		return cloud.AzurePublic, nil
+	}
 	if c, ok := azureCloudConfigMap[strings.ToUpper(name)]; !ok {
 		return c, fmt.Errorf("unsupported Azure cloud name %q", name)
 	} else {

vault/data_source_azure_access_credentials_test.go

@@ -173,6 +173,12 @@ func Test_getAzureCloudConfigFromName(t *testing.T) {
 			cloudName: "unknown",
 			wantErr:   true,
 		},
+		{
+			name:      "empty",
+			cloudName: "",
+			want:      cloud.AzurePublic,
+			wantErr:   false,
+		},
 	}
 	for k, v := range azureCloudConfigMap {
 		tests = append(tests, test{