Azure Government Endpoints are not working

[yarick]

Description

Error during execution is 'The subscription '12345678-1234-1234-1234-123456789012' could not be found.

Train and Platform Version

os RHEL7.5
inspec 2.2.20
ruby 2.4.2p198 (2017-09-14 revision 59899) [x86_64-linux]

Replication Case

execute test

inspec exec ./test/integration/default -t azure:// -l=debug --diagnose

inspec profile check

  tag "Default Value": "Generic Resource Test at Azure Gov \n\n\n"
  describe azure_generic_resource(group_name: ENV.fetch('AZURE_RG'), name: 'vm') do
    its('location') { should eq 'usgovvirginia' }
  end

Possible Solutions

according to tcpdump, inspec performs lookups for azure instead of azuregov, verified ip addresses to which connection is made is the same address provided by dns resolution, assumption is made inspec is connecting to azure endpoints instead of azuregov

Stacktrace

https://gist.github.com/yarick/983adc75570948cd30cc4d40c028ee57

<script src="https://gist.github.com/yarick/983adc75570948cd30cc4d40c028ee57.js"></script>

inspec exec ./test/integration/default -t azure:// -l=debug --diagnose
InSpec version: 2.2.20
Train version: 1.4.15
Command line configuration:
{"target"=>"azure://", "log_level"=>"debug", "diagnose"=>true}
JSON configuration file:
{}
Merged configuration:
{"reporter"=>{"cli"=>{"stdout"=>true}},
"show_progress"=>false,
"color"=>true,
"create_lockfile"=>true,
"backend_cache"=>true,
"type"=>:exec,
"target"=>"azure://",
"log_level"=>"debug",
"diagnose"=>true}

[2018-06-26T11:18:33-04:00] DEBUG: Option backend_cache is enabled
[2018-06-26T11:18:33-04:00] DEBUG: Resolve ./test/integration/default into cache /root/.inspec/cache
[2018-06-26T11:18:33-04:00] DEBUG: Dependency does not exist in the cache ./test/integration/default
[2018-06-26T11:18:33-04:00] DEBUG: Starting run with targets: ["Inspec::Profile"]
[2018-06-26T11:18:33-04:00] DEBUG: Using existing lockfile ./test/integration/default/inspec.lock
[2018-06-26T11:18:33-04:00] DEBUG: Loading ./test/integration/default/controls/M-2.12.rb into #Inspec::ProfileContext:0x0000000003bb93f8
[DEPRECATED] use a specific azure resources instead of 'azure_generic_resource'. See inspec/inspec#3131
[2018-06-26T11:18:34-04:00] DEBUG: Registering rule M-2.12

Profile: AZURE Inspec Demo based on CIS_Microsoft_Azure_Foundations_Benchmark (azure-inspec-demo)
Version: 0.2
Target: azure://12345678-1234-1234-1234-123456789012

× M-2.12: 2.12 Ensure that 'JIT Network Access' is set to 'On' (Scored) (2 failed)
× azure_generic_resource
The subscription '12345678-1234-1234-1234-123456789012' could not be found.
× azure_resource_group
The subscription '12345678-1234-1234-1234-123456789012' could not be found.

Profile Summary: 0 successful controls, 1 control failure, 0 controls skipped
Test Summary: 0 successful, 2 failures, 0 skipped

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We value your input and contribution. Please leave a comment if this issue still affects you.

[omerdemirok]

This should be resolved with the Azure resource pack version v1.22.1. Please see here on how to talk to various supported endpoints and feel free to reopen if there is an issue.