From 23b405b68b36c47e5293767a06a00a3df8fc20ea Mon Sep 17 00:00:00 2001
From: Fuming Zhang <fumingzhang@microsoft.com>
Date: Mon, 15 Jun 2026 11:04:30 +1000
Subject: [PATCH] [AKS] az aks check-acr: Support sovereign clouds that stamp
 AzureStackCloud

Set AZURE_ENVIRONMENT_FILEPATH on the canipull pod so go-autorest can resolve the cloud environment from /etc/kubernetes/akscustom.json on national/sovereign cloud nodes where azure.json reports cloud=AzureStackCloud.
---
 .../azure/cli/command_modules/acs/custom.py       | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/azure-cli/azure/cli/command_modules/acs/custom.py b/src/azure-cli/azure/cli/command_modules/acs/custom.py
index c12d8d48862..bdbe9c30263 100644
--- a/src/azure-cli/azure/cli/command_modules/acs/custom.py
+++ b/src/azure-cli/azure/cli/command_modules/acs/custom.py
@@ -2252,6 +2252,21 @@ def aks_check_acr(cmd, client, resource_group_name, name, acr, node_name=None):
                         "args": ["-v6", acr],
                         "stdin": True,
                         "stdinOnce": True,
+                        # On national/sovereign clouds, node provisioning stamps
+                        # "cloud": "AzureStackCloud" in /etc/kubernetes/azure.json and
+                        # writes the cloud-specific endpoints to a companion
+                        # /etc/kubernetes/akscustom.json (a go-autorest environment file).
+                        # go-autorest's EnvironmentFromName only resolves AzureStackCloud
+                        # when AZURE_ENVIRONMENT_FILEPATH points at that file; otherwise
+                        # canipull aborts with "Unknown Azure cloud name: AzureStackCloud"
+                        # before running any MSI/ACR check. The env var is ignored on public
+                        # clouds (cloud != AzureStackCloud), so this is safe everywhere.
+                        "env": [
+                            {
+                                "name": "AZURE_ENVIRONMENT_FILEPATH",
+                                "value": "/etc/kubernetes/akscustom.json",
+                            }
+                        ],
                         "volumeMounts": [
                             {"name": "azurejson", "mountPath": "/etc/kubernetes"},
                             {"name": "sslcerts", "mountPath": "/etc/ssl/certs"},