Add parameter 'cloud_type' to azure_keyvault_secret.py (#1517)

* Add parameter 'cloud_type' to azure_keyvault_secret.py

* Remove blank line

plugins/lookup/azure_keyvault_secret.py

@@ -34,6 +34,8 @@
         description: Tenant id of service principal.
     use_msi:
         description: MSI token autodiscover, default is true.
+    cloud_type:
+        description: Specify which cloud, such as C(azure), C(usgovcloudapi).
 notes:
     - If version is not provided, this plugin will return the latest version of the secret.
     - If ansible is running on Azure Virtual Machine with MSI enabled, client_id, secret and tenant isn't required.
@@ -51,6 +53,10 @@
   debug:
     msg: msg: "{{ lookup('azure.azcollection.azure_keyvault_secret', 'testsecret', vault_url=key_vault_uri)}}"
 
+- name: Look up secret with cloud type
+  debug:
+    msg: msg: "{{ lookup('azure.azcollection.azure_keyvault_secret', 'testsecret', cloud_type='usgovcloudapi', vault_url=key_vault_uri)}}"
+
 - name: Look up secret when ansible host is MSI enabled Azure VM
   debug:
     msg: "the value of this secret is {{
@@ -133,15 +139,6 @@
 
 logger = logging.getLogger("azure.identity").setLevel(logging.ERROR)
 
-token_params = {
-    'api-version': '2018-02-01',
-    'resource': 'https://vault.azure.net'
-}
-
-token_headers = {
-    'Metadata': 'true'
-}
-
 
 def lookup_secret_non_msi(terms, vault_url, kwargs):
 
@@ -178,6 +175,15 @@ def run(self, terms, variables, **kwargs):
         TOKEN_ACQUIRED = False
         token = None
 
+        token_params = {
+            'api-version': '2018-02-01',
+            'resource': 'https://vault.{0}.net'.format(kwargs.get('cloud_type', 'azure'))
+        }
+
+        token_headers = {
+            'Metadata': 'true'
+        }
+
         if use_msi:
             try:
                 token_res = requests.get('http://169.254.169.254/metadata/identity/oauth2/token',