cloudfoundry · kathap · Oct 30, 2025 · Oct 22, 2025 · Oct 23, 2025 · Oct 23, 2025
diff --git a/jobs/cloud_controller_clock/spec b/jobs/cloud_controller_clock/spec
@@ -14,6 +14,7 @@ templates:
   cloud_controller_ng.yml.erb: config/cloud_controller_ng.yml
   newrelic.yml.erb: config/newrelic.yml
   stacks.yml.erb: config/stacks.yml
+  blobstore_configs.json.erb: config/blobstore_configs.json
   drain.sh.erb: bin/drain
   ruby_version.sh.erb: bin/ruby_version.sh
   console.erb: bin/console
@@ -172,8 +173,12 @@ properties:
   cc.staging_upload_password:
     description: "User's password used to access internal endpoints of Cloud Controller to upload files when staging"
 
+  cc.resource_pool.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.resource_pool.connection_config:
+      description: "Azure Storage Cli connection hash"
   cc.resource_pool.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.resource_pool.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. Valid keys: ['encryption']."
@@ -218,8 +223,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.packages.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.packages.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.packages.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.packages.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. Valid keys: ['encryption']."
@@ -261,8 +270,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.droplets.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.droplets.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.droplets.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.droplets.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. Valid keys: ['encryption']."
@@ -301,8 +314,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.buildpacks.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.buildpacks.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.buildpacks.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.buildpacks.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. Valid keys: ['encryption']."

diff --git a/jobs/cloud_controller_clock/templates/blobstore_configs.json.erb b/jobs/cloud_controller_clock/templates/blobstore_configs.json.erb
@@ -0,0 +1,54 @@
+<%
+require "json"
+
+def cli_cfg_with_default_timeout(connection_cfg, blobstore_type, default_seconds: 41)
+  cfg = (connection_cfg || {}).dup
+  if blobstore_type == 'storage_cli'
+    if !cfg.key?('put_timeout_in_seconds') || cfg['put_timeout_in_seconds'].to_s.empty?
+      cfg['put_timeout_in_seconds'] = default_seconds.to_s
+    end
+  end
+  cfg
+end
+
+def add(h, key, val)
+  return if val.nil?
+  return if val.respond_to?(:empty?) && val.empty?
+  h[key] = val
+end
+
+def options_for(scope_prefix, provider_prop)
+   provider = p(provider_prop)
+  if provider != "AzureRM"
+    {} # for now: all non-azure providers output an empty JSON object
+  else
+    h = {}
+    h["provider"]       = provider
+    h["account_name"]   = p("#{scope_prefix}.azure_storage_account_name")
+    h["container_name"] = p("#{scope_prefix}.container_name")
+    add(h, "account_key",            p("#{scope_prefix}.azure_storage_access_key"))
+    add(h, "environment",            p("#{scope_prefix}.environment", "AzureCloud"))
+    add(h, "put_timeout_in_seconds", p("#{scope_prefix}.put_timeout_in_seconds", nil))
+
+    # optional passthrough for extra storage-cli flags
+    begin
+      custom = p("#{scope_prefix}.custom", {})
+      if custom.respond_to?(:each)
+        custom.each { |k, v| add(h, k.to_s, v) }
+      end
+    rescue
+      # property might not exist; ignore
+    end
+
+    cli_cfg_with_default_timeout(h, 'storage_cli')
+  end
+end
+
+all = {
+  "buildpacks"    => options_for("cc.buildpacks.connection_config",    "cc.buildpacks.blobstore_provider"),
+  "droplets"      => options_for("cc.droplets.connection_config",      "cc.droplets.blobstore_provider"),
+  "packages"      => options_for("cc.packages.connection_config",      "cc.packages.blobstore_provider"),
+  "resource_pool" => options_for("cc.resource_pool.connection_config", "cc.resource_pool.blobstore_provider"),
+}
+-%>
+<%= JSON.pretty_generate(all) %>
diff --git a/jobs/cloud_controller_clock/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_clock/templates/cloud_controller_ng.yml.erb
@@ -44,6 +44,11 @@ development_mode: false
 external_protocol: <%= p("cc.external_protocol") %>
 external_domain: <%= p("cc.external_host") %>.<%= p("system_domain") %>
 
+storage_cli_config_file_droplets: /var/vcap/jobs/cloud_controller_clock/config/storage_cli_config_droplets.json
+storage_cli_config_file_buildpacks: /var/vcap/jobs/cloud_controller_clock/config/storage_cli_config_buildpacks.json
+storage_cli_config_file_packages: /var/vcap/jobs/cloud_controller_clock/config/storage_cli_config_packages.json
+storage_cli_config_file_resource_pool: /var/vcap/jobs/cloud_controller_clock/config/storage_cli_config_resource_pool.json
+
 jobs:
   global:
     timeout_in_seconds: <%= p("cc.jobs.global.timeout_in_seconds") %>

diff --git a/jobs/cloud_controller_clock/templates/pre-start.sh.erb b/jobs/cloud_controller_clock/templates/pre-start.sh.erb
@@ -23,8 +23,39 @@ function setup_directories {
   chown -R vcap:vcap "$LOG_DIR"
 }
 
+CC_JOB_DIR="/var/vcap/jobs/cloud_controller_clock"
+CONFIG_DIR="${CC_JOB_DIR}/config"
+
+ruby_cmd="${RUBY_CMD:-}"
+if [[ -z "$ruby_cmd" ]]; then ruby_cmd="$(ls -1 /var/vcap/packages/ruby*/bin/ruby 2>/dev/null | sort -V | tail -n1 || true)"; fi
+if [[ -z "$ruby_cmd" ]]; then
+  echo "ERROR: No ruby found (set RUBY_CMD or ensure /var/vcap/packages/ruby*/bin/ruby exists)"
+  exit 1
+fi
+
+write_blobstore_configs() {
+  local cfg_json="${CONFIG_DIR}/blobstore_configs.json"
+  if [[ ! -f "$cfg_json" ]]; then
+    echo "blobstore_configs.json not found at $cfg_json;"
+    return 0
+  fi
+
+  BLOBSTORE_INPUT_CONFIG="$cfg_json" BLOBSTORE_OUTPUT_CONFIG="${CC_JOB_DIR}/config" "$ruby_cmd"  <<'RUBY'
+  require "json"
+  cfg_path = ENV.fetch("BLOBSTORE_INPUT_CONFIG")
+  dest     = ENV.fetch("BLOBSTORE_OUTPUT_CONFIG")
+  data = JSON.parse(File.read(cfg_path))
+
+  %w[buildpacks droplets packages resource_pool].each do |k|
+    out = File.join(dest, "storage_cli_config_#{k}.json")
+    File.write(out, JSON.pretty_generate(data[k] || {}))
+  end
+RUBY
+}
+
 function main {
   setup_directories
+  write_blobstore_configs
 }
 
 main

diff --git a/jobs/cloud_controller_ng/spec b/jobs/cloud_controller_ng/spec
@@ -15,6 +15,7 @@ templates:
   post-restore-unlock.sh.erb: bin/bbr/post-restore-unlock
 
   cloud_controller_ng.yml.erb: config/cloud_controller_ng.yml
+  blobstore_configs.json.erb: config/blobstore_configs.json
   blobstore_waiter.sh.erb: bin/blobstore_waiter.sh
   buildpacks_ca_cert.pem.erb: config/certs/buildpacks_ca_cert.pem
   cloud_controller_api_health_check.erb: bin/cloud_controller_ng_health_check
@@ -115,6 +116,7 @@ provides:
 - name: cloud_controller_internal
   type: cloud_controller_internal
   properties:
+  - cc.buildpacks.blobstore_provider
   - cc.buildpacks.blobstore_type
   - cc.buildpacks.buildpack_directory_key
   - cc.buildpacks.cdn.key_pair_id
@@ -143,6 +145,7 @@ provides:
   - cc.default_stack
   - cc.default_app_lifecycle
   - cc.disable_private_domain_cross_space_context_path_route_sharing
+  - cc.droplets.blobstore_provider
   - cc.droplets.blobstore_type
   - cc.droplets.cdn.key_pair_id
   - cc.droplets.cdn.private_key
@@ -172,6 +175,7 @@ provides:
   - cc.max_annotations_per_resource
   - cc.maximum_health_check_timeout
   - cc.packages.app_package_directory_key
+  - cc.packages.blobstore_provider
   - cc.packages.blobstore_type
   - cc.packages.cdn.key_pair_id
   - cc.packages.cdn.private_key
@@ -187,6 +191,7 @@ provides:
   - cc.packages.webdav_config.private_endpoint
   - cc.packages.webdav_config.public_endpoint
   - cc.packages.webdav_config.username
+  - cc.resource_pool.blobstore_provider
   - cc.resource_pool.blobstore_type
   - cc.resource_pool.cdn.key_pair_id
   - cc.resource_pool.cdn.private_key
@@ -231,7 +236,11 @@ provides:
   - cc.temporary_enable_deprecated_thin_webserver
   - cc.custom_root_links
   - cc.feature_flag_overrides
-
+  - cc.resource_pool.connection_config
+  - cc.packages.connection_config
+  - cc.droplets.connection_config
+  - cc.buildpacks.connection_config
+
 consumes:
 - name: database
   type: database
@@ -512,8 +521,12 @@ properties:
     default: default
     description: "The name of the quota definition CC will fallback on for org and space limits from the list of quota definitions."
 
+  cc.resource_pool.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.resource_pool.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.resource_pool.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.resource_pool.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration."
@@ -560,8 +573,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.packages.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.packages.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.packages.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.packages.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration."
@@ -608,8 +625,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.droplets.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.droplets.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.droplets.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.droplets.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration."
@@ -653,8 +674,12 @@ properties:
     description: "Key pair name for signed download URIs"
     default: ""
 
+  cc.buildpacks.blobstore_provider:
+    description: "The provider of blobstore storage cli to use. Valid values: ['AzureRM']"
+  cc.buildpacks.connection_config:
+    description: "Azure Storage Cli connection hash"
   cc.buildpacks.blobstore_type:
-    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav']"
+    description: "The type of blobstore backing to use. Valid values: ['fog', 'webdav', 'storage-cli']"
     default: "fog"
   cc.buildpacks.fog_aws_storage_options:
     description: "Storage options passed to fog for aws blobstores. See http://docs.cloudfoundry.org/deploying/common/cc-blobstore-config.html#fog-aws-sse for example configuration."

diff --git a/jobs/cloud_controller_ng/templates/blobstore_configs.json.erb b/jobs/cloud_controller_ng/templates/blobstore_configs.json.erb
@@ -0,0 +1,54 @@
+<%
+require "json"
+
+def cli_cfg_with_default_timeout(connection_cfg, blobstore_type, default_seconds: 41)
+  cfg = (connection_cfg || {}).dup
+  if blobstore_type == 'storage_cli'
+    if !cfg.key?('put_timeout_in_seconds') || cfg['put_timeout_in_seconds'].to_s.empty?
+      cfg['put_timeout_in_seconds'] = default_seconds.to_s
+    end
+  end
+  cfg
+end
+
+def add(h, key, val)
+  return if val.nil?
+  return if val.respond_to?(:empty?) && val.empty?
+  h[key] = val
+end
+
+def options_for(scope_prefix, provider_prop)
+  provider = p(provider_prop)
+  if provider != "AzureRM"
+    {} # for now: all non-azure providers output an empty JSON object
+  else
+    h = {}
+    h["provider"]       = provider
+    h["account_name"]   = p("#{scope_prefix}.azure_storage_account_name")
+    h["container_name"] = p("#{scope_prefix}.container_name")
+    add(h, "account_key",            p("#{scope_prefix}.azure_storage_access_key"))
+    add(h, "environment",            p("#{scope_prefix}.environment", "AzureCloud"))
+    add(h, "put_timeout_in_seconds", p("#{scope_prefix}.put_timeout_in_seconds", nil))
+
+    # optional passthrough for extra storage-cli flags
+    begin
+      custom = p("#{scope_prefix}.custom", {})
+      if custom.respond_to?(:each)
+        custom.each { |k, v| add(h, k.to_s, v) }
+      end
+    rescue
+      # property might not exist; ignore
+    end
+
+    cli_cfg_with_default_timeout(h, 'storage_cli')
+  end
+end
+
+all = {
+  "buildpacks"    => options_for("cc.buildpacks.connection_config",    "cc.buildpacks.blobstore_provider"),
+  "droplets"      => options_for("cc.droplets.connection_config",      "cc.droplets.blobstore_provider"),
+  "packages"      => options_for("cc.packages.connection_config",      "cc.packages.blobstore_provider"),
+  "resource_pool" => options_for("cc.resource_pool.connection_config", "cc.resource_pool.blobstore_provider"),
+}
+-%>
+<%= JSON.pretty_generate(all) %>
diff --git a/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb b/jobs/cloud_controller_ng/templates/cloud_controller_ng.yml.erb
@@ -313,6 +313,11 @@ maximum_health_check_timeout: <%= p("cc.maximum_health_check_timeout") %>
 
 stacks_file: /var/vcap/jobs/cloud_controller_ng/config/stacks.yml
 
+storage_cli_config_file_droplets: /var/vcap/jobs/cloud_controller_ng/config/storage_cli_config_droplets.json
+storage_cli_config_file_buildpacks: /var/vcap/jobs/cloud_controller_ng/config/storage_cli_config_buildpacks.json
+storage_cli_config_file_packages: /var/vcap/jobs/cloud_controller_ng/config/storage_cli_config_packages.json
+storage_cli_config_file_resource_pool: /var/vcap/jobs/cloud_controller_ng/config/storage_cli_config_resource_pool.json
+
 shared_isolation_segment_name: <%= p("cc.shared_isolation_segment_name") %>
 
 quota_definitions: <%= p("cc.quota_definitions").to_json %>

diff --git a/jobs/cloud_controller_ng/templates/pre-start.sh.erb b/jobs/cloud_controller_ng/templates/pre-start.sh.erb
@@ -18,6 +18,33 @@ source ${CC_JOB_DIR}/bin/setup_local_blobstore.sh
 
 source "${SCRIPT_DIR}/ruby_version.sh"
 
+ruby_cmd="${RUBY_CMD:-}"
+if [[ -z "$ruby_cmd" ]]; then ruby_cmd="$(ls -1 /var/vcap/packages/ruby*/bin/ruby 2>/dev/null | sort -V | tail -n1 || true)"; fi
+if [[ -z "$ruby_cmd" ]]; then
+  echo "ERROR: No ruby found (set RUBY_CMD or ensure /var/vcap/packages/ruby*/bin/ruby exists)"
+  exit 1
+fi
+
+write_blobstore_configs() {
+  local cfg_json="${CONFIG_DIR}/blobstore_configs.json"
+  if [[ ! -f "$cfg_json" ]]; then
+    echo "blobstore_configs.json not found at $cfg_json;"
+    return 0
+  fi
+
+  BLOBSTORE_INPUT_CONFIG="$cfg_json" BLOBSTORE_OUTPUT_CONFIG="${CC_JOB_DIR}/config" "$ruby_cmd"  <<'RUBY'
+  require "json"
+  cfg_path = ENV.fetch("BLOBSTORE_INPUT_CONFIG")
+  dest     = ENV.fetch("BLOBSTORE_OUTPUT_CONFIG")
+  data = JSON.parse(File.read(cfg_path))
+
+  %w[buildpacks droplets packages resource_pool].each do |k|
+    out = File.join(dest, "storage_cli_config_#{k}.json")
+    File.write(out, JSON.pretty_generate(data[k] || {}))
+  end
+RUBY
+}
+
 function setup_nginx_directories {
   mkdir -p "/var/vcap/sys/run/nginx_cc"
   chown -R vcap:vcap "/var/vcap/sys/run/nginx_cc"
@@ -141,6 +168,7 @@ function start_consul_agent {
 function main {
   start_bosh_dns_or_consul
   setup_directories
+  write_blobstore_configs
   <% if spec.bootstrap && p('cc.run_prestart_migrations') %>
   stack_check
   perform_migration