Azure · jackfrancis · Feb 22, 2018 · Feb 15, 2018 · Feb 16, 2018 · Feb 16, 2018
diff --git a/pkg/armhelpers/azureclient.go b/pkg/armhelpers/azureclient.go
@@ -31,9 +31,6 @@ import (
 )
 
 const (
-	// AcsEngineClientID is the AAD ClientID for the CLI native application
-	AcsEngineClientID = "76e0feec-6b7f-41f0-81a7-b1b944520261"
-
 	// ApplicationDir is the name of the dir where the token is cached
 	ApplicationDir = ".acsengine"
 )
@@ -74,11 +71,14 @@ func NewAzureClientWithDeviceAuth(env azure.Environment, subscriptionID string)
 		return nil, err
 	}
 
+	// AcsEngineClientID is the AAD ClientID for the CLI native application
+	acsEngineClientID := getAcsEngineClientID(env.Name)
+
 	home, err := homedir.Dir()
 	if err != nil {
 		return nil, fmt.Errorf("Failed to get user home directory to look for cached token: %q", err)
 	}
-	cachePath := filepath.Join(home, ApplicationDir, "cache", fmt.Sprintf("%s_%s.token.json", tenantID, AcsEngineClientID))
+	cachePath := filepath.Join(home, ApplicationDir, "cache", fmt.Sprintf("%s_%s.token.json", tenantID, acsEngineClientID))
 
 	rawToken, err := tryLoadCachedToken(cachePath)
 	if err != nil {
@@ -87,15 +87,15 @@ func NewAzureClientWithDeviceAuth(env azure.Environment, subscriptionID string)
 
 	var armSpt *adal.ServicePrincipalToken
 	if rawToken != nil {
-		armSpt, err = adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, AcsEngineClientID, env.ServiceManagementEndpoint, *rawToken, tokenCallback(cachePath))
+		armSpt, err = adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, acsEngineClientID, env.ServiceManagementEndpoint, *rawToken, tokenCallback(cachePath))
 		if err != nil {
 			return nil, err
 		}
 		err = armSpt.Refresh()
 		if err != nil {
 			log.Warnf("Refresh token failed. Will fallback to device auth. %q", err)
 		} else {
-			graphSpt, err := adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, AcsEngineClientID, env.GraphEndpoint, armSpt.Token)
+			graphSpt, err := adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, acsEngineClientID, env.GraphEndpoint, armSpt.Token)
 			if err != nil {
 				return nil, err
 			}
@@ -107,7 +107,7 @@ func NewAzureClientWithDeviceAuth(env azure.Environment, subscriptionID string)
 
 	client := &autorest.Client{}
 
-	deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, AcsEngineClientID, env.ServiceManagementEndpoint)
+	deviceCode, err := adal.InitiateDeviceAuth(client, *oauthConfig, acsEngineClientID, env.ServiceManagementEndpoint)
 	if err != nil {
 		return nil, err
 	}
@@ -117,15 +117,15 @@ func NewAzureClientWithDeviceAuth(env azure.Environment, subscriptionID string)
 		return nil, err
 	}
 
-	armSpt, err = adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, AcsEngineClientID, env.ServiceManagementEndpoint, *deviceToken, tokenCallback(cachePath))
+	armSpt, err = adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, acsEngineClientID, env.ServiceManagementEndpoint, *deviceToken, tokenCallback(cachePath))
 	if err != nil {
 		return nil, err
 	}
 	armSpt.Refresh()
 
 	adRawToken := armSpt.Token
 	adRawToken.Resource = env.GraphEndpoint
-	graphSpt, err := adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, AcsEngineClientID, env.GraphEndpoint, adRawToken)
+	graphSpt, err := adal.NewServicePrincipalTokenFromManualToken(*oauthConfig, acsEngineClientID, env.GraphEndpoint, adRawToken)
 	if err != nil {
 		return nil, err
 	}
@@ -252,6 +252,16 @@ func getOAuthConfig(env azure.Environment, subscriptionID string) (*adal.OAuthCo
 	return oauthConfig, tenantID, nil
 }
 
+func getAcsEngineClientID(envName string) string {
+	switch envName {
+	case "AzureUSGovernmentCloud":
+		// TODO: Replace with AppId for Azure US Government Cloud
+		return "76e0feec-6b7f-41f0-81a7-b1b944520261"
+	default:
+		return "76e0feec-6b7f-41f0-81a7-b1b944520261"
+	}
+}
+
 func getClient(env azure.Environment, subscriptionID, tenantID string, armSpt *adal.ServicePrincipalToken, graphSpt *adal.ServicePrincipalToken) *AzureClient {
 	c := &AzureClient{
 		environment:    env,