This repository has been archived by the owner on Oct 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 522
/
tenantid.go
54 lines (46 loc) · 1.99 KB
/
tenantid.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT license.
package engine
import (
"context"
"net/http"
"regexp"
"time"
"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2016-06-01/subscriptions"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
)
// GetTenantID figures out the AAD tenant ID of the subscription by making an
// unauthenticated request to the Get Subscription Details endpoint and parses
// the value from WWW-Authenticate header.
// TODO this should probably to to the armhelpers library
func GetTenantID(resourceManagerEndpoint string, subscriptionID string) (string, error) {
const hdrKey = "WWW-Authenticate"
c := subscriptions.NewClientWithBaseURI(resourceManagerEndpoint)
log.Debugf("Resolving tenantID for subscriptionID: %s", subscriptionID)
// we expect this request to fail (err != nil), but we are only interested
// in headers, so surface the error if the Response is not present (i.e.
// network error etc)
ctx, cancel := context.WithTimeout(context.Background(), time.Minute*150)
defer cancel()
subs, err := c.Get(ctx, subscriptionID)
if subs.Response.Response == nil {
return "", errors.Wrap(err, "Request failed")
}
// Expecting 401 StatusUnauthorized here, just read the header
if subs.StatusCode != http.StatusUnauthorized {
return "", errors.Errorf("Unexpected response from Get Subscription: %v", subs.StatusCode)
}
hdr := subs.Header.Get(hdrKey)
if hdr == "" {
return "", errors.Errorf("Header %v not found in Get Subscription response", hdrKey)
}
// Example value for hdr:
// Bearer authorization_uri="https://login.windows.net/996fe9d1-6171-40aa-945b-4c64b63bf655", error="invalid_token", error_description="The authentication failed because of missing 'Authorization' header."
r := regexp.MustCompile(`authorization_uri=".*/([0-9a-f\-]+)"`)
m := r.FindStringSubmatch(hdr)
if m == nil {
return "", errors.Errorf("Could not find the tenant ID in header: %s %q", hdrKey, hdr)
}
return m[1], nil
}