Support Azure CLI authentication for MS Graph

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320
 	github.com/hashicorp/go-uuid v1.0.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.3
-	github.com/manicminer/hamilton v0.0.0-20201214022947-cbad180256ed
+	github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310
 )
 
 go 1.14

go.sum

@@ -248,8 +248,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
 github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw=
-github.com/manicminer/hamilton v0.0.0-20201214022947-cbad180256ed h1:2YMBfabym01GCls5y8+QmcPj8XbbfFHSv1hVL+BrlFY=
-github.com/manicminer/hamilton v0.0.0-20201214022947-cbad180256ed/go.mod h1:3+kIF2LZiDNEUtnO+r6FyFhYPebiZ3galn6Wwm5wKUU=
+github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310 h1:xQ5fjkWxxPLWQCrwGs9GP1j2FNmrn618vOuHHzUGGzI=
+github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310/go.mod h1:3+kIF2LZiDNEUtnO+r6FyFhYPebiZ3galn6Wwm5wKUU=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=

internal/clients/builder.go

@@ -31,7 +31,7 @@ func (b *ClientBuilder) Build(ctx context.Context) (*Client, error) {
 	if getAuthenticatedObjectID := b.AadAuthConfig.GetAuthenticatedObjectID; getAuthenticatedObjectID != nil {
 		v, err := getAuthenticatedObjectID(ctx)
 		if err != nil {
-			return nil, fmt.Errorf("Error getting authenticated object ID: %v", err)
+			return nil, fmt.Errorf("getting authenticated object ID: %v", err)
 		}
 		objectID = v
 	}
@@ -77,10 +77,19 @@ func (b *ClientBuilder) Build(ctx context.Context) (*Client, error) {
 		if err != nil {
 			return nil, err
 		}
+
+		// Obtain the tenant ID from Azure CLI
+		if cli, ok := o.MsGraphAuthorizer.(auth.AzureCliAuthorizer); ok {
+			if cli.TenantID == "" {
+				return nil, fmt.Errorf("azure-cli could not determine tenant ID to use")
+			}
+
+			// TODO: v2.0 set the provider tenantId from here, for now we use the one returned by go-azure-helpers
+		}
 	}
 
 	if err := client.build(ctx, o); err != nil {
-		return nil, fmt.Errorf("Error building Client: %+v", err)
+		return nil, fmt.Errorf("building client: %+v", err)
 	}
 
 	return &client, nil

internal/provider/provider.go

@@ -207,14 +207,14 @@ func providerConfigure(p *schema.Provider) schema.ConfigureContextFunc {
 			authConfig = &auth.Config{
 				TenantID:               d.Get("tenant_id").(string),
 				ClientID:               d.Get("client_id").(string),
+				ClientCertPassword:     d.Get("client_certificate_password").(string),
+				ClientCertPath:         d.Get("client_certificate_path").(string),
+				ClientSecret:           d.Get("client_secret").(string),
 				EnableAzureCliToken:    true,
-				EnableMsiAuth:          true,
-				MsiEndpoint:            d.Get("msi_endpoint").(string),
 				EnableClientCertAuth:   true,
-				ClientCertPath:         d.Get("client_certificate_path").(string),
-				ClientCertPassword:     d.Get("client_certificate_password").(string),
 				EnableClientSecretAuth: true,
-				ClientSecret:           d.Get("client_secret").(string),
+				EnableMsiAuth:          true, // TODO: not yet supported
+				MsiEndpoint:            d.Get("msi_endpoint").(string),
 			}
 		}
 

vendor/modules.txt

@@ -249,7 +249,7 @@ github.com/jstemmer/go-junit-report/formatter
 github.com/jstemmer/go-junit-report/parser
 # github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd
 github.com/kevinburke/ssh_config
-# github.com/manicminer/hamilton v0.0.0-20201214022947-cbad180256ed
+# github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310
 ## explicit
 github.com/manicminer/hamilton/auth
 github.com/manicminer/hamilton/auth/microsoft