Merge pull request #20526 from hashicorp/bugfix/azure-cli-auth-regres…

…sion Bugfix: Azure CLI auth regression
hashicorp · Feb 17, 2023 · 6b3f55d · 6b3f55d
2 parents 7a80ff6 + b0a5809
commit 6b3f55d
Show file tree

Hide file tree

Showing 9 changed files with 101 additions and 26 deletions.
diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.1.2
 	github.com/hashicorp/go-azure-helpers v0.51.0
-	github.com/hashicorp/go-azure-sdk v0.20230217.1092053
+	github.com/hashicorp/go-azure-sdk v0.20230217.1131029
 	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-uuid v1.0.3
 	github.com/hashicorp/go-version v1.6.0

diff --git a/go.sum b/go.sum
@@ -207,8 +207,8 @@ github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brv
 github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg=
 github.com/hashicorp/go-azure-helpers v0.51.0 h1:8KSDGkGnWH6zOT60R3KUqsi0fk1vA7AMunaOUJZMM6k=
 github.com/hashicorp/go-azure-helpers v0.51.0/go.mod h1:lsykLR4KjTUO7MiRmNWiTiX8QQtw3ILjyOvT0f5h3rw=
-github.com/hashicorp/go-azure-sdk v0.20230217.1092053 h1:044WTlqd5eoUYgL9ij7oe5H1kLTCs0D9L3rGWCMsZRY=
-github.com/hashicorp/go-azure-sdk v0.20230217.1092053/go.mod h1:aHinadEuBi04I1i+yvpPMZUxvxRxl5JgBOwlzIIxozU=
+github.com/hashicorp/go-azure-sdk v0.20230217.1131029 h1:QbSLBbv7xpterl93SM4oZX3ptN18DLNfDrPjRIMxMqc=
+github.com/hashicorp/go-azure-sdk v0.20230217.1131029/go.mod h1:aHinadEuBi04I1i+yvpPMZUxvxRxl5JgBOwlzIIxozU=
 github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU=
 github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg=
 github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=

diff --git a/internal/clients/auth.go b/internal/clients/auth.go
@@ -84,6 +84,45 @@ func NewResourceManagerAccount(ctx context.Context, config auth.Credentials, sub
 		tenantId = config.TenantID
 	}
 
+	// Finally, defer to Azure CLI to obtain tenant ID, subscription ID and client ID when not specified and missing from claims
+	realAuthorizer := authorizer
+	if cache, ok := authorizer.(*auth.CachedAuthorizer); ok {
+		realAuthorizer = cache.Source
+	}
+	if cli, ok := realAuthorizer.(*auth.AzureCliAuthorizer); ok {
+		// Use the tenant ID from Azure CLI when otherwise unknown
+		if tenantId == "" {
+			if cli.TenantID == "" {
+				return nil, fmt.Errorf("azure-cli could not determine tenant ID to use")
+			}
+			tenantId = cli.TenantID
+			log.Printf("[DEBUG] Using tenant ID from Azure CLI: %q", tenantId)
+		}
+
+		// Use the subscription ID from Azure CLI when otherwise unknown
+		if subscriptionId == "" {
+			if cli.DefaultSubscriptionID == "" {
+				return nil, fmt.Errorf("azure-cli could not determine subscription ID to use and no subscription was specified")
+			}
+
+			subscriptionId = cli.DefaultSubscriptionID
+			log.Printf("[DEBUG] Using default subscription ID from Azure CLI: %q", subscriptionId)
+		}
+
+		// Use the Azure CLI client ID
+		if id, ok := config.Environment.MicrosoftAzureCli.AppId(); ok {
+			clientId = *id
+			log.Printf("[DEBUG] Using client ID from Azure CLI: %q", clientId)
+		}
+	}
+
+	if tenantId == "" {
+		return nil, fmt.Errorf("unable to configure ResourceManagerAccount: tenant ID could not be determined and was not specified")
+	}
+	if subscriptionId == "" {
+		return nil, fmt.Errorf("unable to configure ResourceManagerAccount: subscription ID could not be determined and was not specified")
+	}
+
 	account := ResourceManagerAccount{
 		Environment: config.Environment,
 

diff --git a/internal/clients/builder.go b/internal/clients/builder.go
@@ -130,8 +130,8 @@ func Build(ctx context.Context, builder ClientBuilder) (*Client, error) {
 		Environment: builder.AuthConfig.Environment,
 		Features:    builder.Features,
 
-		SubscriptionId:   builder.SubscriptionID,
-		TenantId:         builder.AuthConfig.TenantID,
+		SubscriptionId:   account.SubscriptionId,
+		TenantId:         account.TenantId,
 		PartnerId:        builder.PartnerID,
 		TerraformVersion: builder.TerraformVersion,
 

diff --git a/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/autorest/auth.go b/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/autorest/auth.go
diff --git a/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/azure_cli_authorizer.go b/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/azure_cli_authorizer.go
diff --git a/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/managed_identity_authorizer.go b/vendor/github.com/hashicorp/go-azure-sdk/sdk/auth/managed_identity_authorizer.go
diff --git a/vendor/github.com/hashicorp/go-azure-sdk/sdk/internal/azurecli/azcli.go b/vendor/github.com/hashicorp/go-azure-sdk/sdk/internal/azurecli/azcli.go
diff --git a/vendor/modules.txt b/vendor/modules.txt
@@ -159,7 +159,7 @@ github.com/hashicorp/go-azure-helpers/resourcemanager/zones
 github.com/hashicorp/go-azure-helpers/resourceproviders
 github.com/hashicorp/go-azure-helpers/sender
 github.com/hashicorp/go-azure-helpers/storage
-# github.com/hashicorp/go-azure-sdk v0.20230217.1092053
+# github.com/hashicorp/go-azure-sdk v0.20230217.1131029
 ## explicit; go 1.19
 github.com/hashicorp/go-azure-sdk/resource-manager/aad/2021-05-01/domainservices
 github.com/hashicorp/go-azure-sdk/resource-manager/aadb2c/2021-04-01-preview