Merge pull request #175 from whiskeyjay/spobjid

Adds service_principal_object_id attribute to data_source_arm_client_config
hashicorp · Jul 20, 2017 · 905fee3 · 905fee3
2 parents ca915c3 + 7da0be6
commit 905fee3
Show file tree

Hide file tree

Showing 13 changed files with 3,338 additions and 7 deletions.
diff --git a/azurerm/config.go b/azurerm/config.go
@@ -16,6 +16,7 @@ import (
 	"github.com/Azure/azure-sdk-for-go/arm/dns"
 	"github.com/Azure/azure-sdk-for-go/arm/documentdb"
 	"github.com/Azure/azure-sdk-for-go/arm/eventhub"
+	"github.com/Azure/azure-sdk-for-go/arm/graphrbac"
 	"github.com/Azure/azure-sdk-for-go/arm/keyvault"
 	"github.com/Azure/azure-sdk-for-go/arm/network"
 	"github.com/Azure/azure-sdk-for-go/arm/redis"
@@ -113,6 +114,8 @@ type ArmClient struct {
 	sqlElasticPoolsClient sql.ElasticPoolsClient
 
 	appInsightsClient appinsights.ComponentsClient
+
+	servicePrincipalsClient graphrbac.ServicePrincipalsClient
 }
 
 func withRequestLogging() autorest.SendDecorator {
@@ -198,8 +201,15 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 		return nil, err
 	}
 
+	graphSpt, err := adal.NewServicePrincipalToken(*oauthConfig, c.ClientID, c.ClientSecret, env.GraphEndpoint)
+	if err != nil {
+		return nil, err
+	}
+
 	endpoint := env.ResourceManagerEndpoint
 	auth := autorest.NewBearerAuthorizer(spt)
+	graphEndpoint := env.GraphEndpoint
+	graphAuth := autorest.NewBearerAuthorizer(graphSpt)
 
 	// NOTE: these declarations should be left separate for clarity should the
 	// clients be wished to be configured with custom Responders/PollingModess etc...
@@ -515,6 +525,12 @@ func (c *Config) getArmClient() (*ArmClient, error) {
 	ai.Sender = autorest.CreateSender(withRequestLogging())
 	client.appInsightsClient = ai
 
+	spc := graphrbac.NewServicePrincipalsClientWithBaseURI(graphEndpoint, c.TenantID)
+	setUserAgent(&spc.Client)
+	spc.Authorizer = graphAuth
+	spc.Sender = autorest.CreateSender(withRequestLogging())
+	client.servicePrincipalsClient = spc
+
 	return &client, nil
 }
 

diff --git a/azurerm/data_source_arm_client_config.go b/azurerm/data_source_arm_client_config.go
@@ -3,6 +3,8 @@ package azurerm
 import (
 	"time"
 
+	"fmt"
+
 	"github.com/hashicorp/terraform/helper/schema"
 )
 
@@ -23,17 +25,37 @@ func dataSourceArmClientConfig() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"service_principal_object_id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
 		},
 	}
 }
 
 func dataSourceArmClientConfigRead(d *schema.ResourceData, meta interface{}) error {
 	client := meta.(*ArmClient)
+	spClient := client.servicePrincipalsClient
+	// Application & Service Principal is 1:1 per tenant. Since we know the appId (client_id)
+	// here, we can query for the Service Principal whose appId matches.
+	filter := fmt.Sprintf("appId eq '%s'", client.clientId)
+	listResult, listErr := spClient.List(filter)
+
+	if listErr != nil {
+		return fmt.Errorf("Error listing Service Principals: %#v", listErr)
+	}
+
+	if listResult.Value == nil || len(*listResult.Value) != 1 {
+		return fmt.Errorf("Unexpected Service Principal query result: %#v", listResult.Value)
+	}
+
+	servicePrincipal := (*listResult.Value)[0]
 
 	d.SetId(time.Now().UTC().String())
 	d.Set("client_id", client.clientId)
 	d.Set("tenant_id", client.tenantId)
 	d.Set("subscription_id", client.subscriptionId)
+	d.Set("service_principal_object_id", *servicePrincipal.ObjectID)
 
 	return nil
 }
diff --git a/azurerm/data_source_arm_client_config_test.go b/azurerm/data_source_arm_client_config_test.go
@@ -4,6 +4,8 @@ import (
 	"os"
 	"testing"
 
+	"regexp"
+
 	"github.com/hashicorp/terraform/helper/resource"
 	"github.com/hashicorp/terraform/terraform"
 )
@@ -23,6 +25,7 @@ func TestAccAzureRMClientConfig_basic(t *testing.T) {
 					testAzureRMClientConfigAttr("data.azurerm_client_config.current", "client_id", clientId),
 					testAzureRMClientConfigAttr("data.azurerm_client_config.current", "tenant_id", tenantId),
 					testAzureRMClientConfigAttr("data.azurerm_client_config.current", "subscription_id", subscriptionId),
+					testAzureRMClientConfigGUIDAttr("data.azurerm_client_config.current", "service_principal_object_id"),
 				),
 			},
 		},
@@ -43,6 +46,22 @@ func testAzureRMClientConfigAttr(name, key, value string) resource.TestCheckFunc
 	}
 }
 
+func testAzureRMClientConfigGUIDAttr(name, key string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		r, err := regexp.Compile("^[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$")
+		if err != nil {
+			return err
+		}
+
+		err = resource.TestMatchResourceAttr(name, key, r)(s)
+		if err != nil {
+			return err
+		}
+
+		return nil
+	}
+}
+
 const testAccCheckArmClientConfig_basic = `
 data "azurerm_client_config" "current" { }
 `