Bugfix: source the tenant ID and subscription ID from Azure CLI

internal/clients/builder.go

@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/go-azure-helpers/resourcemanager/location"
 	"github.com/hashicorp/go-azure-sdk/sdk/auth"
 	authWrapper "github.com/hashicorp/go-azure-sdk/sdk/auth/autorest"
+	"github.com/hashicorp/go-azure-sdk/sdk/azurecli"
 	"github.com/hashicorp/go-azure-sdk/sdk/environments"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/common"
 	"github.com/hashicorp/terraform-provider-azurerm/internal/features"
@@ -63,6 +64,29 @@ func Build(ctx context.Context, builder ClientBuilder) (*Client, error) {
 		return nil, fmt.Errorf("unable to build authorizer for Resource Manager API: %+v", err)
 	}
 
+	// Defer to Azure CLI when used for authorizing Resource Manager
+	realAuthorizer := resourceManagerAuth
+	if cache, ok := resourceManagerAuth.(*auth.CachedAuthorizer); ok {
+		realAuthorizer = cache.Source
+	}
+	if cli, ok := realAuthorizer.(*auth.AzureCliAuthorizer); ok {
+		// Use the tenant ID from Azure CLI
+		if builder.AuthConfig.TenantID, err = azurecli.CheckTenantID(builder.AuthConfig.TenantID); err != nil {
+			return nil, fmt.Errorf("azure-cli could not determine tenant ID to use")
+		}
+
+		// Use the subscription ID from Azure CLI
+		if builder.SubscriptionID, err = azurecli.CheckSubscriptionID(builder.SubscriptionID); err != nil {
+			return nil, fmt.Errorf("azure-cli could not determine subscription ID to use")
+		}
+
+		// Use the Azure CLI client ID
+		builder.AuthConfig.TenantID = cli.TenantID
+		if clientId, ok := builder.AuthConfig.Environment.MicrosoftAzureCli.AppId(); ok {
+			builder.AuthConfig.ClientID = *clientId
+		}
+	}
+
 	storageAuth, err = auth.NewAuthorizerFromCredentials(ctx, *builder.AuthConfig, builder.AuthConfig.Environment.Storage)
 	if err != nil {
 		return nil, fmt.Errorf("unable to build authorizer for Storage API: %+v", err)