Bugfix: source the tenant ID, subscription ID and client ID from Azur…

…e CLI as needed
hashicorp · Feb 17, 2023 · b0a5809 · b0a5809
1 parent 9d32bab
commit b0a5809
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 2 deletions.
diff --git a/internal/clients/auth.go b/internal/clients/auth.go
@@ -84,6 +84,45 @@ func NewResourceManagerAccount(ctx context.Context, config auth.Credentials, sub
 		tenantId = config.TenantID
 	}
 
+	// Finally, defer to Azure CLI to obtain tenant ID, subscription ID and client ID when not specified and missing from claims
+	realAuthorizer := authorizer
+	if cache, ok := authorizer.(*auth.CachedAuthorizer); ok {
+		realAuthorizer = cache.Source
+	}
+	if cli, ok := realAuthorizer.(*auth.AzureCliAuthorizer); ok {
+		// Use the tenant ID from Azure CLI when otherwise unknown
+		if tenantId == "" {
+			if cli.TenantID == "" {
+				return nil, fmt.Errorf("azure-cli could not determine tenant ID to use")
+			}
+			tenantId = cli.TenantID
+			log.Printf("[DEBUG] Using tenant ID from Azure CLI: %q", tenantId)
+		}
+
+		// Use the subscription ID from Azure CLI when otherwise unknown
+		if subscriptionId == "" {
+			if cli.DefaultSubscriptionID == "" {
+				return nil, fmt.Errorf("azure-cli could not determine subscription ID to use and no subscription was specified")
+			}
+
+			subscriptionId = cli.DefaultSubscriptionID
+			log.Printf("[DEBUG] Using default subscription ID from Azure CLI: %q", subscriptionId)
+		}
+
+		// Use the Azure CLI client ID
+		if id, ok := config.Environment.MicrosoftAzureCli.AppId(); ok {
+			clientId = *id
+			log.Printf("[DEBUG] Using client ID from Azure CLI: %q", clientId)
+		}
+	}
+
+	if tenantId == "" {
+		return nil, fmt.Errorf("unable to configure ResourceManagerAccount: tenant ID could not be determined and was not specified")
+	}
+	if subscriptionId == "" {
+		return nil, fmt.Errorf("unable to configure ResourceManagerAccount: subscription ID could not be determined and was not specified")
+	}
+
 	account := ResourceManagerAccount{
 		Environment: config.Environment,
 

diff --git a/internal/clients/builder.go b/internal/clients/builder.go
@@ -130,8 +130,8 @@ func Build(ctx context.Context, builder ClientBuilder) (*Client, error) {
 		Environment: builder.AuthConfig.Environment,
 		Features:    builder.Features,
 
-		SubscriptionId:   builder.SubscriptionID,
-		TenantId:         builder.AuthConfig.TenantID,
+		SubscriptionId:   account.SubscriptionId,
+		TenantId:         account.TenantId,
 		PartnerId:        builder.PartnerID,
 		TerraformVersion: builder.TerraformVersion,