Skip to content

Commit

Permalink
fixing ad related auth issue when using service pricinpal. (#525)
Browse files Browse the repository at this point in the history
  • Loading branch information
@haiyuazhang
haiyuazhang authored May 7, 2021
1 parent c3e6d59 commit 6fdfefe
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions plugins/module_utils/azure_rm_common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1427,19 +1427,20 @@ def __init__(self, auth_source=None, profile=None, subscription_id=None, client_
else:
self._adfs_authority_url = self.credentials.get('adfs_authority_url')

# get resource from cloud environment
self._resource = self._cloud_environment.endpoints.active_directory_resource_id

if self.credentials.get('credentials') is not None:
# AzureCLI credentials
self.azure_credentials = self.credentials['credentials']
elif self.credentials.get('client_id') is not None and \
self.credentials.get('secret') is not None and \
self.credentials.get('tenant') is not None:

graph_resource = self._cloud_environment.endpoints.active_directory_graph_resource_id
rm_resource = self._cloud_environment.endpoints.resource_manager
self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'],
secret=self.credentials['secret'],
tenant=self.credentials['tenant'],
cloud_environment=self._cloud_environment,
resource=graph_resource if self.is_ad_resource else rm_resource,
verify=self._cert_validation_mode == 'validate')

elif self.credentials.get('ad_user') is not None and \
Expand All @@ -1449,7 +1450,7 @@ def __init__(self, auth_source=None, profile=None, subscription_id=None, client_

self.azure_credentials = self.acquire_token_with_username_password(
self._adfs_authority_url,
self._resource,
self._cloud_environment.endpoints.active_directory_resource_id,
self.credentials['ad_user'],
self.credentials['password'],
self.credentials['client_id'],
Expand Down

0 comments on commit 6fdfefe

Please sign in to comment.