Skip to content

Commit

Permalink
Use latest go-azure-helpers with TenantOnly support for CLI authentic…
Browse files Browse the repository at this point in the history
…ation
  • Loading branch information
manicminer committed Nov 19, 2020
1 parent 6e58fb5 commit 223788f
Show file tree
Hide file tree
Showing 62 changed files with 1,089 additions and 250 deletions.
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
module github.com/terraform-providers/terraform-provider-azuread

require (
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.3
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.10
github.com/Azure/go-autorest/autorest/date v0.3.0
github.com/google/uuid v1.1.1
github.com/hashicorp/go-azure-helpers v0.12.0
github.com/hashicorp/go-azure-helpers v0.13.1
github.com/hashicorp/go-uuid v1.0.1
github.com/hashicorp/terraform-plugin-sdk v1.6.0
)
Expand Down
22 changes: 22 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,27 @@ cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbf
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible h1:/bZYPaJLCqXeCqQqEeEIQg/p7RNafOhaVFhC6IWxZ/8=
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible h1:D6MsWmsxF+pEjN/yZDyKXoUrsamdBdTlPedIgBlvVx4=
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.3 h1:fyYnmYujkIXUgv88D9/Wo2ybE4Zwd/TmQd5sSI5u2Ws=
github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
github.com/Azure/go-autorest/autorest v0.11.10 h1:j5sGbX7uj1ieYYkQ3Mpvewd4DCsEQ+ZeJpqnSM9pjnM=
github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
github.com/Azure/go-autorest/autorest/adal v0.9.0 h1:SigMbuFNuKgc1xcGhaeapbh+8fgsu+GxgDRFyg7f5lM=
github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 h1:Ml+UCrnlKD+cJmSzrZ/RDcDw86NjkRUpnFh7V5JUhzU=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c=
github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss=
Expand Down Expand Up @@ -63,6 +72,8 @@ github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TR
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
Expand Down Expand Up @@ -96,6 +107,12 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-azure-helpers v0.12.0 h1:7D0mFSyP3EfHu1ySubserIsnUWY87HMzzTWOB7ASwRU=
github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg=
github.com/hashicorp/go-azure-helpers v0.13.0 h1:Gm1g5atSCHhQUoNGAotLB1o5mzg01RXi/zFQjDGGoiA=
github.com/hashicorp/go-azure-helpers v0.13.0/go.mod h1:NifBbLJtyUxdQrRVmIfr0VykEXZIlq3YfHFpFdyp7qY=
github.com/hashicorp/go-azure-helpers v0.13.1-0.20201118193114-9a87bedaab4e h1:HgaNYUTkyArNsOFYl0zULpJwBfQydcZ0J8zUZJzmf2s=
github.com/hashicorp/go-azure-helpers v0.13.1-0.20201118193114-9a87bedaab4e/go.mod h1:rNqsniDSSRU2jBJrrtXVNhgZChqrrfWyHKAmXFIOTZQ=
github.com/hashicorp/go-azure-helpers v0.13.1 h1:9ge7mLp2J84rRVC/DNdql82evHTPmi+PaaIPZkkKaHo=
github.com/hashicorp/go-azure-helpers v0.13.1/go.mod h1:rNqsniDSSRU2jBJrrtXVNhgZChqrrfWyHKAmXFIOTZQ=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
Expand All @@ -115,6 +132,8 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E=
github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
Expand Down Expand Up @@ -211,6 +230,9 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
Expand Down
5 changes: 1 addition & 4 deletions internal/clients/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,13 @@ import (

type ClientBuilder struct {
AuthConfig *authentication.Config
DisableTerraformPartnerID bool
PartnerID string
TerraformVersion string
}

// Build is a helper method which returns a fully instantiated *AadClient based on the auth Config's current settings.
func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {
env, err := authentication.AzureEnvironmentByNameFromEndpoint(ctx, b.AuthConfig.MetadataURL, b.AuthConfig.Environment)
env, err := authentication.AzureEnvironmentByNameFromEndpoint(ctx, b.AuthConfig.MetadataHost, b.AuthConfig.Environment)
if err != nil {
return nil, err
}
Expand All @@ -38,7 +37,6 @@ func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {

// client declarations:
client := AadClient{
SubscriptionID: b.AuthConfig.SubscriptionID,
ClientID: b.AuthConfig.ClientID,
ObjectID: objectID,
TenantID: b.AuthConfig.TenantID,
Expand All @@ -56,7 +54,6 @@ func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {
}

o := &services.ClientOptions{
DisableTerraformPartnerID: b.DisableTerraformPartnerID,
PartnerID: b.PartnerID,
TenantID: b.AuthConfig.TenantID,
TerraformVersion: b.TerraformVersion,
Expand Down
1 change: 0 additions & 1 deletion internal/clients/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ type AadClient struct {
// todo move this to an "Account" struct as in azurerm?
ClientID string
ObjectID string
SubscriptionID string
TenantID string
TerraformVersion string
Environment azure.Environment
Expand Down
62 changes: 34 additions & 28 deletions internal/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ import (
"github.com/terraform-providers/terraform-provider-azuread/internal/services/aadgraph"
)

// Microsoft’s Terraform Partner ID is this specific GUID
const terraformPartnerId = "222c6c49-1b0a-5959-a213-6608f9eb8820"

type ServiceRegistration interface {
// Name is the name of this Service
Name() string
Expand Down Expand Up @@ -170,8 +173,7 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
ClientID: d.Get("client_id").(string),
ClientSecret: d.Get("client_secret").(string),
TenantID: d.Get("tenant_id").(string),
SubscriptionID: d.Get("tenant_id").(string), // TODO: delete in v1.1
MetadataURL: d.Get("metadata_host").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
MsiEndpoint: d.Get("msi_endpoint").(string),
ClientCertPassword: d.Get("client_certificate_password").(string),
Expand All @@ -182,39 +184,43 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
SupportsClientSecretAuth: true,
SupportsManagedServiceIdentity: d.Get("use_msi").(bool),
SupportsAzureCliToken: true,
//TenantOnly: true, // TODO: enable in v1.1
TenantOnly: true,
}

config, err := builder.Build()
if err != nil {
return nil, fmt.Errorf("building AzureAD Client: %s", err)
// only one pid can be interpreted currently
// hence, send partner ID if present, otherwise send Terraform GUID
// unless users have opted out
partnerId := d.Get("partner_id").(string)
if partnerId == "" && !d.Get("disable_terraform_partner_id").(bool) {
partnerId = terraformPartnerId
}

terraformVersion := p.TerraformVersion
if terraformVersion == "" {
// Terraform 0.12 introduced this field to the protocol
// We can therefore assume that if it's missing it's 0.10 or 0.11
terraformVersion = "0.11+compatible"
}
return buildClient(p, builder, partnerId)
}
}

clientBuilder := clients.ClientBuilder{
AuthConfig: config,
PartnerID: d.Get("partner_id").(string),
DisableTerraformPartnerID: d.Get("disable_terraform_partner_id").(bool),
TerraformVersion: terraformVersion,
}
func buildClient(p *schema.Provider, b *authentication.Builder, partnerId string) (*clients.AadClient, error) {
config, err := b.Build()
if err != nil {
return nil, fmt.Errorf("building AzureAD Client: %s", err)
}

client, err := clientBuilder.Build(p.StopContext())
if err != nil {
return nil, err
}
clientBuilder := clients.ClientBuilder{
AuthConfig: config,
PartnerID: partnerId,
TerraformVersion: p.TerraformVersion,
}

// replaces the context between tests
p.MetaReset = func() error { //nolint unparam
client.StopContext = p.StopContext()
return nil
}
client, err := clientBuilder.Build(p.StopContext())
if err != nil {
return nil, err
}

return client, nil
// replaces the context between tests
p.MetaReset = func() error { //nolint unparam
client.StopContext = p.StopContext()
return nil
}

return client, nil
}
51 changes: 51 additions & 0 deletions internal/provider/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package provider
import (
"testing"

"github.com/hashicorp/go-azure-helpers/authentication"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
)

func TestProvider(t *testing.T) {
Expand All @@ -15,3 +17,52 @@ func TestProvider(t *testing.T) {
func TestProvider_impl(t *testing.T) {
var _ = AzureADProvider()
}

func TestAccProvider_cliAuth(t *testing.T) {
provider := AzureADProvider().(*schema.Provider)
provider.ConfigureFunc = func(d *schema.ResourceData) (interface{}, error) {

// Support only Azure CLI authentication
builder := &authentication.Builder{
TenantID: d.Get("tenant_id").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
SupportsAzureCliToken: true,
TenantOnly: true,
}

return buildClient(provider, builder, "")
}

err := provider.Configure(terraform.NewResourceConfigRaw(nil))
if err != nil {
t.Fatalf("err: %s", err)
}
}

func TestAccProvider_servicePrincipalAuth(t *testing.T) {
provider := AzureADProvider().(*schema.Provider)
provider.ConfigureFunc = func(d *schema.ResourceData) (interface{}, error) {

// Support only Service Principal authentication (certificate or secret)
builder := &authentication.Builder{
ClientID: d.Get("client_id").(string),
ClientSecret: d.Get("client_secret").(string),
TenantID: d.Get("tenant_id").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
ClientCertPassword: d.Get("client_certificate_password").(string),
ClientCertPath: d.Get("client_certificate_path").(string),
SupportsClientCertAuth: true,
SupportsClientSecretAuth: true,
TenantOnly: true,
}

return buildClient(provider, builder, "")
}

err := provider.Configure(terraform.NewResourceConfigRaw(nil))
if err != nil {
t.Fatalf("err: %s", err)
}
}
17 changes: 3 additions & 14 deletions internal/services/configure_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,24 @@ import (
"github.com/terraform-providers/terraform-provider-azuread/version"
)

const terraformPartnerID = "222c6c49-1b0a-5959-a213-6608f9eb8820"

type ClientOptions struct {
TenantID string
Environment azure.Environment

PartnerID string
TerraformVersion string

SkipProviderReg bool
DisableTerraformPartnerID bool
SkipProviderReg bool
}

func (o ClientOptions) ConfigureClient(c *autorest.Client, authorizer autorest.Authorizer) {
setUserAgent(c, o.TerraformVersion, o.PartnerID, o.DisableTerraformPartnerID)
setUserAgent(c, o.TerraformVersion, o.PartnerID)

c.Authorizer = authorizer
c.Sender = sender.BuildSender("AzureAD")
}

func setUserAgent(client *autorest.Client, tfVersion, partnerID string, disableTerraformPartnerID bool) {
func setUserAgent(client *autorest.Client, tfVersion, partnerID string) {
tfUserAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", tfVersion, meta.SDKVersionString())

providerUserAgent := fmt.Sprintf("%s terraform-provider-azuread/%s", tfUserAgent, version.ProviderVersion)
Expand All @@ -45,14 +42,6 @@ func setUserAgent(client *autorest.Client, tfVersion, partnerID string, disableT
client.UserAgent = fmt.Sprintf("%s %s", client.UserAgent, azureAgent)
}

// only one pid can be interpreted currently
// hence, send partner ID if present, otherwise send Terraform GUID
// unless users have opted out
if partnerID == "" && !disableTerraformPartnerID {
// Microsoft’s Terraform Partner ID is this specific GUID
partnerID = terraformPartnerID
}

if partnerID != "" {
client.UserAgent = fmt.Sprintf("%s pid-%s", client.UserAgent, partnerID)
}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions vendor/github.com/Azure/go-autorest/autorest/adal/go.mod

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions vendor/github.com/Azure/go-autorest/autorest/adal/go.sum

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 223788f

Please sign in to comment.