diff --git a/go.mod b/go.mod index a557a8f48f..0574f6e965 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 github.com/hashicorp/go-uuid v1.0.1 github.com/hashicorp/terraform-plugin-sdk/v2 v2.0.3 - github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310 + github.com/manicminer/hamilton v0.0.0-20201215144252-45b848b5f3fc ) go 1.14 diff --git a/go.sum b/go.sum index e4e4ced9ab..1dca9d2e61 100644 --- a/go.sum +++ b/go.sum @@ -248,8 +248,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310 h1:xQ5fjkWxxPLWQCrwGs9GP1j2FNmrn618vOuHHzUGGzI= -github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310/go.mod h1:3+kIF2LZiDNEUtnO+r6FyFhYPebiZ3galn6Wwm5wKUU= +github.com/manicminer/hamilton v0.0.0-20201215144252-45b848b5f3fc h1:dufbyJUlLs9ard3GbQ3pDAHd728lr2Yw1MGxZeL8+zs= +github.com/manicminer/hamilton v0.0.0-20201215144252-45b848b5f3fc/go.mod h1:3+kIF2LZiDNEUtnO+r6FyFhYPebiZ3galn6Wwm5wKUU= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= diff --git a/vendor/github.com/manicminer/hamilton/auth/auth.go b/vendor/github.com/manicminer/hamilton/auth/auth.go index d63a1813d2..7d24b446b2 100644 --- a/vendor/github.com/manicminer/hamilton/auth/auth.go +++ b/vendor/github.com/manicminer/hamilton/auth/auth.go @@ -45,7 +45,7 @@ type Authorizer interface { } func (c *Config) NewAuthorizer(ctx context.Context) (Authorizer, error) { - if c.EnableClientCertAuth && strings.TrimSpace(c.TenantID) == "" && strings.TrimSpace(c.ClientID) != "" && strings.TrimSpace(c.ClientCertPath) != "" { + if c.EnableClientCertAuth && strings.TrimSpace(c.TenantID) != "" && strings.TrimSpace(c.ClientID) != "" && strings.TrimSpace(c.ClientCertPath) != "" { a, err := NewClientCertificateAuthorizer(ctx, c.TenantID, c.ClientID, c.ClientCertPath, c.ClientCertPassword) if err != nil { return nil, fmt.Errorf("could not configure ClientCertificate Authorizer: %s", err) @@ -55,7 +55,7 @@ func (c *Config) NewAuthorizer(ctx context.Context) (Authorizer, error) { } } - if c.EnableClientSecretAuth && strings.TrimSpace(c.TenantID) == "" && strings.TrimSpace(c.ClientID) != "" && strings.TrimSpace(c.ClientSecret) != "" { + if c.EnableClientSecretAuth && strings.TrimSpace(c.TenantID) != "" && strings.TrimSpace(c.ClientID) != "" && strings.TrimSpace(c.ClientSecret) != "" { a, err := NewClientSecretAuthorizer(ctx, c.TenantID, c.ClientID, c.ClientSecret) if err != nil { return nil, fmt.Errorf("could not configure ClientCertificate Authorizer: %s", err) @@ -79,7 +79,10 @@ func (c *Config) NewAuthorizer(ctx context.Context) (Authorizer, error) { } func NewAzureCliAuthorizer(ctx context.Context, tenantId string) (Authorizer, error) { - conf := AzureCliConfig{TenantID: tenantId} + conf, err := NewAzureCliConfig(tenantId) + if err != nil { + return nil, err + } return conf.TokenSource(ctx), nil } diff --git a/vendor/github.com/manicminer/hamilton/auth/azcli.go b/vendor/github.com/manicminer/hamilton/auth/azcli.go index 8a67b36e63..82b5d41950 100644 --- a/vendor/github.com/manicminer/hamilton/auth/azcli.go +++ b/vendor/github.com/manicminer/hamilton/auth/azcli.go @@ -13,9 +13,10 @@ import ( ) type AzureCliAuthorizer struct { - ctx context.Context - conf *AzureCliConfig TenantID string + + ctx context.Context + conf *AzureCliConfig } func (a AzureCliAuthorizer) Token() (*oauth2.Token, error) { @@ -26,7 +27,7 @@ func (a AzureCliAuthorizer) Token() (*oauth2.Token, error) { Tenant string `json:"tenant"` TokenType string `json:"tokenType"` } - cmd := []string{"account", "get-access-token", "--resource-type=ms-graph", "--tenant", a.TenantID, "-o=json"} + cmd := []string{"account", "get-access-token", "--resource-type=ms-graph", "--tenant", a.conf.TenantID, "-o=json"} err := jsonUnmarshalAzCmd(&token, cmd...) if err != nil { return nil, err @@ -43,26 +44,36 @@ type AzureCliConfig struct { TenantID string } -func (c *AzureCliConfig) TokenSource(ctx context.Context) Authorizer { - var tenantId string - if validTenantId, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", c.TenantID); err == nil && validTenantId { - tenantId = c.TenantID - } else { +func NewAzureCliConfig(tenantId string) (*AzureCliConfig, error) { + // check az-cli version + + // check tenant id + validTenantId, err := regexp.MatchString("^[a-zA-Z0-9._-]+$", tenantId) + if err != nil { + return nil, fmt.Errorf("could not parse tenant ID %q: %s", tenantId, err) + } + + if !validTenantId { var account struct { ID string `json:"id"` TenantID string `json:"tenantId"` } cmd := []string{"account", "show", "-o=json"} err := jsonUnmarshalAzCmd(&account, cmd...) - if err == nil { - tenantId = account.TenantID + if err != nil { + return nil, fmt.Errorf("obtaining tenant ID: %s", err) } + tenantId = account.TenantID } + return &AzureCliConfig{TenantID: tenantId}, nil +} + +func (c *AzureCliConfig) TokenSource(ctx context.Context) Authorizer { return &AzureCliAuthorizer{ + TenantID: c.TenantID, ctx: ctx, conf: c, - TenantID: tenantId, } } @@ -84,7 +95,7 @@ func jsonUnmarshalAzCmd(i interface{}, arg ...string) error { } if err := cmd.Wait(); err != nil { - err := fmt.Errorf("waiting for the Azure CLI: %+v", err) + err := fmt.Errorf("running Azure CLI: %+v", err) if stdErrStr := stderr.String(); stdErrStr != "" { err = fmt.Errorf("%s: %s", err, strings.TrimSpace(stdErrStr)) } @@ -92,7 +103,7 @@ func jsonUnmarshalAzCmd(i interface{}, arg ...string) error { } if err := json.Unmarshal([]byte(stdout.String()), &i); err != nil { - return fmt.Errorf("unmarshaling the result of Azure CLI: %v", err) + return fmt.Errorf("unmarshaling the output of Azure CLI: %v", err) } return nil diff --git a/vendor/github.com/manicminer/hamilton/auth/claims.go b/vendor/github.com/manicminer/hamilton/auth/claims.go new file mode 100644 index 0000000000..8ac1cbfdf3 --- /dev/null +++ b/vendor/github.com/manicminer/hamilton/auth/claims.go @@ -0,0 +1,37 @@ +package auth + +import ( + "encoding/base64" + "encoding/json" + "golang.org/x/oauth2" + "strings" +) + +type Claims struct { + Audience string `json:"aud"` + Issuer string `json:"iss"` + IdentityProvider string `json:"idp"` + ObjectId string `json:"oid"` + Roles []string `json:"roles"` + Subject string `json:"sub"` + TenantRegionScope string `json:"tenant_region_scope"` + TenantId string `json:"tid"` + Version string `json:"ver"` + + AppDisplayName string `json:"app_displayname,omitempty"` + AppId string `json:"appid,omitempty"` + IdType string `json:"idtyp,omitempty"` +} + +func ParseClaims(token *oauth2.Token) (claims Claims, err error) { + if token == nil { + return + } + jwt := strings.Split(token.AccessToken, ".") + payload, err := base64.StdEncoding.DecodeString(jwt[1]) + if err != nil { + return + } + err = json.Unmarshal(payload, &claims) + return +} diff --git a/vendor/github.com/manicminer/hamilton/auth/http.go b/vendor/github.com/manicminer/hamilton/auth/http.go deleted file mode 100644 index 6bb11b57ae..0000000000 --- a/vendor/github.com/manicminer/hamilton/auth/http.go +++ /dev/null @@ -1,4 +0,0 @@ -package auth - -func clientCertificateToken() { -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 328e95c49e..3b8c3d71f2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -249,7 +249,7 @@ github.com/jstemmer/go-junit-report/formatter github.com/jstemmer/go-junit-report/parser # github.com/kevinburke/ssh_config v0.0.0-20190725054713-01f96b0aa0cd github.com/kevinburke/ssh_config -# github.com/manicminer/hamilton v0.0.0-20201214113833-69b33b22d310 +# github.com/manicminer/hamilton v0.0.0-20201215144252-45b848b5f3fc ## explicit github.com/manicminer/hamilton/auth github.com/manicminer/hamilton/auth/microsoft