Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use latest go-azure-helpers with TenantOnly support for CLI authentication #345

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions go.mod
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
module github.com/terraform-providers/terraform-provider-azuread

require (
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.3
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible
github.com/Azure/go-autorest/autorest v0.11.10
github.com/Azure/go-autorest/autorest/date v0.3.0
github.com/google/uuid v1.1.1
github.com/hashicorp/go-azure-helpers v0.12.0
github.com/hashicorp/go-azure-helpers v0.13.1
github.com/hashicorp/go-uuid v1.0.1
github.com/hashicorp/terraform-plugin-sdk v1.6.0
)
Expand Down
22 changes: 22 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,27 @@ cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbf
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible h1:/bZYPaJLCqXeCqQqEeEIQg/p7RNafOhaVFhC6IWxZ/8=
github.com/Azure/azure-sdk-for-go v45.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible h1:D6MsWmsxF+pEjN/yZDyKXoUrsamdBdTlPedIgBlvVx4=
github.com/Azure/azure-sdk-for-go v47.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc=
github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs=
github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24=
github.com/Azure/go-autorest/autorest v0.11.3 h1:fyYnmYujkIXUgv88D9/Wo2ybE4Zwd/TmQd5sSI5u2Ws=
github.com/Azure/go-autorest/autorest v0.11.3/go.mod h1:JFgpikqFJ/MleTTxwepExTKnFUKKszPS8UavbQYUMuw=
github.com/Azure/go-autorest/autorest v0.11.10 h1:j5sGbX7uj1ieYYkQ3Mpvewd4DCsEQ+ZeJpqnSM9pjnM=
github.com/Azure/go-autorest/autorest v0.11.10/go.mod h1:eipySxLmqSyC5s5k1CLupqet0PSENBEDP93LQ9a8QYw=
github.com/Azure/go-autorest/autorest/adal v0.9.0 h1:SigMbuFNuKgc1xcGhaeapbh+8fgsu+GxgDRFyg7f5lM=
github.com/Azure/go-autorest/autorest/adal v0.9.0/go.mod h1:/c022QCutn2P7uY+/oQWWNcK9YU+MH96NgK+jErpbcg=
github.com/Azure/go-autorest/autorest/adal v0.9.5 h1:Y3bBUV4rTuxenJJs41HU3qmqsb+auo+a3Lz+PlJPpL0=
github.com/Azure/go-autorest/autorest/adal v0.9.5/go.mod h1:B7KF7jKIeC9Mct5spmyCB/A8CG/sEz1vwIRGv/bbw7A=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.0 h1:Ml+UCrnlKD+cJmSzrZ/RDcDw86NjkRUpnFh7V5JUhzU=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.0/go.mod h1:JljT387FplPzBA31vUcvsetLKF3pec5bdAxjVU4kI2s=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw=
github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74=
github.com/Azure/go-autorest/autorest/mocks v0.4.0 h1:z20OWOSG5aCye0HEkDp6TPmP17ZcfeMxPi6HnSALa8c=
github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
github.com/Azure/go-autorest/autorest/to v0.4.0 h1:oXVqrxakqqV1UZdSazDOPOLvOIz+XA683u8EctwboHk=
github.com/Azure/go-autorest/autorest/to v0.4.0/go.mod h1:fE8iZBn7LQR7zH/9XU2NcPR4o9jEImooCeWJcYV/zLE=
github.com/Azure/go-autorest/autorest/validation v0.3.0 h1:3I9AAI63HfcLtphd9g39ruUwRI+Ca+z/f36KHPFRUss=
Expand Down Expand Up @@ -63,6 +72,8 @@ github.com/dimchansky/utfbom v1.1.0 h1:FcM3g+nofKgUteL8dm/UpdRXNC9KmADgTpLKsu0TR
github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68=
github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
Expand Down Expand Up @@ -96,6 +107,12 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-azure-helpers v0.12.0 h1:7D0mFSyP3EfHu1ySubserIsnUWY87HMzzTWOB7ASwRU=
github.com/hashicorp/go-azure-helpers v0.12.0/go.mod h1:Zc3v4DNeX6PDdy7NljlYpnrdac1++qNW0I4U+ofGwpg=
github.com/hashicorp/go-azure-helpers v0.13.0 h1:Gm1g5atSCHhQUoNGAotLB1o5mzg01RXi/zFQjDGGoiA=
github.com/hashicorp/go-azure-helpers v0.13.0/go.mod h1:NifBbLJtyUxdQrRVmIfr0VykEXZIlq3YfHFpFdyp7qY=
github.com/hashicorp/go-azure-helpers v0.13.1-0.20201118193114-9a87bedaab4e h1:HgaNYUTkyArNsOFYl0zULpJwBfQydcZ0J8zUZJzmf2s=
github.com/hashicorp/go-azure-helpers v0.13.1-0.20201118193114-9a87bedaab4e/go.mod h1:rNqsniDSSRU2jBJrrtXVNhgZChqrrfWyHKAmXFIOTZQ=
github.com/hashicorp/go-azure-helpers v0.13.1 h1:9ge7mLp2J84rRVC/DNdql82evHTPmi+PaaIPZkkKaHo=
github.com/hashicorp/go-azure-helpers v0.13.1/go.mod h1:rNqsniDSSRU2jBJrrtXVNhgZChqrrfWyHKAmXFIOTZQ=
github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM=
github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
Expand All @@ -115,6 +132,8 @@ github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/b
github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E=
github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI=
github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
Expand Down Expand Up @@ -211,6 +230,9 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
Expand Down
5 changes: 1 addition & 4 deletions internal/clients/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,13 @@ import (

type ClientBuilder struct {
AuthConfig *authentication.Config
DisableTerraformPartnerID bool
PartnerID string
TerraformVersion string
}

// Build is a helper method which returns a fully instantiated *AadClient based on the auth Config's current settings.
func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {
env, err := authentication.AzureEnvironmentByNameFromEndpoint(ctx, b.AuthConfig.MetadataURL, b.AuthConfig.Environment)
env, err := authentication.AzureEnvironmentByNameFromEndpoint(ctx, b.AuthConfig.MetadataHost, b.AuthConfig.Environment)
if err != nil {
return nil, err
}
Expand All @@ -38,7 +37,6 @@ func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {

// client declarations:
client := AadClient{
SubscriptionID: b.AuthConfig.SubscriptionID,
ClientID: b.AuthConfig.ClientID,
ObjectID: objectID,
TenantID: b.AuthConfig.TenantID,
Expand All @@ -56,7 +54,6 @@ func (b *ClientBuilder) Build(ctx context.Context) (*AadClient, error) {
}

o := &services.ClientOptions{
DisableTerraformPartnerID: b.DisableTerraformPartnerID,
PartnerID: b.PartnerID,
TenantID: b.AuthConfig.TenantID,
TerraformVersion: b.TerraformVersion,
Expand Down
1 change: 0 additions & 1 deletion internal/clients/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ type AadClient struct {
// todo move this to an "Account" struct as in azurerm?
ClientID string
ObjectID string
SubscriptionID string
TenantID string
TerraformVersion string
Environment azure.Environment
Expand Down
62 changes: 34 additions & 28 deletions internal/provider/provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ import (
"github.com/terraform-providers/terraform-provider-azuread/internal/services/aadgraph"
)

// Microsoft’s Terraform Partner ID is this specific GUID
const terraformPartnerId = "222c6c49-1b0a-5959-a213-6608f9eb8820"

type ServiceRegistration interface {
// Name is the name of this Service
Name() string
Expand Down Expand Up @@ -170,8 +173,7 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
ClientID: d.Get("client_id").(string),
ClientSecret: d.Get("client_secret").(string),
TenantID: d.Get("tenant_id").(string),
SubscriptionID: d.Get("tenant_id").(string), // TODO: delete in v1.1
MetadataURL: d.Get("metadata_host").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
MsiEndpoint: d.Get("msi_endpoint").(string),
ClientCertPassword: d.Get("client_certificate_password").(string),
Expand All @@ -182,39 +184,43 @@ func providerConfigure(p *schema.Provider) schema.ConfigureFunc {
SupportsClientSecretAuth: true,
SupportsManagedServiceIdentity: d.Get("use_msi").(bool),
SupportsAzureCliToken: true,
//TenantOnly: true, // TODO: enable in v1.1
TenantOnly: true,
}

config, err := builder.Build()
if err != nil {
return nil, fmt.Errorf("building AzureAD Client: %s", err)
// only one pid can be interpreted currently
// hence, send partner ID if present, otherwise send Terraform GUID
// unless users have opted out
partnerId := d.Get("partner_id").(string)
if partnerId == "" && !d.Get("disable_terraform_partner_id").(bool) {
partnerId = terraformPartnerId
}

terraformVersion := p.TerraformVersion
if terraformVersion == "" {
// Terraform 0.12 introduced this field to the protocol
// We can therefore assume that if it's missing it's 0.10 or 0.11
terraformVersion = "0.11+compatible"
}
return buildClient(p, builder, partnerId)
}
}

clientBuilder := clients.ClientBuilder{
AuthConfig: config,
PartnerID: d.Get("partner_id").(string),
DisableTerraformPartnerID: d.Get("disable_terraform_partner_id").(bool),
TerraformVersion: terraformVersion,
}
func buildClient(p *schema.Provider, b *authentication.Builder, partnerId string) (*clients.AadClient, error) {
config, err := b.Build()
if err != nil {
return nil, fmt.Errorf("building AzureAD Client: %s", err)
}

client, err := clientBuilder.Build(p.StopContext())
if err != nil {
return nil, err
}
clientBuilder := clients.ClientBuilder{
AuthConfig: config,
PartnerID: partnerId,
TerraformVersion: p.TerraformVersion,
}

// replaces the context between tests
p.MetaReset = func() error { //nolint unparam
client.StopContext = p.StopContext()
return nil
}
client, err := clientBuilder.Build(p.StopContext())
if err != nil {
return nil, err
}

return client, nil
// replaces the context between tests
p.MetaReset = func() error { //nolint unparam
client.StopContext = p.StopContext()
return nil
}

return client, nil
}
51 changes: 51 additions & 0 deletions internal/provider/provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ package provider
import (
"testing"

"github.com/hashicorp/go-azure-helpers/authentication"
"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
"github.com/hashicorp/terraform-plugin-sdk/terraform"
)

func TestProvider(t *testing.T) {
Expand All @@ -15,3 +17,52 @@ func TestProvider(t *testing.T) {
func TestProvider_impl(t *testing.T) {
var _ = AzureADProvider()
}

func TestAccProvider_cliAuth(t *testing.T) {
provider := AzureADProvider().(*schema.Provider)
provider.ConfigureFunc = func(d *schema.ResourceData) (interface{}, error) {

// Support only Azure CLI authentication
builder := &authentication.Builder{
TenantID: d.Get("tenant_id").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
SupportsAzureCliToken: true,
TenantOnly: true,
}

return buildClient(provider, builder, "")
}

err := provider.Configure(terraform.NewResourceConfigRaw(nil))
if err != nil {
t.Fatalf("err: %s", err)
}
}

func TestAccProvider_servicePrincipalAuth(t *testing.T) {
provider := AzureADProvider().(*schema.Provider)
provider.ConfigureFunc = func(d *schema.ResourceData) (interface{}, error) {

// Support only Service Principal authentication (certificate or secret)
builder := &authentication.Builder{
ClientID: d.Get("client_id").(string),
ClientSecret: d.Get("client_secret").(string),
TenantID: d.Get("tenant_id").(string),
MetadataHost: d.Get("metadata_host").(string),
Environment: d.Get("environment").(string),
ClientCertPassword: d.Get("client_certificate_password").(string),
ClientCertPath: d.Get("client_certificate_path").(string),
SupportsClientCertAuth: true,
SupportsClientSecretAuth: true,
TenantOnly: true,
}

return buildClient(provider, builder, "")
}

err := provider.Configure(terraform.NewResourceConfigRaw(nil))
if err != nil {
t.Fatalf("err: %s", err)
}
}
17 changes: 3 additions & 14 deletions internal/services/configure_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,27 +14,24 @@ import (
"github.com/terraform-providers/terraform-provider-azuread/version"
)

const terraformPartnerID = "222c6c49-1b0a-5959-a213-6608f9eb8820"

type ClientOptions struct {
TenantID string
Environment azure.Environment

PartnerID string
TerraformVersion string

SkipProviderReg bool
DisableTerraformPartnerID bool
SkipProviderReg bool
}

func (o ClientOptions) ConfigureClient(c *autorest.Client, authorizer autorest.Authorizer) {
setUserAgent(c, o.TerraformVersion, o.PartnerID, o.DisableTerraformPartnerID)
setUserAgent(c, o.TerraformVersion, o.PartnerID)

c.Authorizer = authorizer
c.Sender = sender.BuildSender("AzureAD")
}

func setUserAgent(client *autorest.Client, tfVersion, partnerID string, disableTerraformPartnerID bool) {
func setUserAgent(client *autorest.Client, tfVersion, partnerID string) {
tfUserAgent := fmt.Sprintf("HashiCorp Terraform/%s (+https://www.terraform.io) Terraform Plugin SDK/%s", tfVersion, meta.SDKVersionString())

providerUserAgent := fmt.Sprintf("%s terraform-provider-azuread/%s", tfUserAgent, version.ProviderVersion)
Expand All @@ -45,14 +42,6 @@ func setUserAgent(client *autorest.Client, tfVersion, partnerID string, disableT
client.UserAgent = fmt.Sprintf("%s %s", client.UserAgent, azureAgent)
}

// only one pid can be interpreted currently
// hence, send partner ID if present, otherwise send Terraform GUID
// unless users have opted out
if partnerID == "" && !disableTerraformPartnerID {
// Microsoft’s Terraform Partner ID is this specific GUID
partnerID = terraformPartnerID
}

if partnerID != "" {
client.UserAgent = fmt.Sprintf("%s pid-%s", client.UserAgent, partnerID)
}
Expand Down

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions vendor/github.com/Azure/go-autorest/autorest/adal/go.mod

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 6 additions & 6 deletions vendor/github.com/Azure/go-autorest/autorest/adal/go.sum

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading