From 68516fc05c485330099550fe6bbae358a5aaad44 Mon Sep 17 00:00:00 2001 From: Paul Meyer Date: Mon, 4 Feb 2019 23:10:07 +0000 Subject: [PATCH] Fix Azure interactive authentication Builder looks up tenant ID before asking for token. Client config did not allow that. Also found that token provider was not properly initialized. Fixes 7267 --- builder/azure/arm/authenticate_devicewflow.go | 6 +++++- builder/azure/arm/clientconfig.go | 3 +-- builder/azure/arm/clientconfig_test.go | 17 ++++++++++++----- 3 files changed, 18 insertions(+), 8 deletions(-) diff --git a/builder/azure/arm/authenticate_devicewflow.go b/builder/azure/arm/authenticate_devicewflow.go index 48a6d2f69..b859a3066 100644 --- a/builder/azure/arm/authenticate_devicewflow.go +++ b/builder/azure/arm/authenticate_devicewflow.go @@ -10,7 +10,11 @@ import ( ) func NewDeviceFlowOAuthTokenProvider(env azure.Environment, say func(string), tenantID string) oAuthTokenProvider { - return &deviceflowOauthTokenProvider{} + return &deviceflowOauthTokenProvider{ + env: env, + say: say, + tenantID: tenantID, + } } type deviceflowOauthTokenProvider struct { diff --git a/builder/azure/arm/clientconfig.go b/builder/azure/arm/clientconfig.go index 69dfffbea..f178b8b50 100644 --- a/builder/azure/arm/clientconfig.go +++ b/builder/azure/arm/clientconfig.go @@ -155,8 +155,7 @@ func (c ClientConfig) useDeviceLogin() bool { c.ClientID == "" && c.ClientSecret == "" && c.ClientJWT == "" && - c.ClientCertPath == "" && - c.TenantID == "" + c.ClientCertPath == "" } func (c ClientConfig) useMSI() bool { diff --git a/builder/azure/arm/clientconfig_test.go b/builder/azure/arm/clientconfig_test.go index f9fafd2f2..3ae8af6f0 100644 --- a/builder/azure/arm/clientconfig_test.go +++ b/builder/azure/arm/clientconfig_test.go @@ -268,11 +268,18 @@ func getCloud() *azure.Environment { // tests for assertRequiredParametersSet func Test_ClientConfig_CanUseDeviceCode(t *testing.T) { - cfg := emptyClientConfig() - cfg.SubscriptionID = "12345" - // TenantID is optional - - assertValid(t, cfg) + // TenantID is optional, but Builder will look up tenant ID before requesting + t.Run("without TenantID", func(t *testing.T) { + cfg := emptyClientConfig() + cfg.SubscriptionID = "12345" + assertValid(t, cfg) + }) + t.Run("with TenantID", func(t *testing.T) { + cfg := emptyClientConfig() + cfg.SubscriptionID = "12345" + cfg.TenantID = "12345" + assertValid(t, cfg) + }) } func assertValid(t *testing.T, cfg ClientConfig) {