Merge pull request #6822 from cormacpayne/domain-tenant

markcowl · web-flow · commit 7b3b86aadcc1 · 2018-08-03T11:37:12.000-07:00
Enable passing a tenant domain to Connect-AzureRmAccount
diff --git a/src/Common/Commands.Common.Authentication/Authentication/UserTokenProvider.cs b/src/Common/Commands.Common.Authentication/Authentication/UserTokenProvider.cs
@@ -121,9 +121,9 @@ private AuthenticationContext CreateContext(AdalConfiguration config)
         // We have to run this in a separate thread to guarantee that it's STA. This method
         // handles the threading details.
         private AuthenticationResult AcquireToken(
-            AdalConfiguration config, 
-            string promptBehavior, 
-            Action<string> promptAction, 
+            AdalConfiguration config,
+            string promptBehavior,
+            Action<string> promptAction,
             string userId,
             SecureString password)
         {
@@ -239,6 +239,21 @@ private AuthenticationResult DoAcquireToken(
                     AdalTokenCache.ClearCookies();
                 }
 
+                Guid tempGuid = Guid.Empty;
+                if (!string.Equals(config.AdDomain, "Common", StringComparison.OrdinalIgnoreCase) && !Guid.TryParse(config.AdDomain, out tempGuid))
+                {
+                    var tempResult = context.AcquireToken(
+                            config.ResourceClientUri,
+                            config.ClientId,
+                            config.ClientRedirectUri,
+                            promptBehavior,
+                            UserIdentifier.AnyUser,
+                            AdalConfiguration.EnableEbdMagicCookie);
+                    config.AdDomain = tempResult.TenantId;
+                    context = CreateContext(config);
+                    promptBehavior = PromptBehavior.Never;
+                }
+
                 result = context.AcquireToken(
                     config.ResourceClientUri,
                     config.ClientId,
diff --git a/src/ResourceManager/Profile/Commands.Profile.Test/LoginCmdletTests.cs b/src/ResourceManager/Profile/Commands.Profile.Test/LoginCmdletTests.cs
@@ -180,6 +180,26 @@ public void LoginWithNoSubscriptionAndTenant()
             Assert.Equal("microsoft.com", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Directory);
         }
 
+        [Fact]
+        [Trait(Category.RunType, Category.LiveOnly)]
+        public void LoginWithNoSubscriptionAndTenantDomain()
+        {
+            var cmdlt = new ConnectAzureRmAccountCommand();
+            // Setup
+            cmdlt.CommandRuntime = commandRuntimeMock;
+            cmdlt.TenantId = "microsoft.onmicrosoft.com";
+            cmdlt.SetParameterSet("UserWithSubscriptionId");
+
+            // Act
+            cmdlt.InvokeBeginProcessing();
+            cmdlt.ExecuteCmdlet();
+            cmdlt.InvokeEndProcessing();
+
+            Assert.NotNull(AzureRmProfileProvider.Instance.Profile.DefaultContext);
+            Assert.Equal("microsoft.com", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Directory);
+            Assert.Equal("72f988bf-86f1-41af-91ab-2d7cd011db47", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Id);
+        }
+
         [Fact]
         [Trait(Category.RunType, Category.LiveOnly)]
         public void LoginWithSubscriptionname()
diff --git a/src/ResourceManager/Profile/Commands.Profile/ChangeLog.md b/src/ResourceManager/Profile/Commands.Profile/ChangeLog.md
@@ -21,6 +21,9 @@
 * Add user id to default context name to avoid context clashing
     - https://github.com/Azure/azure-powershell/issues/6489
 * Fix issues with Clear-AzureRmContext that caused issues with selecting a context #6398
+* Enable tenant domain to be passed to `-TenantId` parameter for `Connect-AzureRmAccount`
+    - https://github.com/Azure/azure-powershell/issues/3974
+    - https://github.com/Azure/azure-powershell/issues/6709
 
 ## Version 5.3.4
 * Updated Common.Strategy library to be able to validate that the current config for a resource is compatible with the target resource. Default is always true, individual resources and overridet the default.
diff --git a/src/ResourceManager/Profile/Commands.Profile/Models/RMProfileClient.cs b/src/ResourceManager/Profile/Commands.Profile/Models/RMProfileClient.cs
@@ -147,6 +147,24 @@ public AzureRmProfile Login(
                 // (tenant is present and subscription is not provided)
                 if (!string.IsNullOrEmpty(tenantId))
                 {
+                    Guid tempGuid = Guid.Empty;
+                    if (!Guid.TryParse(tenantId, out tempGuid))
+                    {
+                        var tenant = ListAccountTenants(
+                            account,
+                            environment,
+                            password,
+                            promptBehavior,
+                            promptAction)?.FirstOrDefault();
+                        if (tenant == null || tenant.Id == null)
+                        {
+                            throw new ArgumentNullException(string.Format("Could not find tenant id for provided tenant domain '{0}'. Please ensure that " +
+                                                                          "the provided service principal is found in the provided tenant domain.", tenantId));
+                        }
+
+                        tenantId = tenant.Id;
+                    }
+
                     var token = AcquireAccessToken(
                         account,
                         environment,
