Allow users to provide tenant domain to Connect-AzureRmAccount

Azure · Jul 31, 2018 · ef7841d · ef7841d
1 parent 4e56c97
commit ef7841d
Show file tree

Hide file tree

Showing 4 changed files with 73 additions and 18 deletions.
diff --git a/src/Common/Commands.Common.Authentication/Authentication/UserTokenProvider.cs b/src/Common/Commands.Common.Authentication/Authentication/UserTokenProvider.cs
@@ -121,9 +121,9 @@ private AuthenticationContext CreateContext(AdalConfiguration config)
         // We have to run this in a separate thread to guarantee that it's STA. This method
         // handles the threading details.
         private AuthenticationResult AcquireToken(
-            AdalConfiguration config, 
-            string promptBehavior, 
-            Action<string> promptAction, 
+            AdalConfiguration config,
+            string promptBehavior,
+            Action<string> promptAction,
             string userId,
             SecureString password)
         {
@@ -239,6 +239,21 @@ private AuthenticationResult DoAcquireToken(
                     AdalTokenCache.ClearCookies();
                 }
 
+                Guid tempGuid = Guid.Empty;
+                if (!string.Equals(config.AdDomain, "Common", StringComparison.OrdinalIgnoreCase) && !Guid.TryParse(config.AdDomain, out tempGuid))
+                {
+                    var tempResult = context.AcquireToken(
+                            config.ResourceClientUri,
+                            config.ClientId,
+                            config.ClientRedirectUri,
+                            promptBehavior,
+                            UserIdentifier.AnyUser,
+                            AdalConfiguration.EnableEbdMagicCookie);
+                    config.AdDomain = tempResult.TenantId;
+                    context = CreateContext(config);
+                    promptBehavior = PromptBehavior.Never;
+                }
+
                 result = context.AcquireToken(
                     config.ResourceClientUri,
                     config.ClientId,

diff --git a/src/ResourceManager/Profile/Commands.Profile.Test/LoginCmdletTests.cs b/src/ResourceManager/Profile/Commands.Profile.Test/LoginCmdletTests.cs
@@ -180,6 +180,26 @@ public void LoginWithNoSubscriptionAndTenant()
             Assert.Equal("microsoft.com", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Directory);
         }
 
+        [Fact]
+        [Trait(Category.RunType, Category.LiveOnly)]
+        public void LoginWithNoSubscriptionAndTenantDomain()
+        {
+            var cmdlt = new ConnectAzureRmAccountCommand();
+            // Setup
+            cmdlt.CommandRuntime = commandRuntimeMock;
+            cmdlt.TenantId = "microsoft.onmicrosoft.com";
+            cmdlt.SetParameterSet("UserWithSubscriptionId");
+
+            // Act
+            cmdlt.InvokeBeginProcessing();
+            cmdlt.ExecuteCmdlet();
+            cmdlt.InvokeEndProcessing();
+
+            Assert.NotNull(AzureRmProfileProvider.Instance.Profile.DefaultContext);
+            Assert.Equal("microsoft.com", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Directory);
+            Assert.Equal("72f988bf-86f1-41af-91ab-2d7cd011db47", AzureRmProfileProvider.Instance.Profile.DefaultContext.Tenant.Id);
+        }
+
         [Fact]
         [Trait(Category.RunType, Category.LiveOnly)]
         public void LoginWithSubscriptionname()

diff --git a/src/ResourceManager/Profile/Commands.Profile/ChangeLog.md b/src/ResourceManager/Profile/Commands.Profile/ChangeLog.md
@@ -19,6 +19,9 @@
 -->
 ## Current Release
 * Fix issues with Clear-AzureRmContext that caused issues with selecting a context #6398
+* Enable tenant domain to be passed to `-TenantId` parameter for `Connect-AzureRmAccount`
+    - https://github.com/Azure/azure-powershell/issues/3974
+    - https://github.com/Azure/azure-powershell/issues/6709
 
 ## Version 5.3.4
 * Updated Common.Strategy library to be able to validate that the current config for a resource is compatible with the target resource. Default is always true, individual resources and overridet the default.
@@ -79,7 +82,7 @@
 * 'Remove-AzureRmAccount' has been renamed as 'Disconnect-AzureRmAccount'; an alias has been added for the old cmdlet name, and other aliases ('Logout-AzAccount' and 'Logout-AzureRmAccount') have been redirected to the new cmdlet name.
 * Corrected Resource Strings to use Connect-AzureRmAccount instead of Login-AzureRmAccount
 * Add-AzureRmEnvironment and Set-AzureRmEnvironment
-  - Added -AzureOperationalInsightsEndpoint and -AzureOperationalInsightsEndpointResourceId as parameters for use with OperationalInsights data plane RP.  
+  - Added -AzureOperationalInsightsEndpoint and -AzureOperationalInsightsEndpointResourceId as parameters for use with OperationalInsights data plane RP.
 
 ## Version 4.2.0
 * Added ResourceGroup Completer to -ResourceGroup parameters allowing tab completion through resource groups in current subscription
@@ -114,22 +117,22 @@
     - Use this feature by adding LocationCompleter(string[] validResourceTypes) onto the Location parameter
 
 ## Version 3.4.0
-* Start-Job Support for AzureRm cmdlets. 
-    * All AzureRmCmdlets add -AzureRmContext parameter, which can accept a context (output of a Context cmdlet). 
+* Start-Job Support for AzureRm cmdlets.
+    * All AzureRmCmdlets add -AzureRmContext parameter, which can accept a context (output of a Context cmdlet).
       - Common pattern for jobs with context persistence DISABLED: ```Start-Job {param ($context) New-AzureRmVM -AzureRmContext $context [... other parameters]} -ArgumentList (Get-AzureRmContext)```
       - Common pattern for jobs with context persistence ENABLED:```Start-Job {New-AzureRmVM [... other parameters]}```
-    * Persist login information across sessions, new cmdlets: 
-      - Enable-AzureRmContextAutosave - Enable login persistence across sessions. 
-      - Disable-AzureRmContextAutosave - Disable login persistence across sessions. 
-    * Manage context information, new cmdets 
-      - Select-AzureRmContext - Select the active named context. 
-      - Rename-AzureRmContext - Rename an exsiting context for easy reference. 
-      - Remove-AzureRmContext - Remove an existing context. 
-      - Remove-AzureRmAccount - Remove all credentials, subscriptions, and tenants associated with an account. 
-    * Manage context information, cmdlet changes: 
-      - Added Scope = (Process | CurrentUser) to all cmdlets that change credentials 
+    * Persist login information across sessions, new cmdlets:
+      - Enable-AzureRmContextAutosave - Enable login persistence across sessions.
+      - Disable-AzureRmContextAutosave - Disable login persistence across sessions.
+    * Manage context information, new cmdets
+      - Select-AzureRmContext - Select the active named context.
+      - Rename-AzureRmContext - Rename an exsiting context for easy reference.
+      - Remove-AzureRmContext - Remove an existing context.
+      - Remove-AzureRmAccount - Remove all credentials, subscriptions, and tenants associated with an account.
+    * Manage context information, cmdlet changes:
+      - Added Scope = (Process | CurrentUser) to all cmdlets that change credentials
       - Get-AzureRmContext - Added ListAvailable parameter to list all saved contexts
-      
+
 ## Version 3.3.1
 
 ## Version 3.3.0
@@ -167,7 +170,7 @@
 * *Obsolete*: Select-AzureRmProfile is renamed to Import-AzureRmContext, there is an alias to the old cmdlet name, the alias will be removed in the next release.
 * The PSAzureContext and PSAzureProfile output types of profile cmdlets will be changed in the next release.
 * The Save-AzureRmContext cmdlet will have no OutputType in the next release.
-* Fix bug in cmdlet common code to use FIPS-compliant algorithm for data hashes: https://github.com/Azure/azure-powershell/issues/3651 
+* Fix bug in cmdlet common code to use FIPS-compliant algorithm for data hashes: https://github.com/Azure/azure-powershell/issues/3651
 
 ## Version 2.7.0
 

diff --git a/src/ResourceManager/Profile/Commands.Profile/Models/RMProfileClient.cs b/src/ResourceManager/Profile/Commands.Profile/Models/RMProfileClient.cs
@@ -147,6 +147,23 @@ public AzureRmProfile Login(
                 // (tenant is present and subscription is not provided)
                 if (!string.IsNullOrEmpty(tenantId))
                 {
+                    Guid tempGuid = Guid.Empty;
+                    if (!Guid.TryParse(tenantId, out tempGuid))
+                    {
+                        var tenant = ListAccountTenants(
+                            account,
+                            environment,
+                            password,
+                            promptBehavior,
+                            promptAction)?.FirstOrDefault();
+                        if (tenant == null)
+                        {
+                            throw new ArgumentNullException(string.Format("Could not find tenant id for provided tenant domain '{0}'.", tenantId));
+                        }
+
+                        tenantId = tenant.Id;
+                    }
+
                     var token = AcquireAccessToken(
                         account,
                         environment,