From d39d22b26d275045255e77db82de34a3e5acc930 Mon Sep 17 00:00:00 2001
From: haiyuan_zhang <haiyuan.zhang1982@gmail.com>
Date: Wed, 12 May 2021 19:09:10 +0800
Subject: [PATCH] Fixing auth issue for ad related mosdules using service
 principal (#537)

* fixing ad related auth issue when using service pricinpal.
---
 plugins/module_utils/azure_rm_common.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/plugins/module_utils/azure_rm_common.py b/plugins/module_utils/azure_rm_common.py
index 95a823a4a9..3c70d52949 100644
--- a/plugins/module_utils/azure_rm_common.py
+++ b/plugins/module_utils/azure_rm_common.py
@@ -1427,19 +1427,20 @@ def __init__(self, auth_source=None, profile=None, subscription_id=None, client_
         else:
             self._adfs_authority_url = self.credentials.get('adfs_authority_url')
 
-        # get resource from cloud environment
-        self._resource = self._cloud_environment.endpoints.active_directory_resource_id
-
         if self.credentials.get('credentials') is not None:
             # AzureCLI credentials
             self.azure_credentials = self.credentials['credentials']
         elif self.credentials.get('client_id') is not None and \
                 self.credentials.get('secret') is not None and \
                 self.credentials.get('tenant') is not None:
+
+            graph_resource = self._cloud_environment.endpoints.active_directory_graph_resource_id
+            rm_resource = self._cloud_environment.endpoints.resource_manager
             self.azure_credentials = ServicePrincipalCredentials(client_id=self.credentials['client_id'],
                                                                  secret=self.credentials['secret'],
                                                                  tenant=self.credentials['tenant'],
                                                                  cloud_environment=self._cloud_environment,
+                                                                 resource=graph_resource if self.is_ad_resource else rm_resource,
                                                                  verify=self._cert_validation_mode == 'validate')
 
         elif self.credentials.get('ad_user') is not None and \
@@ -1449,7 +1450,7 @@ def __init__(self, auth_source=None, profile=None, subscription_id=None, client_
 
             self.azure_credentials = self.acquire_token_with_username_password(
                 self._adfs_authority_url,
-                self._resource,
+                self._cloud_environment.endpoints.active_directory_resource_id,
                 self.credentials['ad_user'],
                 self.credentials['password'],
                 self.credentials['client_id'],