Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Issue: #191, allow selecting Azure GCC High environment via aad.conf #500

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Issue: #191, allow selecting Azure GCC High environment via aad.conf #500

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b33d65e
Add azure_environment option to config
ebarrere Apr 23, 2024
341db0b
Add a check for the azure_environment option
ebarrere Apr 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 6 additions & 3 deletions internal/aad/aad.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,6 @@ import (
)

const (
endpoint = "https://login.microsoftonline.com"

invalidCredCode = 50126
requiresMFACode = 50076
noSuchUserCode = 50034
Expand All @@ -25,6 +23,8 @@ const (
)

var (
endpoint = "https://login.microsoftonline.com"

// ErrNoNetwork is returned in case of no network available.
ErrNoNetwork = errors.New("NO NETWORK")
// ErrDeny is returned in case of denial returned by AAD.
Expand All @@ -46,6 +46,9 @@ type AAD struct {

// Authenticate tries to authenticate username against AAD.
func (auth AAD) Authenticate(ctx context.Context, cfg config.AAD, username, password string) error {
if cfg.AzureEnvironment == "GCC-H" {
endpoint = "https://login.microsoftonline.us"
}
authority := fmt.Sprintf("%s/%s", endpoint, cfg.TenantID)
logger.Debug(ctx, "Connecting to %q, with clientID %q for user %q", authority, cfg.AppID, username)

Expand Down Expand Up @@ -104,7 +107,7 @@ func (auth AAD) Authenticate(ctx context.Context, cfg config.AAD, username, pass

logger.Debug(ctx, "For more information about the error code(s), see:")
for _, errcode := range addErrWithCodes.ErrorCodes {
logger.Debug(ctx, "- Error code %d: https://login.microsoftonline.com/error?code=%d", errcode, errcode)
logger.Debug(ctx, "- Error code %d: %s/error?code=%d", errcode, endpoint, errcode)
}

return ErrDeny
Expand Down
12 changes: 12 additions & 0 deletions internal/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ const (
type AAD struct {
TenantID string `ini:"tenant_id"`
AppID string `ini:"app_id"`
AzureEnvironment string `ini:"azure_environment"`
OfflineCredentialsExpiration *int `ini:"offline_credentials_expiration"`
HomeDirPattern string `ini:"homedir"`
Shell string `ini:"shell"`
Expand Down Expand Up @@ -94,6 +95,17 @@ func Load(ctx context.Context, p, domain string, opts ...Option) (config AAD, er
return AAD{}, fmt.Errorf("missing required 'app_id' entry in configuration file")
}

if config.AzureEnvironment == "" {
config.AzureEnvironment = "Commercial"
}
switch config.AzureEnvironment {
case "Commercial":
logger.Debug(ctx, "Using Azure Commercial environment")
case "GCC-H":
logger.Debug(ctx, "Using Azure GCC-H environment")
default:
return AAD{}, fmt.Errorf("unknown value '%s' for 'azure_environment'", config.AzureEnvironment)
}
return config, nil
}

Expand Down
Loading