Add azure_environment option to config

to allow switching between Commercial and GCC-H Azure environments
ubuntu · Apr 23, 2024 · b33d65e · b33d65e
1 parent 622bd4f
commit b33d65e
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 3 deletions.
diff --git a/internal/aad/aad.go b/internal/aad/aad.go
@@ -15,8 +15,6 @@ import (
 )
 
 const (
-	endpoint = "https://login.microsoftonline.com"
-
 	invalidCredCode    = 50126
 	requiresMFACode    = 50076
 	noSuchUserCode     = 50034
@@ -25,6 +23,8 @@ const (
 )
 
 var (
+	endpoint = "https://login.microsoftonline.com"
+
 	// ErrNoNetwork is returned in case of no network available.
 	ErrNoNetwork = errors.New("NO NETWORK")
 	// ErrDeny is returned in case of denial returned by AAD.
@@ -46,6 +46,9 @@ type AAD struct {
 
 // Authenticate tries to authenticate username against AAD.
 func (auth AAD) Authenticate(ctx context.Context, cfg config.AAD, username, password string) error {
+	if cfg.AzureEnvironment == "GCC-H" {
+		endpoint = "https://login.microsoftonline.us"
+	}
 	authority := fmt.Sprintf("%s/%s", endpoint, cfg.TenantID)
 	logger.Debug(ctx, "Connecting to %q, with clientID %q for user %q", authority, cfg.AppID, username)
 
@@ -104,7 +107,7 @@ func (auth AAD) Authenticate(ctx context.Context, cfg config.AAD, username, pass
 
 		logger.Debug(ctx, "For more information about the error code(s), see:")
 		for _, errcode := range addErrWithCodes.ErrorCodes {
-			logger.Debug(ctx, "- Error code %d: https://login.microsoftonline.com/error?code=%d", errcode, errcode)
+			logger.Debug(ctx, "- Error code %d: %s/error?code=%d", errcode, endpoint, errcode)
 		}
 
 		return ErrDeny

diff --git a/internal/config/config.go b/internal/config/config.go
@@ -23,6 +23,7 @@ const (
 type AAD struct {
 	TenantID                     string `ini:"tenant_id"`
 	AppID                        string `ini:"app_id"`
+	AzureEnvironment             string `ini:"azure_environment"`
 	OfflineCredentialsExpiration *int   `ini:"offline_credentials_expiration"`
 	HomeDirPattern               string `ini:"homedir"`
 	Shell                        string `ini:"shell"`
@@ -93,6 +94,9 @@ func Load(ctx context.Context, p, domain string, opts ...Option) (config AAD, er
 	if config.AppID == "" {
 		return AAD{}, fmt.Errorf("missing required 'app_id' entry in configuration file")
 	}
+	if config.AzureEnvironment == "" {
+		config.AzureEnvironment = "Commercial"
+	}
 
 	return config, nil
 }