activerecord_aad 0.0.1 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a48d0ca00ef9c661c33af8afd9f5e960ed7d64b16966c544c4f3d2216b7b53d5
4
- data.tar.gz: 9d807d04d19a013900ec0d3f88a5c8f455dbe0fc576c009e22b893508a9e4eb4
3
+ metadata.gz: 132d1e6ee2a22807d770626e05855f921d08c9939b34ef13ba7d9bbb5cbfaf9d
4
+ data.tar.gz: a8dade4efc62264cd488b24c67b8d346d019743028b1b2df9103a8764aadfb76
5
5
  SHA512:
6
- metadata.gz: 3708212cbe063704278a117defd086077464a2cbd326dfcdd1a6f91c8d2901ac6952f881c3d1766410e8cb16b1d1c1e073b970e7587ab12193163fd072415aae
7
- data.tar.gz: 1576b4ab5cda795ccb239c7ef80fc1eae01e40525d52a62adb4583cf35d580aecbd4c26f62a4f3da626967223265c00f83f811d8ce944c781d5feb6a373f9af5
6
+ metadata.gz: 997b7ff430e1944a6813b0c416dd641b09b37c5f39a8909b8e2d0188db457a9d14e682238037572fc03dcbb0fb31249625c1b678f5f6b1c25138904715cb55b7
7
+ data.tar.gz: fdbf4bd7056745fa874476260d141b89a8641954b495d167940e840152604ddca0f82c2cb69a99859929502e493059fb891c46bc6dcb4336232b452b649dbe1e
data/README.md CHANGED
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
6
6
 
7
7
  - Add `gem :activerecord_aad` to your Gemfile.
8
8
  - Run `bin/bundle install`
9
+
10
+ ## Setup
11
+
12
+ Follow one of the following guides:
13
+ - MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
14
+ - PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
15
+
16
+ Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
17
+
18
+ Example:
19
+ ```yaml
20
+ production:
21
+ adapter: mysql2
22
+ reconnect: true
23
+ host: my-app.mysql.database.azure.com
24
+ azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
25
+ database: app
26
+ username: MyAppsManagedIdentity@my-app
27
+ sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
28
+ sslverify: true
29
+ sslcipher: 'AES256-SHA'
30
+ ```
31
+
32
+ ## How it works
33
+
34
+ Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = 'activerecord_aad'
7
- s.version = '0.0.1'
7
+ s.version = '0.2.0'
8
8
  s.authors = ['Taylor Yelverton']
9
9
  s.email = 'rubygems@yelvert.io'
10
10
  s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
@@ -8,12 +8,11 @@ module Azure
8
8
 
9
9
  def configuration_hash
10
10
  hash = super.dup
11
- if hash.key?(:azure_managed_identity)
12
- @managed_identity_manager ||= ManagedIdentityManager.new(hash[:azure_managed_identity])
13
- @managed_identity_manager.apply(hash)
11
+ if hash[:azure_managed_identity].present?
12
+ @managed_identity_manager ||= ManagedIdentityManager.new(hash)
13
+ @managed_identity_manager.apply
14
14
  end
15
15
  hash.symbolize_keys!.freeze
16
- puts hash
17
16
  hash
18
17
  end
19
18
 
@@ -27,14 +26,14 @@ module Azure
27
26
  def initialize(conf)
28
27
  raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
29
28
  @config = conf.with_indifferent_access
30
- raise 'ActiveRecordAAD: missing client_id' unless config[:client_id].present?
31
- @client_id = config[:client_id]
29
+ @client_id = config[:azure_managed_identity]
32
30
  @url = URL
33
31
  @url += "&client_id=#{@client_id}" if @client_id.present?
34
32
  end
35
33
 
36
34
  def apply(hash)
37
- hash.merge!(password: access_token, enable_cleartext_plugin: true)
35
+ hash[:password] = access_token
36
+ hash[:enable_cleartext_plugin] = true if hash[:adapter] == 'mysql2'
38
37
  end
39
38
 
40
39
  def access_token
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord_aad
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-07-10 00:00:00.000000000 Z
11
+ date: 2023-07-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activerecord