activerecord_aad 0.0.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +26 -0
- data/activerecord_aad.gemspec +1 -1
- data/lib/activerecord_aad.rb +6 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 132d1e6ee2a22807d770626e05855f921d08c9939b34ef13ba7d9bbb5cbfaf9d
|
|
4
|
+
data.tar.gz: a8dade4efc62264cd488b24c67b8d346d019743028b1b2df9103a8764aadfb76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 997b7ff430e1944a6813b0c416dd641b09b37c5f39a8909b8e2d0188db457a9d14e682238037572fc03dcbb0fb31249625c1b678f5f6b1c25138904715cb55b7
|
|
7
|
+
data.tar.gz: fdbf4bd7056745fa874476260d141b89a8641954b495d167940e840152604ddca0f82c2cb69a99859929502e493059fb891c46bc6dcb4336232b452b649dbe1e
|
data/README.md
CHANGED
|
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
|
|
|
6
6
|
|
|
7
7
|
- Add `gem :activerecord_aad` to your Gemfile.
|
|
8
8
|
- Run `bin/bundle install`
|
|
9
|
+
|
|
10
|
+
## Setup
|
|
11
|
+
|
|
12
|
+
Follow one of the following guides:
|
|
13
|
+
- MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
|
|
14
|
+
- PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
|
|
15
|
+
|
|
16
|
+
Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
|
|
17
|
+
|
|
18
|
+
Example:
|
|
19
|
+
```yaml
|
|
20
|
+
production:
|
|
21
|
+
adapter: mysql2
|
|
22
|
+
reconnect: true
|
|
23
|
+
host: my-app.mysql.database.azure.com
|
|
24
|
+
azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
|
|
25
|
+
database: app
|
|
26
|
+
username: MyAppsManagedIdentity@my-app
|
|
27
|
+
sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
|
|
28
|
+
sslverify: true
|
|
29
|
+
sslcipher: 'AES256-SHA'
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## How it works
|
|
33
|
+
|
|
34
|
+
Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
|
data/activerecord_aad.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |s|
|
|
6
6
|
s.name = 'activerecord_aad'
|
|
7
|
-
s.version = '0.0
|
|
7
|
+
s.version = '0.2.0'
|
|
8
8
|
s.authors = ['Taylor Yelverton']
|
|
9
9
|
s.email = 'rubygems@yelvert.io'
|
|
10
10
|
s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
|
data/lib/activerecord_aad.rb
CHANGED
|
@@ -8,12 +8,11 @@ module Azure
|
|
|
8
8
|
|
|
9
9
|
def configuration_hash
|
|
10
10
|
hash = super.dup
|
|
11
|
-
if hash.
|
|
12
|
-
@managed_identity_manager ||= ManagedIdentityManager.new(hash
|
|
13
|
-
@managed_identity_manager.apply
|
|
11
|
+
if hash[:azure_managed_identity].present?
|
|
12
|
+
@managed_identity_manager ||= ManagedIdentityManager.new(hash)
|
|
13
|
+
@managed_identity_manager.apply
|
|
14
14
|
end
|
|
15
15
|
hash.symbolize_keys!.freeze
|
|
16
|
-
puts hash
|
|
17
16
|
hash
|
|
18
17
|
end
|
|
19
18
|
|
|
@@ -27,14 +26,14 @@ module Azure
|
|
|
27
26
|
def initialize(conf)
|
|
28
27
|
raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
|
|
29
28
|
@config = conf.with_indifferent_access
|
|
30
|
-
|
|
31
|
-
@client_id = config[:client_id]
|
|
29
|
+
@client_id = config[:azure_managed_identity]
|
|
32
30
|
@url = URL
|
|
33
31
|
@url += "&client_id=#{@client_id}" if @client_id.present?
|
|
34
32
|
end
|
|
35
33
|
|
|
36
34
|
def apply(hash)
|
|
37
|
-
hash
|
|
35
|
+
hash[:password] = access_token
|
|
36
|
+
hash[:enable_cleartext_plugin] = true if hash[:adapter] == 'mysql2'
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
def access_token
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord_aad
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Taylor Yelverton
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|