activerecord_aad 0.0.1 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +26 -0
- data/activerecord_aad.gemspec +1 -1
- data/lib/activerecord_aad.rb +6 -7
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 132d1e6ee2a22807d770626e05855f921d08c9939b34ef13ba7d9bbb5cbfaf9d
|
|
4
|
+
data.tar.gz: a8dade4efc62264cd488b24c67b8d346d019743028b1b2df9103a8764aadfb76
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 997b7ff430e1944a6813b0c416dd641b09b37c5f39a8909b8e2d0188db457a9d14e682238037572fc03dcbb0fb31249625c1b678f5f6b1c25138904715cb55b7
|
|
7
|
+
data.tar.gz: fdbf4bd7056745fa874476260d141b89a8641954b495d167940e840152604ddca0f82c2cb69a99859929502e493059fb891c46bc6dcb4336232b452b649dbe1e
|
data/README.md
CHANGED
|
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
|
|
|
6
6
|
|
|
7
7
|
- Add `gem :activerecord_aad` to your Gemfile.
|
|
8
8
|
- Run `bin/bundle install`
|
|
9
|
+
|
|
10
|
+
## Setup
|
|
11
|
+
|
|
12
|
+
Follow one of the following guides:
|
|
13
|
+
- MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
|
|
14
|
+
- PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
|
|
15
|
+
|
|
16
|
+
Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
|
|
17
|
+
|
|
18
|
+
Example:
|
|
19
|
+
```yaml
|
|
20
|
+
production:
|
|
21
|
+
adapter: mysql2
|
|
22
|
+
reconnect: true
|
|
23
|
+
host: my-app.mysql.database.azure.com
|
|
24
|
+
azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
|
|
25
|
+
database: app
|
|
26
|
+
username: MyAppsManagedIdentity@my-app
|
|
27
|
+
sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
|
|
28
|
+
sslverify: true
|
|
29
|
+
sslcipher: 'AES256-SHA'
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## How it works
|
|
33
|
+
|
|
34
|
+
Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
|
data/activerecord_aad.gemspec
CHANGED
|
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |s|
|
|
6
6
|
s.name = 'activerecord_aad'
|
|
7
|
-
s.version = '0.0
|
|
7
|
+
s.version = '0.2.0'
|
|
8
8
|
s.authors = ['Taylor Yelverton']
|
|
9
9
|
s.email = 'rubygems@yelvert.io'
|
|
10
10
|
s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
|
data/lib/activerecord_aad.rb
CHANGED
|
@@ -8,12 +8,11 @@ module Azure
|
|
|
8
8
|
|
|
9
9
|
def configuration_hash
|
|
10
10
|
hash = super.dup
|
|
11
|
-
if hash.
|
|
12
|
-
@managed_identity_manager ||= ManagedIdentityManager.new(hash
|
|
13
|
-
@managed_identity_manager.apply
|
|
11
|
+
if hash[:azure_managed_identity].present?
|
|
12
|
+
@managed_identity_manager ||= ManagedIdentityManager.new(hash)
|
|
13
|
+
@managed_identity_manager.apply
|
|
14
14
|
end
|
|
15
15
|
hash.symbolize_keys!.freeze
|
|
16
|
-
puts hash
|
|
17
16
|
hash
|
|
18
17
|
end
|
|
19
18
|
|
|
@@ -27,14 +26,14 @@ module Azure
|
|
|
27
26
|
def initialize(conf)
|
|
28
27
|
raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
|
|
29
28
|
@config = conf.with_indifferent_access
|
|
30
|
-
|
|
31
|
-
@client_id = config[:client_id]
|
|
29
|
+
@client_id = config[:azure_managed_identity]
|
|
32
30
|
@url = URL
|
|
33
31
|
@url += "&client_id=#{@client_id}" if @client_id.present?
|
|
34
32
|
end
|
|
35
33
|
|
|
36
34
|
def apply(hash)
|
|
37
|
-
hash
|
|
35
|
+
hash[:password] = access_token
|
|
36
|
+
hash[:enable_cleartext_plugin] = true if hash[:adapter] == 'mysql2'
|
|
38
37
|
end
|
|
39
38
|
|
|
40
39
|
def access_token
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: activerecord_aad
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Taylor Yelverton
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-07-
|
|
11
|
+
date: 2023-07-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activerecord
|