activerecord_aad 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +26 -0
  3. data/activerecord_aad.gemspec +1 -1
  4. data/lib/activerecord_aad.rb +11 -8
  5. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6e518372b2ec5ea175036f90aea3db8a6ee83a04e892e9e1c9d369b84d8a5419
4
- data.tar.gz: 2790cdbe0184da177aaa6d114904554dca90be20c85bdfe244f042b28b964fe5
3
+ metadata.gz: 132d1e6ee2a22807d770626e05855f921d08c9939b34ef13ba7d9bbb5cbfaf9d
4
+ data.tar.gz: a8dade4efc62264cd488b24c67b8d346d019743028b1b2df9103a8764aadfb76
5
5
  SHA512:
6
- metadata.gz: aed2b5969e0bbd14be1bf51834734455348e15ce02e0b415085bd4d8d67c6d2b50d109b43e23913f860a301e221fe1683813391bbe7c7d1233ccc6a3d5a77ee8
7
- data.tar.gz: 43d43ea9c87011cd34882964002165ee13f8166703eda4c279f74a0f11396d53404658cde65db7dd6c4a2c658b980a9601d96c41d5470ac1a7092b9aae34e83c
6
+ metadata.gz: 997b7ff430e1944a6813b0c416dd641b09b37c5f39a8909b8e2d0188db457a9d14e682238037572fc03dcbb0fb31249625c1b678f5f6b1c25138904715cb55b7
7
+ data.tar.gz: fdbf4bd7056745fa874476260d141b89a8641954b495d167940e840152604ddca0f82c2cb69a99859929502e493059fb891c46bc6dcb4336232b452b649dbe1e
data/README.md CHANGED
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
6
6
 
7
7
  - Add `gem :activerecord_aad` to your Gemfile.
8
8
  - Run `bin/bundle install`
9
+
10
+ ## Setup
11
+
12
+ Follow one of the following guides:
13
+ - MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
14
+ - PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
15
+
16
+ Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
17
+
18
+ Example:
19
+ ```yaml
20
+ production:
21
+ adapter: mysql2
22
+ reconnect: true
23
+ host: my-app.mysql.database.azure.com
24
+ azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
25
+ database: app
26
+ username: MyAppsManagedIdentity@my-app
27
+ sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
28
+ sslverify: true
29
+ sslcipher: 'AES256-SHA'
30
+ ```
31
+
32
+ ## How it works
33
+
34
+ Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
data/activerecord_aad.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = 'activerecord_aad'
7
- s.version = '0.1.0'
7
+ s.version = '0.2.0'
8
8
  s.authors = ['Taylor Yelverton']
9
9
  s.email = 'rubygems@yelvert.io'
10
10
  s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
data/lib/activerecord_aad.rb CHANGED
@@ -8,9 +8,9 @@ module Azure
8
8
 
9
9
  def configuration_hash
10
10
  hash = super.dup
11
- if hash[:azure_managed_identity_client_id].present?
12
- @managed_identity_manager ||= ManagedIdentityManager.new(hash[:azure_managed_identity_client_id])
13
- @managed_identity_manager.apply(hash)
11
+ if hash[:azure_managed_identity].present?
12
+ @managed_identity_manager ||= ManagedIdentityManager.new(hash)
13
+ @managed_identity_manager.apply
14
14
  end
15
15
  hash.symbolize_keys!.freeze
16
16
  hash
@@ -23,14 +23,17 @@ module Azure
23
23
 
24
24
  attr_reader :config, :url
25
25
 
26
- def initialize(cid)
27
- raise 'ActiveRecordAAD: missing client_id' unless cid.present?
28
- @client_id = cid
29
- @url = "#{URL}&client_id=#{client_id}"
26
+ def initialize(conf)
27
+ raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
28
+ @config = conf.with_indifferent_access
29
+ @client_id = config[:azure_managed_identity]
30
+ @url = URL
31
+ @url += "&client_id=#{@client_id}" if @client_id.present?
30
32
  end
31
33
 
32
34
  def apply(hash)
33
- hash.merge!(password: access_token, enable_cleartext_plugin: true)
35
+ hash[:password] = access_token
36
+ hash[:enable_cleartext_plugin] = true if hash[:adapter] == 'mysql2'
34
37
  end
35
38
 
36
39
  def access_token
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord_aad
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton