activerecord_aad 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6e518372b2ec5ea175036f90aea3db8a6ee83a04e892e9e1c9d369b84d8a5419
4
- data.tar.gz: 2790cdbe0184da177aaa6d114904554dca90be20c85bdfe244f042b28b964fe5
3
+ metadata.gz: 132d1e6ee2a22807d770626e05855f921d08c9939b34ef13ba7d9bbb5cbfaf9d
4
+ data.tar.gz: a8dade4efc62264cd488b24c67b8d346d019743028b1b2df9103a8764aadfb76
5
5
  SHA512:
6
- metadata.gz: aed2b5969e0bbd14be1bf51834734455348e15ce02e0b415085bd4d8d67c6d2b50d109b43e23913f860a301e221fe1683813391bbe7c7d1233ccc6a3d5a77ee8
7
- data.tar.gz: 43d43ea9c87011cd34882964002165ee13f8166703eda4c279f74a0f11396d53404658cde65db7dd6c4a2c658b980a9601d96c41d5470ac1a7092b9aae34e83c
6
+ metadata.gz: 997b7ff430e1944a6813b0c416dd641b09b37c5f39a8909b8e2d0188db457a9d14e682238037572fc03dcbb0fb31249625c1b678f5f6b1c25138904715cb55b7
7
+ data.tar.gz: fdbf4bd7056745fa874476260d141b89a8641954b495d167940e840152604ddca0f82c2cb69a99859929502e493059fb891c46bc6dcb4336232b452b649dbe1e
data/README.md CHANGED
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
6
6
 
7
7
  - Add `gem :activerecord_aad` to your Gemfile.
8
8
  - Run `bin/bundle install`
9
+
10
+ ## Setup
11
+
12
+ Follow one of the following guides:
13
+ - MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
14
+ - PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
15
+
16
+ Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
17
+
18
+ Example:
19
+ ```yaml
20
+ production:
21
+ adapter: mysql2
22
+ reconnect: true
23
+ host: my-app.mysql.database.azure.com
24
+ azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
25
+ database: app
26
+ username: MyAppsManagedIdentity@my-app
27
+ sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
28
+ sslverify: true
29
+ sslcipher: 'AES256-SHA'
30
+ ```
31
+
32
+ ## How it works
33
+
34
+ Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = 'activerecord_aad'
7
- s.version = '0.1.0'
7
+ s.version = '0.2.0'
8
8
  s.authors = ['Taylor Yelverton']
9
9
  s.email = 'rubygems@yelvert.io'
10
10
  s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
@@ -8,9 +8,9 @@ module Azure
8
8
 
9
9
  def configuration_hash
10
10
  hash = super.dup
11
- if hash[:azure_managed_identity_client_id].present?
12
- @managed_identity_manager ||= ManagedIdentityManager.new(hash[:azure_managed_identity_client_id])
13
- @managed_identity_manager.apply(hash)
11
+ if hash[:azure_managed_identity].present?
12
+ @managed_identity_manager ||= ManagedIdentityManager.new(hash)
13
+ @managed_identity_manager.apply
14
14
  end
15
15
  hash.symbolize_keys!.freeze
16
16
  hash
@@ -23,14 +23,17 @@ module Azure
23
23
 
24
24
  attr_reader :config, :url
25
25
 
26
- def initialize(cid)
27
- raise 'ActiveRecordAAD: missing client_id' unless cid.present?
28
- @client_id = cid
29
- @url = "#{URL}&client_id=#{client_id}"
26
+ def initialize(conf)
27
+ raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
28
+ @config = conf.with_indifferent_access
29
+ @client_id = config[:azure_managed_identity]
30
+ @url = URL
31
+ @url += "&client_id=#{@client_id}" if @client_id.present?
30
32
  end
31
33
 
32
34
  def apply(hash)
33
- hash.merge!(password: access_token, enable_cleartext_plugin: true)
35
+ hash[:password] = access_token
36
+ hash[:enable_cleartext_plugin] = true if hash[:adapter] == 'mysql2'
34
37
  end
35
38
 
36
39
  def access_token
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord_aad
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton