activerecord_aad 0.1.0 → 0.2.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6e518372b2ec5ea175036f90aea3db8a6ee83a04e892e9e1c9d369b84d8a5419
4
- data.tar.gz: 2790cdbe0184da177aaa6d114904554dca90be20c85bdfe244f042b28b964fe5
3
+ metadata.gz: 72b9b8232931fdf6b39a2c77182eb989b2ef1b31f48228be1b7bbc8b2ed89e23
4
+ data.tar.gz: 7b78bdc58f5c029f8f6f109aca762124370f3ab2a88685c0621891192ba06352
5
5
  SHA512:
6
- metadata.gz: aed2b5969e0bbd14be1bf51834734455348e15ce02e0b415085bd4d8d67c6d2b50d109b43e23913f860a301e221fe1683813391bbe7c7d1233ccc6a3d5a77ee8
7
- data.tar.gz: 43d43ea9c87011cd34882964002165ee13f8166703eda4c279f74a0f11396d53404658cde65db7dd6c4a2c658b980a9601d96c41d5470ac1a7092b9aae34e83c
6
+ metadata.gz: 2af61c5eb0f09f763b511e4f0da836db09f484ccaecb44568e12cea01e3c2d0a0b947c2e72aac03a86dc81ef723e20cb37b6db0612af6da9fed8147ece80a7c3
7
+ data.tar.gz: bf57dc76487e2a2310a0294c3f7605be0746ac55deda50286f297b3597cd415ddc32860bcdac88edf584ce91c4aa03dc8331b13c73fc3e039357e3e8fba9aaff
data/README.md CHANGED
@@ -6,3 +6,29 @@ This gem enables using an Azure ActiveDirectory Managed Identity to connect to a
6
6
 
7
7
  - Add `gem :activerecord_aad` to your Gemfile.
8
8
  - Run `bin/bundle install`
9
+
10
+ ## Setup
11
+
12
+ Follow one of the following guides:
13
+ - MySQL: https://learn.microsoft.com/en-us/azure/mysql/single-server/how-to-connect-with-managed-identity
14
+ - PostgreSQL: https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity
15
+
16
+ Add the `client_id` from the Azure AD Managed Identity and add it to your `config/database.yml` file with the key `azure_managed_identity`
17
+
18
+ Example:
19
+ ```yaml
20
+ production:
21
+ adapter: mysql2
22
+ reconnect: true
23
+ host: my-app.mysql.database.azure.com
24
+ azure_managed_identity: 91cb2200-004b-4577-a8ca-a5fa9c082485
25
+ database: app
26
+ username: MyAppsManagedIdentity@my-app
27
+ sslca: /opt/ssl/BaltimoreCyberTrustRoot.crt.pem
28
+ sslverify: true
29
+ sslcipher: 'AES256-SHA'
30
+ ```
31
+
32
+ ## How it works
33
+
34
+ Whenever a new database connection is needed, a call is made to "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=#{database_yml_azure_managed_identity}" to get a new access key. That access key is added as the password to the database configuration that is passed to the adapter to establish the connection.
@@ -4,7 +4,7 @@ $LOAD_PATH << File.join(File.dirname(__FILE__), 'lib')
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = 'activerecord_aad'
7
- s.version = '0.1.0'
7
+ s.version = '0.2.1'
8
8
  s.authors = ['Taylor Yelverton']
9
9
  s.email = 'rubygems@yelvert.io'
10
10
  s.homepage = 'https://github.com/ComplyMD/activerecord_aad'
@@ -7,10 +7,10 @@ module Azure
7
7
  module HashConfig
8
8
 
9
9
  def configuration_hash
10
- hash = super.dup
11
- if hash[:azure_managed_identity_client_id].present?
12
- @managed_identity_manager ||= ManagedIdentityManager.new(hash[:azure_managed_identity_client_id])
13
- @managed_identity_manager.apply(hash)
10
+ hash = super.dup.with_indifferent_access
11
+ if hash[:azure_managed_identity].present?
12
+ @managed_identity_manager ||= ManagedIdentityManager.new(hash)
13
+ @managed_identity_manager.apply
14
14
  end
15
15
  hash.symbolize_keys!.freeze
16
16
  hash
@@ -23,14 +23,17 @@ module Azure
23
23
 
24
24
  attr_reader :config, :url
25
25
 
26
- def initialize(cid)
27
- raise 'ActiveRecordAAD: missing client_id' unless cid.present?
28
- @client_id = cid
29
- @url = "#{URL}&client_id=#{client_id}"
26
+ def initialize(conf)
27
+ raise "ActiveRecordAAD: invalid config: `#{conf}`" unless conf.is_a?(Hash)
28
+ @config = conf
29
+ @client_id = config[:azure_managed_identity]
30
+ @url = URL
31
+ @url += "&client_id=#{@client_id}" if @client_id.present?
30
32
  end
31
33
 
32
- def apply(hash)
33
- hash.merge!(password: access_token, enable_cleartext_plugin: true)
34
+ def apply
35
+ config[:password] = access_token
36
+ config[:enable_cleartext_plugin] = true if config[:adapter] == 'mysql2'
34
37
  end
35
38
 
36
39
  def access_token
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: activerecord_aad
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton