azure-auth-token_provider 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 209fc55965a2e082f00341d66b9cd93def3a1d4f79fdfd14ae3d521880c60958
+  data.tar.gz: e2bbc64cba044ae1a991121e5679a30b083960998e34d4c3f3a438e4470ad9ce
+SHA512:
+  metadata.gz: a7838e3c93175bff2a9f8c455ea80457e550470eb45f297858112c1ced9b31de52923de005906e9b4c264105bda65176faff64fa625b8bcfcb9514c0f31aa690
+  data.tar.gz: 855dff85980094cbb08d894ca8943ace9d548d5c4164475f7653ae308c9306a28dbb12da2763b96977766f65629ac670e9e760ab304e91efac7779c7822697be

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 Andrew Maraev
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,4 @@
+# Gem azure-auth-token_provider
+
+It's a simple gem to obtain Azure MSI OAuth2.0 access token.
+It works in both Azure Cloud environment and local development environment.

data/lib/azure/auth/token_provider.rb

@@ -0,0 +1,72 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------------
+# MIT License
+#
+# Copyright (c) 2019 Andrew Maraev
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'azure/auth/token_provider/azure_cli_token_source'
+require 'azure/auth/token_provider/msi_token_source'
+
+# A provider that reads access to Azure MSI token.
+module Azure
+  module Auth
+    # Token provider gives an access to OAuth2.0 token
+    class TokenProvider
+      DEFAULT_RESOURCE = 'https://management.azure.com'
+
+      # Returns an access token
+      # @param resource [String] Azure resource URI
+      # @return [AzureMSITokenProvider::Token]
+      def token(resource = DEFAULT_RESOURCE)
+        @token = read_token_from_source(resource) if
+          @token.nil? ||
+          @token.is_expired? ||
+          @token.resource != resource
+      end
+
+      private
+
+      # Reads an access token from one of the known token sources
+      # @return [AzureMSITokenProvider::Token]
+      def read_token_from_source(resource)
+        return @selected_source.token unless @selected_source.nil?
+
+        token_sources.each do |ts|
+          begin
+            t = ts.token(resource)
+            @selected_source = ts
+            return t
+          rescue StandardError
+            next
+          end
+        end
+      end
+
+      # Returns an array of token sources
+      # @return [Array<#token>]
+      def token_sources
+        [AzureCliTokenSource.new, MsiTokenSource.new]
+      end
+    end
+  end
+end

data/lib/azure/auth/token_provider/azure_cli_token_source.rb

@@ -0,0 +1,94 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------------
+# MIT License
+#
+# Copyright (c) 2019 Andrew Maraev
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'json'
+require 'open3'
+require 'time'
+
+require 'azure/auth/token_provider/token'
+
+module Azure
+  module Auth
+    class TokenProvider
+      # A token source that gets token using cli tool az
+      class AzureCliTokenSource
+        DEFAULT_AZ_PATH = '/usr/bin:/usr/local/bin'
+        BASH = '/bin/bash'
+        AZ_GET_TOKEN = 'az account get-access-token -o json'
+
+        # Returns an access token from cli tool az
+        # @param resource [Stirng] Azure resource URI string.
+        # @return [AzureMSITokenProvider::Token]
+        def token(resource)
+          if Gem.win_platform?
+            token_windows(resource)
+          else
+            token_nix(resource)
+          end
+        end
+
+        private
+
+        # Calls az on windows OS
+        # @return [AzureMSITokenProvider::Token]
+        def token_windows(_resource)
+          # TODO
+          nil
+        end
+
+        # Calls az on *nix OS
+        # @return [AzureMSITokenProvider::Token]
+        def token_nix(resource)
+          Open3.popen2(
+            { 'PATH' => DEFAULT_AZ_PATH },
+            "#{BASH} #{AZ_GET_TOKEN} --resource #{resource}"
+          ) do |_, o, t|
+            return nil unless t.value == 0
+
+            return parse_json_token(o.read)
+          end
+        end
+
+        def parse_json_token(token_src)
+          token_hash = JSON.parse(token_src)
+          Token.new(
+            token_hash['accessToken'],
+            Time.parse(token_hash['expiresOn']),
+            token_hash['tokenType'],
+            read_ext(token_hash)
+          )
+        end
+
+        def read_ext(token_hash)
+          {
+            subscription: token_hash['subscription'],
+            tenant: token_hash['tenant']
+          }
+        end
+      end
+    end
+  end
+end

data/lib/azure/auth/token_provider/msi_token_source.rb

@@ -0,0 +1,78 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------------
+# MIT License
+#
+# Copyright (c) 2019 Andrew Maraev
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'net/http'
+require 'uri'
+
+require 'azure/auth/token_provider/token'
+
+module Azure
+  module Auth
+    class TokenProvider
+      # Provdes OAuth 2.0 access token by calling Azure MV IDMS
+      class MsiTokenSource
+        AZURE_VM_IDMS_ENDPOINT =
+          'http://169.254.169.254/metadata/identity/oauth2/token'
+        API_VERSION = 'api-version=2018-02-01'
+
+        def token(resource = DEFAULT_RESOURCE)
+          query_params = "#{API_VERSION}&resource=#{resource}"
+          uri_src = "#{AZURE_VM_IDMS_ENDPOINT}?#{query_params}"
+          uri = URI.parse(uri_src)
+          http = Net::HTTP.new(uri.host, uri.port)
+          request = Net::HTTP::Get.new(uri.request_uri)
+          request['Metadata'] = 'true'
+          response = http.request(request)
+          return nil if response.code != '200'
+
+          parse_json_token(response.body)
+        end
+
+        private
+
+        def parse_json_token(token_src)
+          token_hash = JSON.parse(token_src)
+          Token.new(
+            token_hash['access_token'],
+            Time.at(token_hash['expires_on'].to_i),
+            token_hash['token_type'],
+            read_ext(token_hash)
+          )
+        end
+
+        def read_ext(token_hash)
+          {
+            client_id: token_hash['client_id'],
+            expires_in: token_hash['expires_in'].to_i,
+            ext_expires_in: token_hash['ext_expires_in'].to_i,
+            not_before: Time.at(token_hash['not_before'].to_i),
+            resource: token_hash['resource']
+          }
+        end
+      end
+    end
+  end
+end

data/lib/azure/auth/token_provider/token.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------------
+# MIT License
+#
+# Copyright (c) 2019 Andrew Maraev
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#-------------------------------------------------------------------------------
+
+require 'date'
+
+module Azure
+  module Auth
+    class TokenProvider
+      # Azure OAuth2 access token
+      class Token
+        # Initializes new instance of Token
+        # @param access_token [String] JWT access token
+        # @param expires_on [Time] Date and time when token expires
+        # @param token_type [String] Token type
+        # @param ext [Hash] extra data
+        def initialize(access_token, expires_on, token_type, ext)
+          @access_token = access_token
+          @expires_on = expires_on
+          @token_type = token_type
+
+          @subscription = ext.fetch(:subscription, nil)
+          @tenant = ext.fetch(:tenant, nil)
+          @client_id = ext.fetch(:client_id, nil)
+          @expires_in = ext.fetch(:expires_in, nil)
+          @ext_expires_in = ext.fetch(:ext_expires_in, nil)
+          @not_before = ext.fetch(:not_before, nil)
+          @resource = ext.fetch(:resource, nil)
+        end
+
+        # JWT access token
+        # @return [String]
+        attr_reader :access_token
+
+        # Date and time when token expires
+        # @return [Time]
+        attr_reader :expires_on
+
+        # Azure subscription id
+        # @return [String]
+        attr_reader :subscription
+
+        # Azure app tenant id
+        # @return [String]
+        attr_reader :tenant
+
+        # Token type
+        # @return [String]
+        attr_reader :token_type
+
+        # Client Id
+        # @return [String]
+        attr_reader :client_id
+
+        # TTL in seconds
+        # @return [Number]
+        attr_reader :expires_in
+
+        # Ext expires in
+        # @return [Time]
+        attr_reader :ext_expires_in
+
+        # Date and time before which token is not valid
+        # @return [Time]
+        attr_reader :not_before
+
+        # URI of resource token is valid for
+        # @return [String]
+        attr_reader :resource
+
+        # Is token expired?
+        # @return [Boolean]
+        def expired?
+          Time.now > @expires_on
+        end
+      end
+    end
+  end
+end

data/lib/azure/auth/token_provider/version.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+#-------------------------------------------------------------------------------
+# MIT License
+#
+# Copyright (c) 2019 Andrew Maraev
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#-------------------------------------------------------------------------------
+
+module Azure
+  module Auth
+    class TokenProvider
+      VERSION = '0.1.0'
+    end
+  end
+end

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: azure-auth-token_provider
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Andrey Maraev
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2019-07-14 00:00:00.000000000 Z
+dependencies: []
+description: |2
+      A simple to use gem to obtain Azure MSI access token.
+      Supports both Azure Cloud environment and local development.
+email:
+- the_vk@thevk.net
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- lib/azure/auth/token_provider.rb
+- lib/azure/auth/token_provider/azure_cli_token_source.rb
+- lib/azure/auth/token_provider/msi_token_source.rb
+- lib/azure/auth/token_provider/token.rb
+- lib/azure/auth/token_provider/version.rb
+homepage: https://github.com/the-vk/gem-azure-auth-token_provider
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6.2
+signing_key: 
+specification_version: 4
+summary: A simple to use gem to obtain Azure MSI access token.
+test_files: []