azure-key-vault 0.0.15 → 0.0.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rspec +2 -0
- data/Gemfile.lock +10 -7
- data/LICENCE +21 -0
- data/README.md +6 -0
- data/lib/key_vault.rb +3 -1
- data/lib/key_vault/client.rb +3 -3
- data/lib/key_vault/managed_identity_auth.rb +42 -0
- data/lib/key_vault/version.rb +1 -1
- data/spec/key_vault/client_spec.rb +2 -2
- data/spec/key_vault/managed_identity_auth_spec.rb +55 -0
- data/spec/key_vault/version_spec.rb +1 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4cc02b995cb48c3f671d511f0ab77f33d25389a74440279ee64087ac17c08e6a
|
4
|
+
data.tar.gz: 7008d4837aac317e8834c52b461a6305fedc7b8d1e2f430be78ad993a8096247
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fc4201b1240909dca6f396409a9a2fc4152fc3bc0bc59e07a945352bd8ab5285254ffb64e3b6a49c9bac2d37114b6accce06e32a6e0fb56c80c3b1abc6184655
|
7
|
+
data.tar.gz: fcaa0a644e14f68298633912f2a99ccc81e090597f5061372f240e9007e15a346de9550d5edc4fbbc83b2b4ccecf6d23cf0fc03b1935fc5b4f50f1463eaef3ca
|
data/.rspec
ADDED
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
azure-key-vault (0.0.
|
4
|
+
azure-key-vault (0.0.16)
|
5
5
|
json_pure (~> 2.1)
|
6
6
|
rest-client (~> 2.0)
|
7
7
|
|
@@ -11,9 +11,10 @@ GEM
|
|
11
11
|
ast (2.3.0)
|
12
12
|
coderay (1.1.2)
|
13
13
|
diff-lcs (1.3)
|
14
|
-
domain_name (0.5.
|
14
|
+
domain_name (0.5.20180417)
|
15
15
|
unf (>= 0.0.5, < 1.0.0)
|
16
16
|
ffi (1.9.18)
|
17
|
+
ffi (1.9.18-x64-mingw32)
|
17
18
|
formatador (0.2.5)
|
18
19
|
guard (2.14.2)
|
19
20
|
formatador (>= 0.2.4)
|
@@ -44,9 +45,9 @@ GEM
|
|
44
45
|
ruby_dep (~> 1.2)
|
45
46
|
lumberjack (1.0.12)
|
46
47
|
method_source (0.9.0)
|
47
|
-
mime-types (3.
|
48
|
+
mime-types (3.2.2)
|
48
49
|
mime-types-data (~> 3.2015)
|
49
|
-
mime-types-data (3.
|
50
|
+
mime-types-data (3.2018.0812)
|
50
51
|
nenv (0.3.0)
|
51
52
|
netrc (0.11.0)
|
52
53
|
notiffany (0.1.1)
|
@@ -66,7 +67,8 @@ GEM
|
|
66
67
|
ffi (>= 0.5.0, < 2)
|
67
68
|
rb-readline (0.5.5)
|
68
69
|
rdoc (4.3.0)
|
69
|
-
rest-client (2.0.2)
|
70
|
+
rest-client (2.0.2-x64-mingw32)
|
71
|
+
ffi (~> 1.9)
|
70
72
|
http-cookie (>= 1.0.2, < 2.0)
|
71
73
|
mime-types (>= 1.16, < 4.0)
|
72
74
|
netrc (~> 0.8)
|
@@ -96,11 +98,12 @@ GEM
|
|
96
98
|
thor (0.20.0)
|
97
99
|
unf (0.1.4)
|
98
100
|
unf_ext
|
99
|
-
unf_ext (0.0.7.
|
101
|
+
unf_ext (0.0.7.5-x64-mingw32)
|
100
102
|
unicode-display_width (1.3.0)
|
101
103
|
|
102
104
|
PLATFORMS
|
103
105
|
ruby
|
106
|
+
x64-mingw32
|
104
107
|
|
105
108
|
DEPENDENCIES
|
106
109
|
azure-key-vault!
|
@@ -116,4 +119,4 @@ DEPENDENCIES
|
|
116
119
|
rubocop
|
117
120
|
|
118
121
|
BUNDLED WITH
|
119
|
-
1.
|
122
|
+
1.16.2
|
data/LICENCE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2019 Mike Scott
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
13
|
+
copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
21
|
+
SOFTWARE.
|
data/README.md
CHANGED
@@ -1,4 +1,7 @@
|
|
1
1
|
# azure-key-vault
|
2
|
+
|
3
|
+
[![Gem Version](https://badge.fury.io/rb/azure-key-vault.svg)](https://badge.fury.io/rb/azure-key-vault)
|
4
|
+
|
2
5
|
Ruby wrapper for Azure Key Vault REST API
|
3
6
|
|
4
7
|
## Examples
|
@@ -6,6 +9,9 @@ Ruby wrapper for Azure Key Vault REST API
|
|
6
9
|
### Get an access token
|
7
10
|
`bearer_token = KeyVault::Auth.new(tenant_id, client_id, client_secret).bearer_token`
|
8
11
|
|
12
|
+
### Get an access token using Managed Identity
|
13
|
+
`bearer_token = KeyVault::ManagedIdentityAuth.new().bearer_token`
|
14
|
+
|
9
15
|
### Get client for and existing Azure Key Vault
|
10
16
|
`vault = KeyVault::Client.new(vault_name, bearer_token)`
|
11
17
|
|
data/lib/key_vault.rb
CHANGED
@@ -1,9 +1,11 @@
|
|
1
1
|
require 'key_vault/version'
|
2
2
|
require 'key_vault/client'
|
3
3
|
require 'key_vault/auth'
|
4
|
+
require 'key_vault/managed_identity_auth'
|
4
5
|
|
5
6
|
# Provides a simple Ruby interface for the Azure Key Vault REST API
|
6
7
|
module KeyVault
|
7
8
|
# The default Azure REST API version
|
8
|
-
|
9
|
+
VAULT_API_VERSION = '2016-10-01'.freeze
|
10
|
+
METADATA_API_VERSION = '2018-04-02'.freeze
|
9
11
|
end
|
data/lib/key_vault/client.rb
CHANGED
@@ -21,10 +21,10 @@ module KeyVault
|
|
21
21
|
# +vault_name+:: The name of the key vault
|
22
22
|
# +bearer_token+:: The token obtained from #KeyVault::Auth
|
23
23
|
# +api_version+:: (*optional*) Version of the azure REST API to use.
|
24
|
-
# Defaults to +
|
25
|
-
def initialize(vault_name, bearer_token, api_version:
|
24
|
+
# Defaults to +VAULT_API_VERSION+
|
25
|
+
def initialize(vault_name, bearer_token, api_version: VAULT_API_VERSION)
|
26
26
|
@vault_name = vault_name
|
27
|
-
@api_version = api_version ||
|
27
|
+
@api_version = api_version || VAULT_API_VERSION
|
28
28
|
@bearer_token = bearer_token
|
29
29
|
@vault_url = Url.new(@vault_name)
|
30
30
|
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
require 'rest-client'
|
2
|
+
require 'json'
|
3
|
+
module KeyVault
|
4
|
+
# Authenticator for Azure Key Vault using Managed Identity
|
5
|
+
class ManagedIdentityAuth
|
6
|
+
# Create authenticator using Managed Identity
|
7
|
+
# ==== Parameters:
|
8
|
+
# +api_version+:: (*optional*) Version of the azure Metadata REST API to use.
|
9
|
+
# Defaults to +METADATA_API_VERSION+
|
10
|
+
def initialize(api_version: METADATA_API_VERSION)
|
11
|
+
@api_version = api_version || METADATA_API_VERSION
|
12
|
+
end
|
13
|
+
|
14
|
+
# Authenticates with Azure using OAUTH 2.0
|
15
|
+
# ==== Returns:
|
16
|
+
# A string containing the bearer token for insertion into request headers
|
17
|
+
# ==== Raises:
|
18
|
+
# +ArgumentError+:: If the authentication request format is invalid
|
19
|
+
# +KeyVault::Unauthorized+:: If authentication fails authorization
|
20
|
+
def bearer_token
|
21
|
+
result = RestClient::Request.execute(method: :get,
|
22
|
+
url: url,
|
23
|
+
headers: headers)
|
24
|
+
token_resp = JSON.parse(result)
|
25
|
+
"Bearer #{token_resp['access_token']}"
|
26
|
+
rescue RestClient::BadRequest
|
27
|
+
raise ArgumentError, 'Could not authenticate to Azure (Bad Request)'
|
28
|
+
rescue RestClient::Unauthorized
|
29
|
+
raise KeyVault::Unauthorized
|
30
|
+
end
|
31
|
+
|
32
|
+
private
|
33
|
+
|
34
|
+
def headers
|
35
|
+
{ 'Metadata' => 'true' }
|
36
|
+
end
|
37
|
+
|
38
|
+
def url
|
39
|
+
"http://169.254.169.254/metadata/identity/oauth2/token?api-version=#{@api_version}&resource=https://vault.azure.net"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
data/lib/key_vault/version.rb
CHANGED
@@ -12,7 +12,7 @@ describe KeyVault::Client do
|
|
12
12
|
|
13
13
|
it 'defaults api_version' do
|
14
14
|
client = KeyVault::Client.new(vault_name, bearer_token)
|
15
|
-
expect(client.api_version).to eq KeyVault::
|
15
|
+
expect(client.api_version).to eq KeyVault::VAULT_API_VERSION
|
16
16
|
end
|
17
17
|
|
18
18
|
it 'allows setting of api_version' do
|
@@ -25,7 +25,7 @@ describe KeyVault::Client do
|
|
25
25
|
describe '.get_secret' do
|
26
26
|
let(:secret_name) { 'the-secret' }
|
27
27
|
let(:secret_value) { 'top secret' }
|
28
|
-
let(:api_version) { KeyVault::
|
28
|
+
let(:api_version) { KeyVault::VAULT_API_VERSION }
|
29
29
|
let(:secret_url) { "https://#{vault_name}.vault.azure.net/secrets/#{secret_name}?api-version=#{api_version}" }
|
30
30
|
let(:valid_response) do
|
31
31
|
<<-RESPONSE
|
@@ -0,0 +1,55 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
describe KeyVault::ManagedIdentityAuth do
|
3
|
+
|
4
|
+
describe('#new') do
|
5
|
+
it 'requires no parameters' do
|
6
|
+
auth = KeyVault::ManagedIdentityAuth.new()
|
7
|
+
expect(auth).not_to be_nil
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '.bearer_token' do
|
12
|
+
subject(:auth) { KeyVault::ManagedIdentityAuth.new() }
|
13
|
+
let(:auth_url) { "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-04-02&resource=https://vault.azure.net" }
|
14
|
+
let(:access_token) { 'theaccesstoken' }
|
15
|
+
let(:auth_response) { %Q[{
|
16
|
+
"token_type":"Bearer",
|
17
|
+
"some_other_params":"...",
|
18
|
+
"resource":"https://vault.azure.net",
|
19
|
+
"access_token":"#{access_token}"
|
20
|
+
}] }
|
21
|
+
|
22
|
+
let(:rest_request) do
|
23
|
+
class_double('RestClient::Request')
|
24
|
+
.as_stubbed_const(:transfer_nested_constants => true)
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'authenticates with Microsoft OAUTH' do
|
28
|
+
expect(rest_request).to receive(:execute).and_return(auth_response)
|
29
|
+
auth.bearer_token
|
30
|
+
end
|
31
|
+
|
32
|
+
it 'raises argument error if bad request is returned' do
|
33
|
+
expect(rest_request).to receive(:execute).and_raise(RestClient::BadRequest)
|
34
|
+
expect{auth.bearer_token}.to raise_error(ArgumentError)
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'raises custom Unauthorized exception if unauthorized' do
|
38
|
+
expect(rest_request).to receive(:execute).and_raise(RestClient::Unauthorized)
|
39
|
+
expect{auth.bearer_token}.to raise_error(KeyVault::Unauthorized)
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'calls REST API get from the authentication url' do
|
43
|
+
expect(rest_request).to receive(:execute)
|
44
|
+
.with(hash_including(method: :get, url: auth_url))
|
45
|
+
.and_return(auth_response)
|
46
|
+
auth.bearer_token
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'returns the access_token as bearer token' do
|
50
|
+
expect(rest_request).to receive(:execute).and_return(auth_response)
|
51
|
+
expect(auth.bearer_token).to eq("Bearer #{access_token}")
|
52
|
+
end
|
53
|
+
|
54
|
+
end
|
55
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: azure-key-vault
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.16
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mike Scott
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-01-
|
11
|
+
date: 2019-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json_pure
|
@@ -184,9 +184,11 @@ executables: []
|
|
184
184
|
extensions: []
|
185
185
|
extra_rdoc_files: []
|
186
186
|
files:
|
187
|
+
- ".rspec"
|
187
188
|
- Gemfile
|
188
189
|
- Gemfile.lock
|
189
190
|
- Guardfile
|
191
|
+
- LICENCE
|
190
192
|
- README.md
|
191
193
|
- Rakefile
|
192
194
|
- azurekeyvault.gemspec
|
@@ -194,10 +196,12 @@ files:
|
|
194
196
|
- lib/key_vault/auth.rb
|
195
197
|
- lib/key_vault/client.rb
|
196
198
|
- lib/key_vault/exceptions.rb
|
199
|
+
- lib/key_vault/managed_identity_auth.rb
|
197
200
|
- lib/key_vault/url.rb
|
198
201
|
- lib/key_vault/version.rb
|
199
202
|
- spec/key_vault/auth_spec.rb
|
200
203
|
- spec/key_vault/client_spec.rb
|
204
|
+
- spec/key_vault/managed_identity_auth_spec.rb
|
201
205
|
- spec/key_vault/url_spec.rb
|
202
206
|
- spec/key_vault/version_spec.rb
|
203
207
|
- spec/spec_helper.rb
|