ms_rest_azure 0.8.1 → 0.8.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +10 -1
- data/lib/ms_rest_azure.rb +1 -0
- data/lib/ms_rest_azure/credentials/application_token_provider.rb +2 -2
- data/lib/ms_rest_azure/credentials/msi_token_provider.rb +112 -0
- data/lib/ms_rest_azure/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 598eee1919adb8f42b15642431cf5b5fdb948c06
|
|
4
|
+
data.tar.gz: e3202bab608bb1cf4a2b3f2c664a12da53084964
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fa5e95ea325152eb570a5bde4ad22938a0414b7cf3b3b17c614851b5529e8478f30c54436fea3d154b3239bab2d4c2fab9ca7d4787836d331cbfc1207ce7f861
|
|
7
|
+
data.tar.gz: efa6785890307c55f49a069b70625aeb63246af643b11f9292965cc5f0c54053d5e08ccb90f7fc52cb074008ae2f56b56c0a0a815d4a8e1cb1a3e0da8e40058f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
##2017.08.28 ms_rest_azure version 0.8.2
|
|
2
|
+
* Enable Managed Service Identity authentication features into ms_rest_azure runtime for azure_mgmt_* sdks.[Issue #884](https://github.com/Azure/azure-sdk-for-ruby/issues/884) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889)
|
|
3
|
+
|
|
1
4
|
##2017.07.10 ms_rest_azure version 0.8.1
|
|
2
5
|
* [Bug Fix] Fixed the issue with the polling status object to handle the response code and provisioning status correctly.[Issue #817](https://github.com/Azure/azure-sdk-for-ruby/issues/817) [PR #828](https://github.com/Azure/azure-sdk-for-ruby/pull/828)
|
|
3
6
|
|
data/README.md
CHANGED
|
@@ -37,10 +37,19 @@ To start working on the gem the only additional dev dependecy is required - rspe
|
|
|
37
37
|
Reference it in the gemfile and also add this line to your client's gemspec file:
|
|
38
38
|
|
|
39
39
|
```ruby
|
|
40
|
-
spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.
|
|
40
|
+
spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.2'
|
|
41
41
|
```
|
|
42
42
|
Don't forget to correct the version.
|
|
43
43
|
|
|
44
|
+
# Utilizing MSI(Managed Service Identity) Token Provider
|
|
45
|
+
|
|
46
|
+
MSI support has been enabled in `ms_rest_azure` version `0.8.2`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`:
|
|
47
|
+
|
|
48
|
+
```ruby
|
|
49
|
+
provider = MsRestAzure::MSITokenProvider.new('{tenant_id}')
|
|
50
|
+
credentials = MsRest::TokenCredentials.new(provider)
|
|
51
|
+
```
|
|
52
|
+
|
|
44
53
|
# Utilizing Telemetry Extension in your SDK
|
|
45
54
|
|
|
46
55
|
We encourage the customer of ms_rest_azure library to provide information about their product sent via telemetry extension point as below:
|
data/lib/ms_rest_azure.rb
CHANGED
|
@@ -11,6 +11,7 @@ require 'ms_rest_azure/azure_operation_response.rb'
|
|
|
11
11
|
require 'ms_rest_azure/azure_service_client.rb'
|
|
12
12
|
require 'ms_rest_azure/cloud_error_data.rb'
|
|
13
13
|
require 'ms_rest_azure/credentials/application_token_provider.rb'
|
|
14
|
+
require 'ms_rest_azure/credentials/msi_token_provider.rb'
|
|
14
15
|
require 'ms_rest_azure/polling_state.rb'
|
|
15
16
|
require 'ms_rest_azure/sub_resource.rb'
|
|
16
17
|
require 'ms_rest_azure/resource.rb'
|
|
@@ -45,7 +45,7 @@ module MsRestAzure
|
|
|
45
45
|
# @param tenant_id [String] tenant id (also known as domain).
|
|
46
46
|
# @param client_id [String] client id.
|
|
47
47
|
# @param client_secret [String] client secret.
|
|
48
|
-
# @param settings [ActiveDirectoryServiceSettings]
|
|
48
|
+
# @param settings [ActiveDirectoryServiceSettings] active directory setting.
|
|
49
49
|
def initialize(tenant_id, client_id, client_secret, settings = ActiveDirectoryServiceSettings.get_azure_settings)
|
|
50
50
|
fail ArgumentError, 'Tenant id cannot be nil' if tenant_id.nil?
|
|
51
51
|
fail ArgumentError, 'Client id cannot be nil' if client_id.nil?
|
|
@@ -81,7 +81,7 @@ module MsRestAzure
|
|
|
81
81
|
end
|
|
82
82
|
|
|
83
83
|
#
|
|
84
|
-
# Retrieves a new
|
|
84
|
+
# Retrieves a new authentication token.
|
|
85
85
|
#
|
|
86
86
|
# @return [String] new authentication token.
|
|
87
87
|
def acquire_token
|
|
@@ -0,0 +1,112 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
# Copyright (c) Microsoft Corporation. All rights reserved.
|
|
3
|
+
# Licensed under the MIT License. See License.txt in the project root for license information.
|
|
4
|
+
|
|
5
|
+
module MsRestAzure
|
|
6
|
+
#
|
|
7
|
+
# Class that provides access to authentication token via Managed Service Identity.
|
|
8
|
+
#
|
|
9
|
+
class MSITokenProvider < MsRest::TokenProvider
|
|
10
|
+
|
|
11
|
+
private
|
|
12
|
+
|
|
13
|
+
TOKEN_ACQUIRE_URL = 'http://localhost:{port}/oauth2/token'
|
|
14
|
+
REQUEST_BODY_PATTERN = 'authority={authentication_endpoint}{tenant_id}&resource={resource_uri}'
|
|
15
|
+
DEFAULT_SCHEME = 'Bearer'
|
|
16
|
+
|
|
17
|
+
# @return [MSIActiveDirectoryServiceSettings] settings.
|
|
18
|
+
attr_accessor :settings
|
|
19
|
+
|
|
20
|
+
# @return [String] tenant id (also known as domain).
|
|
21
|
+
attr_accessor :tenant_id
|
|
22
|
+
|
|
23
|
+
# @return [Integer] port number where MSI service is running.
|
|
24
|
+
attr_accessor :port
|
|
25
|
+
|
|
26
|
+
# @return [String] auth token.
|
|
27
|
+
attr_accessor :token
|
|
28
|
+
|
|
29
|
+
# @return [Time] the date when the current token expires.
|
|
30
|
+
attr_accessor :token_expires_on
|
|
31
|
+
|
|
32
|
+
# @return [Integer] the amount of time we refresh token before it expires.
|
|
33
|
+
attr_reader :expiration_threshold
|
|
34
|
+
|
|
35
|
+
# @return [String] the type of token.
|
|
36
|
+
attr_reader :token_type
|
|
37
|
+
|
|
38
|
+
public
|
|
39
|
+
|
|
40
|
+
#
|
|
41
|
+
# Creates and initialize new instance of the MSITokenProvider class.
|
|
42
|
+
# @param tenant_id [String] tenant id (also known as domain).
|
|
43
|
+
# @param port [Integer] port number where MSI service is running.
|
|
44
|
+
# @param settings [ActiveDirectoryServiceSettings] active directory setting.
|
|
45
|
+
def initialize(tenant_id, port = 50342, settings = ActiveDirectoryServiceSettings.get_azure_settings)
|
|
46
|
+
fail ArgumentError, 'Tenant id cannot be nil' if tenant_id.nil?
|
|
47
|
+
fail ArgumentError, 'Port cannot be nil' if port.nil?
|
|
48
|
+
fail ArgumentError, 'Port must be an Integer' unless port.is_a? Integer
|
|
49
|
+
fail ArgumentError, 'Azure AD settings cannot be nil' if settings.nil?
|
|
50
|
+
|
|
51
|
+
@tenant_id = tenant_id
|
|
52
|
+
@port = port
|
|
53
|
+
@settings = settings
|
|
54
|
+
|
|
55
|
+
@expiration_threshold = 5 * 60
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
#
|
|
59
|
+
# Returns the string value which needs to be attached
|
|
60
|
+
# to HTTP request header in order to be authorized.
|
|
61
|
+
#
|
|
62
|
+
# @return [String] authentication headers.
|
|
63
|
+
def get_authentication_header
|
|
64
|
+
acquire_token if token_expired
|
|
65
|
+
"#{token_type} #{token}"
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
private
|
|
69
|
+
|
|
70
|
+
#
|
|
71
|
+
# Checks whether token is about to expire.
|
|
72
|
+
#
|
|
73
|
+
# @return [Bool] True if token is about to expire, false otherwise.
|
|
74
|
+
def token_expired
|
|
75
|
+
@token.nil? || Time.now >= @token_expires_on + expiration_threshold
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
#
|
|
79
|
+
# Retrieves a new authentication token.
|
|
80
|
+
#
|
|
81
|
+
# @return [String] new authentication token.
|
|
82
|
+
def acquire_token
|
|
83
|
+
token_acquire_url = TOKEN_ACQUIRE_URL.dup
|
|
84
|
+
token_acquire_url['{port}'] = @port.to_s
|
|
85
|
+
|
|
86
|
+
url = URI.parse(token_acquire_url)
|
|
87
|
+
|
|
88
|
+
connection = Faraday.new(:url => url, :ssl => MsRest.ssl_options) do |builder|
|
|
89
|
+
builder.adapter Faraday.default_adapter
|
|
90
|
+
end
|
|
91
|
+
|
|
92
|
+
request_body = REQUEST_BODY_PATTERN.dup
|
|
93
|
+
request_body['{authentication_endpoint}'] = ERB::Util.url_encode(@settings.authentication_endpoint)
|
|
94
|
+
request_body['{tenant_id}'] = ERB::Util.url_encode(@tenant_id)
|
|
95
|
+
request_body['{resource_uri}'] = ERB::Util.url_encode(@settings.token_audience)
|
|
96
|
+
|
|
97
|
+
response = connection.post do |request|
|
|
98
|
+
request.headers['content-type'] = 'application/x-www-form-urlencoded'
|
|
99
|
+
request.body = request_body
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
fail AzureOperationError,
|
|
103
|
+
'Couldn\'t acquire access token from Managed Service Identity, please verify your tenant id, port and settings' unless response.status == 200
|
|
104
|
+
|
|
105
|
+
response_body = JSON.load(response.body)
|
|
106
|
+
@token = response_body['access_token']
|
|
107
|
+
@token_expires_on = Time.at(Integer(response_body['expires_on']))
|
|
108
|
+
@token_type = response_body['token_type']
|
|
109
|
+
end
|
|
110
|
+
end
|
|
111
|
+
|
|
112
|
+
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ms_rest_azure
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Microsoft Corporation
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-08-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -126,6 +126,7 @@ files:
|
|
|
126
126
|
- lib/ms_rest_azure/azure_service_client.rb
|
|
127
127
|
- lib/ms_rest_azure/cloud_error_data.rb
|
|
128
128
|
- lib/ms_rest_azure/credentials/application_token_provider.rb
|
|
129
|
+
- lib/ms_rest_azure/credentials/msi_token_provider.rb
|
|
129
130
|
- lib/ms_rest_azure/polling_state.rb
|
|
130
131
|
- lib/ms_rest_azure/resource.rb
|
|
131
132
|
- lib/ms_rest_azure/serialization.rb
|