ms_rest_azure 0.8.1 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +10 -1
- data/lib/ms_rest_azure.rb +1 -0
- data/lib/ms_rest_azure/credentials/application_token_provider.rb +2 -2
- data/lib/ms_rest_azure/credentials/msi_token_provider.rb +112 -0
- data/lib/ms_rest_azure/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 598eee1919adb8f42b15642431cf5b5fdb948c06
|
4
|
+
data.tar.gz: e3202bab608bb1cf4a2b3f2c664a12da53084964
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fa5e95ea325152eb570a5bde4ad22938a0414b7cf3b3b17c614851b5529e8478f30c54436fea3d154b3239bab2d4c2fab9ca7d4787836d331cbfc1207ce7f861
|
7
|
+
data.tar.gz: efa6785890307c55f49a069b70625aeb63246af643b11f9292965cc5f0c54053d5e08ccb90f7fc52cb074008ae2f56b56c0a0a815d4a8e1cb1a3e0da8e40058f
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,6 @@
|
|
1
|
+
##2017.08.28 ms_rest_azure version 0.8.2
|
2
|
+
* Enable Managed Service Identity authentication features into ms_rest_azure runtime for azure_mgmt_* sdks.[Issue #884](https://github.com/Azure/azure-sdk-for-ruby/issues/884) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889)
|
3
|
+
|
1
4
|
##2017.07.10 ms_rest_azure version 0.8.1
|
2
5
|
* [Bug Fix] Fixed the issue with the polling status object to handle the response code and provisioning status correctly.[Issue #817](https://github.com/Azure/azure-sdk-for-ruby/issues/817) [PR #828](https://github.com/Azure/azure-sdk-for-ruby/pull/828)
|
3
6
|
|
data/README.md
CHANGED
@@ -37,10 +37,19 @@ To start working on the gem the only additional dev dependecy is required - rspe
|
|
37
37
|
Reference it in the gemfile and also add this line to your client's gemspec file:
|
38
38
|
|
39
39
|
```ruby
|
40
|
-
spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.
|
40
|
+
spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.2'
|
41
41
|
```
|
42
42
|
Don't forget to correct the version.
|
43
43
|
|
44
|
+
# Utilizing MSI(Managed Service Identity) Token Provider
|
45
|
+
|
46
|
+
MSI support has been enabled in `ms_rest_azure` version `0.8.2`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`:
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
provider = MsRestAzure::MSITokenProvider.new('{tenant_id}')
|
50
|
+
credentials = MsRest::TokenCredentials.new(provider)
|
51
|
+
```
|
52
|
+
|
44
53
|
# Utilizing Telemetry Extension in your SDK
|
45
54
|
|
46
55
|
We encourage the customer of ms_rest_azure library to provide information about their product sent via telemetry extension point as below:
|
data/lib/ms_rest_azure.rb
CHANGED
@@ -11,6 +11,7 @@ require 'ms_rest_azure/azure_operation_response.rb'
|
|
11
11
|
require 'ms_rest_azure/azure_service_client.rb'
|
12
12
|
require 'ms_rest_azure/cloud_error_data.rb'
|
13
13
|
require 'ms_rest_azure/credentials/application_token_provider.rb'
|
14
|
+
require 'ms_rest_azure/credentials/msi_token_provider.rb'
|
14
15
|
require 'ms_rest_azure/polling_state.rb'
|
15
16
|
require 'ms_rest_azure/sub_resource.rb'
|
16
17
|
require 'ms_rest_azure/resource.rb'
|
@@ -45,7 +45,7 @@ module MsRestAzure
|
|
45
45
|
# @param tenant_id [String] tenant id (also known as domain).
|
46
46
|
# @param client_id [String] client id.
|
47
47
|
# @param client_secret [String] client secret.
|
48
|
-
# @param settings [ActiveDirectoryServiceSettings]
|
48
|
+
# @param settings [ActiveDirectoryServiceSettings] active directory setting.
|
49
49
|
def initialize(tenant_id, client_id, client_secret, settings = ActiveDirectoryServiceSettings.get_azure_settings)
|
50
50
|
fail ArgumentError, 'Tenant id cannot be nil' if tenant_id.nil?
|
51
51
|
fail ArgumentError, 'Client id cannot be nil' if client_id.nil?
|
@@ -81,7 +81,7 @@ module MsRestAzure
|
|
81
81
|
end
|
82
82
|
|
83
83
|
#
|
84
|
-
# Retrieves a new
|
84
|
+
# Retrieves a new authentication token.
|
85
85
|
#
|
86
86
|
# @return [String] new authentication token.
|
87
87
|
def acquire_token
|
@@ -0,0 +1,112 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
# Copyright (c) Microsoft Corporation. All rights reserved.
|
3
|
+
# Licensed under the MIT License. See License.txt in the project root for license information.
|
4
|
+
|
5
|
+
module MsRestAzure
|
6
|
+
#
|
7
|
+
# Class that provides access to authentication token via Managed Service Identity.
|
8
|
+
#
|
9
|
+
class MSITokenProvider < MsRest::TokenProvider
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
TOKEN_ACQUIRE_URL = 'http://localhost:{port}/oauth2/token'
|
14
|
+
REQUEST_BODY_PATTERN = 'authority={authentication_endpoint}{tenant_id}&resource={resource_uri}'
|
15
|
+
DEFAULT_SCHEME = 'Bearer'
|
16
|
+
|
17
|
+
# @return [MSIActiveDirectoryServiceSettings] settings.
|
18
|
+
attr_accessor :settings
|
19
|
+
|
20
|
+
# @return [String] tenant id (also known as domain).
|
21
|
+
attr_accessor :tenant_id
|
22
|
+
|
23
|
+
# @return [Integer] port number where MSI service is running.
|
24
|
+
attr_accessor :port
|
25
|
+
|
26
|
+
# @return [String] auth token.
|
27
|
+
attr_accessor :token
|
28
|
+
|
29
|
+
# @return [Time] the date when the current token expires.
|
30
|
+
attr_accessor :token_expires_on
|
31
|
+
|
32
|
+
# @return [Integer] the amount of time we refresh token before it expires.
|
33
|
+
attr_reader :expiration_threshold
|
34
|
+
|
35
|
+
# @return [String] the type of token.
|
36
|
+
attr_reader :token_type
|
37
|
+
|
38
|
+
public
|
39
|
+
|
40
|
+
#
|
41
|
+
# Creates and initialize new instance of the MSITokenProvider class.
|
42
|
+
# @param tenant_id [String] tenant id (also known as domain).
|
43
|
+
# @param port [Integer] port number where MSI service is running.
|
44
|
+
# @param settings [ActiveDirectoryServiceSettings] active directory setting.
|
45
|
+
def initialize(tenant_id, port = 50342, settings = ActiveDirectoryServiceSettings.get_azure_settings)
|
46
|
+
fail ArgumentError, 'Tenant id cannot be nil' if tenant_id.nil?
|
47
|
+
fail ArgumentError, 'Port cannot be nil' if port.nil?
|
48
|
+
fail ArgumentError, 'Port must be an Integer' unless port.is_a? Integer
|
49
|
+
fail ArgumentError, 'Azure AD settings cannot be nil' if settings.nil?
|
50
|
+
|
51
|
+
@tenant_id = tenant_id
|
52
|
+
@port = port
|
53
|
+
@settings = settings
|
54
|
+
|
55
|
+
@expiration_threshold = 5 * 60
|
56
|
+
end
|
57
|
+
|
58
|
+
#
|
59
|
+
# Returns the string value which needs to be attached
|
60
|
+
# to HTTP request header in order to be authorized.
|
61
|
+
#
|
62
|
+
# @return [String] authentication headers.
|
63
|
+
def get_authentication_header
|
64
|
+
acquire_token if token_expired
|
65
|
+
"#{token_type} #{token}"
|
66
|
+
end
|
67
|
+
|
68
|
+
private
|
69
|
+
|
70
|
+
#
|
71
|
+
# Checks whether token is about to expire.
|
72
|
+
#
|
73
|
+
# @return [Bool] True if token is about to expire, false otherwise.
|
74
|
+
def token_expired
|
75
|
+
@token.nil? || Time.now >= @token_expires_on + expiration_threshold
|
76
|
+
end
|
77
|
+
|
78
|
+
#
|
79
|
+
# Retrieves a new authentication token.
|
80
|
+
#
|
81
|
+
# @return [String] new authentication token.
|
82
|
+
def acquire_token
|
83
|
+
token_acquire_url = TOKEN_ACQUIRE_URL.dup
|
84
|
+
token_acquire_url['{port}'] = @port.to_s
|
85
|
+
|
86
|
+
url = URI.parse(token_acquire_url)
|
87
|
+
|
88
|
+
connection = Faraday.new(:url => url, :ssl => MsRest.ssl_options) do |builder|
|
89
|
+
builder.adapter Faraday.default_adapter
|
90
|
+
end
|
91
|
+
|
92
|
+
request_body = REQUEST_BODY_PATTERN.dup
|
93
|
+
request_body['{authentication_endpoint}'] = ERB::Util.url_encode(@settings.authentication_endpoint)
|
94
|
+
request_body['{tenant_id}'] = ERB::Util.url_encode(@tenant_id)
|
95
|
+
request_body['{resource_uri}'] = ERB::Util.url_encode(@settings.token_audience)
|
96
|
+
|
97
|
+
response = connection.post do |request|
|
98
|
+
request.headers['content-type'] = 'application/x-www-form-urlencoded'
|
99
|
+
request.body = request_body
|
100
|
+
end
|
101
|
+
|
102
|
+
fail AzureOperationError,
|
103
|
+
'Couldn\'t acquire access token from Managed Service Identity, please verify your tenant id, port and settings' unless response.status == 200
|
104
|
+
|
105
|
+
response_body = JSON.load(response.body)
|
106
|
+
@token = response_body['access_token']
|
107
|
+
@token_expires_on = Time.at(Integer(response_body['expires_on']))
|
108
|
+
@token_type = response_body['token_type']
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
112
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ms_rest_azure
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Microsoft Corporation
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -126,6 +126,7 @@ files:
|
|
126
126
|
- lib/ms_rest_azure/azure_service_client.rb
|
127
127
|
- lib/ms_rest_azure/cloud_error_data.rb
|
128
128
|
- lib/ms_rest_azure/credentials/application_token_provider.rb
|
129
|
+
- lib/ms_rest_azure/credentials/msi_token_provider.rb
|
129
130
|
- lib/ms_rest_azure/polling_state.rb
|
130
131
|
- lib/ms_rest_azure/resource.rb
|
131
132
|
- lib/ms_rest_azure/serialization.rb
|