rails_kms_credentials 0.2.2 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 245a63d7865989070e42dc937647f6ad8239258461d5fcaf3668e18045753357
4
- data.tar.gz: 5f4276ca36b188e62511210b5f937d7a84fcaf98cb9feb12219896e58080718d
3
+ metadata.gz: c0273094dabd151a67eb56db4f3211b88264a2cce57ca9ab1877cffc7b4ad691
4
+ data.tar.gz: 151cdc9835b37d4d6207af37cec2ac926ec31165790e91d1d8ad8a4a93bff334
5
5
  SHA512:
6
- metadata.gz: add127517fb746cf206330bbe87be6ba45b78a5c5dab11197d264c0647acb4de29fcc7ba72d4cf48042e6ed662bd09d048c500533922b8c76f3c20263d7ae473
7
- data.tar.gz: 58b158ccebfa337cf83f14878bbdc87e619f47a67bff0f382a23f62824f6b18aae2d369e82416aa8f50581e5bfe79d5278ed5c4a735fc396dcb66cfd37c936e1
6
+ metadata.gz: 6957d12ad6e5d28458248dac4ccec8b49a568237d9fcdf954341b486e190d78febdee246ddf7b70371ec7c87d4883afc7edc282a44ed5e301ad7db0c735d9d2e
7
+ data.tar.gz: 38bebac72a46d229b0b000c559863d901f2b2be1dd3e0d4ce9de1c3ec73b4de39db976aa6bf4284e65a592c393e1ce90e8619ddcebd43ab440ca465e641d252b
@@ -0,0 +1,77 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RailsKmsCredentials
4
+ module Store
5
+ module AzureKeyVault
6
+ module Client
7
+ class AksWorkloadIdentity < Base
8
+ ENV_AUTHORITY_HOST = 'AZURE_AUTHORITY_HOST'
9
+ ENV_CLIENT_ID = 'AZURE_CLIENT_ID'
10
+ ENV_FEDERATED_TOKEN_FILE = 'AZURE_FEDERATED_TOKEN_FILE'
11
+ ENV_TENANT_ID = 'AZURE_TENANT_ID'
12
+
13
+
14
+ attr_reader :authority_host, :client_id, :federated_token_file, :tenant_id
15
+
16
+ def initialize(*)
17
+ super
18
+ @authority_host = ENV[ENV_AUTHORITY_HOST]
19
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity authority_host' if authority_host.blank?
20
+ @client_id = ENV[ENV_CLIENT_ID]
21
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity client_id' if @client_id.blank?
22
+ @federated_token_file = ENV[ENV_FEDERATED_TOKEN_FILE]
23
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file' if @federated_token_file.blank?
24
+ raise "Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file does not exist: `#{@federated_token_file}`" unless File.exist?(@federated_token_file)
25
+ @tenant_id = ENV[ENV_TENANT_ID]
26
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity tenant_id' if @tenant_id.blank?
27
+ end
28
+
29
+ def get_secrets_list(url)
30
+ HTTParty.get(
31
+ url,
32
+ headers: {
33
+ Authorization: "Bearer #{access_token}",
34
+ },
35
+ )
36
+ end
37
+
38
+ def get_secret(url)
39
+ HTTParty.get(
40
+ url,
41
+ headers: {
42
+ Authorization: "Bearer #{access_token}",
43
+ },
44
+ )
45
+ end
46
+
47
+ private
48
+
49
+ def client_secret
50
+ @client_secret ||= File.read(@federated_token_file)
51
+ end
52
+
53
+ def access_token
54
+ return @access_token if instance_variable_defined?(:@access_token)
55
+ @_access_token_response = HTTParty.post(
56
+ "#{authority_host}/#{tenant_id}/oauth2/v2.0/token",
57
+ {
58
+ body: {
59
+ client_id: client_id,
60
+ client_secret: client_secret,
61
+ scope: 'https://vault.azure.net/.default',
62
+ grant_type: 'client_credentials',
63
+ }
64
+ }
65
+ )
66
+ raise 'KmsCredentials AzureKeyVault AksWorkloadIdentity unable to get access token' unless @_access_token_response.ok?
67
+ @access_token = @_access_token_response['access_token']
68
+ end
69
+
70
+ end
71
+
72
+ add(:aks_workload_identity, AksWorkloadIdentity)
73
+
74
+ end
75
+ end
76
+ end
77
+ end
@@ -25,5 +25,6 @@ module RailsKmsCredentials
25
25
  end
26
26
 
27
27
  require 'rails_kms_credentials/store/azure_key_vault/client/base'
28
+ require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
28
29
  require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
29
30
  require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
@@ -4,8 +4,8 @@ module RailsKmsCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 2
8
- PATCH = 2
7
+ MINOR = 3
8
+ PATCH = 0
9
9
 
10
10
  end
11
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_kms_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-18 00:00:00.000000000 Z
11
+ date: 2023-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -67,6 +67,7 @@ files:
67
67
  - lib/rails_kms_credentials/store.rb
68
68
  - lib/rails_kms_credentials/store/azure_key_vault.rb
69
69
  - lib/rails_kms_credentials/store/azure_key_vault/client.rb
70
+ - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
70
71
  - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
71
72
  - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
72
73
  - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb