rails_kms_credentials 0.2.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb +77 -0
  3. data/lib/rails_kms_credentials/store/azure_key_vault/client.rb +1 -0
  4. data/lib/rails_kms_credentials/version.rb +2 -2
  5. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 245a63d7865989070e42dc937647f6ad8239258461d5fcaf3668e18045753357
4
- data.tar.gz: 5f4276ca36b188e62511210b5f937d7a84fcaf98cb9feb12219896e58080718d
3
+ metadata.gz: c0273094dabd151a67eb56db4f3211b88264a2cce57ca9ab1877cffc7b4ad691
4
+ data.tar.gz: 151cdc9835b37d4d6207af37cec2ac926ec31165790e91d1d8ad8a4a93bff334
5
5
  SHA512:
6
- metadata.gz: add127517fb746cf206330bbe87be6ba45b78a5c5dab11197d264c0647acb4de29fcc7ba72d4cf48042e6ed662bd09d048c500533922b8c76f3c20263d7ae473
7
- data.tar.gz: 58b158ccebfa337cf83f14878bbdc87e619f47a67bff0f382a23f62824f6b18aae2d369e82416aa8f50581e5bfe79d5278ed5c4a735fc396dcb66cfd37c936e1
6
+ metadata.gz: 6957d12ad6e5d28458248dac4ccec8b49a568237d9fcdf954341b486e190d78febdee246ddf7b70371ec7c87d4883afc7edc282a44ed5e301ad7db0c735d9d2e
7
+ data.tar.gz: 38bebac72a46d229b0b000c559863d901f2b2be1dd3e0d4ce9de1c3ec73b4de39db976aa6bf4284e65a592c393e1ce90e8619ddcebd43ab440ca465e641d252b
data/lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb ADDED
@@ -0,0 +1,77 @@
1
+ # frozen_string_literal: true
2
+
3
+ module RailsKmsCredentials
4
+ module Store
5
+ module AzureKeyVault
6
+ module Client
7
+ class AksWorkloadIdentity < Base
8
+ ENV_AUTHORITY_HOST = 'AZURE_AUTHORITY_HOST'
9
+ ENV_CLIENT_ID = 'AZURE_CLIENT_ID'
10
+ ENV_FEDERATED_TOKEN_FILE = 'AZURE_FEDERATED_TOKEN_FILE'
11
+ ENV_TENANT_ID = 'AZURE_TENANT_ID'
12
+
13
+
14
+ attr_reader :authority_host, :client_id, :federated_token_file, :tenant_id
15
+
16
+ def initialize(*)
17
+ super
18
+ @authority_host = ENV[ENV_AUTHORITY_HOST]
19
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity authority_host' if authority_host.blank?
20
+ @client_id = ENV[ENV_CLIENT_ID]
21
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity client_id' if @client_id.blank?
22
+ @federated_token_file = ENV[ENV_FEDERATED_TOKEN_FILE]
23
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file' if @federated_token_file.blank?
24
+ raise "Missing KmsCredentials AzureKeyVault AksWorkloadIdentity federated_token_file does not exist: `#{@federated_token_file}`" unless File.exist?(@federated_token_file)
25
+ @tenant_id = ENV[ENV_TENANT_ID]
26
+ raise 'Missing KmsCredentials AzureKeyVault AksWorkloadIdentity tenant_id' if @tenant_id.blank?
27
+ end
28
+
29
+ def get_secrets_list(url)
30
+ HTTParty.get(
31
+ url,
32
+ headers: {
33
+ Authorization: "Bearer #{access_token}",
34
+ },
35
+ )
36
+ end
37
+
38
+ def get_secret(url)
39
+ HTTParty.get(
40
+ url,
41
+ headers: {
42
+ Authorization: "Bearer #{access_token}",
43
+ },
44
+ )
45
+ end
46
+
47
+ private
48
+
49
+ def client_secret
50
+ @client_secret ||= File.read(@federated_token_file)
51
+ end
52
+
53
+ def access_token
54
+ return @access_token if instance_variable_defined?(:@access_token)
55
+ @_access_token_response = HTTParty.post(
56
+ "#{authority_host}/#{tenant_id}/oauth2/v2.0/token",
57
+ {
58
+ body: {
59
+ client_id: client_id,
60
+ client_secret: client_secret,
61
+ scope: 'https://vault.azure.net/.default',
62
+ grant_type: 'client_credentials',
63
+ }
64
+ }
65
+ )
66
+ raise 'KmsCredentials AzureKeyVault AksWorkloadIdentity unable to get access token' unless @_access_token_response.ok?
67
+ @access_token = @_access_token_response['access_token']
68
+ end
69
+
70
+ end
71
+
72
+ add(:aks_workload_identity, AksWorkloadIdentity)
73
+
74
+ end
75
+ end
76
+ end
77
+ end
data/lib/rails_kms_credentials/store/azure_key_vault/client.rb CHANGED
@@ -25,5 +25,6 @@ module RailsKmsCredentials
25
25
  end
26
26
 
27
27
  require 'rails_kms_credentials/store/azure_key_vault/client/base'
28
+ require 'rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity'
28
29
  require 'rails_kms_credentials/store/azure_key_vault/client/client_credentials'
29
30
  require 'rails_kms_credentials/store/azure_key_vault/client/managed_identity'
data/lib/rails_kms_credentials/version.rb CHANGED
@@ -4,8 +4,8 @@ module RailsKmsCredentials
4
4
 
5
5
  module Version
6
6
  MAJOR = 0
7
- MINOR = 2
8
- PATCH = 2
7
+ MINOR = 3
8
+ PATCH = 0
9
9
 
10
10
  end
11
11
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rails_kms_credentials
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Taylor Yelverton
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-01-18 00:00:00.000000000 Z
11
+ date: 2023-02-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -67,6 +67,7 @@ files:
67
67
  - lib/rails_kms_credentials/store.rb
68
68
  - lib/rails_kms_credentials/store/azure_key_vault.rb
69
69
  - lib/rails_kms_credentials/store/azure_key_vault/client.rb
70
+ - lib/rails_kms_credentials/store/azure_key_vault/client/aks_workload_identity.rb
70
71
  - lib/rails_kms_credentials/store/azure_key_vault/client/base.rb
71
72
  - lib/rails_kms_credentials/store/azure_key_vault/client/client_credentials.rb
72
73
  - lib/rails_kms_credentials/store/azure_key_vault/client/managed_identity.rb