Class: AzureBlob::WorkloadIdentity

Inherits:

Object

Object
AzureBlob::WorkloadIdentity

show all

Defined in:: lib/azure_blob/workload_identity.rb

Overview

:nodoc:

Constant Summary collapse

IDENTITY_ENDPOINT =

"https://login.microsoftonline.com/#{ENV['AZURE_TENANT_ID']}/oauth2/v2.0/token"

CLIENT_ID =

ENV["AZURE_CLIENT_ID"]

SCOPE =

"https://storage.azure.com/.default"

GRANT_TYPE =

"client_credentials"

CLIENT_ASSERTION_TYPE =

"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"

FEDERATED_TOKEN_FILE =

ENV["AZURE_FEDERATED_TOKEN_FILE"].to_s

Class Method Summary collapse

.federated_token? ⇒ Boolean

Instance Method Summary collapse

#expiration(response) ⇒ Object
#initialize ⇒ WorkloadIdentity constructor

A new instance of WorkloadIdentity.
#request ⇒ Object

Constructor Details

#initialize ⇒ `WorkloadIdentity`

Returns a new instance of WorkloadIdentity.



15
16
17

# File 'lib/azure_blob/workload_identity.rb', line 15

def initialize
  @identity_uri = URI.parse(IDENTITY_ENDPOINT)
end

Class Method Details

.federated_token? ⇒ `Boolean`

Returns:

(Boolean)



11
12
13

# File 'lib/azure_blob/workload_identity.rb', line 11

def self.federated_token?
  !FEDERATED_TOKEN_FILE.empty?
end

Instance Method Details

#expiration(response) ⇒ `Object`



31
32
33

# File 'lib/azure_blob/workload_identity.rb', line 31

def expiration(response)
  Time.now + response["expires_in"].to_i
end

#request ⇒ `Object`

# File 'lib/azure_blob/workload_identity.rb', line 19

def request
  AzureBlob::Http.new(@identity_uri).post(
    URI.encode_www_form(
      client_id: CLIENT_ID,
      scope: SCOPE,
      client_assertion_type: CLIENT_ASSERTION_TYPE,
      client_assertion: federated_token,
      grant_type: GRANT_TYPE
    )
  )
end