Class: Fog::AzureRM::Identity::WorkflowIdentityClient

Inherits:
BaseClient
  • Object
show all
Includes:
Utilities::General
Defined in:
lib/fog/azurerm/identity/workflow_identity_client.rb

Overview

WorkflowIdentityClient attempts to fetch credentials for Azure Workflow Identity via the following environment variables:

  • AZURE_AUTHORITY_HOST - This can be used to override the default authority URL.

  • AZURE_TENANT_ID

  • AZURE_CLIENT_ID

  • AZURE_FEDERATED_TOKEN_FILE - This is a filename that stores the JWT token that is exchanged for an OAuth2 token.

Constant Summary

Constants inherited from BaseClient

BaseClient::DEFAULT_TIMEOUT_S, BaseClient::FetchCredentialsError

Instance Attribute Summary collapse

Attributes inherited from BaseClient

#credentials

Instance Method Summary collapse

Methods included from Utilities::General

#authority_url, #get_blob_endpoint, #get_blob_endpoint_with_domain, #get_circuit_name_from_id, #get_end_point_type, #get_hash_from_object, #get_image_name, #get_record_set_from_id, #get_record_type, #get_resource_from_resource_id, #get_resource_group_from_id, #get_subscription_id, #get_traffic_manager_profile_name_from_endpoint_id, #get_type_from_recordset_type, #get_virtual_machine_from_id, #get_virtual_network_from_id, #parse_storage_object, #raise_azure_exception, #random_string, #remove_trailing_periods_from_path_segments, #storage_endpoint_suffix, #storage_resource, #validate_params

Methods inherited from BaseClient

#fetch_credentials_if_needed, #refresh_needed?

Constructor Details

#initialize(options) ⇒ WorkflowIdentityClient

Returns a new instance of WorkflowIdentityClient.



21
22
23
24
25
26
27
28
29
30
31
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 21

def initialize(options)
  super()
  @environment = options[:environment]
  @resource = storage_resource(@environment)
  @authority = ENV['AZURE_AUTHORITY_HOST'] || authority_url(@environment)
  @tenant_id = ENV['AZURE_TENANT_ID']
  @client_id = ENV['AZURE_CLIENT_ID']
  @token_file = ENV['AZURE_FEDERATED_TOKEN_FILE']

  normalize_authority!
end

Instance Attribute Details

#authorityObject

Returns the value of attribute authority.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def authority
  @authority
end

#client_idObject

Returns the value of attribute client_id.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def client_id
  @client_id
end

#environmentObject

Returns the value of attribute environment.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def environment
  @environment
end

#resourceObject

Returns the value of attribute resource.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def resource
  @resource
end

#tenant_idObject

Returns the value of attribute tenant_id.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def tenant_id
  @tenant_id
end

#token_fileObject

Returns the value of attribute token_file.



19
20
21
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 19

def token_file
  @token_file
end

Instance Method Details

#fetch_credentialsObject 



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/fog/azurerm/identity/workflow_identity_client.rb', line 33

def fetch_credentials
  return unless authority && tenant_id && client_id
  return unless ::File.exist?(token_file) && ::File.readable?(token_file)

  oidc_token = ::File.read(token_file)
  token_url = "#{authority}/#{tenant_id}/oauth2/v2.0/token"
  scope = "#{storage_resource(@environment)}/.default"

  data = {
    client_id: client_id,
    grant_type: 'client_credentials',
    client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
    client_assertion: oidc_token,
    scope: scope
  }

  response = post(token_url, body: data)

  process_token_response(response)
rescue ::Faraday::Error => e
  raise FetchCredentialsError, e.to_s
end