Module: Azure::ARM::WindowsCredentials
- Includes:
- ReadCred, Chef::Mixin::WideString
- Defined in:
- lib/azure/resource_management/windows_credentials.rb
Constant Summary
Constants included from ReadCred
ReadCred::CRED_TYPE_DOMAIN_CERTIFICATE, ReadCred::CRED_TYPE_DOMAIN_PASSWORD, ReadCred::CRED_TYPE_DOMAIN_VISIBLE_PASSWORD, ReadCred::CRED_TYPE_GENERIC
Instance Method Summary collapse
- #latest_credential_target(targets) ⇒ Object
-
#target_name ⇒ Object
Todo: For getting the complete refreshToken, both credentials (ending with –0-2 and –1-2) have to be read.
- #token_details_from_WCM ⇒ Object
Instance Method Details
#latest_credential_target(targets) ⇒ Object
157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 |
# File 'lib/azure/resource_management/windows_credentials.rb', line 157 def latest_credential_target(targets) case targets.size when 0 raise "No Target was found for windows credentials" when 1 targets.first.gsub("Target:", "").strip else latest_target = "" max_expiry_time = Time.new(0) # Using expiry_time to determine the latest credential targets.each do |target| target_obj = target.split("::") expiry_time_obj = target_obj.select { |obj| obj.include? "expiresOn" } expiry_time = expiry_time_obj[0].split("expiresOn:")[1].delete("\\") if Time.parse(expiry_time) > max_expiry_time latest_target = target max_expiry_time = Time.parse(expiry_time) end end latest_target.gsub("Target:", "").strip end end |
#target_name ⇒ Object
Todo: For getting the complete refreshToken, both credentials (ending with –0-2 and –1-2) have to be read
123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 |
# File 'lib/azure/resource_management/windows_credentials.rb', line 123 def target_name # cmdkey command is used for accessing windows credential manager. # Multiple credentials get created in windows credential manager for a single Azure account in xplat-cli # One of them is for common tanent id, which can't be used # Others end with --0-x,--1-x,--2-x etc, where x represents the total no. of credentails across which the token is divided # The one ending with --0-x has the complete accessToken in the credentialBlob. # Refresh Token is split across both credentials (ending with --0-x and --1-x). # Xplat splits the credentials based on the number of bytes of the tokens. # Hence the access token is always found in the one which start with --0- # So selecting the credential on the basis of --0- xplat_creds_cmd = Mixlib::ShellOut.new('cmdkey /list | findstr AzureXplatCli | findstr \--0- | findstr -v common') result = xplat_creds_cmd.run_command target_names = [] if result.stdout.empty? Chef::Log.debug("Unable to find a credential with --0- and falling back to looking for any credential.") xplat_creds_cmd = Mixlib::ShellOut.new("cmdkey /list | findstr AzureXplatCli | findstr -v common") result = xplat_creds_cmd.run_command if result.stdout.empty? raise "Azure Credentials not found. Please run xplat's 'azure login' command" else target_names = result.stdout.split("\n") end else target_names = result.stdout.split("\n") end # If "azure login" is run for multiple users, there will be multiple credentials # Picking up the latest logged in user's credentials latest_target = latest_credential_target target_names latest_target end |
#token_details_from_WCM ⇒ Object
80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 |
# File 'lib/azure/resource_management/windows_credentials.rb', line 80 def token_details_from_WCM target = target_name if target && !target.empty? target_pointer = wstring(target) info_ptr = FFI::MemoryPointer.new(:pointer) cred = CREDENTIAL_OBJECT.new info_ptr cred_result = CredReadW(target_pointer, CRED_TYPE_GENERIC, 0, cred) translated_cred = CREDENTIAL_OBJECT.new(info_ptr.read_pointer) target_obj = translated_cred[:TargetName].read_wstring.split("::") if translated_cred[:TargetName].read_wstring cred_blob = translated_cred[:CredentialBlob].get_bytes(0, translated_cred[:CredentialBlobSize]).split("::") tokentype = target_obj.select { |obj| obj.include? "tokenType" } user = target_obj.select { |obj| obj.include? "userId" } clientid = target_obj.select { |obj| obj.include? "clientId" } expiry_time = target_obj.select { |obj| obj.include? "expiresOn" } access_token = cred_blob.select { |obj| obj.include? "a:" } refresh_token = cred_blob.select { |obj| obj.include? "r:" } credential = {} credential[:tokentype] = tokentype[0].split(":")[1] credential[:user] = user[0].split(":")[1] credential[:token] = access_token[0].split(":")[1] # TODO: refresh_token is not complete currently # target_name method needs to be modified for that credential[:refresh_token] = refresh_token[0].split(":")[1] credential[:clientid] = clientid[0].split(":")[1] credential[:expiry_time] = expiry_time[0].split("expiresOn:")[1].delete("\\") # Free memory pointed by info_ptr info_ptr.free else raise "TargetName Not Found" end credential rescue => error ui.error("#{error.}") Chef::Log.debug("#{error.backtrace.join("\n")}") exit end |