Class: AzureBlob::EntraIdSigner

Inherits:

Object

• Object
• AzureBlob::EntraIdSigner

Defined in:

lib/azure_blob/entra_id_signer.rb

Overview

:nodoc:

Defined Under Namespace

Modules: SAS

Instance Attribute Summary

• #account_name ⇒ Object readonly

  Returns the value of attribute account_name.

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #token ⇒ Object readonly

  Returns the value of attribute token.

Instance Method Summary

• #authorization_header(uri:, verb:, headers: {}) ⇒ Object
• #initialize(account_name:, host:, principal_id: nil) ⇒ EntraIdSigner constructor

  A new instance of EntraIdSigner.

• #sas_token(uri, options = {}) ⇒ Object

Constructor Details

#initialize(account_name:, host:, principal_id: nil) ⇒ EntraIdSigner

Returns a new instance of EntraIdSigner.

# File 'lib/azure_blob/entra_id_signer.rb', line 17

def initialize(account_name:, host:, principal_id: nil)
  @token = AzureBlob::IdentityToken.new(principal_id:)
  @account_name = account_name
  @host = host
end

Instance Attribute Details

#account_name ⇒ Object (readonly)

Returns the value of attribute account_name.

# File 'lib/azure_blob/entra_id_signer.rb', line 14

def account_name
  @account_name
end

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/azure_blob/entra_id_signer.rb', line 15

def host
  @host
end

#token ⇒ Object (readonly)

Returns the value of attribute token.

# File 'lib/azure_blob/entra_id_signer.rb', line 13

def token
  @token
end

Instance Method Details

#authorization_header(uri:, verb:, headers: {}) ⇒ Object

# File 'lib/azure_blob/entra_id_signer.rb', line 23

def authorization_header(uri:, verb:, headers: {})
  "Bearer #{token}"
end

#sas_token(uri, options = {}) ⇒ Object

# File 'lib/azure_blob/entra_id_signer.rb', line 27

def sas_token(uri, options = {})
  delegation_key.refresh
  to_sign = [
    options[:permissions],
    options[:start],
    options[:expiry],
    CanonicalizedResource.new(uri, account_name, url_safe: false, service_name: :blob),
    delegation_key.signed_oid,
    delegation_key.signed_tid,
    delegation_key.signed_start,
    delegation_key.signed_expiry,
    delegation_key.signed_service,
    delegation_key.signed_version,
    nil,
    nil,
    nil,
    options[:ip],
    options[:protocol],
    SAS::Version,
    SAS::Resources::Blob,
    nil,
    nil,
    nil,
    options[:content_disposition],
    nil,
    nil,
    options[:content_type],
  ].join("\n")

  query = {
    SAS::Fields::Permissions => options[:permissions],
    SAS::Fields::Start => options[:start],
    SAS::Fields::Expiry => options[:expiry],

    SAS::Fields::SignedObjectId => delegation_key.signed_oid,
    SAS::Fields::SignedTenantId => delegation_key.signed_tid,
    SAS::Fields::SignedKeyStartTime => delegation_key.signed_start,
    SAS::Fields::SignedKeyExpiryTime => delegation_key.signed_expiry,
    SAS::Fields::SignedKeyService => delegation_key.signed_service,
    SAS::Fields::Signedkeyversion => delegation_key.signed_version,


    SAS::Fields::SignedIp => options[:ip],
    SAS::Fields::SignedProtocol => options[:protocol],
    SAS::Fields::Version => SAS::Version,
    SAS::Fields::Resource => SAS::Resources::Blob,

    SAS::Fields::Disposition => options[:content_disposition],
    SAS::Fields::Type => options[:content_type],
    SAS::Fields::Signature => sign(to_sign, key: delegation_key.to_s),

  }.reject { |_, value| value.nil? }

  URI.encode_www_form(**query)
end