Class: KeyVault::ManagedIdentityAuth

Inherits:

Object

• Object
• KeyVault::ManagedIdentityAuth

Defined in:

lib/key_vault/managed_identity_auth.rb

Overview

Authenticator for Azure Key Vault using Managed Identity

Instance Method Summary

• #bearer_token ⇒ Object

  Authenticates with Azure using OAUTH 2.0 ==== Returns: A string containing the bearer token for insertion into request headers ==== Raises: ArgumentError

  If the authentication request format is invalid KeyVault::Unauthorized

  If authentication fails authorization.

• #initialize(api_version: METADATA_API_VERSION) ⇒ ManagedIdentityAuth constructor

  Create authenticator using Managed Identity ==== Parameters: api_version

  (optional) Version of the azure Metadata REST API to use.

Constructor Details

#initialize(api_version: METADATA_API_VERSION) ⇒ ManagedIdentityAuth

Create authenticator using Managed Identity

Parameters:

api_version

(optional) Version of the azure Metadata REST API to use. Defaults to METADATA_API_VERSION

# File 'lib/key_vault/managed_identity_auth.rb', line 10

def initialize(api_version: METADATA_API_VERSION)
  @api_version = api_version || METADATA_API_VERSION
end

Instance Method Details

#bearer_token ⇒ Object

Authenticates with Azure using OAUTH 2.0

Returns:

A string containing the bearer token for insertion into request headers

Raises:

ArgumentError

If the authentication request format is invalid

KeyVault::Unauthorized

If authentication fails authorization

# File 'lib/key_vault/managed_identity_auth.rb', line 20

def bearer_token
  result = RestClient::Request.execute(method: :get,
                                       url: url,
                                       headers: headers)
  token_resp = JSON.parse(result)
  "Bearer #{token_resp['access_token']}"
rescue RestClient::BadRequest
  raise ArgumentError, 'Could not authenticate to Azure (Bad Request)'
rescue RestClient::Unauthorized
  raise KeyVault::Unauthorized
end