Class: Mongo::Crypt::KMS::Azure::Credentials Private

Inherits:

Object

• Object
• Mongo::Crypt::KMS::Azure::Credentials

Extended by:

Forwardable

Includes:

Validations

Defined in:

lib/mongo/crypt/kms/azure/credentials.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Azure KMS Credentials object contains credentials for using Azure KMS provider.

Constant Summary

FORMAT_HINT =

This constant is part of a private API. You should avoid using this constant if possible, as it may be removed or be changed in the future.

'Azure KMS provider options must be in the format: \
{ tenant_id: "TENANT-ID", client_id: "TENANT_ID", client_secret: "CLIENT_SECRET" }'

Instance Attribute Summary

• #access_token ⇒ String | nil readonly private

  Azure access token.

• #client_id ⇒ String readonly private

  Azure client id.

• #client_secret ⇒ String readonly private

  Azure client secret.

• #identity_platform_endpoint ⇒ String | nil readonly private

  Azure identity platform endpoint.

• #tenant_id ⇒ String readonly private

  Azure tenant id.

Instance Method Summary

• #initialize(opts) ⇒ Credentials constructor private

  Creates an Azure KMS credentials object form a parameters hash.

• #to_document ⇒ BSON::Document private

  Convert credentials object to a BSON document in libmongocrypt format.

Methods included from Validations

#validate_param, validate_tls_options

Constructor Details

#initialize(opts) ⇒ Credentials

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Creates an Azure KMS credentials object form a parameters hash.

Parameters:

• opts (Hash) —

  A hash that contains credentials for Azure KMS provider

Options Hash (opts):

• :tenant_id (String) —

  Azure tenant id.

• :client_id (String) —

  Azure client id.

• :client_secret (String) —

  Azure client secret.

• :identity_platform_endpoint (String | nil) —

  Azure identity platform endpoint, optional.

Raises:

• (ArgumentError) —

  If required options are missing or incorrectly formatted.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 61

def initialize(opts)
  @opts = opts
  return if empty?

  if opts[:access_token]
    @access_token = opts[:access_token]
  else
    @tenant_id = validate_param(:tenant_id, opts, FORMAT_HINT)
    @client_id = validate_param(:client_id, opts, FORMAT_HINT)
    @client_secret = validate_param(:client_secret, opts, FORMAT_HINT)
    @identity_platform_endpoint = validate_param(
      :identity_platform_endpoint, opts, FORMAT_HINT, required: false
    )
  end
end

Instance Attribute Details

#access_token ⇒ String | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Azure access token.

Returns:

• (String | nil) —

  Azure access token.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 41

def access_token
  @access_token
end

#client_id ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Azure client id.

Returns:

• (String) —

  Azure client id.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 32

def client_id
  @client_id
end

#client_secret ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Azure client secret.

Returns:

• (String) —

  Azure client secret.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 35

def client_secret
  @client_secret
end

#identity_platform_endpoint ⇒ String | nil (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Azure identity platform endpoint.

Returns:

• (String | nil) —

  Azure identity platform endpoint.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 38

def identity_platform_endpoint
  @identity_platform_endpoint
end

#tenant_id ⇒ String (readonly)

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns Azure tenant id.

Returns:

• (String) —

  Azure tenant id.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 29

def tenant_id
  @tenant_id
end

Instance Method Details

#to_document ⇒ BSON::Document

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Convert credentials object to a BSON document in libmongocrypt format.

Returns:

• (BSON::Document) —

  Azure KMS credentials in libmongocrypt format.

# File 'lib/mongo/crypt/kms/azure/credentials.rb', line 80

def to_document
  return BSON::Document.new if empty?

  if access_token
    BSON::Document.new({ accessToken: access_token })
  else
    BSON::Document.new(
      {
        tenantId: @tenant_id,
        clientId: @client_id,
        clientSecret: @client_secret
      }
    ).tap do |bson|
      unless identity_platform_endpoint.nil?
        bson.update({ identityPlatformEndpoint: identity_platform_endpoint })
      end
    end
  end
end