Class: KeyVault::ManagedIdentityAuth

Inherits:
Object
  • Object
show all
Defined in:
lib/key_vault/managed_identity_auth.rb

Overview

Authenticator for Azure Key Vault using Managed Identity

Instance Method Summary collapse

Constructor Details

#initialize(api_version: METADATA_API_VERSION) ⇒ ManagedIdentityAuth

Create authenticator using Managed Identity

Parameters:

api_version

(optional) Version of the azure Metadata REST API to use. Defaults to METADATA_API_VERSION


10
11
12
# File 'lib/key_vault/managed_identity_auth.rb', line 10

def initialize(api_version: METADATA_API_VERSION)
  @api_version = api_version || METADATA_API_VERSION
end

Instance Method Details

#bearer_tokenObject

Authenticates with Azure using OAUTH 2.0

Returns:

A string containing the bearer token for insertion into request headers

Raises:

ArgumentError

If the authentication request format is invalid

KeyVault::Unauthorized

If authentication fails authorization


20
21
22
23
24
25
26
27
28
29
30
# File 'lib/key_vault/managed_identity_auth.rb', line 20

def bearer_token
  result = RestClient::Request.execute(method: :get,
                                       url: url,
                                       headers: headers)
  token_resp = JSON.parse(result)
  "Bearer #{token_resp['access_token']}"
rescue RestClient::BadRequest
  raise ArgumentError, 'Could not authenticate to Azure (Bad Request)'
rescue RestClient::Unauthorized
  raise KeyVault::Unauthorized
end