class KeyVault::Auth

Authenticater for Azure Key Vault

Public Class Methods

new(tenant_id, client_id, client_secret) click to toggle source

Create authenticator using Azure principal

Parameters:

tenant_id

Azure tenant id

client_id

Azure client id or (key)

client_secret

Azure client secret

# File lib/key_vault/auth.rb, line 11
def initialize(tenant_id, client_id, client_secret)
  @tenant_id = tenant_id
  @client_id = client_id
  @client_secret = client_secret
end

Public Instance Methods

bearer_token() click to toggle source

Authenticates with Azure using OAUTH 2.0

Returns:

A string containing the bearer token for insertion into request headers

Raises:

ArgumentError

If the authentication request format is invalid

KeyVault::Unauthorized

If authentication fails authorization

# File lib/key_vault/auth.rb, line 23
def bearer_token
  result = RestClient::Request.execute(method: :post,
                                       url: url,
                                       payload: body,
                                       headers: headers)
  token_resp = JSON.parse(result)
  "Bearer #{token_resp['access_token']}"
rescue RestClient::BadRequest
  raise ArgumentError, 'Could not authenticate to Azure (Bad Request)'
rescue RestClient::Unauthorized
  raise KeyVault::Unauthorized
end

Private Instance Methods

body() click to toggle source
# File lib/key_vault/auth.rb, line 46
def body
  { 'grant_type' => 'client_credentials',
    'client_id' => @client_id,
    'client_secret' => @client_secret,
    'resource' => 'https://vault.azure.net' }
end
headers() click to toggle source
# File lib/key_vault/auth.rb, line 38
def headers
  { 'Content-Type' => 'application/x-www-form-urlencoded' }
end
url() click to toggle source
# File lib/key_vault/auth.rb, line 42
def url
  "https://login.windows.net/#{@tenant_id}/oauth2/token"
end