From 05f7e2c2de8c7c2800be43b553e08ef824a6150e Mon Sep 17 00:00:00 2001 From: Sathish Babu <80091550+sathish-progress@users.noreply.github.com> Date: Wed, 18 May 2022 18:18:45 +0530 Subject: [PATCH] RESOURCE-354 Accept credentials from URI (#655) * alias resource ID Signed-off-by: Sathish * remove resource ID from backend Signed-off-by: Sathish * target id from resource ID Signed-off-by: Sathish * fix Extra empty line detected at class body beginning Signed-off-by: Sathish * fetch creds from cached creds Signed-off-by: Sathish * define creds method Signed-off-by: Sathish * rename instance var with method Signed-off-by: Sathish --- libraries/backend/azure_connection.rb | 40 ++++++++++++++++----------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/libraries/backend/azure_connection.rb b/libraries/backend/azure_connection.rb index ed32703b9..43e67e5e3 100644 --- a/libraries/backend/azure_connection.rb +++ b/libraries/backend/azure_connection.rb @@ -36,9 +36,6 @@ class AzureConnection # @return [String] the graph api endpoint api version, e.g. v1.0 attr_reader :graph_api_endpoint_api_version - # @return [Hash] tenant_id, client_id, client_secret, subscription_id - attr_reader :credentials - # Creates a HTTP client. def initialize(client_args) # Validate parameter's type. @@ -62,13 +59,6 @@ def initialize(client_args) @key_vault_dns_suffix = @client_args[:endpoint].key_vault_dns_suffix @graph_api_endpoint_api_version = @client_args[:endpoint].graph_api_endpoint_api_version - @credentials = { - tenant_id: ENV['AZURE_TENANT_ID'], - client_id: ENV['AZURE_CLIENT_ID'], - client_secret: ENV['AZURE_CLIENT_SECRET'], - subscription_id: ENV['AZURE_SUBSCRIPTION_ID'], - } - @connection ||= Faraday.new do |conn| # Implement user provided HTTP client params for handling TimeOut exceptions. # https://www.rubydoc.info/gems/faraday/Faraday/Request/Retry @@ -81,6 +71,18 @@ def initialize(client_args) end end + # azure://:@/ + # @return [Hash] tenant_id, client_id, client_secret, subscription_id + def credentials + # azure://:@/ + @credentials ||= { + tenant_id: creds_from_uri[:host] || ENV['AZURE_TENANT_ID'], + client_id: creds_from_uri[:user] || ENV['AZURE_CLIENT_ID'], + client_secret: creds_from_uri[:password] || ENV['AZURE_CLIENT_SECRET'], + subscription_id: creds_from_uri[:path]&.gsub('/', '') || ENV['AZURE_SUBSCRIPTION_ID'], + } + end + def provider_details @@provider_details end @@ -149,17 +151,17 @@ def rest_api_call(opts) # def authenticate(resource) # Validate the presence of credentials. - unless @credentials.values.compact.delete_if(&:empty?).size == 4 + unless credentials.values.compact.delete_if(&:empty?).size == 4 raise HTTPClientError::MissingCredentials, 'The following must be set in the Environment:'\ - " #{@credentials.keys}.\n"\ - "Missing: #{@credentials.keys.select { |key| @credentials[key].nil? }}" + " #{credentials.keys}.\n"\ + "Missing: #{credentials.keys.select { |key| credentials[key].nil? }}" end # Build up the url that is required to authenticate with Azure REST API - auth_url = "#{@client_args[:endpoint].active_directory_endpoint_url}#{@credentials[:tenant_id]}/oauth2/token" + auth_url = "#{@client_args[:endpoint].active_directory_endpoint_url}#{credentials[:tenant_id]}/oauth2/token" body = { grant_type: 'client_credentials', - client_id: @credentials[:client_id], - client_secret: @credentials[:client_secret], + client_id: credentials[:client_id], + client_secret: credentials[:client_secret], resource: resource, } headers = { @@ -248,4 +250,10 @@ def send_request(opts) raise StandardError, "This method is not supported: #{opts[:method]}" end end + + private + + def creds_from_uri + Inspec::Config.cached.unpack_train_credentials + end end