123456789_123456789_123456789_123456789_123456789_

Class: Mongo::Crypt::KMS::Azure::CredentialsRetriever Private

Do not use. This class is for internal use only.
Relationships & Source Files
Inherits: Object
Defined in: lib/mongo/crypt/kms/azure/credentials_retriever.rb

Overview

This class retrieves ::Mongo::Crypt::KMS::Azure credentials using ::Mongo::Crypt::KMS::Azure metadata host. This should be used when the driver is used on the ::Mongo::Crypt::KMS::Azure environment.

Constant Summary

Class Method Summary

Class Method Details

.do_request(uri, req) ⇒ Net::HTTPResponse (private)

Performs a request to ::Mongo::Crypt::KMS::Azure metadata host.

Parameters:

Returns:

  • (Net::HTTPResponse)

    Response object.

Raises:

[ GitHub ] 

  


# File 'lib/mongo/crypt/kms/azure/credentials_retriever.rb', line 107



def self.do_request(uri, req)
  ::Timeout.timeout(10) do
    Net::HTTP.start(uri.hostname, uri.port, use_ssl: false) do |http|
      http.request(req)
    end
  end
rescue ::Timeout::Error, IOError, SystemCallError, SocketError => e
  raise KMS::CredentialsNotFound,
        "Could not receive Azure metadata response; #{e.class}: #{e.message}"
end


  








  

    .fetch_access_token(extra_headers: {}, metadata_host: nil)  ⇒ KMS::Azure::AccessToken 
  



  

    

Fetches Azure credentials from ::Mongo::Crypt::KMS::Azure metadata host.


  





  
Parameters:


    
  
  • 
    extra_headers
    (Hash)
    

    Extra headers to be passed to the request. This is used for testing.
    

    
  
    • 
  
  • 
    metadata_host
    (String | nil)
    

    ::Mongo::Crypt::KMS::Azure metadata host. This is used for testing.
    

    
  
    • 



Returns:



Raises:





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/kms/azure/credentials_retriever.rb', line 41



def self.fetch_access_token(extra_headers: {}, metadata_host: nil)
  uri, req = prepare_request(extra_headers, metadata_host)
  parsed_response = fetch_response(uri, req)
  Azure::AccessToken.new(
    parsed_response.fetch('access_token'),
    Integer(parsed_response.fetch('expires_in'))
  )
rescue KeyError, ArgumentError => e
  raise KMS::CredentialsNotFound,
        "Azure metadata response is invalid: '#{parsed_response}'; #{e.class}: #{e.message}"
end


  








  

    .fetch_response(uri, req)  ⇒ Hash  (private)
  



  

    

Fetches response from ::Mongo::Crypt::KMS::Azure metadata host.


  





  
Parameters:



Returns:


    
  
  • 
    (Hash)
    

    Parsed response.
    

    
  
    • 



Raises:





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/kms/azure/credentials_retriever.rb', line 86



def self.fetch_response(uri, req)
  resp = do_request(uri, req)
  if resp.code != '200'
    raise KMS::CredentialsNotFound,
          "Azure metadata host responded with code #{resp.code}"
  end
  JSON.parse(resp.body)
rescue JSON::ParserError => e
  raise KMS::CredentialsNotFound,
        "Azure metadata response is invalid: '#{resp.body}'; #{e.class}: #{e.message}"
end


  








  

    .prepare_request(extra_headers, metadata_host)  ⇒ Array<URI, Net::HTTP::Get>  (private)
  



  

    

Prepares a request to ::Mongo::Crypt::KMS::Azure metadata host.


  





  
Parameters:


    
  
  • 
    extra_headers
    (Hash)
    

    Extra headers to be passed to the request. This is used for testing.
    

    
  
    • 
  
  • 
    metadata_host
    (String | nil)
    

    ::Mongo::Crypt::KMS::Azure metadata host. This is used for testing.
    

    
  
    • 



Returns:





  [ GitHub ]


  

  


# File 'lib/mongo/crypt/kms/azure/credentials_retriever.rb', line 61



def self.prepare_request(extra_headers, metadata_host)
  host = metadata_host || DEFAULT_HOST
  host = DEFAULT_HOST if host.empty?
  uri = URI("http://#{host}/metadata/identity/oauth2/token")
  uri.query = ::URI.encode_www_form(
    'api-version' => '2018-02-01',
    'resource' => 'https://vault.azure.net'
  )
  req = Net::HTTP::Get.new(uri)
  req['Metadata'] = 'true'
  req['Accept'] = 'application/json'
  extra_headers.each { |k, v| req[k] = v }
  [uri, req]
end