From de8bfb66a5dd57a1e0ac7927518f8f2fc3ce76e1 Mon Sep 17 00:00:00 2001 From: Vishrut Shah Date: Mon, 28 Aug 2017 16:49:57 -0700 Subject: [PATCH 1/4] Bug fix in MSI authentication --- runtime/ms_rest_azure/CHANGELOG.md | 3 +++ runtime/ms_rest_azure/README.md | 4 ++-- .../lib/ms_rest_azure/credentials/msi_token_provider.rb | 1 + runtime/ms_rest_azure/lib/ms_rest_azure/version.rb | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/runtime/ms_rest_azure/CHANGELOG.md b/runtime/ms_rest_azure/CHANGELOG.md index 31adaa66e2..81ab940463 100644 --- a/runtime/ms_rest_azure/CHANGELOG.md +++ b/runtime/ms_rest_azure/CHANGELOG.md @@ -1,3 +1,6 @@ +##2017.09.06 ms_rest_azure version 0.8.3 +* Add header `Metadata='true'` for Managed Service Identity authentication to acquire token.[Issue #930](https://github.com/Azure/azure-sdk-for-ruby/issues/930) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889) + ##2017.08.28 ms_rest_azure version 0.8.2 * Enable Managed Service Identity authentication features into ms_rest_azure runtime for azure_mgmt_* sdks.[Issue #884](https://github.com/Azure/azure-sdk-for-ruby/issues/884) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889) diff --git a/runtime/ms_rest_azure/README.md b/runtime/ms_rest_azure/README.md index 858e145023..bd71f4acb1 100644 --- a/runtime/ms_rest_azure/README.md +++ b/runtime/ms_rest_azure/README.md @@ -37,13 +37,13 @@ To start working on the gem the only additional dev dependecy is required - rspe Reference it in the gemfile and also add this line to your client's gemspec file: ```ruby -spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.2' +spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.3' ``` Don't forget to correct the version. # Utilizing MSI(Managed Service Identity) Token Provider -MSI support has been enabled in `ms_rest_azure` version `0.8.2`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`: +MSI support has been enabled in `ms_rest_azure` version `0.8.3`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`: ```ruby provider = MsRestAzure::MSITokenProvider.new('{tenant_id}') diff --git a/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb b/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb index f81785d4b0..f461afda22 100644 --- a/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb +++ b/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb @@ -96,6 +96,7 @@ def acquire_token response = connection.post do |request| request.headers['content-type'] = 'application/x-www-form-urlencoded' + request.headers['Metadata'] = 'true' request.body = request_body end diff --git a/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb b/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb index dfde878f46..9cf429b2fc 100644 --- a/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb +++ b/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb @@ -3,5 +3,5 @@ # Licensed under the MIT License. See License.txt in the project root for license information. module MsRestAzure - VERSION = '0.8.2' + VERSION = '0.8.3' end From 17cc411f87cb44980bfc39338d97e7f20b38f5d9 Mon Sep 17 00:00:00 2001 From: Vishrut Shah Date: Mon, 28 Aug 2017 16:51:18 -0700 Subject: [PATCH 2/4] Update PR link into CHANGELOG --- runtime/ms_rest_azure/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/runtime/ms_rest_azure/CHANGELOG.md b/runtime/ms_rest_azure/CHANGELOG.md index 81ab940463..e7f66d6cb5 100644 --- a/runtime/ms_rest_azure/CHANGELOG.md +++ b/runtime/ms_rest_azure/CHANGELOG.md @@ -1,5 +1,5 @@ ##2017.09.06 ms_rest_azure version 0.8.3 -* Add header `Metadata='true'` for Managed Service Identity authentication to acquire token.[Issue #930](https://github.com/Azure/azure-sdk-for-ruby/issues/930) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889) +* Add header `Metadata='true'` for Managed Service Identity authentication to acquire token.[Issue #930](https://github.com/Azure/azure-sdk-for-ruby/issues/930) [PR #931](https://github.com/Azure/azure-sdk-for-ruby/pull/931) ##2017.08.28 ms_rest_azure version 0.8.2 * Enable Managed Service Identity authentication features into ms_rest_azure runtime for azure_mgmt_* sdks.[Issue #884](https://github.com/Azure/azure-sdk-for-ruby/issues/884) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889) From a5bdcd8abf387ed4163337dbfac170aa94c2d30d Mon Sep 17 00:00:00 2001 From: Vishrut Shah Date: Wed, 6 Sep 2017 00:26:22 +0000 Subject: [PATCH 3/4] No need to provide authority for MSI authentication --- runtime/ms_rest_azure/README.md | 2 +- .../ms_rest_azure/credentials/msi_token_provider.rb | 12 ++---------- .../ms_rest_azure/spec/msi_token_provider_spec.rb | 12 +++--------- 3 files changed, 6 insertions(+), 20 deletions(-) diff --git a/runtime/ms_rest_azure/README.md b/runtime/ms_rest_azure/README.md index bd71f4acb1..433ad70f67 100644 --- a/runtime/ms_rest_azure/README.md +++ b/runtime/ms_rest_azure/README.md @@ -46,7 +46,7 @@ Don't forget to correct the version. MSI support has been enabled in `ms_rest_azure` version `0.8.3`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`: ```ruby -provider = MsRestAzure::MSITokenProvider.new('{tenant_id}') +provider = MsRestAzure::MSITokenProvider.new() credentials = MsRest::TokenCredentials.new(provider) ``` diff --git a/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb b/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb index f461afda22..ff4a178c53 100644 --- a/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb +++ b/runtime/ms_rest_azure/lib/ms_rest_azure/credentials/msi_token_provider.rb @@ -11,15 +11,12 @@ class MSITokenProvider < MsRest::TokenProvider private TOKEN_ACQUIRE_URL = 'http://localhost:{port}/oauth2/token' - REQUEST_BODY_PATTERN = 'authority={authentication_endpoint}{tenant_id}&resource={resource_uri}' + REQUEST_BODY_PATTERN = 'resource={resource_uri}' DEFAULT_SCHEME = 'Bearer' # @return [MSIActiveDirectoryServiceSettings] settings. attr_accessor :settings - # @return [String] tenant id (also known as domain). - attr_accessor :tenant_id - # @return [Integer] port number where MSI service is running. attr_accessor :port @@ -39,16 +36,13 @@ class MSITokenProvider < MsRest::TokenProvider # # Creates and initialize new instance of the MSITokenProvider class. - # @param tenant_id [String] tenant id (also known as domain). # @param port [Integer] port number where MSI service is running. # @param settings [ActiveDirectoryServiceSettings] active directory setting. - def initialize(tenant_id, port = 50342, settings = ActiveDirectoryServiceSettings.get_azure_settings) - fail ArgumentError, 'Tenant id cannot be nil' if tenant_id.nil? + def initialize(port = 50342, settings = ActiveDirectoryServiceSettings.get_azure_settings) fail ArgumentError, 'Port cannot be nil' if port.nil? fail ArgumentError, 'Port must be an Integer' unless port.is_a? Integer fail ArgumentError, 'Azure AD settings cannot be nil' if settings.nil? - @tenant_id = tenant_id @port = port @settings = settings @@ -90,8 +84,6 @@ def acquire_token end request_body = REQUEST_BODY_PATTERN.dup - request_body['{authentication_endpoint}'] = ERB::Util.url_encode(@settings.authentication_endpoint) - request_body['{tenant_id}'] = ERB::Util.url_encode(@tenant_id) request_body['{resource_uri}'] = ERB::Util.url_encode(@settings.token_audience) response = connection.post do |request| diff --git a/runtime/ms_rest_azure/spec/msi_token_provider_spec.rb b/runtime/ms_rest_azure/spec/msi_token_provider_spec.rb index 7d901fc8bb..ebfcc0dc16 100644 --- a/runtime/ms_rest_azure/spec/msi_token_provider_spec.rb +++ b/runtime/ms_rest_azure/spec/msi_token_provider_spec.rb @@ -10,17 +10,13 @@ module MsRestAzure describe MSITokenProvider do it 'should throw error if nil data is passed into constructor' do expect { MSITokenProvider.new(nil) }.to raise_error(ArgumentError) - expect { MSITokenProvider.new('tenant_id',nil) }.to raise_error(ArgumentError) - expect { MSITokenProvider.new('tenant_id','port') }.to raise_error(ArgumentError) - expect { MSITokenProvider.new('tenant_id',50431,nil) }.to raise_error(ArgumentError) + expect { MSITokenProvider.new(50431,nil) }.to raise_error(ArgumentError) end it 'should set defaults for managed service identity' do - tenant = 'xxxx-xxxx-xxxxx-xxxxx' azure_cloud = MsRestAzure::AzureEnvironments::AzureCloud - token_provider = MSITokenProvider.new(tenant) - expect(token_provider.send(:tenant_id)).to eq(tenant) + token_provider = MSITokenProvider.new expect(token_provider.send(:port)).to eq(50342) settings = token_provider.send(:settings) expect(settings.authentication_endpoint).to eq(azure_cloud.active_directory_endpoint_url) @@ -28,14 +24,12 @@ module MsRestAzure end it 'should set customs for managed service identity' do - tenant = 'xxxx-xxxx-xxxxx-xxxxx' port = 50333 settings = ActiveDirectoryServiceSettings.new() settings.authentication_endpoint = 'https://login.microsoftonline.com/' settings.token_audience = 'https://vault.azure.net' - token_provider = MSITokenProvider.new(tenant, port, settings) - expect(token_provider.send(:tenant_id)).to eq(tenant) + token_provider = MSITokenProvider.new(port, settings) expect(token_provider.send(:port)).to eq(port) settings = token_provider.send(:settings) expect(settings.authentication_endpoint).to eq(settings.authentication_endpoint) From 447c39bba8b916d8c863ebd0e0e67d052eeb9a01 Mon Sep 17 00:00:00 2001 From: Vishrut Shah Date: Thu, 7 Sep 2017 09:12:40 -0700 Subject: [PATCH 4/4] Updating version of ms_rest_azure to 0.9.0 --- runtime/ms_rest_azure/CHANGELOG.md | 6 +++--- runtime/ms_rest_azure/README.md | 6 +++--- runtime/ms_rest_azure/lib/ms_rest_azure/version.rb | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/runtime/ms_rest_azure/CHANGELOG.md b/runtime/ms_rest_azure/CHANGELOG.md index e7f66d6cb5..657f501473 100644 --- a/runtime/ms_rest_azure/CHANGELOG.md +++ b/runtime/ms_rest_azure/CHANGELOG.md @@ -1,5 +1,5 @@ -##2017.09.06 ms_rest_azure version 0.8.3 -* Add header `Metadata='true'` for Managed Service Identity authentication to acquire token.[Issue #930](https://github.com/Azure/azure-sdk-for-ruby/issues/930) [PR #931](https://github.com/Azure/azure-sdk-for-ruby/pull/931) +##Unreleased ms_rest_azure version 0.9.0 +* [Breaking Change] Managed Service Identity authentication to acquire token does not require `tenant_id`.[Issue #930](https://github.com/Azure/azure-sdk-for-ruby/issues/930) [PR #931](https://github.com/Azure/azure-sdk-for-ruby/pull/931) ##2017.08.28 ms_rest_azure version 0.8.2 * Enable Managed Service Identity authentication features into ms_rest_azure runtime for azure_mgmt_* sdks.[Issue #884](https://github.com/Azure/azure-sdk-for-ruby/issues/884) [PR #889](https://github.com/Azure/azure-sdk-for-ruby/pull/889) @@ -30,7 +30,7 @@ * Improved AzureOperationError class to expose error_message and error_code properties [#1450](https://github.com/Azure/autorest/pull/1450) ##2016.09.15 ms_rest_azure version 0.5.0 -* Updating ms_rest dependecy to version 0.5.0 +* Updating ms_rest dependency to version 0.5.0 * Adding known Azure Environments in ruby runtime for easy discovery * Default Azure active directory url is updated from `https://login.windows.net/` to `https://login.microsoftonline.com/` (Breaking Change) * Using bundled default ca-cert from ms_rest diff --git a/runtime/ms_rest_azure/README.md b/runtime/ms_rest_azure/README.md index bd71f4acb1..820de23bfb 100644 --- a/runtime/ms_rest_azure/README.md +++ b/runtime/ms_rest_azure/README.md @@ -37,16 +37,16 @@ To start working on the gem the only additional dev dependecy is required - rspe Reference it in the gemfile and also add this line to your client's gemspec file: ```ruby -spec.add_runtime_dependency 'ms_rest_azure', '~> 0.8.3' +spec.add_runtime_dependency 'ms_rest_azure', '~> 0.9.0' ``` Don't forget to correct the version. # Utilizing MSI(Managed Service Identity) Token Provider -MSI support has been enabled in `ms_rest_azure` version `0.8.3`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`: +MSI support has been enabled in `ms_rest_azure` version `0.9.0`. Below code snippet demonstrates how to use MSITokenProvider with default port `50342`: ```ruby -provider = MsRestAzure::MSITokenProvider.new('{tenant_id}') +provider = MsRestAzure::MSITokenProvider.new() credentials = MsRest::TokenCredentials.new(provider) ``` diff --git a/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb b/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb index 9cf429b2fc..c137b6be4e 100644 --- a/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb +++ b/runtime/ms_rest_azure/lib/ms_rest_azure/version.rb @@ -3,5 +3,5 @@ # Licensed under the MIT License. See License.txt in the project root for license information. module MsRestAzure - VERSION = '0.8.3' + VERSION = '0.9.0' end