diff --git a/lib/puppet_x/tragiccode/azure.rb b/lib/puppet_x/tragiccode/azure.rb index fbd1b97..6457ac1 100644 --- a/lib/puppet_x/tragiccode/azure.rb +++ b/lib/puppet_x/tragiccode/azure.rb @@ -5,7 +5,7 @@ module TragicCode # Azure API functions class Azure - @azure_arc_instance_metadata_endpoint_ip = '127.0.0.1'.freeze + @azure_arc_instance_metadata_endpoint_ip_and_port = '127.0.0.1:40342'.freeze def self.cloud_environments { @@ -31,7 +31,7 @@ def self.normalize_object_name(object_name, replacement) def self.get_access_token_azure_arc(api_version, cloud_type = 'AzureCloud') # Generate File and Read Challenge Token vault_resource = "https://#{cloud_environments.fetch(cloud_type, cloud_environments['AzureCloud'])['vault_dns_suffix']}" - uri = URI("http://#{@azure_arc_instance_metadata_endpoint_ip}/metadata/identity/oauth2/token?api-version=#{api_version}&resource=#{URI.encode_www_form_component(vault_resource)}") + uri = URI("http://#{@azure_arc_instance_metadata_endpoint_ip_and_port}/metadata/identity/oauth2/token?api-version=#{api_version}&resource=#{URI.encode_www_form_component(vault_resource)}") req = Net::HTTP::Get.new(uri.request_uri) req['Metadata'] = 'true' res = Net::HTTP.start(uri.hostname, uri.port) do |http| @@ -46,7 +46,7 @@ def self.get_access_token_azure_arc(api_version, cloud_type = 'AzureCloud') challenge_token = File.read(challenge_token_file_path) # Get Access Token using challenge token - internal_get_access_token(api_version, @azure_arc_instance_metadata_endpoint_ip, { 'Authorization' => "Basic #{challenge_token}" }, cloud_type) + internal_get_access_token(api_version, @azure_arc_instance_metadata_endpoint_ip_and_port, { 'Authorization' => "Basic #{challenge_token}" }, cloud_type) end def self.get_access_token(api_version, cloud_type = 'AzureCloud') diff --git a/spec/functions/tragic_code/azure_spec.rb b/spec/functions/tragic_code/azure_spec.rb index c8ecea8..e4928d9 100644 --- a/spec/functions/tragic_code/azure_spec.rb +++ b/spec/functions/tragic_code/azure_spec.rb @@ -42,7 +42,7 @@ it 'returns a bearer token' do allow(File).to receive(:read).and_return('magical-token-from-file') - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .with(query: hash_including('resource' => 'https://vault.azure.net')) .to_return( body: '{"access_token": "token"}', @@ -50,7 +50,7 @@ headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' }, ) - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .with(headers: { 'Authorization' => 'Basic magical-token-from-file' }, query: hash_including('resource' => 'https://vault.azure.net')) .to_return(body: '{"access_token": "token"}', status: 200) @@ -60,7 +60,7 @@ it 'returns a bearer token for AzureUSGovernment' do allow(File).to receive(:read).and_return('magical-token-from-file') - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .with(query: hash_including('resource' => 'https://vault.usgovcloudapi.net')) .to_return( body: '{"access_token": "token"}', @@ -68,7 +68,7 @@ headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' }, ) - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .with(headers: { 'Authorization' => 'Basic magical-token-from-file' }, query: hash_including('resource' => 'https://vault.usgovcloudapi.net')) .to_return(body: '{"access_token": "token"}', status: 200) @@ -76,13 +76,13 @@ end it 'throws error with response body when response is not 401 (unauthorized) when attempting to generate secret file' do - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .to_return(body: 'some_error', status: 200) expect { described_class.get_access_token_azure_arc('api') }.to raise_error('some_error') end it 'throws error when the 401 (unauthorized) response is missing the Www-Authenticate header' do - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .to_return(body: 'some_error', status: 401) expect { described_class.get_access_token_azure_arc('api') }.to raise_error('Response header Www-Authenticate is missing') end @@ -90,10 +90,10 @@ it 'throws error with response body when response is not 2xx when getting the auth token' do allow(File).to receive(:read).and_return('magical-token-from-file') # rubocop:disable Layout/LineLength - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .to_return(body: '{"access_token": "token"}', status: 401, headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' }) # rubocop:enable Layout/LineLength - stub_request(:get, %r{127.0.0.1}) + stub_request(:get, %r{127.0.0.1:40342}) .with(headers: { 'Authorization' => 'Basic magical-token-from-file' }) .to_return(body: 'some_error', status: 400)