Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions lib/puppet_x/tragiccode/azure.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
module TragicCode
# Azure API functions
class Azure
@azure_arc_instance_metadata_endpoint_ip = '127.0.0.1'.freeze
@azure_arc_instance_metadata_endpoint_ip_and_port = '127.0.0.1:40342'.freeze

def self.cloud_environments
{
Expand All @@ -31,7 +31,7 @@ def self.normalize_object_name(object_name, replacement)
def self.get_access_token_azure_arc(api_version, cloud_type = 'AzureCloud')
# Generate File and Read Challenge Token
vault_resource = "https://#{cloud_environments.fetch(cloud_type, cloud_environments['AzureCloud'])['vault_dns_suffix']}"
uri = URI("http://#{@azure_arc_instance_metadata_endpoint_ip}/metadata/identity/oauth2/token?api-version=#{api_version}&resource=#{URI.encode_www_form_component(vault_resource)}")
uri = URI("http://#{@azure_arc_instance_metadata_endpoint_ip_and_port}/metadata/identity/oauth2/token?api-version=#{api_version}&resource=#{URI.encode_www_form_component(vault_resource)}")
req = Net::HTTP::Get.new(uri.request_uri)
req['Metadata'] = 'true'
res = Net::HTTP.start(uri.hostname, uri.port) do |http|
Expand All @@ -46,7 +46,7 @@ def self.get_access_token_azure_arc(api_version, cloud_type = 'AzureCloud')
challenge_token = File.read(challenge_token_file_path)

# Get Access Token using challenge token
internal_get_access_token(api_version, @azure_arc_instance_metadata_endpoint_ip, { 'Authorization' => "Basic #{challenge_token}" }, cloud_type)
internal_get_access_token(api_version, @azure_arc_instance_metadata_endpoint_ip_and_port, { 'Authorization' => "Basic #{challenge_token}" }, cloud_type)
end

def self.get_access_token(api_version, cloud_type = 'AzureCloud')
Expand Down
16 changes: 8 additions & 8 deletions spec/functions/tragic_code/azure_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@
it 'returns a bearer token' do
allow(File).to receive(:read).and_return('magical-token-from-file')

stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.with(query: hash_including('resource' => 'https://vault.azure.net'))
.to_return(
body: '{"access_token": "token"}',
status: 401,
headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' },
)

stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.with(headers: { 'Authorization' => 'Basic magical-token-from-file' }, query: hash_including('resource' => 'https://vault.azure.net'))
.to_return(body: '{"access_token": "token"}', status: 200)

Expand All @@ -60,40 +60,40 @@
it 'returns a bearer token for AzureUSGovernment' do
allow(File).to receive(:read).and_return('magical-token-from-file')

stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.with(query: hash_including('resource' => 'https://vault.usgovcloudapi.net'))
.to_return(
body: '{"access_token": "token"}',
status: 401,
headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' },
)

stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.with(headers: { 'Authorization' => 'Basic magical-token-from-file' }, query: hash_including('resource' => 'https://vault.usgovcloudapi.net'))
.to_return(body: '{"access_token": "token"}', status: 200)

expect(described_class.get_access_token_azure_arc('api', 'AzureUSGovernment')).to eq('token')
end

it 'throws error with response body when response is not 401 (unauthorized) when attempting to generate secret file' do
stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.to_return(body: 'some_error', status: 200)
expect { described_class.get_access_token_azure_arc('api') }.to raise_error('some_error')
end

it 'throws error when the 401 (unauthorized) response is missing the Www-Authenticate header' do
stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.to_return(body: 'some_error', status: 401)
expect { described_class.get_access_token_azure_arc('api') }.to raise_error('Response header Www-Authenticate is missing')
end

it 'throws error with response body when response is not 2xx when getting the auth token' do
allow(File).to receive(:read).and_return('magical-token-from-file')
# rubocop:disable Layout/LineLength
stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.to_return(body: '{"access_token": "token"}', status: 401, headers: { 'Www-Authenticate' => 'Basic realm=C:\\ProgramData\\AzureConnectedMachineAgent\\Tokens\\f1da0584-97f4-42fd-a671-879ad3de86fa.key' })
# rubocop:enable Layout/LineLength
stub_request(:get, %r{127.0.0.1})
stub_request(:get, %r{127.0.0.1:40342})
.with(headers: { 'Authorization' => 'Basic magical-token-from-file' })
.to_return(body: 'some_error', status: 400)

Expand Down
Loading