Class: Legion::Extensions::Identity::Entra::ManagedIdentity::Actor::TokenRefresher

Inherits:
Actors::Every
  • Object
show all
Defined in:
lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb

Constant Summary collapse

DEFAULT_REFRESH_INTERVAL = 
2700

Instance Method Summary collapse

Instance Method Details

#check_subtask?Boolean

Returns:

  • (Boolean) 


15
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 15

def check_subtask?  = false

#enabled?Boolean

rubocop:disable Legion/Extension/ActorEnabledSideEffects

Returns:

  • (Boolean) 


24
25
26
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 24

def enabled? # rubocop:disable Legion/Extension/ActorEnabledSideEffects
  true
end

#generate_task?Boolean

Returns:

  • (Boolean) 


16
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 16

def generate_task?  = false

#manualObject 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 28

def manual
  log.debug('ManagedIdentity TokenRefresher tick')
  data = Legion::Extensions::Identity::Entra::Helpers::TokenManager.token_data(:managed_identity, refresh: false)

  if data && !Legion::Extensions::Identity::Entra::Helpers::TokenManager.expired?(data)
    log.debug('Managed identity token still valid')
    return
  end

  log.info('Managed identity token nearing expiry, re-acquiring from IMDS')
  runner = Object.new.extend(Legion::Extensions::Identity::Entra::ManagedIdentity::Runners::Token)
  result = runner.acquire_managed_token

  body = result&.dig(:result)
  unless body&.dig(:access_token)
    log.warn('Managed identity token re-acquisition failed')
    return
  end

  Legion::Extensions::Identity::Entra::Helpers::TokenManager.save_token(
    :managed_identity,
    access_token: body[:access_token],
    expires_in:   body[:expires_in] || body[:expires_on]&.then { |t| t.to_i - Time.now.to_i },
    scopes:       'https://graph.microsoft.com/.default'
  )
  Legion::Extensions::Identity::Entra::Client.reset!(pattern: :managed_identity)
  log.info('Managed identity token refreshed successfully')
rescue StandardError => e
  log.error("ManagedIdentity TokenRefresher: #{e.message}")
end

#run_now?Boolean

Returns:

  • (Boolean) 


17
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 17

def run_now?        = false

#runner_classObject 



12
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 12

def runner_class    = self.class

#runner_functionObject 



13
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 13

def runner_function = 'manual'

#timeObject 



19
20
21
22
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 19

def time
  Legion::Settings.dig(:identity, :entra, :managed_identity, :token, :refresh_interval) ||
    DEFAULT_REFRESH_INTERVAL
end

#use_runner?Boolean

Returns:

  • (Boolean) 


14
 
# File 'lib/legion/extensions/identity/entra/managed_identity/actors/token_refresher.rb', line 14

def use_runner?     = false