Module: Legion::Extensions::Identity::Entra::ManagedIdentity::Runners::Token

Includes:
Helpers::Lex, Logging::Helper, Settings::Helper
Defined in:
lib/legion/extensions/identity/entra/managed_identity/runners/token.rb

Constant Summary collapse

IMDS_ENDPOINT = 
'http://169.254.169.254/metadata/identity/oauth2/token'
IMDS_API_VERSION = 
'2019-08-01'

Instance Method Summary collapse

Instance Method Details

#acquire_managed_token(resource: 'https://graph.microsoft.com', client_id: nil) ⇒ Object 



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
 
# File 'lib/legion/extensions/identity/entra/managed_identity/runners/token.rb', line 18

def acquire_managed_token(resource: 'https://graph.microsoft.com', client_id: nil, **)
  log.debug("ManagedIdentity::Token.acquire: resource=#{resource}")
  params = {
    'api-version' => IMDS_API_VERSION,
    'resource'    => resource
  }
  params['client_id'] = client_id if client_id

  response = imds_connection.get('metadata/identity/oauth2/token', params)
  body = response.body.to_s.empty? ? {} : json_load(response.body)

  unless response.success?
    log.warn("ManagedIdentity::Token.acquire: IMDS returned #{response.status}")
    return { error:       "http_#{response.status}",
             description: body[:error_description] || response.reason_phrase }
  end

  log.info('ManagedIdentity::Token.acquire: token acquired from IMDS')
  { result: body }
rescue StandardError => e
  handle_exception(e, level: :error, operation: 'managed_identity.token.acquire')
  { error: 'request_failed', description: e.message }
end