lib/fog/azurerm/storage.rb in gitlab-fog-azure-rm-2.1.0 vs lib/fog/azurerm/storage.rb in gitlab-fog-azure-rm-2.2.0
- old
+ new
@@ -1,5 +1,9 @@
+# frozen_string_literal: true
+
+require 'json'
+
module Fog
module AzureRM
# This class registers models, requests and collections
class Storage < Fog::Service
# Recognizes when creating data client
@@ -78,10 +82,12 @@
# This class provides the actual implementation for service calls.
class Real
include Fog::AzureRM::Utilities::General
+ attr_accessor :options
+
def initialize(options)
begin
require 'azure/storage/common'
require 'azure/storage/blob'
require 'securerandom'
@@ -91,23 +97,23 @@
rescue LoadError => e
retry if require('rubygems')
raise e.message
end
- return unless @azure_storage_account_name != options[:azure_storage_account_name] ||
- @azure_storage_access_key != options[:azure_storage_access_key] ||
- @azure_storage_token_signer != options[:azure_storage_token_signer]
+ options[:environment] = options[:environment] || ENV['AZURE_ENVIRONMENT'] || ENVIRONMENT_AZURE_CLOUD
+ @environment = options[:environment]
+ @options = options
@azure_storage_account_name = options[:azure_storage_account_name]
@azure_storage_access_key = options[:azure_storage_access_key]
- @azure_storage_token_signer = options[:azure_storage_token_signer]
+
+ load_credentials
+
+ @azure_storage_token_signer = token_signer
@azure_storage_endpoint = options[:azure_storage_endpoint]
@azure_storage_domain = options[:azure_storage_domain]
- options[:environment] = 'AzureCloud' if options[:environment].nil?
- @environment = options[:environment]
-
storage_blob_host =
@azure_storage_endpoint ||
if @azure_storage_domain.nil? || @azure_storage_domain.empty?
get_blob_endpoint(@azure_storage_account_name, true, @environment)
else
@@ -126,10 +132,30 @@
@blob_client.with_filter(Azure::Core::Http::DebugFilter.new) if @debug
end
private
+ def load_credentials
+ return options[:azure_storage_token_signer] if options[:azure_storage_token_signer]
+ return if @azure_storage_access_key && !@azure_storage_access_key.empty?
+
+ @credential_client = Fog::AzureRM::DefaultCredentials.new(options)
+ @credentials = @credential_client.fetch_credentials_if_needed
+ end
+
+ def token_signer
+ return options[:azure_storage_token_signer] if options[:azure_storage_token_signer]
+ return unless @credentials
+
+ access_token_signer(@credentials.token)
+ end
+
+ def access_token_signer(access_token)
+ cred = Azure::Storage::Common::Core::TokenCredential.new(access_token)
+ Azure::Storage::Common::Core::Auth::TokenSigner.new(cred)
+ end
+
def signature_client(requested_expiry)
access_key = @azure_storage_access_key.to_s
user_delegation_key = user_delegation_key(requested_expiry)
# invalidate cache when the delegation key changes
@@ -145,9 +171,14 @@
)
end
def user_delegation_key(requested_expiry)
return nil unless @azure_storage_token_signer
+
+ if @credential_client
+ @credentials = @credential_client.fetch_credentials_if_needed
+ @azure_storage_token_signer = token_signer
+ end
@user_delegation_key_mutex ||= Mutex.new
@user_delegation_key_mutex.synchronize do
if @user_delegation_key_expiry.nil? || @user_delegation_key_expiry < requested_expiry
start = Time.now