anchor-pki 0.7.0 → 0.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +4 -0
  3. data/Gemfile.lock +26 -23
  4. data/lib/anchor/auto_cert/configuration.rb +12 -3
  5. data/lib/anchor/version.rb +1 -1
  6. data/lib/anchor.rb +7 -0
  7. data/lib/puma/plugin/auto_cert.rb +6 -11
  8. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 668bda70c37b6cfed433ff05de800a8e2a4f1576a6a16b73d0c653794890938a
4
- data.tar.gz: 9c96396faf03bed36249890bd19682988bdbb52d4e5eca4fe7994bbfaddf66f8
3
+ metadata.gz: 199d953aecf7e0a21ec2d40b4b910932dce98194b02dad0ccb5a19a8edca7dfc
4
+ data.tar.gz: 75eebd2d66d21913ec9299be8f6a11ba04a53bdb6f63554258644b18d5495f56
5
5
  SHA512:
6
- metadata.gz: 6a8a30a3eb39f5544250bf12338c31d7f3392fda4440a74dc916c28ffac5d2817b8687a911695db06d46f236f7e27857a482abb172854f7d9fd88e5332115749
7
- data.tar.gz: 004d41141dcca7ef89f994f726e0502c43957ce0c144d09fc719f71292f9abdc1a7cb45c6a57f75a84debd9ca2ac3f2085778879e104f4349bae51100c46909e
6
+ metadata.gz: 7f0b100133cdbd56308538a5c3085062221d3e9d7caa154aebe7fa61661ac59713f8e14829ced0dba6731c6fbff20a47d5382e6062e164e7ac85cd05ea94c406
7
+ data.tar.gz: 6424e2cb19604b4a78a673109fc1ffc1bc4ee62de8a036fdacc36030b23d67f320f7142bc62f4fdae7b3b3864d2ab1cbdb950548460b7bf01178a2a828dea7b7
data/CHANGELOG.md CHANGED
@@ -1,5 +1,9 @@
1
1
  ## [Unreleased]
2
2
 
3
+ ## [0.8.0] - 2024-03-04
4
+
5
+ - fix 0.7 regression such that configuration once again considers ENV values
6
+
3
7
  ## [0.7.0] - 2024-01-11
4
8
 
5
9
  - inherit from the puma-acme plugin in auto\_cert plugin
data/Gemfile.lock CHANGED
@@ -1,13 +1,13 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- anchor-pki (0.6.3)
4
+ anchor-pki (0.8.0)
5
5
  puma-acme (~> 0.1)
6
6
 
7
7
  GEM
8
8
  remote: https://rubygems.org/
9
9
  specs:
10
- acme-client (2.0.15)
10
+ acme-client (2.0.17)
11
11
  faraday (>= 1.0, < 3.0.0)
12
12
  faraday-retry (>= 1.0, < 3.0.0)
13
13
  addressable (2.8.4)
@@ -16,7 +16,7 @@ GEM
16
16
  base64 (0.2.0)
17
17
  crack (0.4.5)
18
18
  rexml
19
- diff-lcs (1.5.0)
19
+ diff-lcs (1.5.1)
20
20
  docile (1.4.0)
21
21
  faraday (2.9.0)
22
22
  faraday-net_http (>= 2.0, < 3.2)
@@ -39,32 +39,34 @@ GEM
39
39
  public_suffix (5.0.1)
40
40
  puma (6.4.2)
41
41
  nio4r (~> 2.0)
42
- puma-acme (0.1.0)
42
+ puma-acme (0.1.3)
43
43
  acme-client (~> 2.0.13)
44
44
  pstore (~> 0.1)
45
- puma (~> 6.4)
46
- sinatra (~> 3.1)
47
- rack (2.2.8)
48
- rack-protection (3.2.0)
45
+ puma (~> 6.0)
46
+ sinatra (~> 4.0)
47
+ rack (3.0.9.1)
48
+ rack-protection (4.0.0)
49
49
  base64 (>= 0.1.0)
50
- rack (~> 2.2, >= 2.2.4)
50
+ rack (>= 3.0.0, < 4)
51
+ rack-session (2.0.0)
52
+ rack (>= 3.0.0)
51
53
  rainbow (3.1.1)
52
54
  rake (13.1.0)
53
55
  regexp_parser (2.8.0)
54
56
  rexml (3.2.5)
55
- rspec (3.12.0)
56
- rspec-core (~> 3.12.0)
57
- rspec-expectations (~> 3.12.0)
58
- rspec-mocks (~> 3.12.0)
59
- rspec-core (3.12.2)
60
- rspec-support (~> 3.12.0)
61
- rspec-expectations (3.12.3)
57
+ rspec (3.13.0)
58
+ rspec-core (~> 3.13.0)
59
+ rspec-expectations (~> 3.13.0)
60
+ rspec-mocks (~> 3.13.0)
61
+ rspec-core (3.13.0)
62
+ rspec-support (~> 3.13.0)
63
+ rspec-expectations (3.13.0)
62
64
  diff-lcs (>= 1.2.0, < 2.0)
63
- rspec-support (~> 3.12.0)
64
- rspec-mocks (3.12.5)
65
+ rspec-support (~> 3.13.0)
66
+ rspec-mocks (3.13.0)
65
67
  diff-lcs (>= 1.2.0, < 2.0)
66
- rspec-support (~> 3.12.0)
67
- rspec-support (3.12.0)
68
+ rspec-support (~> 3.13.0)
69
+ rspec-support (3.13.1)
68
70
  rubocop (1.51.0)
69
71
  json (~> 2.3)
70
72
  parallel (~> 1.10)
@@ -93,10 +95,11 @@ GEM
93
95
  simplecov_json_formatter (~> 0.1)
94
96
  simplecov-html (0.12.3)
95
97
  simplecov_json_formatter (0.1.4)
96
- sinatra (3.2.0)
98
+ sinatra (4.0.0)
97
99
  mustermann (~> 3.0)
98
- rack (~> 2.2, >= 2.2.4)
99
- rack-protection (= 3.2.0)
100
+ rack (>= 3.0.0, < 4)
101
+ rack-protection (= 4.0.0)
102
+ rack-session (>= 2.0.0, < 3)
100
103
  tilt (~> 2.0)
101
104
  tilt (2.3.0)
102
105
  unicode-display_width (2.4.2)
data/lib/anchor/auto_cert/configuration.rb CHANGED
@@ -30,11 +30,14 @@ module Anchor
30
30
  alias_method :directory_url=, :directory=
31
31
 
32
32
  def initialize(opts = {})
33
- self.directory_url = opts.delete(:directory_url)
34
- self.allow_identifiers = opts.delete(:allow_identifiers)
33
+ opts[:directory] ||= envs(:directory)
34
+ opts[:eab_kid] ||= envs(:eab_kid)
35
+ opts[:eab_hmac_key] ||= envs(:eab_hmac_key)
36
+ opts[:server_names] ||= envs(:server_names)&.split(',')
35
37
 
36
38
  if (eab = opts.delete(:external_account_binding))
37
- self.external_account_binding = eab
39
+ opts[:eab_kid] = eab[:kid]
40
+ opts[:eab_hmac_key] = eab[:hmac_key]
38
41
  end
39
42
 
40
43
  super(opts)
@@ -48,6 +51,12 @@ module Anchor
48
51
  self.eab_kid = eab[:kid]
49
52
  self.eab_hmac_key = eab[:hmac_key]
50
53
  end
54
+
55
+ private
56
+
57
+ def envs(key)
58
+ Anchor::ENV_VARS[key].map { |k| ENV.fetch(k, nil) }.compact.first
59
+ end
51
60
  end
52
61
  end
53
62
  end
data/lib/anchor/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Anchor
4
- VERSION = '0.7.0'
4
+ VERSION = '0.8.0'
5
5
  end
data/lib/anchor.rb CHANGED
@@ -6,6 +6,13 @@ require 'openssl'
6
6
  # Anchor module is the top-level namespace for the Anchor PKI client.
7
7
  #
8
8
  module Anchor
9
+ ENV_VARS = {
10
+ directory: %w[ACME_DIRECTORY ACME_DIRECTORY_URL],
11
+ eab_kid: %w[ACME_KID ACME_EAB_KID],
12
+ eab_hmac_key: %w[ACME_HMAC_KEY ACME_EAB_HMAC_KEY],
13
+ server_names: %w[ACME_SERVER_NAME ACME_SERVER_NAMES SERVER_NAME SERVER_NAMES ACME_ALLOW_IDENTIFIERS]
14
+ }.freeze
15
+
9
16
  def self.add_cert(pem)
10
17
  (@certs ||= []) << OpenSSL::X509::Certificate.new(pem)
11
18
  end
data/lib/puma/plugin/auto_cert.rb CHANGED
@@ -1,5 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
+ require_relative '../../anchor'
3
4
  require_relative '../dsl'
4
5
 
5
6
  require 'puma/acme'
@@ -20,13 +21,6 @@ module Puma
20
21
  attr_accessor :start_hooks
21
22
  end
22
23
 
23
- ENV_VARS = {
24
- server_names: %w[ACME_SERVER_NAME ACME_SERVER_NAMES SERVER_NAME SERVER_NAMES ACME_ALLOW_IDENTIFIERS],
25
- directory: %w[ACME_DIRECTORY ACME_DIRECTORY_URL],
26
- eab_kid: %w[ACME_KID ACME_EAB_KID],
27
- eab_hmac_key: %w[ACME_HMAC_KEY ACME_EAB_HMAC_KEY]
28
- }.freeze
29
-
30
24
  def self.add_start_hook(&block)
31
25
  (self.start_hooks ||= []) << block
32
26
  end
@@ -47,7 +41,7 @@ module Puma
47
41
  return
48
42
  end
49
43
 
50
- server_names = [*config.all(:server_names, env: ENV_VARS[:server_names])]
44
+ server_names = [*config.all(:server_names, env: Anchor::ENV_VARS[:server_names])]
51
45
  .map { |val| val.split(/[ ,]/) }.flatten.uniq
52
46
 
53
47
  if server_names.empty?
@@ -71,10 +65,11 @@ module Puma
71
65
  end
72
66
  end
73
67
 
74
- launcher.options[:acme_directory] ||= config.first(:directory, env: ENV_VARS[:directory])
68
+ launcher.options[:acme_directory] ||= config.first(:directory, env: Anchor::ENV_VARS[:directory])
75
69
 
76
- launcher.options[:acme_eab_kid] ||= config.first(:eab_kid, env: ENV_VARS[:eab_kid])
77
- launcher.options[:acme_eab_hmac_key] ||= config.first(:eab_hmac_key, env: ENV_VARS[:eab_hmac_key])
70
+ launcher.options[:acme_eab_kid] ||= config.first(:eab_kid, env: Anchor::ENV_VARS[:eab_kid])
71
+ launcher.options[:acme_eab_hmac_key] ||= config.first(:eab_hmac_key,
72
+ env: Anchor::ENV_VARS[:eab_hmac_key])
78
73
 
79
74
  launcher.options[:acme_mode] ||= config.first(:mode) || :foreground
80
75
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: anchor-pki
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.7.0
4
+ version: 0.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Anchor Security, Inc
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-01-11 00:00:00.000000000 Z
11
+ date: 2024-03-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: puma-acme
@@ -182,7 +182,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
182
182
  - !ruby/object:Gem::Version
183
183
  version: '0'
184
184
  requirements: []
185
- rubygems_version: 3.4.10
185
+ rubygems_version: 3.4.22
186
186
  signing_key:
187
187
  specification_version: 4
188
188
  summary: Ruby client for Anchor PKI. See https://anchor.dev/ for details.