aws-codedeploy-agent 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/aws-codedeploy-agent.gemspec +5 -5
- data/certs/host-agent-deployment-signer-ca-chain.pem +30 -0
- data/conf/codedeployagent.yml +0 -1
- data/lib/instance_agent.rb +1 -13
- data/lib/instance_agent/agent/base.rb +38 -12
- data/lib/instance_agent/agent/plugin.rb +21 -0
- data/lib/instance_agent/config.rb +2 -1
- data/lib/instance_agent/platform/linux_util.rb +4 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/ace_info.rb +133 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/acl_info.rb +163 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb +143 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/context_info.rb +23 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/file_info.rb +23 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/linux_permission_info.rb +121 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/mode_info.rb +66 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/range_info.rb +134 -0
- data/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb +27 -0
- data/lib/instance_agent/plugins/codedeploy/codedeploy_control.rb +100 -0
- data/lib/instance_agent/plugins/codedeploy/command_executor.rb +359 -0
- data/lib/instance_agent/plugins/codedeploy/command_poller.rb +178 -0
- data/lib/instance_agent/plugins/codedeploy/deployment_specification.rb +161 -0
- data/lib/instance_agent/plugins/codedeploy/hook_executor.rb +226 -0
- data/lib/instance_agent/plugins/codedeploy/install_instruction.rb +389 -0
- data/lib/instance_agent/plugins/codedeploy/installer.rb +147 -0
- data/lib/instance_agent/plugins/codedeploy/onpremise_config.rb +42 -0
- data/lib/instance_agent/plugins/codedeploy/register_plugin.rb +17 -0
- data/lib/instance_agent/runner/child.rb +20 -5
- data/lib/instance_agent/runner/master.rb +2 -15
- data/lib/instance_metadata.rb +2 -2
- data/test/certificate_helper.rb +1 -1
- data/test/helpers/instance_agent_helper.rb +1 -0
- data/test/instance_agent/agent/base_test.rb +16 -3
- data/test/instance_agent/config_test.rb +2 -1
- data/test/instance_agent/plugins/codedeploy/application_specification_test.rb +1713 -0
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/codedeploy_control_test.rb +1 -1
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/command_executor_test.rb +32 -9
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/command_poller_test.rb +13 -14
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/deployment_specification_test.rb +98 -25
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/hook_executor_test.rb +83 -15
- data/test/instance_agent/plugins/codedeploy/install_instruction_test.rb +568 -0
- data/test/instance_agent/{codedeploy_plugin → plugins/codedeploy}/installer_test.rb +12 -9
- data/test/instance_agent/plugins/codedeploy/onpremise_config_test.rb +72 -0
- data/test/instance_agent/runner/child_test.rb +1 -1
- data/vendor/gems/.codedeploy-commands-1.0.0.created.rid +1 -1
- data/vendor/gems/codedeploy-commands/lib/aws/plugins/deploy_control_endpoint.rb +4 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath.rb +41 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/caching_parser.rb +30 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/errors.rb +17 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/expr_node.rb +15 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/lexer.rb +116 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/parser.rb +347 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/runtime.rb +71 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/token.rb +41 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/token_stream.rb +60 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/tree_interpreter.rb +523 -0
- data/vendor/gems/jmespath-1.0.1/lib/jmespath/version.rb +3 -0
- data/vendor/gems/process_manager/lib/process_manager/master.rb +16 -5
- data/vendor/specifications/{aws-sdk-core-2.0.5.gemspec → aws-sdk-core-2.0.42.gemspec} +9 -11
- data/vendor/specifications/builder-3.2.2.gemspec +1 -1
- data/vendor/specifications/codedeploy-commands-1.0.0.gemspec +7 -6
- data/vendor/specifications/gli-2.5.6.gemspec +1 -1
- data/vendor/specifications/jmespath-1.0.1.gemspec +29 -0
- data/vendor/specifications/little-plugger-1.1.3.gemspec +1 -1
- data/vendor/specifications/logging-1.8.1.gemspec +1 -1
- data/vendor/specifications/multi_json-1.7.7.gemspec +1 -1
- data/vendor/specifications/multi_json-1.8.4.gemspec +1 -1
- data/vendor/specifications/multi_xml-0.5.5.gemspec +1 -1
- data/vendor/specifications/process_manager-0.0.13.gemspec +1 -1
- data/vendor/specifications/simple_pid-0.2.1.gemspec +1 -1
- metadata +76 -63
- data/lib/instance_agent/codedeploy_plugin/application_specification/ace_info.rb +0 -133
- data/lib/instance_agent/codedeploy_plugin/application_specification/acl_info.rb +0 -163
- data/lib/instance_agent/codedeploy_plugin/application_specification/application_specification.rb +0 -142
- data/lib/instance_agent/codedeploy_plugin/application_specification/context_info.rb +0 -23
- data/lib/instance_agent/codedeploy_plugin/application_specification/file_info.rb +0 -23
- data/lib/instance_agent/codedeploy_plugin/application_specification/linux_permission_info.rb +0 -121
- data/lib/instance_agent/codedeploy_plugin/application_specification/mode_info.rb +0 -66
- data/lib/instance_agent/codedeploy_plugin/application_specification/range_info.rb +0 -134
- data/lib/instance_agent/codedeploy_plugin/application_specification/script_info.rb +0 -27
- data/lib/instance_agent/codedeploy_plugin/codedeploy_control.rb +0 -72
- data/lib/instance_agent/codedeploy_plugin/command_executor.rb +0 -357
- data/lib/instance_agent/codedeploy_plugin/command_poller.rb +0 -170
- data/lib/instance_agent/codedeploy_plugin/deployment_specification.rb +0 -150
- data/lib/instance_agent/codedeploy_plugin/hook_executor.rb +0 -206
- data/lib/instance_agent/codedeploy_plugin/install_instruction.rb +0 -374
- data/lib/instance_agent/codedeploy_plugin/installer.rb +0 -143
- data/lib/instance_agent/codedeploy_plugin/request_helper.rb +0 -28
- data/test/instance_agent/codedeploy_plugin/application_specification_test.rb +0 -1710
- data/test/instance_agent/codedeploy_plugin/install_instruction_test.rb +0 -566
- data/test/instance_agent/codedeploy_plugin/request_helper_test.rb +0 -37
- data/vendor/specifications/jamespath-0.5.1.gemspec +0 -35
@@ -1,23 +0,0 @@
|
|
1
|
-
module InstanceAgent
|
2
|
-
module CodeDeployPlugin
|
3
|
-
module ApplicationSpecification
|
4
|
-
|
5
|
-
#Helper class for storing data parsed from file maps
|
6
|
-
class FileInfo
|
7
|
-
|
8
|
-
attr_reader :source, :destination
|
9
|
-
|
10
|
-
def initialize(source, destination, opts = {})
|
11
|
-
if(source.nil?)
|
12
|
-
raise AppSpecValidationException, 'File needs to have a source'
|
13
|
-
elsif (destination.nil?)
|
14
|
-
raise AppSpecValidationException, 'File needs to have a destination'
|
15
|
-
end
|
16
|
-
@source = source
|
17
|
-
@destination = destination
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
data/lib/instance_agent/codedeploy_plugin/application_specification/linux_permission_info.rb
DELETED
@@ -1,121 +0,0 @@
|
|
1
|
-
module InstanceAgent
|
2
|
-
module CodeDeployPlugin
|
3
|
-
module ApplicationSpecification
|
4
|
-
|
5
|
-
#Helper Class for storing data parsed from permissions list
|
6
|
-
class LinuxPermissionInfo
|
7
|
-
|
8
|
-
attr_reader :object, :pattern, :except, :type, :owner, :group, :mode, :acls, :context
|
9
|
-
|
10
|
-
def initialize(object, opts = {})
|
11
|
-
object = object.to_s
|
12
|
-
if (object.empty?)
|
13
|
-
raise AppSpecValidationException, 'Permission needs a object value'
|
14
|
-
end
|
15
|
-
@object = object
|
16
|
-
@pattern = opts[:pattern] || "**"
|
17
|
-
@except = opts[:except] || []
|
18
|
-
@type = opts[:type] || ["file", "directory"]
|
19
|
-
@owner = opts[:owner]
|
20
|
-
@group = opts[:group]
|
21
|
-
@mode = opts[:mode]
|
22
|
-
@acls = opts[:acls]
|
23
|
-
@context = opts[:context]
|
24
|
-
end
|
25
|
-
|
26
|
-
def validate_file_permission()
|
27
|
-
if @type.include?("file")
|
28
|
-
if !"**".eql?(@pattern)
|
29
|
-
raise AppSpecValidationException, "Attempt to use pattern #{@pattern} when assigning permissions to file #{@object}"
|
30
|
-
end
|
31
|
-
if !@except.empty?
|
32
|
-
raise AppSpecValidationException, "Attempt to use except #{@except} when assigning permissions to file #{@object}"
|
33
|
-
end
|
34
|
-
end
|
35
|
-
end
|
36
|
-
|
37
|
-
def validate_file_acl(object)
|
38
|
-
if !@acls.nil?
|
39
|
-
default_acl = @acls.get_default_ace
|
40
|
-
if !default_acl.nil?
|
41
|
-
raise "Attempt to set default acl #{default_acl} on file #{object}"
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|
46
|
-
def matches_pattern?(name)
|
47
|
-
name = name.chomp(File::SEPARATOR)
|
48
|
-
base_object = sanitize_dir_path(@object)
|
49
|
-
if !base_object.end_with?(File::SEPARATOR)
|
50
|
-
base_object = base_object + File::SEPARATOR
|
51
|
-
end
|
52
|
-
if name.start_with?(base_object)
|
53
|
-
if ("**".eql?(@pattern))
|
54
|
-
return true
|
55
|
-
end
|
56
|
-
rel_name = name[base_object.length..name.length]
|
57
|
-
return matches_simple_glob(rel_name, @pattern)
|
58
|
-
end
|
59
|
-
false
|
60
|
-
end
|
61
|
-
|
62
|
-
def matches_except?(name)
|
63
|
-
name = name.chomp(File::SEPARATOR)
|
64
|
-
base_object = sanitize_dir_path(@object)
|
65
|
-
if !base_object.end_with?(File::SEPARATOR)
|
66
|
-
base_object = base_object + File::SEPARATOR
|
67
|
-
end
|
68
|
-
if name.start_with?(base_object)
|
69
|
-
rel_name = name[base_object.length..name.length]
|
70
|
-
@except.each do |item|
|
71
|
-
if matches_simple_glob(rel_name, item)
|
72
|
-
return true
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
false
|
77
|
-
end
|
78
|
-
|
79
|
-
private
|
80
|
-
def matches_simple_glob(name, pattern)
|
81
|
-
if name.include?(File::SEPARATOR)
|
82
|
-
return false
|
83
|
-
end
|
84
|
-
options = expand(pattern.chars.entries)
|
85
|
-
name.chars.each do |char|
|
86
|
-
new_options = []
|
87
|
-
options.each do |option|
|
88
|
-
if option[0].eql?("*")
|
89
|
-
new_options.concat(expand(option))
|
90
|
-
elsif option[0].eql?(char)
|
91
|
-
option.shift
|
92
|
-
new_options.concat(expand(option))
|
93
|
-
end
|
94
|
-
end
|
95
|
-
options = new_options
|
96
|
-
if (options.include?(["*"]))
|
97
|
-
return true
|
98
|
-
end
|
99
|
-
end
|
100
|
-
options.include?([])
|
101
|
-
end
|
102
|
-
|
103
|
-
private
|
104
|
-
def expand(option)
|
105
|
-
previous_option = nil
|
106
|
-
while "*".eql?(option[0]) do
|
107
|
-
previous_option = Array.new(option)
|
108
|
-
option.shift
|
109
|
-
end
|
110
|
-
previous_option.nil? ? [option] : [previous_option, option]
|
111
|
-
end
|
112
|
-
|
113
|
-
private
|
114
|
-
def sanitize_dir_path(path)
|
115
|
-
File.expand_path(path)
|
116
|
-
end
|
117
|
-
end
|
118
|
-
|
119
|
-
end
|
120
|
-
end
|
121
|
-
end
|
@@ -1,66 +0,0 @@
|
|
1
|
-
module InstanceAgent
|
2
|
-
module CodeDeployPlugin
|
3
|
-
module ApplicationSpecification
|
4
|
-
|
5
|
-
#Helper Class for storing mode of a file
|
6
|
-
class ModeInfo
|
7
|
-
|
8
|
-
attr_reader :mode
|
9
|
-
attr_reader :world, :world_readable, :world_writable, :world_executable
|
10
|
-
attr_reader :group, :group_readable, :group_writable, :group_executable
|
11
|
-
attr_reader :owner, :owner_readable, :owner_writable, :owner_executable
|
12
|
-
attr_reader :setuid, :setgid, :sticky
|
13
|
-
|
14
|
-
def initialize(mode)
|
15
|
-
mode = mode.to_s
|
16
|
-
while mode.length < 3 do
|
17
|
-
mode = "0" + mode;
|
18
|
-
end
|
19
|
-
if mode.length > 4
|
20
|
-
raise AppSpecValidationException, "permission mode length incorrect: #{mode}"
|
21
|
-
end
|
22
|
-
mode.each_char do |char|
|
23
|
-
if (char.ord < '0'.ord) || (char.ord > '7'.ord)
|
24
|
-
raise AppSpecValidationException, "invalid character #{char} in permission mode #{mode}"
|
25
|
-
end
|
26
|
-
end
|
27
|
-
@mode = mode
|
28
|
-
mode_array = mode.reverse.chars.entries
|
29
|
-
|
30
|
-
@world = mode_array[0]
|
31
|
-
world_bits = to_bits(@world.to_i, 3)
|
32
|
-
@world_readable = (world_bits[0] == 1)
|
33
|
-
@world_writable = (world_bits[1] == 1)
|
34
|
-
@world_executable = (world_bits[2] == 1)
|
35
|
-
|
36
|
-
@group = mode_array[1]
|
37
|
-
group_bits = to_bits(@group.to_i, 3)
|
38
|
-
@group_readable = (group_bits[0] == 1)
|
39
|
-
@group_writable = (group_bits[1] == 1)
|
40
|
-
@group_executable = (group_bits[2] == 1)
|
41
|
-
|
42
|
-
@owner = mode_array[2]
|
43
|
-
owner_bits = to_bits(@owner.to_i, 3)
|
44
|
-
@owner_readable = (owner_bits[0] == 1)
|
45
|
-
@owner_writable = (owner_bits[1] == 1)
|
46
|
-
@owner_executable = (owner_bits[2] == 1)
|
47
|
-
|
48
|
-
special = (mode_array.length > 3) ? mode_array[3]: '0'
|
49
|
-
special_bits = to_bits(special.to_i, 3)
|
50
|
-
@setuid = (special_bits[0] == 1)
|
51
|
-
@setgid = (special_bits[1] == 1)
|
52
|
-
@sticky = (special_bits[2] == 1)
|
53
|
-
end
|
54
|
-
|
55
|
-
def to_bits(num, min_size)
|
56
|
-
bits = Array.new(min_size, 0)
|
57
|
-
num_bits = num.to_s(2).split("")
|
58
|
-
diff = [0, min_size - num_bits.length].max
|
59
|
-
num_bits.map.with_index {|n,i| bits[i+diff] = n.to_i}
|
60
|
-
bits
|
61
|
-
end
|
62
|
-
end
|
63
|
-
|
64
|
-
end
|
65
|
-
end
|
66
|
-
end
|
@@ -1,134 +0,0 @@
|
|
1
|
-
module InstanceAgent
|
2
|
-
module CodeDeployPlugin
|
3
|
-
module ApplicationSpecification
|
4
|
-
|
5
|
-
#Helper Class for storing the range of a context
|
6
|
-
class RangeInfo
|
7
|
-
|
8
|
-
attr_reader :low_sensitivity, :high_sensitivity, :categories
|
9
|
-
|
10
|
-
def initialize(range)
|
11
|
-
parts = ensure_parts(range, ":")
|
12
|
-
sensitivity_parts = ensure_parts(parts[0], "-")
|
13
|
-
@low_sensitivity = getSensitivityNumber(sensitivity_parts[0])
|
14
|
-
if sensitivity_parts.length == 2
|
15
|
-
@high_sensitivity = getSensitivityNumber(sensitivity_parts[1])
|
16
|
-
if @high_sensitivity < @low_sensitivity
|
17
|
-
raise AppSpecValidationException, "invalid sensitivity range in #{range}"
|
18
|
-
end
|
19
|
-
else
|
20
|
-
@high_sensitivity = @low_sensitivity
|
21
|
-
end
|
22
|
-
if parts.length == 2
|
23
|
-
@categories = get_category_numbers(parts[1].split(","))
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
def ensure_parts(input, split_on)
|
28
|
-
num_parts = 1
|
29
|
-
if input.include?(split_on)
|
30
|
-
num_parts = 2
|
31
|
-
end
|
32
|
-
parts = input.split(split_on, 2)
|
33
|
-
if parts.length != num_parts
|
34
|
-
raise AppSpecValidationException, "invalid range part #{input}"
|
35
|
-
end
|
36
|
-
parts.each do |part|
|
37
|
-
if part.nil? || part.eql?('')
|
38
|
-
raise AppSpecValidationException, "invalid range part #{input}"
|
39
|
-
end
|
40
|
-
end
|
41
|
-
parts
|
42
|
-
end
|
43
|
-
|
44
|
-
def getSensitivityNumber(sensitivity)
|
45
|
-
if sensitivity.nil? || sensitivity.length < 2 || !sensitivity.start_with?('s')
|
46
|
-
raise AppSpecValidationException, "invalid sensitivity #{sensitivity}"
|
47
|
-
end
|
48
|
-
s_level = sensitivity.sub('s', '')
|
49
|
-
s_level.chars.each do |digit|
|
50
|
-
if (digit.ord < '0'.ord) || (digit.ord > '9'.ord)
|
51
|
-
raise AppSpecValidationException, "invalid sensitivity #{sensitivity}"
|
52
|
-
end
|
53
|
-
end
|
54
|
-
s_level.to_i
|
55
|
-
end
|
56
|
-
|
57
|
-
def get_category_number(category)
|
58
|
-
if category.nil? || category.length < 2 || !category.start_with?('c')
|
59
|
-
raise AppSpecValidationException, "invalid category #{category}"
|
60
|
-
end
|
61
|
-
c_level = category.sub('c', '')
|
62
|
-
c_level.chars.each do |digit|
|
63
|
-
if (digit.ord < '0'.ord) || (digit.ord > '9'.ord)
|
64
|
-
raise AppSpecValidationException, "invalid category #{category}"
|
65
|
-
end
|
66
|
-
end
|
67
|
-
level = c_level.to_i
|
68
|
-
if level > 1023
|
69
|
-
raise AppSpecValidationException, "invalid category #{category}"
|
70
|
-
end
|
71
|
-
level
|
72
|
-
end
|
73
|
-
|
74
|
-
def get_category_range(range)
|
75
|
-
low = get_category_number(range[0])
|
76
|
-
high = get_category_number(range[1])
|
77
|
-
if (high < low)
|
78
|
-
raise AppSpecValidationException, "invalid category range #{range[0]}.#{range[1]}"
|
79
|
-
end
|
80
|
-
(low..high).to_a
|
81
|
-
end
|
82
|
-
|
83
|
-
def get_category_numbers(parts)
|
84
|
-
temp_categories = [];
|
85
|
-
parts.each do |part|
|
86
|
-
if part.include? "."
|
87
|
-
temp_categories.concat get_category_range(ensure_parts(part, "."))
|
88
|
-
else
|
89
|
-
temp_categories << get_category_number(part)
|
90
|
-
end
|
91
|
-
end
|
92
|
-
if !temp_categories.sort!.uniq!.nil?
|
93
|
-
raise AppSpecValidationException, "duplicate categories"
|
94
|
-
end
|
95
|
-
temp_categories
|
96
|
-
end
|
97
|
-
|
98
|
-
# format s#[-s#][:c#[.c#](,c#[.c#])*] (# means a number)
|
99
|
-
def get_range
|
100
|
-
range = "s" + @low_sensitivity.to_s
|
101
|
-
if (@low_sensitivity != @high_sensitivity)
|
102
|
-
range = range + "-s" + @high_sensitivity.to_s
|
103
|
-
end
|
104
|
-
if @categories
|
105
|
-
range = range + ":"
|
106
|
-
index = 0
|
107
|
-
while index < @categories.length
|
108
|
-
if (index != 0)
|
109
|
-
range = range + ","
|
110
|
-
end
|
111
|
-
|
112
|
-
low = @categories[index]
|
113
|
-
low_index = index
|
114
|
-
high = @categories[index]
|
115
|
-
index += 1
|
116
|
-
while (@categories[index] == low + (index - low_index))
|
117
|
-
high += 1
|
118
|
-
index += 1
|
119
|
-
end
|
120
|
-
|
121
|
-
if (low == high)
|
122
|
-
range = range + "c" + low.to_s
|
123
|
-
else
|
124
|
-
range = range + "c" + low.to_s + ".c" + high.to_s
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|
128
|
-
range
|
129
|
-
end
|
130
|
-
end
|
131
|
-
|
132
|
-
end
|
133
|
-
end
|
134
|
-
end
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module InstanceAgent
|
2
|
-
module CodeDeployPlugin
|
3
|
-
module ApplicationSpecification
|
4
|
-
|
5
|
-
#Helper Class for storing data parsed from hook script maps
|
6
|
-
class ScriptInfo
|
7
|
-
|
8
|
-
attr_reader :location, :runas, :timeout
|
9
|
-
|
10
|
-
def initialize(location, opts = {})
|
11
|
-
location = location.to_s
|
12
|
-
if(location.empty?)
|
13
|
-
raise AppSpecValidationException, 'Scripts need a location value'
|
14
|
-
end
|
15
|
-
@location = location
|
16
|
-
@runas = opts[:runas]
|
17
|
-
@timeout = opts[:timeout] || 3600
|
18
|
-
@timeout = @timeout.to_i
|
19
|
-
if(@timeout <= 0)
|
20
|
-
raise AppSpecValidationException, 'Timeout needs to be an integer greater than 0'
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,72 +0,0 @@
|
|
1
|
-
require 'aws/codedeploy_commands'
|
2
|
-
require 'httpclient'
|
3
|
-
require 'instance_metadata'
|
4
|
-
|
5
|
-
module InstanceAgent
|
6
|
-
module CodeDeployPlugin
|
7
|
-
class CodeDeployControl
|
8
|
-
|
9
|
-
def initialize(options = {})
|
10
|
-
@options = options.update({
|
11
|
-
:http_read_timeout => InstanceAgent::Config.config[:http_read_timeout]
|
12
|
-
})
|
13
|
-
|
14
|
-
if InstanceAgent::Config.config[:log_aws_wire]
|
15
|
-
@options = options.update({
|
16
|
-
# wire logs might be huge; customers should be careful about turning them on
|
17
|
-
# allow 1GB of old wire logs in 64MB chunks
|
18
|
-
:logger => Logger.new(
|
19
|
-
File.join(InstanceAgent::Config.config[:log_dir], "#{InstanceAgent::Config.config[:program_name]}.aws_wire.log"),
|
20
|
-
16,
|
21
|
-
64 * 1024 * 1024),
|
22
|
-
:http_wire_trace => true})
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
def get_client
|
27
|
-
Aws::CodeDeployCommand::Client.new(@options)
|
28
|
-
end
|
29
|
-
|
30
|
-
def ssl_verify_peer
|
31
|
-
get_client.config.ssl_verify_peer
|
32
|
-
end
|
33
|
-
|
34
|
-
def verify_cert_fields
|
35
|
-
deploy_control_endpoint = get_client.config.endpoint
|
36
|
-
begin
|
37
|
-
cert_verifier = InstanceAgent::CodeDeployPlugin::CodeDeployControlCertVerifier.new(deploy_control_endpoint)
|
38
|
-
cert_verifier.verify_subject
|
39
|
-
rescue e
|
40
|
-
InstanceAgent::Log.error("#{self.class.to_s}: Error during certificate verification on codedeploy endpoint #{deploy_control_endpoint}")
|
41
|
-
InstanceAgent::Log.debug("#{self.class.to_s}: #{e.inspect}")
|
42
|
-
false
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
class CodeDeployControlCertVerifier
|
48
|
-
|
49
|
-
def initialize(endpoint)
|
50
|
-
client = HTTPClient.new
|
51
|
-
response = client.get(endpoint)
|
52
|
-
@cert = response.peer_cert
|
53
|
-
@region = ENV['AWS_REGION'] || InstanceMetadata.region
|
54
|
-
end
|
55
|
-
|
56
|
-
def verify_subject
|
57
|
-
InstanceAgent::Log.debug("#{self.class.to_s}: Actual certificate subject is '#{@cert.subject.to_s}'")
|
58
|
-
|
59
|
-
case @region
|
60
|
-
when 'us-east-1'
|
61
|
-
@cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-commands.us-east-1.amazonaws.com"
|
62
|
-
when 'us-west-2'
|
63
|
-
@cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-commands.us-west-2.amazonaws.com"
|
64
|
-
else
|
65
|
-
InstanceAgent::Log.debug("#{self.class.to_s}: Unsupported region '#{@region}'")
|
66
|
-
false
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
end
|
71
|
-
end
|
72
|
-
end
|