RubyGems - aws-sdk-rails - Versions diffs - 3.5.0 → 3.6.0 - Mend

aws-sdk-rails 3.5.0 → 3.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/aws-sdk-rails.rb +1 -0
data/lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb +92 -0
data/lib/aws/rails/railtie.rb +20 -0
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06b6734cbbe89bfbec53e688f583d78fb1a1fed48420c0a6b279d0025c8a65d3
-  data.tar.gz: 6a84d18c8fbb5807bb88e1b3c803ed94a72bb6287abc244341dfb1e05a595923
+  metadata.gz: 49d723b9b6fd27217d47fec5d67a8e215eea7249b190dcd724d949539c4fccdc
+  data.tar.gz: 0d99a46f3109fa5ea2950045a4e24ea85f630c9458d510bffe208dca65fcce22
 SHA512:
-  metadata.gz: 339b7acd4cdc666589ec5921ac583b1b8ed17101fedf6637af957ede0863b0aebe025333ddbb8fdb1fe9a491d2f82f76b7cde81d62ad1eab6c58ae34605c8ecf
-  data.tar.gz: c5d8b881c1f5a9521800bc89dd491266088a03dd98845590e5d498e22538baee8f14a014048a3155adcc411a5ded72bc35e02f456097f1d838a4e3cbff905e02
+  metadata.gz: 3411b20bf529a39dc0c3f45259f5b470cf74885a8c87937c5f874714ba0f840c33e6609f9904c673d0879bacddb30e1f8d9d2f8173ca229a7d4d264be6880e05
+  data.tar.gz: e2e4626edffb9ee1be443330ec975875ac97569034d985a551f24557d33c3c09cc6120f4f47a48bad15673f3481d52d5544349f8e2f109127a0714f0354d1b41

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 3.5.0
1	+ 3.6.0

data/lib/aws-sdk-rails.rb CHANGED

@@ -7,6 +7,7 @@ require_relative 'aws/rails/sqs_active_job/configuration'
 require_relative 'aws/rails/sqs_active_job/executor'
 require_relative 'aws/rails/sqs_active_job/job_runner'
 require_relative 'aws/rails/sqs_active_job/lambda_handler'
+require_relative 'aws/rails/middleware/ebs_sqs_active_job_middleware'
 require_relative 'action_dispatch/session/dynamodb_store'
 require_relative 'active_job/queue_adapters/amazon_sqs_adapter'

data/lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb ADDED

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+module Aws
+  module Rails
+    # Middleware to handle requests from the SQS Daemon present on Elastic Beanstalk worker environments.
+    class EbsSqsActiveJobMiddleware
+      INTERNAL_ERROR_MESSAGE = 'Failed to execute job - see Rails log for more details.'
+      INTERNAL_ERROR_RESPONSE = [500, { 'Content-Type' => 'text/plain' }, [INTERNAL_ERROR_MESSAGE]].freeze
+      FORBIDDEN_MESSAGE = 'Request with aws-sqsd user agent was made from untrusted address.'
+      FORBIDDEN_RESPONSE = [403, { 'Content-Type' => 'text/plain' }, [FORBIDDEN_MESSAGE]].freeze
+      def initialize(app)
+        @app = app
+        @logger = ActiveSupport::Logger.new(STDOUT)
+      end
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+        # Pass through unless user agent is the SQS Daemon
+        return @app.call(env) unless from_sqs_daemon?(request)
+        @logger.debug('aws-rails-sdk middleware detected call from Elastic Beanstalk SQS Daemon.')
+        # Only accept requests from this user agent if it is from localhost or a docker host in case of forgery.
+        unless request.local? || sent_from_docker_host?(request)
+          @logger.warn("SQSD request detected from untrusted address #{request.remote_ip}; returning 403 forbidden.")
+          return FORBIDDEN_RESPONSE
+        end
+        # Execute job or periodic task based on HTTP request context
+        periodic_task?(request) ? execute_periodic_task(request) : execute_job(request)
+      end
+      private
+      def execute_job(request)
+        # Jobs queued from the Active Job SQS adapter contain the JSON message in the request body.
+        job = Aws::Json.load(request.body.string)
+        job_name = job['job_class']
+        @logger.debug("Executing job: #{job_name}")
+        begin
+          ActiveJob::Base.execute(job)
+        rescue NoMethodError, NameError => e
+          @logger.error("Job #{job_name} could not resolve to a class that inherits from Active Job.")
+          @logger.error("Error: #{e}")
+          return INTERNAL_ERROR_RESPONSE
+        end
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran job #{job_name}."]]
+      end
+      def execute_periodic_task(request)
+        # The beanstalk worker SQS Daemon will add the 'X-Aws-Sqsd-Taskname' for periodic tasks set in cron.yaml.
+        job_name = request.headers['X-Aws-Sqsd-Taskname']
+        @logger.debug("Creating and executing periodic task: #{job_name}")
+        begin
+          job = job_name.constantize.new
+          job.perform_now
+        rescue NoMethodError, NameError => e
+          @logger.error("Periodic task #{job_name} could not resolve to an Active Job class - check the spelling in cron.yaml.")
+          @logger.error("Error: #{e}.")
+          return INTERNAL_ERROR_RESPONSE
+        end
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran periodic task #{job_name}."]]
+      end
+      # The beanstalk worker SQS Daemon sets a specific User-Agent headers that begins with 'aws-sqsd'.
+      def from_sqs_daemon?(request)
+        current_user_agent = request.headers['User-Agent']
+        !current_user_agent.nil? && current_user_agent.start_with?('aws-sqsd')
+      end
+      # The beanstalk worker SQS Daemon will add the custom 'X-Aws-Sqsd-Taskname' header for periodic tasks set in cron.yaml.
+      def periodic_task?(request)
+        !request.headers['X-Aws-Sqsd-Taskname'].nil? && request.headers['X-Aws-Sqsd-Taskname'].present?
+      end
+      def sent_from_docker_host?(request)
+        app_runs_in_docker_container? && request.remote_ip == '172.17.0.1'
+      end
+      def app_runs_in_docker_container?
+        @app_runs_in_docker_container ||= `[ -f /proc/1/cgroup ] && cat /proc/1/cgroup` =~ /docker/
+      end
+    end
+  end
+end

data/lib/aws/rails/railtie.rb CHANGED

@@ -13,6 +13,10 @@ module Aws
         Aws::Rails.log_to_rails_logger
       end
+      initializer 'aws-sdk-rails.insert_middleware' do |app|
+        Aws::Rails.add_sqsd_middleware(app)
+      end
       rake_tasks do
         load 'tasks/dynamo_db/session_store.rake'
         load 'tasks/aws_record/migrate.rake'
@@ -64,5 +68,21 @@ module Aws
         end
       end
     end
+    # Register a middleware that will handle requests from the Elastic Beanstalk worker SQS Daemon.
+    # This will only be added in the presence of the AWS_PROCESS_BEANSTALK_WORKER_REQUESTS environment variable.
+    # The expectation is this variable should only be set on EB worker environments.
+    def self.add_sqsd_middleware(app)
+      is_eb_worker_hosted = Aws::Util.str_2_bool(ENV['AWS_PROCESS_BEANSTALK_WORKER_REQUESTS'].to_s.downcase)
+      return unless is_eb_worker_hosted
+      if app.config.force_ssl
+        # SQS Daemon sends requests over HTTP - allow and process them before enforcing SSL.
+        app.config.middleware.insert_before(ActionDispatch::SSL, Aws::Rails::EbsSqsActiveJobMiddleware)
+      else
+        app.config.middleware.use(Aws::Rails::EbsSqsActiveJobMiddleware)
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-rails
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-06 00:00:00.000000000 Z
+date: 2021-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-record
@@ -124,6 +124,7 @@ files:
 - lib/active_job/queue_adapters/amazon_sqs_async_adapter.rb
 - lib/aws-sdk-rails.rb
 - lib/aws/rails/mailer.rb
+- lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb
 - lib/aws/rails/notifications.rb
 - lib/aws/rails/railtie.rb
 - lib/aws/rails/sqs_active_job/configuration.rb