aws-sdk-rails 3.5.0 → 3.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06b6734cbbe89bfbec53e688f583d78fb1a1fed48420c0a6b279d0025c8a65d3
-  data.tar.gz: 6a84d18c8fbb5807bb88e1b3c803ed94a72bb6287abc244341dfb1e05a595923
+  metadata.gz: 6dcc9e1a5e3c78d6952327013a71e7e1b2516025c9191eafde4751154854b494
+  data.tar.gz: 51eb886b4149c80f585b2ee358a14def1f4c96ab08da36545330518b47442eb5
 SHA512:
-  metadata.gz: 339b7acd4cdc666589ec5921ac583b1b8ed17101fedf6637af957ede0863b0aebe025333ddbb8fdb1fe9a491d2f82f76b7cde81d62ad1eab6c58ae34605c8ecf
-  data.tar.gz: c5d8b881c1f5a9521800bc89dd491266088a03dd98845590e5d498e22538baee8f14a014048a3155adcc411a5ded72bc35e02f456097f1d838a4e3cbff905e02
+  metadata.gz: 6b2a91990771c25123f531e82dc4bc67d6c27c6866ccc219b765eefc38181321f5871f9b9f23189bf8a603a513756e25eb70a47f76858f59a8762798f44e301a
+  data.tar.gz: a336bdcd1e91d0b21df76f8fde5382d1792491e611be00804ac2f03a1a64eaa656295ab6e13675201d79aeb710f91bff955dcbd7b846faeb884dbbd2e64e15c4

data/VERSION

@@ -1 +1 @@
-3.5.0
+3.6.2

data/lib/action_dispatch/session/dynamodb_store.rb

@@ -1,4 +1,5 @@
 require 'aws-sessionstore-dynamodb'
+require 'action_dispatch/middleware/session/abstract_store'
 
 module ActionDispatch
   module Session
@@ -9,11 +10,14 @@ module ActionDispatch
     # This class will use the Rails secret_key_base unless otherwise provided.
     #
     # Configuration can also be provided in YAML files from Rails config, either
-    # in "config/session_store.yml" or "config/session_store/#{Rails.env}.yml".
+    # in "config/session_store.yml" or "config/session_store/#\\{Rails.env}.yml".
     # Configuration files that are environment-specific will take precedence.
     #
     # @see https://docs.aws.amazon.com/sdk-for-ruby/aws-sessionstore-dynamodb/api/Aws/SessionStore/DynamoDB/Configuration.html
     class DynamodbStore < Aws::SessionStore::DynamoDB::RackMiddleware
+      include StaleSessionCheck
+      include SessionObject
+
       def initialize(app, options = {})
         options[:config_file] ||= config_file if config_file.exist?
         options[:secret_key] ||= Rails.application.secret_key_base

data/lib/active_job/queue_adapters/amazon_sqs_adapter.rb

@@ -30,13 +30,15 @@ module ActiveJob
           # job_id is unique per initialization of job
           # Remove it from message dup id to ensure run-once behavior
           # with ActiveJob retries
-           send_message_opts[:message_deduplication_id] =
-             Digest::SHA256.hexdigest(
-               Aws::Json.dump(body.except('job_id'))
-             )
+          send_message_opts[:message_deduplication_id] =
+            Digest::SHA256.hexdigest(Aws::Json.dump(body.except('job_id')))
 
-           send_message_opts[:message_group_id] = Aws::Rails::SqsActiveJob.config.message_group_id
+          message_group_id = job.message_group_id if job.respond_to?(:message_group_id)
+          message_group_id ||= Aws::Rails::SqsActiveJob.config.message_group_id
+
+          send_message_opts[:message_group_id] = message_group_id
         end
+
         Aws::Rails::SqsActiveJob.config.client.send_message(send_message_opts)
       end
 

data/lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+
+module Aws
+  module Rails
+    # Middleware to handle requests from the SQS Daemon present on Elastic Beanstalk worker environments.
+    class EbsSqsActiveJobMiddleware
+      INTERNAL_ERROR_MESSAGE = 'Failed to execute job - see Rails log for more details.'
+      INTERNAL_ERROR_RESPONSE = [500, { 'Content-Type' => 'text/plain' }, [INTERNAL_ERROR_MESSAGE]].freeze
+      FORBIDDEN_MESSAGE = 'Request with aws-sqsd user agent was made from untrusted address.'
+      FORBIDDEN_RESPONSE = [403, { 'Content-Type' => 'text/plain' }, [FORBIDDEN_MESSAGE]].freeze
+
+      def initialize(app)
+        @app = app
+        @logger = ::Rails.logger
+      end
+
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+
+        # Pass through unless user agent is the SQS Daemon
+        return @app.call(env) unless from_sqs_daemon?(request)
+
+        @logger.debug('aws-sdk-rails middleware detected call from Elastic Beanstalk SQS Daemon.')
+
+        # Only accept requests from this user agent if it is from localhost or a docker host in case of forgery.
+        unless request.local? || sent_from_docker_host?(request)
+          @logger.warn("SQSD request detected from untrusted address #{request.remote_ip}; returning 403 forbidden.")
+          return FORBIDDEN_RESPONSE
+        end
+
+        # Execute job or periodic task based on HTTP request context
+        periodic_task?(request) ? execute_periodic_task(request) : execute_job(request)
+      end
+
+      private
+
+      def execute_job(request)
+        # Jobs queued from the Active Job SQS adapter contain the JSON message in the request body.
+        job = Aws::Json.load(request.body.string)
+        job_name = job['job_class']
+        @logger.debug("Executing job: #{job_name}")
+
+        begin
+          ActiveJob::Base.execute(job)
+        rescue NoMethodError, NameError => e
+          @logger.error("Job #{job_name} could not resolve to a class that inherits from Active Job.")
+          @logger.error("Error: #{e}")
+          return INTERNAL_ERROR_RESPONSE
+        end
+
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran job #{job_name}."]]
+      end
+
+      def execute_periodic_task(request)
+        # The beanstalk worker SQS Daemon will add the 'X-Aws-Sqsd-Taskname' for periodic tasks set in cron.yaml.
+        job_name = request.headers['X-Aws-Sqsd-Taskname']
+        @logger.debug("Creating and executing periodic task: #{job_name}")
+
+        begin
+          job = job_name.constantize.new
+          job.perform_now
+        rescue NoMethodError, NameError => e
+          @logger.error("Periodic task #{job_name} could not resolve to an Active Job class - check the spelling in cron.yaml.")
+          @logger.error("Error: #{e}.")
+          return INTERNAL_ERROR_RESPONSE
+        end
+
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran periodic task #{job_name}."]]
+      end
+
+      # The beanstalk worker SQS Daemon sets a specific User-Agent headers that begins with 'aws-sqsd'.
+      def from_sqs_daemon?(request)
+        current_user_agent = request.headers['User-Agent']
+
+        !current_user_agent.nil? && current_user_agent.start_with?('aws-sqsd')
+      end
+
+      # The beanstalk worker SQS Daemon will add the custom 'X-Aws-Sqsd-Taskname' header for periodic tasks set in cron.yaml.
+      def periodic_task?(request)
+        !request.headers['X-Aws-Sqsd-Taskname'].nil? && request.headers['X-Aws-Sqsd-Taskname'].present?
+      end
+
+      def sent_from_docker_host?(request)
+        app_runs_in_docker_container? && request.remote_ip == '172.17.0.1'
+      end
+
+      def app_runs_in_docker_container?
+        @app_runs_in_docker_container ||= `[ -f /proc/1/cgroup ] && cat /proc/1/cgroup` =~ /docker/
+      end
+    end
+  end
+end

data/lib/aws/rails/railtie.rb

@@ -13,6 +13,10 @@ module Aws
         Aws::Rails.log_to_rails_logger
       end
 
+      initializer 'aws-sdk-rails.insert_middleware' do |app|
+        Aws::Rails.add_sqsd_middleware(app)
+      end
+
       rake_tasks do
         load 'tasks/dynamo_db/session_store.rake'
         load 'tasks/aws_record/migrate.rake'
@@ -44,10 +48,7 @@ module Aws
       aws_credential_keys = %i[access_key_id secret_access_key session_token]
 
       Aws.config.merge!(
-        ::Rails.application
-          .try(:credentials)
-          .try(:aws)
-          .to_h.slice(*aws_credential_keys)
+        ::Rails.application.credentials[:aws].to_h.slice(*aws_credential_keys)
       )
     end
 
@@ -64,5 +65,21 @@ module Aws
         end
       end
     end
+
+    # Register a middleware that will handle requests from the Elastic Beanstalk worker SQS Daemon.
+    # This will only be added in the presence of the AWS_PROCESS_BEANSTALK_WORKER_REQUESTS environment variable.
+    # The expectation is this variable should only be set on EB worker environments.
+    def self.add_sqsd_middleware(app)
+      is_eb_worker_hosted = Aws::Util.str_2_bool(ENV['AWS_PROCESS_BEANSTALK_WORKER_REQUESTS'].to_s.downcase)
+
+      return unless is_eb_worker_hosted
+
+      if app.config.force_ssl
+        # SQS Daemon sends requests over HTTP - allow and process them before enforcing SSL.
+        app.config.middleware.insert_before(ActionDispatch::SSL, Aws::Rails::EbsSqsActiveJobMiddleware)
+      else
+        app.config.middleware.use(Aws::Rails::EbsSqsActiveJobMiddleware)
+      end
+    end
   end
 end

data/lib/aws-sdk-rails.rb

@@ -7,6 +7,7 @@ require_relative 'aws/rails/sqs_active_job/configuration'
 require_relative 'aws/rails/sqs_active_job/executor'
 require_relative 'aws/rails/sqs_active_job/job_runner'
 require_relative 'aws/rails/sqs_active_job/lambda_handler'
+require_relative 'aws/rails/middleware/ebs_sqs_active_job_middleware'
 
 require_relative 'action_dispatch/session/dynamodb_store'
 require_relative 'active_job/queue_adapters/amazon_sqs_adapter'

data/lib/generators/aws_record/model/model_generator.rb

@@ -9,11 +9,11 @@ module AwsRecord
       end
 
       def create_model
-        template "model.rb", File.join("app/models", class_path, "#{file_name}.rb")
+        template "model.erb", File.join("app/models", class_path, "#{file_name}.rb")
       end
 
       def create_table_config
-        template "table_config.rb", File.join("db/table_config", class_path, "#{file_name}_config.rb") if options["table_config"]
+        template "table_config.erb", File.join("db/table_config", class_path, "#{file_name}_config.rb") if options["table_config"]
       end
 
     end

data/lib/generators/dynamo_db/session_store_migration/session_store_migration_generator.rb

@@ -18,7 +18,7 @@ module DynamoDb
       #   of a DynamoDB session table.
       def generate_migration_file
         migration_template(
-          'session_store_migration.rb',
+          'session_store_migration.erb',
           "db/migrate/#{name.underscore}.rb"
         )
       end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-rails
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.2
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-06 00:00:00.000000000 Z
+date: 2022-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-record
@@ -124,6 +124,7 @@ files:
 - lib/active_job/queue_adapters/amazon_sqs_async_adapter.rb
 - lib/aws-sdk-rails.rb
 - lib/aws/rails/mailer.rb
+- lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb
 - lib/aws/rails/notifications.rb
 - lib/aws/rails/railtie.rb
 - lib/aws/rails/sqs_active_job/configuration.rb
@@ -135,13 +136,13 @@ files:
 - lib/generators/aws_record/generated_attribute.rb
 - lib/generators/aws_record/model/USAGE
 - lib/generators/aws_record/model/model_generator.rb
-- lib/generators/aws_record/model/templates/model.rb
-- lib/generators/aws_record/model/templates/table_config.rb
+- lib/generators/aws_record/model/templates/model.erb
+- lib/generators/aws_record/model/templates/table_config.erb
 - lib/generators/aws_record/secondary_index.rb
 - lib/generators/dynamo_db/session_store_migration/USAGE
 - lib/generators/dynamo_db/session_store_migration/session_store_migration_generator.rb
 - lib/generators/dynamo_db/session_store_migration/templates/dynamo_db_session_store.yml
-- lib/generators/dynamo_db/session_store_migration/templates/session_store_migration.rb
+- lib/generators/dynamo_db/session_store_migration/templates/session_store_migration.erb
 - lib/tasks/aws_record/migrate.rake
 - lib/tasks/dynamo_db/session_store.rake
 homepage: https://github.com/aws/aws-sdk-rails
@@ -163,7 +164,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.2.7
 signing_key:
 specification_version: 4
 summary: AWS SDK for Ruby on Rails Plugin