RubyGems - aws-sdk-rails - Versions diffs - 3.5.0 → 3.6.0 - Mend

aws-sdk-rails 3.5.0 → 3.6.0

Files changed (6) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/lib/aws-sdk-rails.rb +1 -0
data/lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb +92 -0
data/lib/aws/rails/railtie.rb +20 -0
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 06b6734cbbe89bfbec53e688f583d78fb1a1fed48420c0a6b279d0025c8a65d3
-  data.tar.gz: 6a84d18c8fbb5807bb88e1b3c803ed94a72bb6287abc244341dfb1e05a595923
+  metadata.gz: 49d723b9b6fd27217d47fec5d67a8e215eea7249b190dcd724d949539c4fccdc
+  data.tar.gz: 0d99a46f3109fa5ea2950045a4e24ea85f630c9458d510bffe208dca65fcce22
 SHA512:
-  metadata.gz: 339b7acd4cdc666589ec5921ac583b1b8ed17101fedf6637af957ede0863b0aebe025333ddbb8fdb1fe9a491d2f82f76b7cde81d62ad1eab6c58ae34605c8ecf
-  data.tar.gz: c5d8b881c1f5a9521800bc89dd491266088a03dd98845590e5d498e22538baee8f14a014048a3155adcc411a5ded72bc35e02f456097f1d838a4e3cbff905e02
+  metadata.gz: 3411b20bf529a39dc0c3f45259f5b470cf74885a8c87937c5f874714ba0f840c33e6609f9904c673d0879bacddb30e1f8d9d2f8173ca229a7d4d264be6880e05
+  data.tar.gz: e2e4626edffb9ee1be443330ec975875ac97569034d985a551f24557d33c3c09cc6120f4f47a48bad15673f3481d52d5544349f8e2f109127a0714f0354d1b41

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 3.5.0
1	+ 3.6.0

data/lib/aws-sdk-rails.rb CHANGED

@@ -7,6 +7,7 @@ require_relative 'aws/rails/sqs_active_job/configuration'
 require_relative 'aws/rails/sqs_active_job/executor'
 require_relative 'aws/rails/sqs_active_job/job_runner'
 require_relative 'aws/rails/sqs_active_job/lambda_handler'
+require_relative 'aws/rails/middleware/ebs_sqs_active_job_middleware'
 require_relative 'action_dispatch/session/dynamodb_store'
 require_relative 'active_job/queue_adapters/amazon_sqs_adapter'

data/lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb ADDED

@@ -0,0 +1,92 @@
+# frozen_string_literal: true
+module Aws
+  module Rails
+    # Middleware to handle requests from the SQS Daemon present on Elastic Beanstalk worker environments.
+    class EbsSqsActiveJobMiddleware
+      INTERNAL_ERROR_MESSAGE = 'Failed to execute job - see Rails log for more details.'
+      INTERNAL_ERROR_RESPONSE = [500, { 'Content-Type' => 'text/plain' }, [INTERNAL_ERROR_MESSAGE]].freeze
+      FORBIDDEN_MESSAGE = 'Request with aws-sqsd user agent was made from untrusted address.'
+      FORBIDDEN_RESPONSE = [403, { 'Content-Type' => 'text/plain' }, [FORBIDDEN_MESSAGE]].freeze
+      def initialize(app)
+        @app = app
+        @logger = ActiveSupport::Logger.new(STDOUT)
+      end
+      def call(env)
+        request = ActionDispatch::Request.new(env)
+        # Pass through unless user agent is the SQS Daemon
+        return @app.call(env) unless from_sqs_daemon?(request)
+        @logger.debug('aws-rails-sdk middleware detected call from Elastic Beanstalk SQS Daemon.')
+        # Only accept requests from this user agent if it is from localhost or a docker host in case of forgery.
+        unless request.local? || sent_from_docker_host?(request)
+          @logger.warn("SQSD request detected from untrusted address #{request.remote_ip}; returning 403 forbidden.")
+          return FORBIDDEN_RESPONSE
+        end
+        # Execute job or periodic task based on HTTP request context
+        periodic_task?(request) ? execute_periodic_task(request) : execute_job(request)
+      end
+      private
+      def execute_job(request)
+        # Jobs queued from the Active Job SQS adapter contain the JSON message in the request body.
+        job = Aws::Json.load(request.body.string)
+        job_name = job['job_class']
+        @logger.debug("Executing job: #{job_name}")
+        begin
+          ActiveJob::Base.execute(job)
+        rescue NoMethodError, NameError => e
+          @logger.error("Job #{job_name} could not resolve to a class that inherits from Active Job.")
+          @logger.error("Error: #{e}")
+          return INTERNAL_ERROR_RESPONSE
+        end
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran job #{job_name}."]]
+      end
+      def execute_periodic_task(request)
+        # The beanstalk worker SQS Daemon will add the 'X-Aws-Sqsd-Taskname' for periodic tasks set in cron.yaml.
+        job_name = request.headers['X-Aws-Sqsd-Taskname']
+        @logger.debug("Creating and executing periodic task: #{job_name}")
+        begin
+          job = job_name.constantize.new
+          job.perform_now
+        rescue NoMethodError, NameError => e
+          @logger.error("Periodic task #{job_name} could not resolve to an Active Job class - check the spelling in cron.yaml.")
+          @logger.error("Error: #{e}.")
+          return INTERNAL_ERROR_RESPONSE
+        end
+        [200, { 'Content-Type' => 'text/plain' }, ["Successfully ran periodic task #{job_name}."]]
+      end
+      # The beanstalk worker SQS Daemon sets a specific User-Agent headers that begins with 'aws-sqsd'.
+      def from_sqs_daemon?(request)
+        current_user_agent = request.headers['User-Agent']
+        !current_user_agent.nil? && current_user_agent.start_with?('aws-sqsd')
+      end
+      # The beanstalk worker SQS Daemon will add the custom 'X-Aws-Sqsd-Taskname' header for periodic tasks set in cron.yaml.
+      def periodic_task?(request)
+        !request.headers['X-Aws-Sqsd-Taskname'].nil? && request.headers['X-Aws-Sqsd-Taskname'].present?
+      end
+      def sent_from_docker_host?(request)
+        app_runs_in_docker_container? && request.remote_ip == '172.17.0.1'
+      end
+      def app_runs_in_docker_container?
+        @app_runs_in_docker_container ||= `[ -f /proc/1/cgroup ] && cat /proc/1/cgroup` =~ /docker/
+      end
+    end
+  end
+end

data/lib/aws/rails/railtie.rb CHANGED

@@ -13,6 +13,10 @@ module Aws
         Aws::Rails.log_to_rails_logger
       end
+      initializer 'aws-sdk-rails.insert_middleware' do |app|
+        Aws::Rails.add_sqsd_middleware(app)
+      end
       rake_tasks do
         load 'tasks/dynamo_db/session_store.rake'
         load 'tasks/aws_record/migrate.rake'
@@ -64,5 +68,21 @@ module Aws
         end
       end
     end
+    # Register a middleware that will handle requests from the Elastic Beanstalk worker SQS Daemon.
+    # This will only be added in the presence of the AWS_PROCESS_BEANSTALK_WORKER_REQUESTS environment variable.
+    # The expectation is this variable should only be set on EB worker environments.
+    def self.add_sqsd_middleware(app)
+      is_eb_worker_hosted = Aws::Util.str_2_bool(ENV['AWS_PROCESS_BEANSTALK_WORKER_REQUESTS'].to_s.downcase)
+      return unless is_eb_worker_hosted
+      if app.config.force_ssl
+        # SQS Daemon sends requests over HTTP - allow and process them before enforcing SSL.
+        app.config.middleware.insert_before(ActionDispatch::SSL, Aws::Rails::EbsSqsActiveJobMiddleware)
+      else
+        app.config.middleware.use(Aws::Rails::EbsSqsActiveJobMiddleware)
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-rails
 version: !ruby/object:Gem::Version
-  version: 3.5.0
+  version: 3.6.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-06 00:00:00.000000000 Z
+date: 2021-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-record
@@ -124,6 +124,7 @@ files:
 - lib/active_job/queue_adapters/amazon_sqs_async_adapter.rb
 - lib/aws-sdk-rails.rb
 - lib/aws/rails/mailer.rb
+- lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb
 - lib/aws/rails/notifications.rb
 - lib/aws/rails/railtie.rb
 - lib/aws/rails/sqs_active_job/configuration.rb