deploy-agent 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/deploy_agent.rb +10 -1
- data/lib/deploy_agent/certificate_manager.rb +5 -2
- data/lib/deploy_agent/cli.rb +23 -7
- data/lib/deploy_agent/server_connection.rb +15 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a41327831b4a0f98c160aede42a5c71b694e012e
|
|
4
|
+
data.tar.gz: 7bf66283175fb01c1b0dff0daf87328e0d1f7fd3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f9f3f9099ab483e3ab9f20f52e095b8821a0146f2bbfad70cc7084a5356d43a0859d1263c692424148a8e2d3edd84f57df36d9d2420c4ba49974e2d01b638e7f
|
|
7
|
+
data.tar.gz: 7f9f3fc08beb0ced4b97f6f4e601e75ebb53fdbcdfc6d341ebfabb2d729aea14129bd9acf24191ad3e81ce7decb021c09c813482fe4b6102207afcf9cb4ed3b3
|
data/lib/deploy_agent.rb
CHANGED
|
@@ -8,7 +8,16 @@ module DeployAgent
|
|
|
8
8
|
CONFIG_PATH = File.expand_path('~/.deploy')
|
|
9
9
|
CERTIFICATE_PATH = File.expand_path('~/.deploy/agent.crt')
|
|
10
10
|
KEY_PATH = File.expand_path('~/.deploy/agent.key')
|
|
11
|
-
CA_PATH = File.expand_path('~/.deploy/ca.crt')
|
|
12
11
|
PID_PATH = File.expand_path('~/.deploy/agent.pid')
|
|
13
12
|
LOG_PATH = File.expand_path('~/.deploy/agent.log')
|
|
13
|
+
ACCESS_PATH = File.expand_path('~/.deploy/agent.access')
|
|
14
|
+
CA_PATH = File.expand_path('../../ca.crt', __FILE__)
|
|
15
|
+
|
|
16
|
+
def self.allowed_destinations
|
|
17
|
+
destinations = File.read(ACCESS_PATH)
|
|
18
|
+
destinations = destinations.split(/\n/).map(&:strip)
|
|
19
|
+
destinations = destinations.reject { |n| n == '' || n[0] == '#' }
|
|
20
|
+
destinations = destinations.map { |l| l.split(' ', 2)[0] }
|
|
21
|
+
return destinations
|
|
22
|
+
end
|
|
14
23
|
end
|
|
@@ -12,6 +12,11 @@ module DeployAgent
|
|
|
12
12
|
end
|
|
13
13
|
|
|
14
14
|
def generate_certificate
|
|
15
|
+
FileUtils.mkdir_p(CONFIG_PATH)
|
|
16
|
+
unless File.file?(ACCESS_PATH)
|
|
17
|
+
File.write(ACCESS_PATH, "# This file contains a list of host and network addresses the Deploy agent\n # will allow connections to. Add IPs or networks (CIDR format) as needed.\n\n# Allow deployments to localhost\n127.0.0.1\n::1\n")
|
|
18
|
+
end
|
|
19
|
+
|
|
15
20
|
puts 'This tool will assist you in generating a certificate for your Deploy agent.'
|
|
16
21
|
puts
|
|
17
22
|
if File.file?(CERTIFICATE_PATH)
|
|
@@ -51,8 +56,6 @@ module DeployAgent
|
|
|
51
56
|
response = http.request request
|
|
52
57
|
response_hash = JSON.parse(response.body)
|
|
53
58
|
if response_hash['status'] == 'success'
|
|
54
|
-
FileUtils.mkdir_p(CONFIG_PATH)
|
|
55
|
-
File.write(CA_PATH, response_hash['data']['ca'])
|
|
56
59
|
File.write(CERTIFICATE_PATH, response_hash['data']['certificate'])
|
|
57
60
|
File.write(KEY_PATH, response_hash['data']['private_key'])
|
|
58
61
|
puts
|
data/lib/deploy_agent/cli.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'ipaddr'
|
|
2
|
+
|
|
1
3
|
module DeployAgent
|
|
2
4
|
class CLI
|
|
3
5
|
|
|
@@ -14,13 +16,6 @@ module DeployAgent
|
|
|
14
16
|
CertificateManager.new.generate_certificate
|
|
15
17
|
end
|
|
16
18
|
|
|
17
|
-
def ensure_configured
|
|
18
|
-
unless File.file?(CERTIFICATE_PATH)
|
|
19
|
-
puts 'Deploy agent is not configured. Please run "deploy-agent setup" first.'
|
|
20
|
-
Process.exit(1)
|
|
21
|
-
end
|
|
22
|
-
end
|
|
23
|
-
|
|
24
19
|
def restart
|
|
25
20
|
stop
|
|
26
21
|
while(is_running?)
|
|
@@ -70,8 +65,29 @@ module DeployAgent
|
|
|
70
65
|
Agent.new.run
|
|
71
66
|
end
|
|
72
67
|
|
|
68
|
+
def accesslist
|
|
69
|
+
puts "Access list:"
|
|
70
|
+
DeployAgent.allowed_destinations.each do |destination|
|
|
71
|
+
begin
|
|
72
|
+
IPAddr.new(destination)
|
|
73
|
+
puts " - " + destination
|
|
74
|
+
rescue IPAddr::InvalidAddressError
|
|
75
|
+
puts " - " + destination + " (INVALID)"
|
|
76
|
+
end
|
|
77
|
+
end
|
|
78
|
+
puts
|
|
79
|
+
puts "To edit the list of allowed servers, please modify " + ACCESS_PATH
|
|
80
|
+
end
|
|
81
|
+
|
|
73
82
|
private
|
|
74
83
|
|
|
84
|
+
def ensure_configured
|
|
85
|
+
unless File.file?(CERTIFICATE_PATH) && File.file?(ACCESS_PATH)
|
|
86
|
+
puts 'Deploy agent is not configured. Please run "deploy-agent setup" first.'
|
|
87
|
+
Process.exit(1)
|
|
88
|
+
end
|
|
89
|
+
end
|
|
90
|
+
|
|
75
91
|
def is_running?
|
|
76
92
|
if pid = pid_from_file
|
|
77
93
|
Process.kill(0, pid)
|
|
@@ -21,7 +21,7 @@ module DeployAgent
|
|
|
21
21
|
|
|
22
22
|
# Configure an OpenSSL context with server vertification
|
|
23
23
|
ctx = OpenSSL::SSL::SSLContext.new
|
|
24
|
-
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
|
24
|
+
ctx.verify_mode = check_certificate ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
|
25
25
|
# Load the agent certificate and key used to authenticate this agent
|
|
26
26
|
ctx.cert = OpenSSL::X509::Certificate.new(File.read(CERTIFICATE_PATH))
|
|
27
27
|
ctx.key = OpenSSL::PKey::RSA.new(File.read(KEY_PATH))
|
|
@@ -70,6 +70,8 @@ module DeployAgent
|
|
|
70
70
|
id = packet[1,2].unpack('n')[0]
|
|
71
71
|
host, port = packet[3..-1].split('/', 2)
|
|
72
72
|
@agent.logger.info "[#{id}] Connection request from server: #{host}:#{port}"
|
|
73
|
+
return send_connection_error(id, "Destination address not allowed") unless destination_allowed?(host)
|
|
74
|
+
|
|
73
75
|
begin
|
|
74
76
|
# Create conenction to the final destination and save info by id
|
|
75
77
|
@destination_connections[id] = DestinationConnection.new(host, port, id, @nio_selector, self)
|
|
@@ -108,6 +110,18 @@ module DeployAgent
|
|
|
108
110
|
close
|
|
109
111
|
end
|
|
110
112
|
|
|
113
|
+
def destination_allowed?(destination)
|
|
114
|
+
return false unless File.file?(ACCESS_PATH)
|
|
115
|
+
DeployAgent.allowed_destinations.each do |network|
|
|
116
|
+
begin
|
|
117
|
+
return true if IPAddr.new(network).include?(destination)
|
|
118
|
+
rescue IPAddr::InvalidAddressError
|
|
119
|
+
# Not a valid IP or netmask, deny and continue
|
|
120
|
+
end
|
|
121
|
+
end
|
|
122
|
+
false
|
|
123
|
+
end
|
|
124
|
+
|
|
111
125
|
# Notify server of successful connection
|
|
112
126
|
def send_connection_success(id)
|
|
113
127
|
send_packet([2, id, 0].pack('CnC'))
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: deploy-agent
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- aTech Media
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-03-
|
|
11
|
+
date: 2017-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: nio4r
|