deploy-agent 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/deploy_agent.rb +10 -1
- data/lib/deploy_agent/certificate_manager.rb +5 -2
- data/lib/deploy_agent/cli.rb +23 -7
- data/lib/deploy_agent/server_connection.rb +15 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a41327831b4a0f98c160aede42a5c71b694e012e
|
4
|
+
data.tar.gz: 7bf66283175fb01c1b0dff0daf87328e0d1f7fd3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f9f3f9099ab483e3ab9f20f52e095b8821a0146f2bbfad70cc7084a5356d43a0859d1263c692424148a8e2d3edd84f57df36d9d2420c4ba49974e2d01b638e7f
|
7
|
+
data.tar.gz: 7f9f3fc08beb0ced4b97f6f4e601e75ebb53fdbcdfc6d341ebfabb2d729aea14129bd9acf24191ad3e81ce7decb021c09c813482fe4b6102207afcf9cb4ed3b3
|
data/lib/deploy_agent.rb
CHANGED
@@ -8,7 +8,16 @@ module DeployAgent
|
|
8
8
|
CONFIG_PATH = File.expand_path('~/.deploy')
|
9
9
|
CERTIFICATE_PATH = File.expand_path('~/.deploy/agent.crt')
|
10
10
|
KEY_PATH = File.expand_path('~/.deploy/agent.key')
|
11
|
-
CA_PATH = File.expand_path('~/.deploy/ca.crt')
|
12
11
|
PID_PATH = File.expand_path('~/.deploy/agent.pid')
|
13
12
|
LOG_PATH = File.expand_path('~/.deploy/agent.log')
|
13
|
+
ACCESS_PATH = File.expand_path('~/.deploy/agent.access')
|
14
|
+
CA_PATH = File.expand_path('../../ca.crt', __FILE__)
|
15
|
+
|
16
|
+
def self.allowed_destinations
|
17
|
+
destinations = File.read(ACCESS_PATH)
|
18
|
+
destinations = destinations.split(/\n/).map(&:strip)
|
19
|
+
destinations = destinations.reject { |n| n == '' || n[0] == '#' }
|
20
|
+
destinations = destinations.map { |l| l.split(' ', 2)[0] }
|
21
|
+
return destinations
|
22
|
+
end
|
14
23
|
end
|
@@ -12,6 +12,11 @@ module DeployAgent
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def generate_certificate
|
15
|
+
FileUtils.mkdir_p(CONFIG_PATH)
|
16
|
+
unless File.file?(ACCESS_PATH)
|
17
|
+
File.write(ACCESS_PATH, "# This file contains a list of host and network addresses the Deploy agent\n # will allow connections to. Add IPs or networks (CIDR format) as needed.\n\n# Allow deployments to localhost\n127.0.0.1\n::1\n")
|
18
|
+
end
|
19
|
+
|
15
20
|
puts 'This tool will assist you in generating a certificate for your Deploy agent.'
|
16
21
|
puts
|
17
22
|
if File.file?(CERTIFICATE_PATH)
|
@@ -51,8 +56,6 @@ module DeployAgent
|
|
51
56
|
response = http.request request
|
52
57
|
response_hash = JSON.parse(response.body)
|
53
58
|
if response_hash['status'] == 'success'
|
54
|
-
FileUtils.mkdir_p(CONFIG_PATH)
|
55
|
-
File.write(CA_PATH, response_hash['data']['ca'])
|
56
59
|
File.write(CERTIFICATE_PATH, response_hash['data']['certificate'])
|
57
60
|
File.write(KEY_PATH, response_hash['data']['private_key'])
|
58
61
|
puts
|
data/lib/deploy_agent/cli.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'ipaddr'
|
2
|
+
|
1
3
|
module DeployAgent
|
2
4
|
class CLI
|
3
5
|
|
@@ -14,13 +16,6 @@ module DeployAgent
|
|
14
16
|
CertificateManager.new.generate_certificate
|
15
17
|
end
|
16
18
|
|
17
|
-
def ensure_configured
|
18
|
-
unless File.file?(CERTIFICATE_PATH)
|
19
|
-
puts 'Deploy agent is not configured. Please run "deploy-agent setup" first.'
|
20
|
-
Process.exit(1)
|
21
|
-
end
|
22
|
-
end
|
23
|
-
|
24
19
|
def restart
|
25
20
|
stop
|
26
21
|
while(is_running?)
|
@@ -70,8 +65,29 @@ module DeployAgent
|
|
70
65
|
Agent.new.run
|
71
66
|
end
|
72
67
|
|
68
|
+
def accesslist
|
69
|
+
puts "Access list:"
|
70
|
+
DeployAgent.allowed_destinations.each do |destination|
|
71
|
+
begin
|
72
|
+
IPAddr.new(destination)
|
73
|
+
puts " - " + destination
|
74
|
+
rescue IPAddr::InvalidAddressError
|
75
|
+
puts " - " + destination + " (INVALID)"
|
76
|
+
end
|
77
|
+
end
|
78
|
+
puts
|
79
|
+
puts "To edit the list of allowed servers, please modify " + ACCESS_PATH
|
80
|
+
end
|
81
|
+
|
73
82
|
private
|
74
83
|
|
84
|
+
def ensure_configured
|
85
|
+
unless File.file?(CERTIFICATE_PATH) && File.file?(ACCESS_PATH)
|
86
|
+
puts 'Deploy agent is not configured. Please run "deploy-agent setup" first.'
|
87
|
+
Process.exit(1)
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
75
91
|
def is_running?
|
76
92
|
if pid = pid_from_file
|
77
93
|
Process.kill(0, pid)
|
@@ -21,7 +21,7 @@ module DeployAgent
|
|
21
21
|
|
22
22
|
# Configure an OpenSSL context with server vertification
|
23
23
|
ctx = OpenSSL::SSL::SSLContext.new
|
24
|
-
ctx.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
24
|
+
ctx.verify_mode = check_certificate ? OpenSSL::SSL::VERIFY_PEER : OpenSSL::SSL::VERIFY_NONE
|
25
25
|
# Load the agent certificate and key used to authenticate this agent
|
26
26
|
ctx.cert = OpenSSL::X509::Certificate.new(File.read(CERTIFICATE_PATH))
|
27
27
|
ctx.key = OpenSSL::PKey::RSA.new(File.read(KEY_PATH))
|
@@ -70,6 +70,8 @@ module DeployAgent
|
|
70
70
|
id = packet[1,2].unpack('n')[0]
|
71
71
|
host, port = packet[3..-1].split('/', 2)
|
72
72
|
@agent.logger.info "[#{id}] Connection request from server: #{host}:#{port}"
|
73
|
+
return send_connection_error(id, "Destination address not allowed") unless destination_allowed?(host)
|
74
|
+
|
73
75
|
begin
|
74
76
|
# Create conenction to the final destination and save info by id
|
75
77
|
@destination_connections[id] = DestinationConnection.new(host, port, id, @nio_selector, self)
|
@@ -108,6 +110,18 @@ module DeployAgent
|
|
108
110
|
close
|
109
111
|
end
|
110
112
|
|
113
|
+
def destination_allowed?(destination)
|
114
|
+
return false unless File.file?(ACCESS_PATH)
|
115
|
+
DeployAgent.allowed_destinations.each do |network|
|
116
|
+
begin
|
117
|
+
return true if IPAddr.new(network).include?(destination)
|
118
|
+
rescue IPAddr::InvalidAddressError
|
119
|
+
# Not a valid IP or netmask, deny and continue
|
120
|
+
end
|
121
|
+
end
|
122
|
+
false
|
123
|
+
end
|
124
|
+
|
111
125
|
# Notify server of successful connection
|
112
126
|
def send_connection_success(id)
|
113
127
|
send_packet([2, id, 0].pack('CnC'))
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: deploy-agent
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- aTech Media
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-03-
|
11
|
+
date: 2017-03-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: nio4r
|