legionio 1.7.25 → 1.7.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/lib/legion/service.rb +46 -7
- data/lib/legion/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 010545b8c47b9d866f1f5da8597e82f2e94bcd7c2a065f8aa97a9383f34325df
|
|
4
|
+
data.tar.gz: 7e75584a9fdf08247ec2e8834584a25499f1150814d6888701adea1689a85c37
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 582fd272567d6bcca36b3d9fa8eff39b123f8c664f557a3a26d832bde3756e9c5d32d94693533d31d6231ff9d3f77201d067c3b8e26c9fd416888245993c0dc7
|
|
7
|
+
data.tar.gz: fc1f7f556c6f7cb5c4a24b8733fc23032a3cc54561ccb0d40fba8189190a424e58c84412824d5e195c870b05015ecc93f398fd74948f8fce837f842a63641e41
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
# Legion Changelog
|
|
2
2
|
|
|
3
|
+
## [1.7.26] - 2026-04-07
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
- Phase 5 Credential Scoping — service.rb integration (§8 of `docs/plans/2026-04-07-credential-scoping-design.md`)
|
|
7
|
+
- Boot: call `Legion::Crypt.fetch_bootstrap_rmq_creds` after `Crypt.start` to acquire short-lived bootstrap RMQ credentials from Vault before transport connects (no-op when `dynamic_rmq_creds: false`)
|
|
8
|
+
- `setup_identity`: after identity resolves, call `Legion::Crypt.swap_to_identity_creds(mode:)` to swap from bootstrap to identity-scoped RMQ credentials — gated on `vault_connected? && dynamic_rmq_creds? && !lite?`; fallback identity still gets scoped creds
|
|
9
|
+
- `shutdown`: call `Legion::Crypt.revoke_bootstrap_lease` before Crypt shutdown for defense-in-depth lease cleanup
|
|
10
|
+
- `reload`: call `fetch_bootstrap_rmq_creds` after Crypt.start, `resolve_secrets!` after settings reload, and `setup_identity` (replacing static `mark_ready(:identity)`) so reloaded processes acquire identity-scoped credentials
|
|
11
|
+
- Specs for all Phase 5 service.rb integration paths: boot credential fetch, identity swap per mode, vault/flag/lite guards, swap failure recovery, shutdown revocation, reload credential flow
|
|
12
|
+
|
|
3
13
|
## [1.7.25] - 2026-04-06
|
|
4
14
|
|
|
5
15
|
### Added
|
data/lib/legion/service.rb
CHANGED
|
@@ -56,6 +56,9 @@ module Legion
|
|
|
56
56
|
Legion::Crypt.start
|
|
57
57
|
Legion::Readiness.mark_ready(:crypt)
|
|
58
58
|
setup_mtls_rotation
|
|
59
|
+
# Phase 5: fetch short-lived bootstrap RMQ creds from Vault before transport connects.
|
|
60
|
+
# Service is the authoritative gate (vault_connected? + dynamic_rmq_creds?).
|
|
61
|
+
fetch_phase5_bootstrap_creds unless Legion::Mode.respond_to?(:lite?) && Legion::Mode.lite?
|
|
59
62
|
end
|
|
60
63
|
|
|
61
64
|
Legion::Settings.resolve_secrets!
|
|
@@ -480,7 +483,7 @@ module Legion
|
|
|
480
483
|
log.info 'Legion::Transport connected'
|
|
481
484
|
end
|
|
482
485
|
|
|
483
|
-
def setup_identity
|
|
486
|
+
def setup_identity # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
484
487
|
require_relative 'identity/process'
|
|
485
488
|
require_relative 'identity/broker'
|
|
486
489
|
require_relative 'identity/lease'
|
|
@@ -495,6 +498,18 @@ module Legion
|
|
|
495
498
|
log.info "[Identity] fallback identity: #{Legion::Identity::Process.canonical_name}"
|
|
496
499
|
end
|
|
497
500
|
|
|
501
|
+
# Phase 5: Swap from bootstrap RMQ credentials to identity-scoped credentials.
|
|
502
|
+
# Gate on vault_connected? + dynamic_rmq_creds? — NOT on resolved? (fallback identity
|
|
503
|
+
# still needs scoped creds via the mode-based role).
|
|
504
|
+
if defined?(Legion::Crypt) &&
|
|
505
|
+
Legion::Crypt.respond_to?(:vault_connected?) && Legion::Crypt.vault_connected? &&
|
|
506
|
+
Legion::Crypt.respond_to?(:dynamic_rmq_creds?) && Legion::Crypt.dynamic_rmq_creds? &&
|
|
507
|
+
Legion::Crypt.respond_to?(:swap_to_identity_creds) &&
|
|
508
|
+
!Legion::Mode.lite?
|
|
509
|
+
log.info '[Identity] swapping to identity-scoped RMQ credentials'
|
|
510
|
+
Legion::Crypt.swap_to_identity_creds(mode: Legion::Mode.current)
|
|
511
|
+
end
|
|
512
|
+
|
|
498
513
|
# Re-resolve secrets for any identity-scoped lease:// refs (task 2.25)
|
|
499
514
|
Legion::Settings.resolve_secrets! if Legion::Settings.respond_to?(:resolve_secrets!)
|
|
500
515
|
|
|
@@ -702,7 +717,7 @@ module Legion
|
|
|
702
717
|
handle_exception(e, level: :warn, operation: 'service.shutdown_api')
|
|
703
718
|
end
|
|
704
719
|
|
|
705
|
-
def shutdown # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
|
|
720
|
+
def shutdown # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/AbcSize, Metrics/MethodLength
|
|
706
721
|
log.info('Legion::Service.shutdown was called')
|
|
707
722
|
@shutdown = true
|
|
708
723
|
Legion::Settings[:client][:shutting_down] = true
|
|
@@ -767,7 +782,12 @@ module Legion
|
|
|
767
782
|
Legion::Readiness.mark_not_ready(:transport)
|
|
768
783
|
|
|
769
784
|
shutdown_mtls_rotation
|
|
770
|
-
|
|
785
|
+
# Phase 5: Revoke bootstrap RMQ lease on clean shutdown (defense-in-depth;
|
|
786
|
+
# lease expires naturally if process crashes before identity swap).
|
|
787
|
+
shutdown_component('Crypt bootstrap lease') do
|
|
788
|
+
Legion::Crypt.revoke_bootstrap_lease if defined?(Legion::Crypt) && Legion::Crypt.respond_to?(:revoke_bootstrap_lease)
|
|
789
|
+
end
|
|
790
|
+
shutdown_component('Crypt') { Legion::Crypt.shutdown if defined?(Legion::Crypt) }
|
|
771
791
|
Legion::Readiness.mark_not_ready(:crypt)
|
|
772
792
|
|
|
773
793
|
Legion::Settings[:client][:ready] = false
|
|
@@ -807,7 +827,7 @@ module Legion
|
|
|
807
827
|
shutdown_component('Transport') { Legion::Transport::Connection.shutdown }
|
|
808
828
|
Legion::Readiness.mark_not_ready(:transport)
|
|
809
829
|
|
|
810
|
-
shutdown_component('Crypt') { Legion::Crypt.shutdown }
|
|
830
|
+
shutdown_component('Crypt') { Legion::Crypt.shutdown if defined?(Legion::Crypt) }
|
|
811
831
|
Legion::Readiness.mark_not_ready(:crypt)
|
|
812
832
|
|
|
813
833
|
Legion::Readiness.wait_until_not_ready(:transport, :data, :cache, :crypt)
|
|
@@ -816,7 +836,12 @@ module Legion
|
|
|
816
836
|
Legion::Readiness.mark_ready(:settings)
|
|
817
837
|
|
|
818
838
|
Legion::Crypt.start if defined?(Legion::Crypt)
|
|
819
|
-
Legion::Readiness.mark_ready(:crypt)
|
|
839
|
+
Legion::Readiness.mark_ready(:crypt) if defined?(Legion::Crypt)
|
|
840
|
+
# Phase 5: fetch bootstrap RMQ creds after Vault reconnects on reload.
|
|
841
|
+
fetch_phase5_bootstrap_creds unless Legion::Mode.lite?
|
|
842
|
+
|
|
843
|
+
# Resolve lease:// URIs with freshly loaded settings + new Vault token.
|
|
844
|
+
Legion::Settings.resolve_secrets! if Legion::Settings.respond_to?(:resolve_secrets!)
|
|
820
845
|
|
|
821
846
|
setup_transport
|
|
822
847
|
Legion::Readiness.mark_ready(:transport)
|
|
@@ -858,7 +883,9 @@ module Legion
|
|
|
858
883
|
Legion::Readiness.mark_skipped(:gaia)
|
|
859
884
|
end
|
|
860
885
|
|
|
861
|
-
|
|
886
|
+
# Phase 5: re-run identity resolution + credential swap so the reloaded
|
|
887
|
+
# process gets identity-scoped RMQ creds (not stale bootstrap creds).
|
|
888
|
+
setup_identity
|
|
862
889
|
|
|
863
890
|
setup_supervision
|
|
864
891
|
load_extensions
|
|
@@ -868,7 +895,7 @@ module Legion
|
|
|
868
895
|
|
|
869
896
|
register_core_tools
|
|
870
897
|
|
|
871
|
-
Legion::Crypt.cs
|
|
898
|
+
Legion::Crypt.cs if defined?(Legion::Crypt)
|
|
872
899
|
setup_apm if @api_enabled
|
|
873
900
|
setup_api if @api_enabled
|
|
874
901
|
|
|
@@ -1027,6 +1054,18 @@ module Legion
|
|
|
1027
1054
|
|
|
1028
1055
|
private
|
|
1029
1056
|
|
|
1057
|
+
# Phase 5: fetch short-lived bootstrap RMQ credentials from Vault.
|
|
1058
|
+
# Called after Crypt.start (boot) and after Crypt.start (reload).
|
|
1059
|
+
# Service owns the gate so Crypt.fetch_bootstrap_rmq_creds can be unconditional.
|
|
1060
|
+
def fetch_phase5_bootstrap_creds
|
|
1061
|
+
return unless defined?(Legion::Crypt)
|
|
1062
|
+
return unless Legion::Crypt.respond_to?(:fetch_bootstrap_rmq_creds)
|
|
1063
|
+
return unless Legion::Crypt.respond_to?(:vault_connected?) && Legion::Crypt.vault_connected?
|
|
1064
|
+
return unless Legion::Crypt.respond_to?(:dynamic_rmq_creds?) && Legion::Crypt.dynamic_rmq_creds?
|
|
1065
|
+
|
|
1066
|
+
Legion::Crypt.fetch_bootstrap_rmq_creds
|
|
1067
|
+
end
|
|
1068
|
+
|
|
1030
1069
|
def resolve_identity_providers
|
|
1031
1070
|
# Phase 4 adds lex-identity-* providers. For now, check if any are loaded.
|
|
1032
1071
|
return false unless defined?(Legion::Extensions)
|
data/lib/legion/version.rb
CHANGED