legionio 1.5.6 → 1.5.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/legion/service.rb +30 -0
- data/lib/legion/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f1b428e7647279cf546f324872dfcc8a4cfaa18cd86239295d6d970ed3a535f3
|
|
4
|
+
data.tar.gz: 300e15076db8273550bcc7e8431b0cbff2b644489f1a784213b81732f10dcc11
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ed8f794e30b35f60492ff8ffea4c6a0a7103ebd90781a132029c60985cf50e8f5118a4f80fa792947ce346f8df3ede23368cf66d9592b1a6e0cf23259651ef77
|
|
7
|
+
data.tar.gz: 0cb1b113f52cb6748825d75c15b23c149a1c3f0991e2bf5d77577b256516a002592dc9a18ba2bbb2ba52f8b05dba2df3d0978fcc4265b60cad49d74e9c9548df
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Legion Changelog
|
|
2
2
|
|
|
3
|
+
## [1.5.7] - 2026-03-24
|
|
4
|
+
|
|
5
|
+
### Changed
|
|
6
|
+
- `Legion::Service` starts `CertRotation` after `Crypt.start` when `security.mtls.enabled: true`
|
|
7
|
+
- `Legion::Service#shutdown` stops `CertRotation` before `Crypt.shutdown`
|
|
8
|
+
- `setup_mtls_rotation` gracefully handles missing mtls support in older `legion-crypt` versions via `LoadError` rescue
|
|
9
|
+
|
|
3
10
|
## [1.5.6] - 2026-03-24
|
|
4
11
|
|
|
5
12
|
### Changed
|
data/lib/legion/service.rb
CHANGED
|
@@ -38,6 +38,7 @@ module Legion
|
|
|
38
38
|
require 'legion/crypt'
|
|
39
39
|
Legion::Crypt.start
|
|
40
40
|
Legion::Readiness.mark_ready(:crypt)
|
|
41
|
+
setup_mtls_rotation
|
|
41
42
|
end
|
|
42
43
|
|
|
43
44
|
Legion::Settings.resolve_secrets!
|
|
@@ -495,6 +496,7 @@ module Legion
|
|
|
495
496
|
Legion::Transport::Connection.shutdown
|
|
496
497
|
Legion::Readiness.mark_not_ready(:transport)
|
|
497
498
|
|
|
499
|
+
shutdown_mtls_rotation
|
|
498
500
|
Legion::Crypt.shutdown
|
|
499
501
|
Legion::Readiness.mark_not_ready(:crypt)
|
|
500
502
|
|
|
@@ -569,6 +571,34 @@ module Legion
|
|
|
569
571
|
Legion::Extensions.hook_extensions
|
|
570
572
|
end
|
|
571
573
|
|
|
574
|
+
def setup_mtls_rotation
|
|
575
|
+
enabled = Legion::Settings[:security]&.dig(:mtls, :enabled)
|
|
576
|
+
return unless enabled
|
|
577
|
+
|
|
578
|
+
unless defined?(Legion::Crypt::CertRotation)
|
|
579
|
+
require 'legion/crypt/mtls'
|
|
580
|
+
require 'legion/crypt/cert_rotation'
|
|
581
|
+
end
|
|
582
|
+
return unless defined?(Legion::Crypt::CertRotation)
|
|
583
|
+
|
|
584
|
+
@cert_rotation = Legion::Crypt::CertRotation.new
|
|
585
|
+
@cert_rotation.start
|
|
586
|
+
Legion::Logging.info '[mTLS] CertRotation started'
|
|
587
|
+
rescue LoadError => e
|
|
588
|
+
Legion::Logging.warn "mTLS rotation skipped: #{e.message}"
|
|
589
|
+
rescue StandardError => e
|
|
590
|
+
Legion::Logging.warn "mTLS rotation setup failed: #{e.message}"
|
|
591
|
+
end
|
|
592
|
+
|
|
593
|
+
def shutdown_mtls_rotation
|
|
594
|
+
return unless @cert_rotation
|
|
595
|
+
|
|
596
|
+
@cert_rotation.stop
|
|
597
|
+
@cert_rotation = nil
|
|
598
|
+
rescue StandardError => e
|
|
599
|
+
Legion::Logging.warn "mTLS rotation shutdown error: #{e.message}"
|
|
600
|
+
end
|
|
601
|
+
|
|
572
602
|
def self.log_privacy_mode_status
|
|
573
603
|
privacy = if Legion.const_defined?('Settings') && Legion::Settings.respond_to?(:enterprise_privacy?)
|
|
574
604
|
Legion::Settings.enterprise_privacy?
|
data/lib/legion/version.rb
CHANGED