reyes 1.2.1 → 1.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/bin/reyes +8 -2
- data/lib/reyes/aws_manager.rb +4 -0
- data/lib/reyes/fake_aws.rb +19 -3
- data/lib/reyes/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
|
|
10
|
+
ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
|
|
11
|
+
Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
|
|
14
|
+
N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
|
|
15
|
+
OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=
|
data/bin/reyes
CHANGED
|
@@ -15,7 +15,8 @@ def command_fetch(region, instance_id, options)
|
|
|
15
15
|
armoured_rules = s3.fetch_rules
|
|
16
16
|
cleartext_rules = wrapper.verify!(armoured_rules)
|
|
17
17
|
|
|
18
|
-
fake = Reyes::FakeAws.new(JSON.load
|
|
18
|
+
fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
|
|
19
|
+
options.fetch(:fake_aws_options))
|
|
19
20
|
g = Reyes::GroupManager.new(fake, region, instance_id)
|
|
20
21
|
r = Reyes::RunManager.new(g)
|
|
21
22
|
|
|
@@ -34,7 +35,7 @@ def command_install(json_file, region, instance_id, options)
|
|
|
34
35
|
|
|
35
36
|
data = JSON.load(File.open(json_file, 'r'))
|
|
36
37
|
generated_time = data.fetch("metadata").fetch("generated_stamp")
|
|
37
|
-
fake = Reyes::FakeAws.new(data)
|
|
38
|
+
fake = Reyes::FakeAws.new(data, options.fetch(:fake_aws_options))
|
|
38
39
|
g = Reyes::GroupManager.new(fake, region, instance_id)
|
|
39
40
|
|
|
40
41
|
if Time.new(generated_time) > g.run_generation_time
|
|
@@ -75,6 +76,7 @@ def parse_args
|
|
|
75
76
|
:gen_options => {},
|
|
76
77
|
:apply_options => {},
|
|
77
78
|
:fetch_options => {},
|
|
79
|
+
:fake_aws_options => {},
|
|
78
80
|
}
|
|
79
81
|
|
|
80
82
|
optparse = OptionParser.new do |opts|
|
|
@@ -151,6 +153,10 @@ Options:
|
|
|
151
153
|
options[:apply_options][:log_drop] = arg
|
|
152
154
|
end
|
|
153
155
|
|
|
156
|
+
opts.on('--ignore-not-after', "Don't check sig not_after") do
|
|
157
|
+
options[:fake_aws_options][:check_not_after] = false
|
|
158
|
+
end
|
|
159
|
+
|
|
154
160
|
opts.on('-v', '--version', 'Display version number and exit') do
|
|
155
161
|
puts "reyes version #{Reyes::VERSION}"
|
|
156
162
|
exit 0
|
data/lib/reyes/aws_manager.rb
CHANGED
|
@@ -8,6 +8,9 @@ module Reyes
|
|
|
8
8
|
|
|
9
9
|
include Chalk::Log
|
|
10
10
|
|
|
11
|
+
# Validity period for signed JSON documents
|
|
12
|
+
JSON_NOT_AFTER = 3600
|
|
13
|
+
|
|
11
14
|
# Short names for AWS regions to save space in ipset names
|
|
12
15
|
RegionShortNames = {
|
|
13
16
|
'us-east-1' => 'VA',
|
|
@@ -216,6 +219,7 @@ module Reyes
|
|
|
216
219
|
'generated_stamp' => start.to_i,
|
|
217
220
|
'hostname' => Socket.gethostname,
|
|
218
221
|
'pid' => Process.pid,
|
|
222
|
+
'not_after_stamp' => Time.now.to_i + JSON_NOT_AFTER,
|
|
219
223
|
},
|
|
220
224
|
'vpcs' => {},
|
|
221
225
|
'classic_cidr_blocks' => aws_config.fetch('classic_cidr_blocks'),
|
data/lib/reyes/fake_aws.rb
CHANGED
|
@@ -5,8 +5,14 @@ module Reyes
|
|
|
5
5
|
include Chalk::Log
|
|
6
6
|
|
|
7
7
|
# @param data [Hash]
|
|
8
|
-
# @param
|
|
9
|
-
|
|
8
|
+
# @param options [Hash]
|
|
9
|
+
#
|
|
10
|
+
# @option options :assert_version [Boolean] (true)
|
|
11
|
+
# @option options :check_not_after [Boolean] (true)
|
|
12
|
+
#
|
|
13
|
+
def initialize(data, options={})
|
|
14
|
+
options = {assert_version: true, check_not_after: true}.merge(options)
|
|
15
|
+
|
|
10
16
|
@data = data
|
|
11
17
|
log.info("Initialized FakeAws with metadata: #{metadata.inspect}")
|
|
12
18
|
|
|
@@ -15,10 +21,20 @@ module Reyes
|
|
|
15
21
|
msg = "JSON format_version #{version.inspect} " \
|
|
16
22
|
"differs from our version #{Reyes::JSON_FORMAT_VERSION}"
|
|
17
23
|
log.error('WARNING: ' + msg)
|
|
18
|
-
if assert_version
|
|
24
|
+
if options.fetch(:assert_version)
|
|
19
25
|
raise Error.new(msg)
|
|
20
26
|
end
|
|
21
27
|
end
|
|
28
|
+
|
|
29
|
+
if options.fetch(:check_not_after)
|
|
30
|
+
not_after = Time.at(metadata.fetch('not_after_stamp')).utc
|
|
31
|
+
if Time.now.utc > not_after
|
|
32
|
+
log.error('JSON data has expired')
|
|
33
|
+
log.error("Current time: #{Time.now.utc}")
|
|
34
|
+
log.error("JSON not_after: #{not_after}")
|
|
35
|
+
raise Error.new("JSON data expired at #{not_after}")
|
|
36
|
+
end
|
|
37
|
+
end
|
|
22
38
|
end
|
|
23
39
|
|
|
24
40
|
def region_data(region)
|
data/lib/reyes/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: reyes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andy Brody
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-03-
|
|
12
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|