reyes 1.2.1 → 1.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/bin/reyes +8 -2
- data/lib/reyes/aws_manager.rb +4 -0
- data/lib/reyes/fake_aws.rb +19 -3
- data/lib/reyes/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
|
|
10
|
+
ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
|
|
11
|
+
Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
|
|
14
|
+
N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
|
|
15
|
+
OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=
|
data/bin/reyes
CHANGED
|
@@ -15,7 +15,8 @@ def command_fetch(region, instance_id, options)
|
|
|
15
15
|
armoured_rules = s3.fetch_rules
|
|
16
16
|
cleartext_rules = wrapper.verify!(armoured_rules)
|
|
17
17
|
|
|
18
|
-
fake = Reyes::FakeAws.new(JSON.load
|
|
18
|
+
fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
|
|
19
|
+
options.fetch(:fake_aws_options))
|
|
19
20
|
g = Reyes::GroupManager.new(fake, region, instance_id)
|
|
20
21
|
r = Reyes::RunManager.new(g)
|
|
21
22
|
|
|
@@ -34,7 +35,7 @@ def command_install(json_file, region, instance_id, options)
|
|
|
34
35
|
|
|
35
36
|
data = JSON.load(File.open(json_file, 'r'))
|
|
36
37
|
generated_time = data.fetch("metadata").fetch("generated_stamp")
|
|
37
|
-
fake = Reyes::FakeAws.new(data)
|
|
38
|
+
fake = Reyes::FakeAws.new(data, options.fetch(:fake_aws_options))
|
|
38
39
|
g = Reyes::GroupManager.new(fake, region, instance_id)
|
|
39
40
|
|
|
40
41
|
if Time.new(generated_time) > g.run_generation_time
|
|
@@ -75,6 +76,7 @@ def parse_args
|
|
|
75
76
|
:gen_options => {},
|
|
76
77
|
:apply_options => {},
|
|
77
78
|
:fetch_options => {},
|
|
79
|
+
:fake_aws_options => {},
|
|
78
80
|
}
|
|
79
81
|
|
|
80
82
|
optparse = OptionParser.new do |opts|
|
|
@@ -151,6 +153,10 @@ Options:
|
|
|
151
153
|
options[:apply_options][:log_drop] = arg
|
|
152
154
|
end
|
|
153
155
|
|
|
156
|
+
opts.on('--ignore-not-after', "Don't check sig not_after") do
|
|
157
|
+
options[:fake_aws_options][:check_not_after] = false
|
|
158
|
+
end
|
|
159
|
+
|
|
154
160
|
opts.on('-v', '--version', 'Display version number and exit') do
|
|
155
161
|
puts "reyes version #{Reyes::VERSION}"
|
|
156
162
|
exit 0
|
data/lib/reyes/aws_manager.rb
CHANGED
|
@@ -8,6 +8,9 @@ module Reyes
|
|
|
8
8
|
|
|
9
9
|
include Chalk::Log
|
|
10
10
|
|
|
11
|
+
# Validity period for signed JSON documents
|
|
12
|
+
JSON_NOT_AFTER = 3600
|
|
13
|
+
|
|
11
14
|
# Short names for AWS regions to save space in ipset names
|
|
12
15
|
RegionShortNames = {
|
|
13
16
|
'us-east-1' => 'VA',
|
|
@@ -216,6 +219,7 @@ module Reyes
|
|
|
216
219
|
'generated_stamp' => start.to_i,
|
|
217
220
|
'hostname' => Socket.gethostname,
|
|
218
221
|
'pid' => Process.pid,
|
|
222
|
+
'not_after_stamp' => Time.now.to_i + JSON_NOT_AFTER,
|
|
219
223
|
},
|
|
220
224
|
'vpcs' => {},
|
|
221
225
|
'classic_cidr_blocks' => aws_config.fetch('classic_cidr_blocks'),
|
data/lib/reyes/fake_aws.rb
CHANGED
|
@@ -5,8 +5,14 @@ module Reyes
|
|
|
5
5
|
include Chalk::Log
|
|
6
6
|
|
|
7
7
|
# @param data [Hash]
|
|
8
|
-
# @param
|
|
9
|
-
|
|
8
|
+
# @param options [Hash]
|
|
9
|
+
#
|
|
10
|
+
# @option options :assert_version [Boolean] (true)
|
|
11
|
+
# @option options :check_not_after [Boolean] (true)
|
|
12
|
+
#
|
|
13
|
+
def initialize(data, options={})
|
|
14
|
+
options = {assert_version: true, check_not_after: true}.merge(options)
|
|
15
|
+
|
|
10
16
|
@data = data
|
|
11
17
|
log.info("Initialized FakeAws with metadata: #{metadata.inspect}")
|
|
12
18
|
|
|
@@ -15,10 +21,20 @@ module Reyes
|
|
|
15
21
|
msg = "JSON format_version #{version.inspect} " \
|
|
16
22
|
"differs from our version #{Reyes::JSON_FORMAT_VERSION}"
|
|
17
23
|
log.error('WARNING: ' + msg)
|
|
18
|
-
if assert_version
|
|
24
|
+
if options.fetch(:assert_version)
|
|
19
25
|
raise Error.new(msg)
|
|
20
26
|
end
|
|
21
27
|
end
|
|
28
|
+
|
|
29
|
+
if options.fetch(:check_not_after)
|
|
30
|
+
not_after = Time.at(metadata.fetch('not_after_stamp')).utc
|
|
31
|
+
if Time.now.utc > not_after
|
|
32
|
+
log.error('JSON data has expired')
|
|
33
|
+
log.error("Current time: #{Time.now.utc}")
|
|
34
|
+
log.error("JSON not_after: #{not_after}")
|
|
35
|
+
raise Error.new("JSON data expired at #{not_after}")
|
|
36
|
+
end
|
|
37
|
+
end
|
|
22
38
|
end
|
|
23
39
|
|
|
24
40
|
def region_data(region)
|
data/lib/reyes/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: reyes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Andy Brody
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2015-03-
|
|
12
|
+
date: 2015-03-27 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: aws-sdk
|