reyes 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- ZTZhZTI3NWU5Yjk3ZWE1NWI4MzlkYjVjMzg1NDg0NGYwNTAxMzU0OA==
4
+ ZjZiNjMyZjAyMzg2ZmViYWVkYTkwMWYzZjk4YzJmOWMwYzBhODBmOA==
5
5
  data.tar.gz: !binary |-
6
- NzE1OGRiMzYxMWE2OWQwNDdhNDc4ZGFhYThlMTZmZDMyMGI1MGQ4NQ==
6
+ NTljMWY5NGY5MGFjYWI1YTIyN2JhOGExOGFmZTcyYTIzNmQ2YTZjNA==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- Y2NhNTZjZDI3NTIzOGFhMzJmY2EyY2JhNjdhZWE1OTQ1OTZlM2Q2ZjBhOGUy
10
- MzQ5NWRjYzAzNjk2NGZiZTFkYjI5MDczOGZhODA0NTZmYmZmZTZjN2E3ZjM4
11
- NmIyZGU4YzBjZTI5ZDY0MTVjODI4NTY4ZGJkNjc0ZjYyYWVhZDE=
9
+ Yjc2Nzg4YzczNDhlZDZiMjdkZmVhM2ZlN2ViMzY4OTU0Mzk3NmZmZmEwNjJm
10
+ MTUwMDQ2OWVjOTJjYjI1NjliZmRmZTFkMDg0NTU3YTRjZTcxODA0MDA5YjMz
11
+ MDBiNTBhOWEzNjI1YTA5NjcwNGE1OWNiNDYzNGFjZmM3NjdiZjM=
12
12
  data.tar.gz: !binary |-
13
- YjE1MjliYjFmMWJhMmI2YTdlZmQzMGMwYmIyOTg0NWZkMjIxYTE3ZjRhNTky
14
- YTNjYWU5OGYyZDhiZjU1ZDcyOGEzNDZlMjUyNWU5MTEzNjI5MzYwNmE3MmFi
15
- NmMwOWNmNTQ1NjVhMjRlYmQyYmYwN2I1ZmNiNjlmYjllMWM4OGU=
13
+ OGMwMmI5MThjNmUwNWJlZDFkNTBiNGUyYTc3MjA1NzYxOWM2ZTcwOWI1MzQ2
14
+ NTRiZGNkODE5OGI5ZmIxMTM0NzA4MDc4ZDdkNWEzYzYwMDc3YmExOWM5NTUw
15
+ NGRmMmUxNTFlOWNhYzYzMjYzN2I3ZmM4OWFjY2U4M2VkM2JlYjI=
data/bin/reyes CHANGED
@@ -64,6 +64,12 @@ def command_upload(options)
64
64
  armoured_data = wrapper.clearsign(data)
65
65
 
66
66
  s3 = Reyes::S3Loader.new(aws, options[:config])
67
+
68
+ if options[:archive]
69
+ archive_name = "#{Socket.gethostname}-#{Time.now.to_i}"
70
+ s3.archive_rules(armoured_data, archive_name)
71
+ end
72
+
67
73
  s3.upload_rules(armoured_data)
68
74
  end
69
75
 
@@ -130,6 +136,10 @@ Options:
130
136
  options[:prune] = true
131
137
  end
132
138
 
139
+ opts.on('-a', '--archive', 'Store an archived copy of these rules') do
140
+ options[:archive] = true
141
+ end
142
+
133
143
  # TODO: known bug: --dry-run does not prevent run generation increment
134
144
  opts.on('-n', '--dry-run', 'Print diff without making changes') do
135
145
  options[:apply_options][:dry_run] = true
@@ -187,7 +187,7 @@ module Reyes
187
187
  groups = i.security_groups.to_a.sort_by(&:name)
188
188
 
189
189
  data['instances'][i.instance_id] = {
190
- 'tags' => i.tags.to_h.to_h,
190
+ 'tags' => i.tags.to_h.to_hash,
191
191
  'region' => region,
192
192
  'availability_zone' => i.availability_zone,
193
193
  'private_ip_address' => i.private_ip_address,
@@ -3,6 +3,8 @@ module Reyes
3
3
  class VerificationFailed < StandardError
4
4
  end
5
5
 
6
+ include Chalk::Log
7
+
6
8
  attr_reader :key_id, :keyring_directory
7
9
 
8
10
  # Create a PgpVerifier
@@ -26,6 +28,8 @@ module Reyes
26
28
  # @return [String] the stripped cleartext data
27
29
  #
28
30
  def verify!(data)
31
+ log.info("Verifying #{data.length} bytes against key #{key_id}")
32
+
29
33
  gpg_cmd = %w{gpg --batch --decrypt --status-fd 2} + keyring_args + ['-']
30
34
  Subprocess.check_call(gpg_cmd,
31
35
  :stdin => Subprocess::PIPE,
@@ -33,11 +37,17 @@ module Reyes
33
37
  :stderr => Subprocess::PIPE) do |child|
34
38
  out, err = child.communicate(data)
35
39
 
36
- if err =~ PATTERN
37
- raise VerificationFailed.new("Bad key match") unless $1 == $2
38
- raise VerificationFailed.new("Bad Key ID") unless $1 == key_id
39
- else
40
- raise VerificationFailed.new("Pattern does not match")
40
+ begin
41
+ if err =~ PATTERN
42
+ raise VerificationFailed.new("Bad key match") unless $1 == $2
43
+ raise VerificationFailed.new("Bad Key ID") unless $1 == key_id
44
+ else
45
+ raise VerificationFailed.new("Pattern does not match")
46
+ end
47
+ rescue VerificationFailed => exc
48
+ log.error("GPG verification failed: #{exc.message}")
49
+ log_error_output(out, err, data)
50
+ raise
41
51
  end
42
52
 
43
53
  # Sig looks ok
@@ -46,6 +56,8 @@ module Reyes
46
56
  end
47
57
 
48
58
  def clearsign(data)
59
+ log.info("Signing #{data.length} bytes with key #{key_id}")
60
+
49
61
  gpg_cmd = %W{gpg --batch --clearsign -u #{key_id}} + keyring_args + ['-']
50
62
  Subprocess.check_call(gpg_cmd,
51
63
  :stdin => Subprocess::PIPE,
@@ -57,6 +69,22 @@ module Reyes
57
69
 
58
70
  private
59
71
 
72
+ def log_error_output(out, err, data)
73
+ log.error("GPG stderr:")
74
+ log.error(err)
75
+ log.error("GPG stdout:")
76
+ log.error(out)
77
+
78
+ write_tmp_file("input data", data) unless data.empty?
79
+ end
80
+
81
+ def write_tmp_file(message, output)
82
+ TmpPersistentFile.open('reyes.') do |t|
83
+ log.error("Writing #{message} to #{t.path.inspect}")
84
+ t.print(output)
85
+ end
86
+ end
87
+
60
88
  def keyring_args
61
89
  [
62
90
  '--no-default-keyring',
@@ -1,23 +1,45 @@
1
+ require 'digest/md5'
2
+
1
3
  module Reyes
2
4
  class S3Loader
3
5
 
4
6
  include Chalk::Log
5
7
 
6
- def initialize(aws, config)
8
+ def initialize(aws, config, print_signatures=true)
7
9
  @aws = aws
8
10
  @config = Reyes::Config.new(config)
11
+ @print_sig = print_signatures
9
12
 
10
13
  log.info("Initialized S3Loader: #{bucket.inspect}/#{path.inspect}")
11
14
  end
12
15
 
13
16
  def fetch_rules
14
- @aws.s3.buckets[bucket].objects[path].read
17
+ log.info("fetch_rules from #{bucket.inspect}/#{path.inspect}")
18
+ data = @aws.s3.buckets[bucket].objects[path].read
19
+
20
+ log.info("MD5: #{Digest::MD5.hexdigest(data)}") if @print_sig
21
+ log.info("size: #{data.length}") if @print_sig
22
+
23
+ data
15
24
  end
16
25
 
17
26
  def upload_rules(data)
27
+ log.info("upload_rules to #{bucket.inspect}/#{path.inspect}")
28
+ log.info("MD5: #{Digest::MD5.hexdigest(data)}") if @print_sig
29
+ log.info("size: #{data.length}") if @print_sig
30
+
18
31
  @aws.s3.buckets[bucket].objects[path].write(data)
19
32
  end
20
33
 
34
+ def archive_rules(data, slug)
35
+ archive_path = "archive/#{slug}-#{path}"
36
+ log.info("archive_rules to #{bucket.inspect}/#{archive_path.inspect}")
37
+ log.info("MD5: #{Digest::MD5.hexdigest(data)}") if @print_sig
38
+ log.info("size: #{data.length}") if @print_sig
39
+
40
+ @aws.s3.buckets[bucket].objects[archive_path].write(data)
41
+ end
42
+
21
43
  private
22
44
 
23
45
  def bucket
@@ -0,0 +1,17 @@
1
+ module Reyes
2
+ # Similar to Tempfile::open, but don't unlink the file on exit.
3
+ class TmpPersistentFile < File
4
+ # Create a temporary file of mode 0600 in the temporary directory,
5
+ # open it with mode "w+", and return the open File object.
6
+ def initialize(prefix='tmp.', tmpdir='/tmp', suffix='')
7
+ path = File.join(tmpdir, make_tmpname(prefix, suffix))
8
+ super(path, File::RDWR|File::CREAT|File::EXCL, 0600)
9
+ end
10
+
11
+ # Generate a name for a temporary file.
12
+ def make_tmpname(prefix, suffix)
13
+ t = Time.now.strftime("%Y%m%d")
14
+ "#{prefix}#{t}-#{$$}-#{rand(0x100000000).to_s(36)}#{suffix}"
15
+ end
16
+ end
17
+ end
data/lib/reyes/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Reyes
2
- VERSION = '0.2.0' unless defined?(self::VERSION)
2
+ VERSION = '0.2.1' unless defined?(self::VERSION)
3
3
  end
data/lib/reyes.rb CHANGED
@@ -19,8 +19,9 @@ require_relative './reyes/group_manager'
19
19
  require_relative './reyes/group_tools'
20
20
  require_relative './reyes/ipset'
21
21
  require_relative './reyes/iptables'
22
+ require_relative './reyes/pgp_wrapper'
22
23
  require_relative './reyes/run_generation'
23
24
  require_relative './reyes/run_manager'
24
- require_relative './reyes/utils'
25
25
  require_relative './reyes/s3_loader'
26
- require_relative './reyes/pgp_wrapper'
26
+ require_relative './reyes/tmp_persistent_file'
27
+ require_relative './reyes/utils'
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: reyes
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Brody
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-02-21 00:00:00.000000000 Z
12
+ date: 2015-02-24 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -127,6 +127,7 @@ files:
127
127
  - lib/reyes/run_manager.rb
128
128
  - lib/reyes/s3_loader.rb
129
129
  - lib/reyes/set_manager.rb
130
+ - lib/reyes/tmp_persistent_file.rb
130
131
  - lib/reyes/utils.rb
131
132
  - lib/reyes/version.rb
132
133
  - reyes.gemspec