reyes 1.2.1 → 1.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,15 +1,15 @@
1
1
  ---
2
2
  !binary "U0hBMQ==":
3
3
  metadata.gz: !binary |-
4
- YjY2OTM2MzJiMTg1MTJjYzkzY2JiZjU4YzFhOTc5MmUxNWY4MDZlZQ==
4
+ MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
5
5
  data.tar.gz: !binary |-
6
- NzJiNTU1ODI2MmU5NTljOWRiMTA0OTRlMzFkZTkyMmZmMDU2ZTIzYQ==
6
+ YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
7
7
  SHA512:
8
8
  metadata.gz: !binary |-
9
- ZDRjNmVjZjczZmY1NjZkNWY5YjMyNjA3ODc3NTA4ZDZjMzExZDI3NmYyYTMy
10
- OTVmYjMzZjZmZjQ4M2I3MjNkYjljNTAxN2E1NTg2NmE4YzQ4ZTgyY2YwOGIz
11
- OWRhNjkwOTg4NTJiM2Q5ZjI2YzE0MTc4ZWZkYThjZjRhYmM0YWI=
9
+ ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
10
+ ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
11
+ Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
12
12
  data.tar.gz: !binary |-
13
- ZDgzYTdkZjRmN2YyMTliNDZlYmQzYmYzY2RkNzQ1ZmQ4NDg3YjdmZDc1NGY1
14
- YmRjZDVlNmZmMjdiNDMwZGNhOTMzYWQyN2ZiMTZkMjY2NGY3OTUwYzYxNThl
15
- ZmE0ZGY0YzAxODVkNzEyNGZhNGQ2OTQ1ZTVjZjgxZmZhNTljOGM=
13
+ MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
14
+ N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
15
+ OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=
data/bin/reyes CHANGED
@@ -15,7 +15,8 @@ def command_fetch(region, instance_id, options)
15
15
  armoured_rules = s3.fetch_rules
16
16
  cleartext_rules = wrapper.verify!(armoured_rules)
17
17
 
18
- fake = Reyes::FakeAws.new(JSON.load cleartext_rules)
18
+ fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
19
+ options.fetch(:fake_aws_options))
19
20
  g = Reyes::GroupManager.new(fake, region, instance_id)
20
21
  r = Reyes::RunManager.new(g)
21
22
 
@@ -34,7 +35,7 @@ def command_install(json_file, region, instance_id, options)
34
35
 
35
36
  data = JSON.load(File.open(json_file, 'r'))
36
37
  generated_time = data.fetch("metadata").fetch("generated_stamp")
37
- fake = Reyes::FakeAws.new(data)
38
+ fake = Reyes::FakeAws.new(data, options.fetch(:fake_aws_options))
38
39
  g = Reyes::GroupManager.new(fake, region, instance_id)
39
40
 
40
41
  if Time.new(generated_time) > g.run_generation_time
@@ -75,6 +76,7 @@ def parse_args
75
76
  :gen_options => {},
76
77
  :apply_options => {},
77
78
  :fetch_options => {},
79
+ :fake_aws_options => {},
78
80
  }
79
81
 
80
82
  optparse = OptionParser.new do |opts|
@@ -151,6 +153,10 @@ Options:
151
153
  options[:apply_options][:log_drop] = arg
152
154
  end
153
155
 
156
+ opts.on('--ignore-not-after', "Don't check sig not_after") do
157
+ options[:fake_aws_options][:check_not_after] = false
158
+ end
159
+
154
160
  opts.on('-v', '--version', 'Display version number and exit') do
155
161
  puts "reyes version #{Reyes::VERSION}"
156
162
  exit 0
@@ -8,6 +8,9 @@ module Reyes
8
8
 
9
9
  include Chalk::Log
10
10
 
11
+ # Validity period for signed JSON documents
12
+ JSON_NOT_AFTER = 3600
13
+
11
14
  # Short names for AWS regions to save space in ipset names
12
15
  RegionShortNames = {
13
16
  'us-east-1' => 'VA',
@@ -216,6 +219,7 @@ module Reyes
216
219
  'generated_stamp' => start.to_i,
217
220
  'hostname' => Socket.gethostname,
218
221
  'pid' => Process.pid,
222
+ 'not_after_stamp' => Time.now.to_i + JSON_NOT_AFTER,
219
223
  },
220
224
  'vpcs' => {},
221
225
  'classic_cidr_blocks' => aws_config.fetch('classic_cidr_blocks'),
@@ -5,8 +5,14 @@ module Reyes
5
5
  include Chalk::Log
6
6
 
7
7
  # @param data [Hash]
8
- # @param assert_version [Boolean]
9
- def initialize(data, assert_version=true)
8
+ # @param options [Hash]
9
+ #
10
+ # @option options :assert_version [Boolean] (true)
11
+ # @option options :check_not_after [Boolean] (true)
12
+ #
13
+ def initialize(data, options={})
14
+ options = {assert_version: true, check_not_after: true}.merge(options)
15
+
10
16
  @data = data
11
17
  log.info("Initialized FakeAws with metadata: #{metadata.inspect}")
12
18
 
@@ -15,10 +21,20 @@ module Reyes
15
21
  msg = "JSON format_version #{version.inspect} " \
16
22
  "differs from our version #{Reyes::JSON_FORMAT_VERSION}"
17
23
  log.error('WARNING: ' + msg)
18
- if assert_version
24
+ if options.fetch(:assert_version)
19
25
  raise Error.new(msg)
20
26
  end
21
27
  end
28
+
29
+ if options.fetch(:check_not_after)
30
+ not_after = Time.at(metadata.fetch('not_after_stamp')).utc
31
+ if Time.now.utc > not_after
32
+ log.error('JSON data has expired')
33
+ log.error("Current time: #{Time.now.utc}")
34
+ log.error("JSON not_after: #{not_after}")
35
+ raise Error.new("JSON data expired at #{not_after}")
36
+ end
37
+ end
22
38
  end
23
39
 
24
40
  def region_data(region)
data/lib/reyes/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Reyes
2
2
  # The Reyes version number
3
- VERSION = '1.2.1' unless defined?(self::VERSION)
3
+ VERSION = '1.2.2' unless defined?(self::VERSION)
4
4
 
5
5
  # Number defining the JSON serialization format
6
6
  JSON_FORMAT_VERSION = 2 unless defined?(self::JSON_FORMAT_VERSION)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: reyes
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.1
4
+ version: 1.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andy Brody
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2015-03-05 00:00:00.000000000 Z
12
+ date: 2015-03-27 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk