smart_proxy_dynflow 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +7 -22
- data/lib/smart_proxy_dynflow/api.rb +38 -3
- data/lib/smart_proxy_dynflow/callback.rb +7 -5
- data/lib/smart_proxy_dynflow/helpers.rb +1 -1
- data/lib/smart_proxy_dynflow/http_config.ru +18 -4
- data/lib/smart_proxy_dynflow/plugin.rb +15 -14
- data/lib/smart_proxy_dynflow/version.rb +1 -1
- data/settings.d/dynflow.yml.example +5 -0
- metadata +40 -28
- data/lib/smart_proxy_dynflow/http_config_with_executor.ru +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed31ab888b7a2f5fbc4891fe60a0332f5a43347a15175f12f96a3215c0e73447
|
|
4
|
+
data.tar.gz: 534c395d634b227cd5570687e83e3e6d227a8f1898b6fed76a7760c6c66a33e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a1836fa6ab0f19b43b7321d133d69632bb248ceec3e113a46952c5fc0e5f5170f29fcec0cfd52ade22db7755dcc727c03bb8f1184215787de9e37beaffc3c901
|
|
7
|
+
data.tar.gz: 3a20420452784df395b61cb3f75bba8ef88e8627fd984d17894e9a7003262d74b9beda70ab41eff0843e6816e8c74dc798f89b4b97b4f93d80e1dc7436ac5763
|
data/Gemfile
CHANGED
|
@@ -7,32 +7,17 @@ group :development do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
group :test do
|
|
10
|
-
gem 'smart_proxy_dynflow', :path => '.'
|
|
11
10
|
gem 'smart_proxy', :git => "https://github.com/theforeman/smart-proxy", :branch => "develop"
|
|
11
|
+
gem 'smart_proxy_dynflow', :path => '.'
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
gem 'rainbow', '< 3'
|
|
17
|
-
else
|
|
18
|
-
gem 'rubocop', '~> 0.52.1'
|
|
19
|
-
gem 'public_suffix'
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
if RUBY_VERSION < '2.2'
|
|
23
|
-
gem 'rack-test', '< 0.8'
|
|
24
|
-
else
|
|
25
|
-
gem 'rack-test'
|
|
26
|
-
end
|
|
13
|
+
gem 'public_suffix'
|
|
14
|
+
gem 'rack-test'
|
|
15
|
+
gem 'rubocop', '~> 0.52.1'
|
|
27
16
|
end
|
|
28
17
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
else
|
|
33
|
-
gem 'sinatra'
|
|
34
|
-
gem 'rack', '>= 1.1'
|
|
35
|
-
end
|
|
18
|
+
gem 'logging-journald', '~> 2.0', :platforms => [:ruby]
|
|
19
|
+
gem 'rack', '>= 1.1'
|
|
20
|
+
gem 'sinatra'
|
|
36
21
|
|
|
37
22
|
# load bundler.d
|
|
38
23
|
Dir["#{File.dirname(__FILE__)}/bundler.d/*.rb"].each do |bundle|
|
|
@@ -6,18 +6,53 @@ module Proxy
|
|
|
6
6
|
class Dynflow
|
|
7
7
|
class Api < ::Sinatra::Base
|
|
8
8
|
helpers ::Proxy::Helpers
|
|
9
|
+
helpers ::Proxy::Log
|
|
9
10
|
helpers ::Proxy::Dynflow::Helpers
|
|
10
11
|
|
|
11
12
|
before do
|
|
12
|
-
logger = Proxy::LogBuffer::Decorator.instance
|
|
13
13
|
content_type :json
|
|
14
|
-
if request.env['HTTP_AUTHORIZATION'] && request.
|
|
14
|
+
if request.env['HTTP_AUTHORIZATION'] && request.path_info =~ %r{/tasks/.*/(update|done)}
|
|
15
15
|
# Halt running before callbacks if a token is provided and the request is notifying about task being done
|
|
16
16
|
return
|
|
17
|
+
else
|
|
18
|
+
do_authorize_with_ssl_client
|
|
19
|
+
do_authorize_with_trusted_hosts
|
|
17
20
|
end
|
|
18
21
|
end
|
|
19
22
|
|
|
20
|
-
|
|
23
|
+
# TODO: move this to foreman-proxy to reduce code duplicities
|
|
24
|
+
def do_authorize_with_trusted_hosts
|
|
25
|
+
# When :trusted_hosts is given, we check the client against the list
|
|
26
|
+
# HTTPS: test the certificate CN
|
|
27
|
+
# HTTP: test the reverse DNS entry of the remote IP
|
|
28
|
+
trusted_hosts = Proxy::SETTINGS.trusted_hosts
|
|
29
|
+
if trusted_hosts
|
|
30
|
+
if ['yes', 'on', 1].include? request.env['HTTPS'].to_s
|
|
31
|
+
fqdn = https_cert_cn
|
|
32
|
+
source = 'SSL_CLIENT_CERT'
|
|
33
|
+
else
|
|
34
|
+
fqdn = remote_fqdn(Proxy::SETTINGS.forward_verify)
|
|
35
|
+
source = 'REMOTE_ADDR'
|
|
36
|
+
end
|
|
37
|
+
fqdn = fqdn.downcase
|
|
38
|
+
logger.debug "verifying remote client #{fqdn} (based on #{source}) against trusted_hosts #{trusted_hosts}"
|
|
39
|
+
|
|
40
|
+
unless Proxy::SETTINGS.trusted_hosts.include?(fqdn)
|
|
41
|
+
log_halt 403, "Untrusted client #{fqdn} attempted " \
|
|
42
|
+
"to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def do_authorize_with_ssl_client
|
|
48
|
+
if %w[yes on 1].include? request.env['HTTPS'].to_s
|
|
49
|
+
if request.env['SSL_CLIENT_CERT'].to_s.empty?
|
|
50
|
+
log_halt 403, "No client SSL certificate supplied"
|
|
51
|
+
end
|
|
52
|
+
else
|
|
53
|
+
logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
|
|
54
|
+
end
|
|
55
|
+
end
|
|
21
56
|
|
|
22
57
|
post "/*" do
|
|
23
58
|
relay_request
|
|
@@ -10,15 +10,17 @@ module Proxy
|
|
|
10
10
|
|
|
11
11
|
def relay(request, from, to)
|
|
12
12
|
path = request.path.gsub(from, to)
|
|
13
|
-
|
|
13
|
+
message = "Proxy request from #{request.host_with_port}#{request.path} to #{uri}#{path}"
|
|
14
|
+
Proxy::LogBuffer::Decorator.instance.debug message
|
|
14
15
|
req = case request.env['REQUEST_METHOD']
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
when 'GET'
|
|
17
|
+
request_factory.create_get path, request.env['rack.request.query_hash']
|
|
18
|
+
when 'POST'
|
|
19
|
+
request_factory.create_post path, request.body.read
|
|
19
20
|
end
|
|
20
21
|
req['X-Forwarded-For'] = request.env['HTTP_HOST']
|
|
21
22
|
req['AUTHORIZATION'] = request.env['HTTP_AUTHORIZATION']
|
|
23
|
+
req['X-Request-Id'] = ::Logging.mdc['request']
|
|
22
24
|
response = send_request req
|
|
23
25
|
Proxy::LogBuffer::Decorator.instance.debug "Proxy request status #{response.code} - #{response}"
|
|
24
26
|
response
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Proxy
|
|
2
2
|
class Dynflow
|
|
3
3
|
module Helpers
|
|
4
|
-
def relay_request(from =
|
|
4
|
+
def relay_request(from = %r{^/dynflow}, to = '')
|
|
5
5
|
response = Proxy::Dynflow::Callback::Core.relay(request, from, to)
|
|
6
6
|
content_type response.content_type
|
|
7
7
|
status response.code
|
|
@@ -1,7 +1,21 @@
|
|
|
1
|
-
|
|
1
|
+
# Internal core will be used if external core is either disabled or unset
|
|
2
|
+
# and the core gem can be loaded
|
|
2
3
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
if !::Proxy::Dynflow::Plugin.settings.external_core && Proxy::Dynflow::Plugin.internal_core_available?
|
|
5
|
+
require 'smart_proxy_dynflow_core/api'
|
|
6
|
+
require 'smart_proxy_dynflow_core/launcher'
|
|
7
|
+
|
|
8
|
+
SmartProxyDynflowCore::Settings.load_from_proxy(p)
|
|
9
|
+
|
|
10
|
+
map "/dynflow" do
|
|
11
|
+
SmartProxyDynflowCore::Launcher.route_mapping(self)
|
|
12
|
+
end
|
|
13
|
+
else
|
|
14
|
+
require 'smart_proxy_dynflow/api'
|
|
15
|
+
|
|
16
|
+
map "/dynflow" do
|
|
17
|
+
map '/' do
|
|
18
|
+
run Proxy::Dynflow::Api
|
|
19
|
+
end
|
|
6
20
|
end
|
|
7
21
|
end
|
|
@@ -4,27 +4,28 @@ require 'proxy/plugin'
|
|
|
4
4
|
|
|
5
5
|
class Proxy::Dynflow
|
|
6
6
|
class Plugin < Proxy::Plugin
|
|
7
|
-
rackup_path =
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
rescue LoadError
|
|
11
|
-
'http_config.ru'
|
|
12
|
-
end
|
|
13
|
-
http_rackup_path File.expand_path(rackup_path, File.expand_path("../", __FILE__))
|
|
14
|
-
https_rackup_path File.expand_path(rackup_path, File.expand_path("../", __FILE__))
|
|
7
|
+
rackup_path = File.expand_path('http_config.ru', __dir__)
|
|
8
|
+
http_rackup_path rackup_path
|
|
9
|
+
https_rackup_path rackup_path
|
|
15
10
|
|
|
16
11
|
settings_file "dynflow.yml"
|
|
17
|
-
requires :foreman_proxy, ">= 1.
|
|
12
|
+
requires :foreman_proxy, ">= 1.16.0"
|
|
18
13
|
default_settings :core_url => 'http://localhost:8008'
|
|
19
14
|
plugin :dynflow, Proxy::Dynflow::VERSION
|
|
20
15
|
|
|
21
16
|
after_activation do
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
# Dynflow core is not available in the proxy, will be handled
|
|
26
|
-
# by standalone Dynflow core
|
|
17
|
+
# Ensure the core gem is loaded, if configure NOT to use the external core
|
|
18
|
+
if Proxy::Dynflow::Plugin.settings.external_core == false && !internal_core_available?
|
|
19
|
+
raise "'smart_proxy_dynflow_core' gem is required, but not available"
|
|
27
20
|
end
|
|
28
21
|
end
|
|
22
|
+
|
|
23
|
+
def self.internal_core_available?
|
|
24
|
+
@core_available ||= begin
|
|
25
|
+
require 'smart_proxy_dynflow_core'
|
|
26
|
+
true
|
|
27
|
+
rescue LoadError # rubocop:disable Lint/HandleExceptions
|
|
28
|
+
end
|
|
29
|
+
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -2,3 +2,8 @@
|
|
|
2
2
|
:enabled: true
|
|
3
3
|
:database: /var/lib/foreman-proxy/dynflow/dynflow.sqlite
|
|
4
4
|
:core_url: 'http://127.0.0.1:8008'
|
|
5
|
+
|
|
6
|
+
# If true, external core will be used even if the core gem is available
|
|
7
|
+
# If false, the feature will be disabled if the core gem is not available
|
|
8
|
+
# If unset, the process will fallback to external core if the core gem is not available
|
|
9
|
+
# :external_core: true
|
metadata
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: logging
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
20
|
-
type: :
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '1.7'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '1.7'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: minitest
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -67,33 +67,47 @@ dependencies:
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '1'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: rack-test
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '
|
|
75
|
+
version: '0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '
|
|
82
|
+
version: '0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
84
|
+
name: rake
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '0'
|
|
89
|
+
version: '10.0'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '0'
|
|
96
|
+
version: '10.0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: webmock
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '1'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '1'
|
|
97
111
|
description: " Use the Dynflow inside Foreman smart proxy\n"
|
|
98
112
|
email:
|
|
99
113
|
- inecas@redhat.com
|
|
@@ -109,33 +123,31 @@ files:
|
|
|
109
123
|
- lib/smart_proxy_dynflow/callback.rb
|
|
110
124
|
- lib/smart_proxy_dynflow/helpers.rb
|
|
111
125
|
- lib/smart_proxy_dynflow/http_config.ru
|
|
112
|
-
- lib/smart_proxy_dynflow/http_config_with_executor.ru
|
|
113
126
|
- lib/smart_proxy_dynflow/plugin.rb
|
|
114
127
|
- lib/smart_proxy_dynflow/proxy_adapter.rb
|
|
115
128
|
- lib/smart_proxy_dynflow/version.rb
|
|
116
129
|
- settings.d/dynflow.yml.example
|
|
117
130
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
|
118
131
|
licenses:
|
|
119
|
-
-
|
|
132
|
+
- GPL-3.0
|
|
120
133
|
metadata: {}
|
|
121
|
-
post_install_message:
|
|
134
|
+
post_install_message:
|
|
122
135
|
rdoc_options: []
|
|
123
136
|
require_paths:
|
|
124
137
|
- lib
|
|
125
138
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
126
139
|
requirements:
|
|
127
|
-
- - "
|
|
140
|
+
- - "~>"
|
|
128
141
|
- !ruby/object:Gem::Version
|
|
129
|
-
version: '
|
|
142
|
+
version: '2.5'
|
|
130
143
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
144
|
requirements:
|
|
132
145
|
- - ">="
|
|
133
146
|
- !ruby/object:Gem::Version
|
|
134
147
|
version: '0'
|
|
135
148
|
requirements: []
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
signing_key:
|
|
149
|
+
rubygems_version: 3.1.2
|
|
150
|
+
signing_key:
|
|
139
151
|
specification_version: 4
|
|
140
152
|
summary: Dynflow runtime for Foreman smart proxy
|
|
141
153
|
test_files: []
|