smart_proxy_dynflow 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +7 -22
- data/lib/smart_proxy_dynflow/api.rb +38 -3
- data/lib/smart_proxy_dynflow/callback.rb +7 -5
- data/lib/smart_proxy_dynflow/helpers.rb +1 -1
- data/lib/smart_proxy_dynflow/http_config.ru +18 -4
- data/lib/smart_proxy_dynflow/plugin.rb +15 -14
- data/lib/smart_proxy_dynflow/version.rb +1 -1
- data/settings.d/dynflow.yml.example +5 -0
- metadata +40 -28
- data/lib/smart_proxy_dynflow/http_config_with_executor.ru +0 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ed31ab888b7a2f5fbc4891fe60a0332f5a43347a15175f12f96a3215c0e73447
|
|
4
|
+
data.tar.gz: 534c395d634b227cd5570687e83e3e6d227a8f1898b6fed76a7760c6c66a33e2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a1836fa6ab0f19b43b7321d133d69632bb248ceec3e113a46952c5fc0e5f5170f29fcec0cfd52ade22db7755dcc727c03bb8f1184215787de9e37beaffc3c901
|
|
7
|
+
data.tar.gz: 3a20420452784df395b61cb3f75bba8ef88e8627fd984d17894e9a7003262d74b9beda70ab41eff0843e6816e8c74dc798f89b4b97b4f93d80e1dc7436ac5763
|
data/Gemfile
CHANGED
|
@@ -7,32 +7,17 @@ group :development do
|
|
|
7
7
|
end
|
|
8
8
|
|
|
9
9
|
group :test do
|
|
10
|
-
gem 'smart_proxy_dynflow', :path => '.'
|
|
11
10
|
gem 'smart_proxy', :git => "https://github.com/theforeman/smart-proxy", :branch => "develop"
|
|
11
|
+
gem 'smart_proxy_dynflow', :path => '.'
|
|
12
12
|
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
gem 'rainbow', '< 3'
|
|
17
|
-
else
|
|
18
|
-
gem 'rubocop', '~> 0.52.1'
|
|
19
|
-
gem 'public_suffix'
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
if RUBY_VERSION < '2.2'
|
|
23
|
-
gem 'rack-test', '< 0.8'
|
|
24
|
-
else
|
|
25
|
-
gem 'rack-test'
|
|
26
|
-
end
|
|
13
|
+
gem 'public_suffix'
|
|
14
|
+
gem 'rack-test'
|
|
15
|
+
gem 'rubocop', '~> 0.52.1'
|
|
27
16
|
end
|
|
28
17
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
else
|
|
33
|
-
gem 'sinatra'
|
|
34
|
-
gem 'rack', '>= 1.1'
|
|
35
|
-
end
|
|
18
|
+
gem 'logging-journald', '~> 2.0', :platforms => [:ruby]
|
|
19
|
+
gem 'rack', '>= 1.1'
|
|
20
|
+
gem 'sinatra'
|
|
36
21
|
|
|
37
22
|
# load bundler.d
|
|
38
23
|
Dir["#{File.dirname(__FILE__)}/bundler.d/*.rb"].each do |bundle|
|
|
@@ -6,18 +6,53 @@ module Proxy
|
|
|
6
6
|
class Dynflow
|
|
7
7
|
class Api < ::Sinatra::Base
|
|
8
8
|
helpers ::Proxy::Helpers
|
|
9
|
+
helpers ::Proxy::Log
|
|
9
10
|
helpers ::Proxy::Dynflow::Helpers
|
|
10
11
|
|
|
11
12
|
before do
|
|
12
|
-
logger = Proxy::LogBuffer::Decorator.instance
|
|
13
13
|
content_type :json
|
|
14
|
-
if request.env['HTTP_AUTHORIZATION'] && request.
|
|
14
|
+
if request.env['HTTP_AUTHORIZATION'] && request.path_info =~ %r{/tasks/.*/(update|done)}
|
|
15
15
|
# Halt running before callbacks if a token is provided and the request is notifying about task being done
|
|
16
16
|
return
|
|
17
|
+
else
|
|
18
|
+
do_authorize_with_ssl_client
|
|
19
|
+
do_authorize_with_trusted_hosts
|
|
17
20
|
end
|
|
18
21
|
end
|
|
19
22
|
|
|
20
|
-
|
|
23
|
+
# TODO: move this to foreman-proxy to reduce code duplicities
|
|
24
|
+
def do_authorize_with_trusted_hosts
|
|
25
|
+
# When :trusted_hosts is given, we check the client against the list
|
|
26
|
+
# HTTPS: test the certificate CN
|
|
27
|
+
# HTTP: test the reverse DNS entry of the remote IP
|
|
28
|
+
trusted_hosts = Proxy::SETTINGS.trusted_hosts
|
|
29
|
+
if trusted_hosts
|
|
30
|
+
if ['yes', 'on', 1].include? request.env['HTTPS'].to_s
|
|
31
|
+
fqdn = https_cert_cn
|
|
32
|
+
source = 'SSL_CLIENT_CERT'
|
|
33
|
+
else
|
|
34
|
+
fqdn = remote_fqdn(Proxy::SETTINGS.forward_verify)
|
|
35
|
+
source = 'REMOTE_ADDR'
|
|
36
|
+
end
|
|
37
|
+
fqdn = fqdn.downcase
|
|
38
|
+
logger.debug "verifying remote client #{fqdn} (based on #{source}) against trusted_hosts #{trusted_hosts}"
|
|
39
|
+
|
|
40
|
+
unless Proxy::SETTINGS.trusted_hosts.include?(fqdn)
|
|
41
|
+
log_halt 403, "Untrusted client #{fqdn} attempted " \
|
|
42
|
+
"to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
def do_authorize_with_ssl_client
|
|
48
|
+
if %w[yes on 1].include? request.env['HTTPS'].to_s
|
|
49
|
+
if request.env['SSL_CLIENT_CERT'].to_s.empty?
|
|
50
|
+
log_halt 403, "No client SSL certificate supplied"
|
|
51
|
+
end
|
|
52
|
+
else
|
|
53
|
+
logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
|
|
54
|
+
end
|
|
55
|
+
end
|
|
21
56
|
|
|
22
57
|
post "/*" do
|
|
23
58
|
relay_request
|
|
@@ -10,15 +10,17 @@ module Proxy
|
|
|
10
10
|
|
|
11
11
|
def relay(request, from, to)
|
|
12
12
|
path = request.path.gsub(from, to)
|
|
13
|
-
|
|
13
|
+
message = "Proxy request from #{request.host_with_port}#{request.path} to #{uri}#{path}"
|
|
14
|
+
Proxy::LogBuffer::Decorator.instance.debug message
|
|
14
15
|
req = case request.env['REQUEST_METHOD']
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
16
|
+
when 'GET'
|
|
17
|
+
request_factory.create_get path, request.env['rack.request.query_hash']
|
|
18
|
+
when 'POST'
|
|
19
|
+
request_factory.create_post path, request.body.read
|
|
19
20
|
end
|
|
20
21
|
req['X-Forwarded-For'] = request.env['HTTP_HOST']
|
|
21
22
|
req['AUTHORIZATION'] = request.env['HTTP_AUTHORIZATION']
|
|
23
|
+
req['X-Request-Id'] = ::Logging.mdc['request']
|
|
22
24
|
response = send_request req
|
|
23
25
|
Proxy::LogBuffer::Decorator.instance.debug "Proxy request status #{response.code} - #{response}"
|
|
24
26
|
response
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
module Proxy
|
|
2
2
|
class Dynflow
|
|
3
3
|
module Helpers
|
|
4
|
-
def relay_request(from =
|
|
4
|
+
def relay_request(from = %r{^/dynflow}, to = '')
|
|
5
5
|
response = Proxy::Dynflow::Callback::Core.relay(request, from, to)
|
|
6
6
|
content_type response.content_type
|
|
7
7
|
status response.code
|
|
@@ -1,7 +1,21 @@
|
|
|
1
|
-
|
|
1
|
+
# Internal core will be used if external core is either disabled or unset
|
|
2
|
+
# and the core gem can be loaded
|
|
2
3
|
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
if !::Proxy::Dynflow::Plugin.settings.external_core && Proxy::Dynflow::Plugin.internal_core_available?
|
|
5
|
+
require 'smart_proxy_dynflow_core/api'
|
|
6
|
+
require 'smart_proxy_dynflow_core/launcher'
|
|
7
|
+
|
|
8
|
+
SmartProxyDynflowCore::Settings.load_from_proxy(p)
|
|
9
|
+
|
|
10
|
+
map "/dynflow" do
|
|
11
|
+
SmartProxyDynflowCore::Launcher.route_mapping(self)
|
|
12
|
+
end
|
|
13
|
+
else
|
|
14
|
+
require 'smart_proxy_dynflow/api'
|
|
15
|
+
|
|
16
|
+
map "/dynflow" do
|
|
17
|
+
map '/' do
|
|
18
|
+
run Proxy::Dynflow::Api
|
|
19
|
+
end
|
|
6
20
|
end
|
|
7
21
|
end
|
|
@@ -4,27 +4,28 @@ require 'proxy/plugin'
|
|
|
4
4
|
|
|
5
5
|
class Proxy::Dynflow
|
|
6
6
|
class Plugin < Proxy::Plugin
|
|
7
|
-
rackup_path =
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
rescue LoadError
|
|
11
|
-
'http_config.ru'
|
|
12
|
-
end
|
|
13
|
-
http_rackup_path File.expand_path(rackup_path, File.expand_path("../", __FILE__))
|
|
14
|
-
https_rackup_path File.expand_path(rackup_path, File.expand_path("../", __FILE__))
|
|
7
|
+
rackup_path = File.expand_path('http_config.ru', __dir__)
|
|
8
|
+
http_rackup_path rackup_path
|
|
9
|
+
https_rackup_path rackup_path
|
|
15
10
|
|
|
16
11
|
settings_file "dynflow.yml"
|
|
17
|
-
requires :foreman_proxy, ">= 1.
|
|
12
|
+
requires :foreman_proxy, ">= 1.16.0"
|
|
18
13
|
default_settings :core_url => 'http://localhost:8008'
|
|
19
14
|
plugin :dynflow, Proxy::Dynflow::VERSION
|
|
20
15
|
|
|
21
16
|
after_activation do
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
# Dynflow core is not available in the proxy, will be handled
|
|
26
|
-
# by standalone Dynflow core
|
|
17
|
+
# Ensure the core gem is loaded, if configure NOT to use the external core
|
|
18
|
+
if Proxy::Dynflow::Plugin.settings.external_core == false && !internal_core_available?
|
|
19
|
+
raise "'smart_proxy_dynflow_core' gem is required, but not available"
|
|
27
20
|
end
|
|
28
21
|
end
|
|
22
|
+
|
|
23
|
+
def self.internal_core_available?
|
|
24
|
+
@core_available ||= begin
|
|
25
|
+
require 'smart_proxy_dynflow_core'
|
|
26
|
+
true
|
|
27
|
+
rescue LoadError # rubocop:disable Lint/HandleExceptions
|
|
28
|
+
end
|
|
29
|
+
end
|
|
29
30
|
end
|
|
30
31
|
end
|
|
@@ -2,3 +2,8 @@
|
|
|
2
2
|
:enabled: true
|
|
3
3
|
:database: /var/lib/foreman-proxy/dynflow/dynflow.sqlite
|
|
4
4
|
:core_url: 'http://127.0.0.1:8008'
|
|
5
|
+
|
|
6
|
+
# If true, external core will be used even if the core gem is available
|
|
7
|
+
# If false, the feature will be disabled if the core gem is not available
|
|
8
|
+
# If unset, the process will fallback to external core if the core gem is not available
|
|
9
|
+
# :external_core: true
|
metadata
CHANGED
|
@@ -1,43 +1,43 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 1980-01-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: logging
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - "
|
|
17
|
+
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: '
|
|
20
|
-
type: :
|
|
19
|
+
version: '0'
|
|
20
|
+
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - "
|
|
24
|
+
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: bundler
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- - "
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '
|
|
33
|
+
version: '1.7'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- - "
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '
|
|
40
|
+
version: '1.7'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: minitest
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -67,33 +67,47 @@ dependencies:
|
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '1'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
|
-
name:
|
|
70
|
+
name: rack-test
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
73
|
- - "~>"
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
|
-
version: '
|
|
75
|
+
version: '0'
|
|
76
76
|
type: :development
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
80
|
- - "~>"
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
|
-
version: '
|
|
82
|
+
version: '0'
|
|
83
83
|
- !ruby/object:Gem::Dependency
|
|
84
|
-
name:
|
|
84
|
+
name: rake
|
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
|
86
86
|
requirements:
|
|
87
87
|
- - "~>"
|
|
88
88
|
- !ruby/object:Gem::Version
|
|
89
|
-
version: '0'
|
|
89
|
+
version: '10.0'
|
|
90
90
|
type: :development
|
|
91
91
|
prerelease: false
|
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
|
93
93
|
requirements:
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
|
-
version: '0'
|
|
96
|
+
version: '10.0'
|
|
97
|
+
- !ruby/object:Gem::Dependency
|
|
98
|
+
name: webmock
|
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
|
100
|
+
requirements:
|
|
101
|
+
- - "~>"
|
|
102
|
+
- !ruby/object:Gem::Version
|
|
103
|
+
version: '1'
|
|
104
|
+
type: :development
|
|
105
|
+
prerelease: false
|
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
+
requirements:
|
|
108
|
+
- - "~>"
|
|
109
|
+
- !ruby/object:Gem::Version
|
|
110
|
+
version: '1'
|
|
97
111
|
description: " Use the Dynflow inside Foreman smart proxy\n"
|
|
98
112
|
email:
|
|
99
113
|
- inecas@redhat.com
|
|
@@ -109,33 +123,31 @@ files:
|
|
|
109
123
|
- lib/smart_proxy_dynflow/callback.rb
|
|
110
124
|
- lib/smart_proxy_dynflow/helpers.rb
|
|
111
125
|
- lib/smart_proxy_dynflow/http_config.ru
|
|
112
|
-
- lib/smart_proxy_dynflow/http_config_with_executor.ru
|
|
113
126
|
- lib/smart_proxy_dynflow/plugin.rb
|
|
114
127
|
- lib/smart_proxy_dynflow/proxy_adapter.rb
|
|
115
128
|
- lib/smart_proxy_dynflow/version.rb
|
|
116
129
|
- settings.d/dynflow.yml.example
|
|
117
130
|
homepage: https://github.com/theforeman/smart_proxy_dynflow
|
|
118
131
|
licenses:
|
|
119
|
-
-
|
|
132
|
+
- GPL-3.0
|
|
120
133
|
metadata: {}
|
|
121
|
-
post_install_message:
|
|
134
|
+
post_install_message:
|
|
122
135
|
rdoc_options: []
|
|
123
136
|
require_paths:
|
|
124
137
|
- lib
|
|
125
138
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
126
139
|
requirements:
|
|
127
|
-
- - "
|
|
140
|
+
- - "~>"
|
|
128
141
|
- !ruby/object:Gem::Version
|
|
129
|
-
version: '
|
|
142
|
+
version: '2.5'
|
|
130
143
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
144
|
requirements:
|
|
132
145
|
- - ">="
|
|
133
146
|
- !ruby/object:Gem::Version
|
|
134
147
|
version: '0'
|
|
135
148
|
requirements: []
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
signing_key:
|
|
149
|
+
rubygems_version: 3.1.2
|
|
150
|
+
signing_key:
|
|
139
151
|
specification_version: 4
|
|
140
152
|
summary: Dynflow runtime for Foreman smart proxy
|
|
141
153
|
test_files: []
|