smart_proxy_dynflow 0.1.11 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of smart_proxy_dynflow might be problematic. Click here for more details.
- checksums.yaml +5 -5
- data/Gemfile +3 -0
- data/lib/smart_proxy_dynflow/api.rb +2 -37
- data/lib/smart_proxy_dynflow/version.rb +1 -1
- metadata +3 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f0d3649273534756b41181d6ff5c4f280cd836064cc1e156882478041c206012
|
4
|
+
data.tar.gz: ccb29459a346b59e24ccdd1db3e8d78ce1627bb0cd70cd81011f6314d7b9e162
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7544fc2af767a45393d48e7bc0fa5fdac1b2e1fa8bdeb62af26af29ab342a2ac22c5c0beacd4ce3fcf0d8d6b3554ae62d80536b6e8d71755a1f6c08577f1fb8c
|
7
|
+
data.tar.gz: f11e9b70127d83167d53ff19529d0140f121c6909693faa043f94bfd2c5d92ea86b11b93236592c773e95274980f9807d7bbcd231dbf57a2b7dbc4571379fa16
|
data/Gemfile
CHANGED
@@ -6,53 +6,18 @@ module Proxy
|
|
6
6
|
class Dynflow
|
7
7
|
class Api < ::Sinatra::Base
|
8
8
|
helpers ::Proxy::Helpers
|
9
|
-
helpers ::Proxy::Log
|
10
9
|
helpers ::Proxy::Dynflow::Helpers
|
11
10
|
|
12
11
|
before do
|
12
|
+
logger = Proxy::LogBuffer::Decorator.instance
|
13
13
|
content_type :json
|
14
14
|
if request.env['HTTP_AUTHORIZATION'] && request.env['PATH_INFO'].end_with?('/done')
|
15
15
|
# Halt running before callbacks if a token is provided and the request is notifying about task being done
|
16
16
|
return
|
17
|
-
else
|
18
|
-
do_authorize_with_ssl_client
|
19
|
-
do_authorize_with_trusted_hosts
|
20
17
|
end
|
21
18
|
end
|
22
19
|
|
23
|
-
|
24
|
-
# TODO: move this to foreman-proxy to reduce code duplicities
|
25
|
-
def do_authorize_with_trusted_hosts
|
26
|
-
# When :trusted_hosts is given, we check the client against the list
|
27
|
-
# HTTPS: test the certificate CN
|
28
|
-
# HTTP: test the reverse DNS entry of the remote IP
|
29
|
-
trusted_hosts = Proxy::SETTINGS.trusted_hosts
|
30
|
-
if trusted_hosts
|
31
|
-
if [ 'yes', 'on', 1 ].include? request.env['HTTPS'].to_s
|
32
|
-
fqdn = https_cert_cn
|
33
|
-
source = 'SSL_CLIENT_CERT'
|
34
|
-
else
|
35
|
-
fqdn = remote_fqdn(Proxy::SETTINGS.forward_verify)
|
36
|
-
source = 'REMOTE_ADDR'
|
37
|
-
end
|
38
|
-
fqdn = fqdn.downcase
|
39
|
-
logger.debug "verifying remote client #{fqdn} (based on #{source}) against trusted_hosts #{trusted_hosts}"
|
40
|
-
|
41
|
-
unless Proxy::SETTINGS.trusted_hosts.include?(fqdn)
|
42
|
-
log_halt 403, "Untrusted client #{fqdn} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
43
|
-
end
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
def do_authorize_with_ssl_client
|
48
|
-
if ['yes', 'on', '1'].include? request.env['HTTPS'].to_s
|
49
|
-
if request.env['SSL_CLIENT_CERT'].to_s.empty?
|
50
|
-
log_halt 403, "No client SSL certificate supplied"
|
51
|
-
end
|
52
|
-
else
|
53
|
-
logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
|
54
|
-
end
|
55
|
-
end
|
20
|
+
helpers Sinatra::Authorization
|
56
21
|
|
57
22
|
post "/*" do
|
58
23
|
relay_request
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: smart_proxy_dynflow
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ivan Nečas
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-04-05 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -94,20 +94,6 @@ dependencies:
|
|
94
94
|
- - "~>"
|
95
95
|
- !ruby/object:Gem::Version
|
96
96
|
version: '0'
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: rubocop
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - '='
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: 0.32.1
|
104
|
-
type: :development
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - '='
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: 0.32.1
|
111
97
|
description: " Use the Dynflow inside Foreman smart proxy\n"
|
112
98
|
email:
|
113
99
|
- inecas@redhat.com
|
@@ -148,7 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
148
134
|
version: '0'
|
149
135
|
requirements: []
|
150
136
|
rubyforge_project:
|
151
|
-
rubygems_version: 2.
|
137
|
+
rubygems_version: 2.7.3
|
152
138
|
signing_key:
|
153
139
|
specification_version: 4
|
154
140
|
summary: Dynflow runtime for Foreman smart proxy
|