smart_proxy_dynflow 0.1.11 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Gemfile +3 -0
- data/lib/smart_proxy_dynflow/api.rb +2 -37
- data/lib/smart_proxy_dynflow/version.rb +1 -1
- metadata +3 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: f0d3649273534756b41181d6ff5c4f280cd836064cc1e156882478041c206012
|
|
4
|
+
data.tar.gz: ccb29459a346b59e24ccdd1db3e8d78ce1627bb0cd70cd81011f6314d7b9e162
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7544fc2af767a45393d48e7bc0fa5fdac1b2e1fa8bdeb62af26af29ab342a2ac22c5c0beacd4ce3fcf0d8d6b3554ae62d80536b6e8d71755a1f6c08577f1fb8c
|
|
7
|
+
data.tar.gz: f11e9b70127d83167d53ff19529d0140f121c6909693faa043f94bfd2c5d92ea86b11b93236592c773e95274980f9807d7bbcd231dbf57a2b7dbc4571379fa16
|
data/Gemfile
CHANGED
|
@@ -6,53 +6,18 @@ module Proxy
|
|
|
6
6
|
class Dynflow
|
|
7
7
|
class Api < ::Sinatra::Base
|
|
8
8
|
helpers ::Proxy::Helpers
|
|
9
|
-
helpers ::Proxy::Log
|
|
10
9
|
helpers ::Proxy::Dynflow::Helpers
|
|
11
10
|
|
|
12
11
|
before do
|
|
12
|
+
logger = Proxy::LogBuffer::Decorator.instance
|
|
13
13
|
content_type :json
|
|
14
14
|
if request.env['HTTP_AUTHORIZATION'] && request.env['PATH_INFO'].end_with?('/done')
|
|
15
15
|
# Halt running before callbacks if a token is provided and the request is notifying about task being done
|
|
16
16
|
return
|
|
17
|
-
else
|
|
18
|
-
do_authorize_with_ssl_client
|
|
19
|
-
do_authorize_with_trusted_hosts
|
|
20
17
|
end
|
|
21
18
|
end
|
|
22
19
|
|
|
23
|
-
|
|
24
|
-
# TODO: move this to foreman-proxy to reduce code duplicities
|
|
25
|
-
def do_authorize_with_trusted_hosts
|
|
26
|
-
# When :trusted_hosts is given, we check the client against the list
|
|
27
|
-
# HTTPS: test the certificate CN
|
|
28
|
-
# HTTP: test the reverse DNS entry of the remote IP
|
|
29
|
-
trusted_hosts = Proxy::SETTINGS.trusted_hosts
|
|
30
|
-
if trusted_hosts
|
|
31
|
-
if [ 'yes', 'on', 1 ].include? request.env['HTTPS'].to_s
|
|
32
|
-
fqdn = https_cert_cn
|
|
33
|
-
source = 'SSL_CLIENT_CERT'
|
|
34
|
-
else
|
|
35
|
-
fqdn = remote_fqdn(Proxy::SETTINGS.forward_verify)
|
|
36
|
-
source = 'REMOTE_ADDR'
|
|
37
|
-
end
|
|
38
|
-
fqdn = fqdn.downcase
|
|
39
|
-
logger.debug "verifying remote client #{fqdn} (based on #{source}) against trusted_hosts #{trusted_hosts}"
|
|
40
|
-
|
|
41
|
-
unless Proxy::SETTINGS.trusted_hosts.include?(fqdn)
|
|
42
|
-
log_halt 403, "Untrusted client #{fqdn} attempted to access #{request.path_info}. Check :trusted_hosts: in settings.yml"
|
|
43
|
-
end
|
|
44
|
-
end
|
|
45
|
-
end
|
|
46
|
-
|
|
47
|
-
def do_authorize_with_ssl_client
|
|
48
|
-
if ['yes', 'on', '1'].include? request.env['HTTPS'].to_s
|
|
49
|
-
if request.env['SSL_CLIENT_CERT'].to_s.empty?
|
|
50
|
-
log_halt 403, "No client SSL certificate supplied"
|
|
51
|
-
end
|
|
52
|
-
else
|
|
53
|
-
logger.debug('require_ssl_client_verification: skipping, non-HTTPS request')
|
|
54
|
-
end
|
|
55
|
-
end
|
|
20
|
+
helpers Sinatra::Authorization
|
|
56
21
|
|
|
57
22
|
post "/*" do
|
|
58
23
|
relay_request
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: smart_proxy_dynflow
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ivan Nečas
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,20 +94,6 @@ dependencies:
|
|
|
94
94
|
- - "~>"
|
|
95
95
|
- !ruby/object:Gem::Version
|
|
96
96
|
version: '0'
|
|
97
|
-
- !ruby/object:Gem::Dependency
|
|
98
|
-
name: rubocop
|
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
|
100
|
-
requirements:
|
|
101
|
-
- - '='
|
|
102
|
-
- !ruby/object:Gem::Version
|
|
103
|
-
version: 0.32.1
|
|
104
|
-
type: :development
|
|
105
|
-
prerelease: false
|
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
107
|
-
requirements:
|
|
108
|
-
- - '='
|
|
109
|
-
- !ruby/object:Gem::Version
|
|
110
|
-
version: 0.32.1
|
|
111
97
|
description: " Use the Dynflow inside Foreman smart proxy\n"
|
|
112
98
|
email:
|
|
113
99
|
- inecas@redhat.com
|
|
@@ -148,7 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
148
134
|
version: '0'
|
|
149
135
|
requirements: []
|
|
150
136
|
rubyforge_project:
|
|
151
|
-
rubygems_version: 2.
|
|
137
|
+
rubygems_version: 2.7.3
|
|
152
138
|
signing_key:
|
|
153
139
|
specification_version: 4
|
|
154
140
|
summary: Dynflow runtime for Foreman smart proxy
|