Class: InstanceAgent::Plugins::CodeDeployPlugin::DeploymentSpecification

Inherits:
Object
  • Object
show all
Defined in:
lib/instance_agent/plugins/codedeploy/deployment_specification.rb

Class Attribute Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(data) ⇒ DeploymentSpecification

Returns a new instance of DeploymentSpecification.



27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 27

def initialize(data)
  raise 'Deployment Spec has no DeploymentId' unless property_set?(data, "DeploymentId")
  raise 'Deployment Spec has no DeploymentGroupId' unless property_set?(data, "DeploymentGroupId")
  raise 'Deployment Spec has no DeploymentGroupName' unless property_set?(data, "DeploymentGroupName")
  raise 'Deployment Spec has no ApplicationName' unless property_set?(data, "ApplicationName")

  @application_name = data["ApplicationName"]
  @deployment_group_name = data["DeploymentGroupName"]

  if data["DeploymentId"].start_with?("arn:")
    @deployment_id = getDeploymentIdFromArn(data["DeploymentId"])
  else
    @deployment_id = data["DeploymentId"]
  end
  @deployment_group_id = data["DeploymentGroupId"]

  raise 'Must specify a revison' unless data["Revision"]
  @revision_source = data["Revision"]["RevisionType"]
  raise 'Must specify a revision source' unless @revision_source

  case @revision_source
  when 'S3'
    @revision = data["Revision"]["S3Revision"]
    raise 'S3Revision in Deployment Spec must specify Bucket, Key and BundleType' unless valid_s3_revision?(@revision)
    raise 'BundleType in S3Revision must be tar, tgz or zip' unless valid_bundle_type?(@revision)

    @bucket = @revision["Bucket"]
    @key = @revision["Key"]
    @bundle_type = @revision["BundleType"]
    @version = @revision["Version"]
    @etag = @revision["ETag"]
  when 'GitHub'
    @revision = data["Revision"]["GitHubRevision"]
    raise 'GitHubRevision in Deployment Spec must specify Account, Repository and CommitId' unless valid_github_revision?(revision)
    @external_account = revision["Account"]
    @repository = revision["Repository"]
    @commit_id = revision["CommitId"]
    @external_auth_token = data["GitHubAccessToken"]
    @anonymous = @external_auth_token.nil?
  else
    raise 'Exactly one of S3Revision or GitHubRevision must be specified'
  end
end

Class Attribute Details

.cert_storeObject

Returns the value of attribute cert_store.



12
13
14
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 12

def cert_store
  @cert_store
end

Instance Attribute Details

#anonymousObject

Returns the value of attribute anonymous.



10
11
12
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 10

def anonymous
  @anonymous
end

#application_nameObject

Returns the value of attribute application_name.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def application_name
  @application_name
end

#bucketObject

Returns the value of attribute bucket.



9
10
11
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 9

def bucket
  @bucket
end

#bundle_typeObject

Returns the value of attribute bundle_type.



9
10
11
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 9

def bundle_type
  @bundle_type
end

#commit_idObject

Returns the value of attribute commit_id.



10
11
12
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 10

def commit_id
  @commit_id
end

#deployment_group_idObject

Returns the value of attribute deployment_group_id.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def deployment_group_id
  @deployment_group_id
end

#deployment_group_nameObject

Returns the value of attribute deployment_group_name.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def deployment_group_name
  @deployment_group_name
end

#deployment_idObject

Returns the value of attribute deployment_id.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def deployment_id
  @deployment_id
end

#etagObject

Returns the value of attribute etag.



9
10
11
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 9

def etag
  @etag
end

#external_accountObject

Returns the value of attribute external_account.



10
11
12
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 10

def 
  @external_account
end

#external_auth_tokenObject

Returns the value of attribute external_auth_token.



10
11
12
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 10

def external_auth_token
  @external_auth_token
end

#keyObject

Returns the value of attribute key.



9
10
11
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 9

def key
  @key
end

#repositoryObject

Returns the value of attribute repository.



10
11
12
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 10

def repository
  @repository
end

#revisionObject

Returns the value of attribute revision.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def revision
  @revision
end

#revision_sourceObject

Returns the value of attribute revision_source.



8
9
10
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 8

def revision_source
  @revision_source
end

#versionObject

Returns the value of attribute version.



9
10
11
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 9

def version
  @version
end

Class Method Details

.init_cert_store(ca_chain_path) ⇒ Object 



15
16
17
18
19
20
21
22
23
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 15

def self.init_cert_store(ca_chain_path)
  @cert_store = OpenSSL::X509::Store.new
  begin
    @cert_store.add_file ca_chain_path
  rescue OpenSSL::X509::StoreError => e
    raise "Could not load certificate store '#{ca_chain_path}'.\nCaused by: #{e.inspect}"
  end
  return @cert_store
end

.parse(envelope) ⇒ Object 



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/instance_agent/plugins/codedeploy/deployment_specification.rb', line 71

def self.parse(envelope)
  raise 'Provided deployment spec was nil' if envelope.nil?

  case envelope.format
  when "PKCS7/JSON"
    pkcs7 = OpenSSL::PKCS7.new(envelope.payload)

    # The PKCS7_NOCHAIN flag tells OpenSSL to ignore any PKCS7 CA chain that might be attached
    # to the message directly and use the certificates from provided one only for validating the.
    # signer's certificate.
    #
    # However, it will allow use the PKCS7 signer certificate provided to validate the signature.
    #
    # http://www.openssl.org/docs/crypto/PKCS7_verify.html#VERIFY_PROCESS
    #
    # The ruby wrapper returns true if OpenSSL returns 1
    raise "Validation of PKCS7 signed message failed" unless pkcs7.verify([], @cert_store, nil, OpenSSL::PKCS7::NOCHAIN)

    signer_certs = pkcs7.certificates
    raise "Validation of PKCS7 signed message failed" unless signer_certs.size == 1
    raise "Validation of PKCS7 signed message failed" unless verify_pkcs7_signer_cert(signer_certs[0])

    deployment_spec = JSON.parse(pkcs7.data)

    sanitized_spec = deployment_spec.clone
    sanitized_spec["GitHubAccessToken"] &&= "REDACTED"
    InstanceAgent::Log.debug("#{self.to_s}: Parse: #{sanitized_spec}")

    return new(deployment_spec)
  else
    raise "Unsupported DeploymentSpecification format: #{envelope.format}"
  end
end