Merge pull request ManageIQ#432 from NickLaMuro/monkey-patch-aws-sdk-…

…core-for-proxy-auth-fix Add patch to aws-sdk-core to fix auth bug
AlexanderZagaynov · Apr 17, 2018 · 2b2c87f · 2b2c87f
2 parents beed01f + 14c78d7
commit 2b2c87f
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/app/models/authenticator/amazon.rb b/app/models/authenticator/amazon.rb
@@ -130,6 +130,7 @@ def aws_connect(access_key_id, secret_access_key, service = :IAM, proxy_uri = ni
       proxy_uri ||= VMDB::Util.http_proxy_uri
 
       require 'aws-sdk'
+      require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch'
       Aws.const_get(service)::Resource.new(
         :access_key_id     => access_key_id,
         :secret_access_key => secret_access_key,

diff --git a/app/models/manageiq/providers/amazon/manager_mixin.rb b/app/models/manageiq/providers/amazon/manager_mixin.rb
@@ -50,6 +50,7 @@ module ClassMethods
 
     def raw_connect(access_key_id, secret_access_key, service, region, proxy_uri = nil, validate = false)
       require 'aws-sdk'
+      require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch'
 
       connection = Aws.const_get(service)::Resource.new(
         :access_key_id     => access_key_id,
@@ -84,6 +85,7 @@ def connection_rescue_block
 
     def translate_exception(err)
       require 'aws-sdk'
+      require 'patches/aws-sdk-core/seahorse_client_net_http_pool_patch'
       case err
       when Aws::EC2::Errors::SignatureDoesNotMatch
         MiqException::MiqHostError.new "SignatureMismatch - check your AWS Secret Access Key and signing method"

diff --git a/lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb b/lib/patches/aws-sdk-core/seahorse_client_net_http_pool_patch.rb
@@ -0,0 +1,44 @@
+# Autoload the connection pool
+Seahorse::Client::NetHttp::ConnectionPool
+
+module Seahorse
+  module Client
+    module NetHttp
+      class ConnectionPool
+        def start_session endpoint
+
+          endpoint = URI.parse(endpoint)
+
+          args = []
+          args << endpoint.host
+          args << endpoint.port
+          args << http_proxy.host
+          args << http_proxy.port
+          args << (http_proxy.user && CGI::unescape(http_proxy.user))
+          args << (http_proxy.password && CGI::unescape(http_proxy.password))
+
+          http = ExtendedSession.new(Net::HTTP.new(*args.compact))
+          http.set_debug_output(logger) if http_wire_trace?
+          http.open_timeout = http_open_timeout
+
+          if endpoint.scheme == 'https'
+            http.use_ssl = true
+            if ssl_verify_peer?
+              http.verify_mode = OpenSSL::SSL::VERIFY_PEER
+              http.ca_file = ssl_ca_bundle if ssl_ca_bundle
+              http.ca_path = ssl_ca_directory if ssl_ca_directory
+              http.cert_store = ssl_ca_store if ssl_ca_store
+            else
+              http.verify_mode = OpenSSL::SSL::VERIFY_NONE
+            end
+          else
+            http.use_ssl = false
+          end
+
+          http.start
+          http
+        end
+      end
+    end
+  end
+end