[SQS] Change IP check

lib/aws/rails/middleware/ebs_sqs_active_job_middleware.rb

@@ -81,7 +81,7 @@ def periodic_task?(request)
       end
 
       def sent_from_docker_host?(request)
-        app_runs_in_docker_container? && default_gw_ips.include?(request.ip)
+        app_runs_in_docker_container? && ip_originates_from_docker_host?(request)
       end
 
       def app_runs_in_docker_container?
@@ -96,23 +96,13 @@ def in_docker_container_with_cgroup2?
         File.exist?('/proc/self/mountinfo') && File.read('/proc/self/mountinfo') =~ %r{/docker/containers/}
       end
 
-      def default_gw_ips
-        default_gw_ips = ['172.17.0.1']
-
-        if File.exist?('/proc/net/route')
-          File.open('/proc/net/route').each_line do |line|
-            fields = line.strip.split
-            next if fields.size != 11
-
-            # Destination == 0.0.0.0 and Flags & RTF_GATEWAY != 0
-            if fields[1] == '00000000' && fields[3].hex.anybits?(0x2)
-              default_gw_ips << IPAddr.new_ntoh([fields[2].hex].pack('L')).to_s
-            end
-          end
-        end
-
-        default_gw_ips
+      def ip_originates_from_docker_host?(request)
+        (request.remote_ip =~ DOCKER_HOST_IP).present? or (request.remote_addr =~ DOCKER_HOST_IP).present?
       end
+
+      # 172.17.0.x is the default for Docker
+      # 172.18.0.x is the default for the bridge network of Docker Compose
+      DOCKER_HOST_IP = /172.1(7|8).0.\d+/.freeze
     end
   end
 end

spec/aws/rails/middleware/ebs_sqs_active_job_middleware_spec.rb

@@ -78,21 +78,10 @@ module Rails
         expect(response[0]).to eq(500)
       end
 
-      it 'successfully invokes job when docker default gateway ip is changed' do
-        mock_rack_env = create_mock_env('192.168.176.1', 'aws-sqsd/1.1', is_periodic_task: false)
+      it 'successfully invokes job when with default docker IP' do
+        mock_rack_env = create_mock_env('172.17.0.1', 'aws-sqsd/1.1', is_periodic_task: false)
         test_middleware = EbsSqsActiveJobMiddleware.new(mock_rack_app)
 
-        proc_net_route = <<~CONTENT
-          Iface\tDestination\tGateway\tFlags\tRefCnt\tUse\tMetric\tMask\tMTU\tWindow\tIRTT
-          eth0\t00000000\t01B0A8C0\t0003\t0\t0\t0\t00000000\t0\t0\t0
-          eth0\t00B0A8C0\t00000000\t0001\t0\t0\t0\t00F0FFFF\t0\t0\t0
-        CONTENT
-
-        allow(File).to receive(:exist?).and_call_original
-        allow(File).to receive(:open).and_call_original
-
-        expect(File).to receive(:exist?).with('/proc/net/route').and_return(true)
-        expect(File).to receive(:open).with('/proc/net/route').and_return(StringIO.new(proc_net_route))
         expect(test_middleware).to receive(:app_runs_in_docker_container?).and_return(true)
 
         response = test_middleware.call(mock_rack_env)
@@ -102,13 +91,10 @@ module Rails
         expect(response[2]).to eq(['Successfully ran job ElasticBeanstalkJob.'])
       end
 
-      it 'successfully invokes job when /proc/net/route does not exist' do
-        mock_rack_env = create_mock_env('172.17.0.1', 'aws-sqsd/1.1', is_periodic_task: false)
+      it 'successfully invokes job when with default docker compose IP' do
+        mock_rack_env = create_mock_env('172.18.0.1', 'aws-sqsd/1.1', is_periodic_task: false)
         test_middleware = EbsSqsActiveJobMiddleware.new(mock_rack_app)
 
-        allow(File).to receive(:exist?).and_call_original
-
-        expect(File).to receive(:exist?).with('/proc/net/route').and_return(false)
         expect(test_middleware).to receive(:app_runs_in_docker_container?).and_return(true)
 
         response = test_middleware.call(mock_rack_env)
@@ -118,6 +104,17 @@ module Rails
         expect(response[2]).to eq(['Successfully ran job ElasticBeanstalkJob.'])
       end
 
+      it 'fails to invoke job when non standard docker IP' do
+        mock_rack_env = create_mock_env('172.12.0.1', 'aws-sqsd/1.1', is_periodic_task: false)
+        test_middleware = EbsSqsActiveJobMiddleware.new(mock_rack_app)
+
+        expect(test_middleware).to receive(:app_runs_in_docker_container?).and_return(true)
+
+        response = test_middleware.call(mock_rack_env)
+
+        expect(response[0]).to eq(403)
+      end
+
       it 'successfully invokes job in docker container with cgroup1' do
         mock_rack_env = create_mock_env('172.17.0.1', 'aws-sqsd/1.1', is_periodic_task: false)
         test_middleware = EbsSqsActiveJobMiddleware.new(mock_rack_app)