ref(relay): Remove PK and rely on INTERNAL_IPS (#572)

This patch adds `INTERNAL_IPS` definition to `sentry.conf.py` by sniffing the network from eth0 and relies on this for trusted Relays instead of the ALLOWLISTED PKs. This removes the necessity of syncing Relay PKs to `sentry.conf.py`. This PR needs getsentry/sentry#19798 to work.
2020-07-10 23:53:50 +03:00
parent 9d44b99c55
commit 73213bc51f
4 changed files with 32 additions and 14 deletions
--- a/sentry/sentry.conf.example.py
+++ b/sentry/sentry.conf.example.py
@ -3,6 +3,36 @@

 from sentry.conf.server import *  # NOQA

+
+# Generously adapted from pynetlinux: https://git.io/JJmga
+def get_internal_network():
+    import ctypes
+    import fcntl
+    import math
+    import socket
+    import struct
+
+    iface = 'eth0'
+    sockfd = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    ifreq = struct.pack('16sH14s', iface, socket.AF_INET, b'\x00' * 14)
+
+    try:
+        ip = struct.unpack(
+            "!I", struct.unpack('16sH2x4s8x', fcntl.ioctl(sockfd, 0x8915, ifreq))[2]
+        )[0]
+        netmask = socket.ntohl(
+            struct.unpack('16sH2xI8x', fcntl.ioctl(sockfd, 0x891B, ifreq))[2]
+        )
+    except IOError:
+        return ()
+    base = socket.inet_ntoa(struct.pack("!I", ip & netmask))
+    netmask_bits = 32 - int(round(math.log(ctypes.c_uint32(~netmask).value + 1, 2), 1))
+    return ('{0:s}/{1:d}'.format(base, netmask_bits),)
+
+
+INTERNAL_IPS = get_internal_network()
+INTERNAL_SYSTEM_IPS = INTERNAL_IPS
+
 DATABASES = {
    "default": {
        "ENGINE": "sentry.db.postgres",