cfn-vpn 0.4.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +31 -0
- data/.github/workflows/release-image.yml +33 -0
- data/Dockerfile +26 -0
- data/Gemfile.lock +30 -38
- data/README.md +1 -224
- data/cfn-vpn.gemspec +3 -3
- data/docs/README.md +44 -0
- data/docs/certificate-users.md +89 -0
- data/docs/getting-started.md +87 -0
- data/docs/modifying.md +67 -0
- data/docs/routes.md +82 -0
- data/docs/scheduling.md +32 -0
- data/docs/sessions.md +27 -0
- data/lib/cfnvpn.rb +32 -24
- data/lib/cfnvpn/{client.rb → actions/client.rb} +11 -8
- data/lib/cfnvpn/actions/embedded.rb +110 -0
- data/lib/cfnvpn/actions/init.rb +130 -0
- data/lib/cfnvpn/actions/modify.rb +149 -0
- data/lib/cfnvpn/actions/params.rb +73 -0
- data/lib/cfnvpn/{revoke.rb → actions/revoke.rb} +10 -8
- data/lib/cfnvpn/actions/routes.rb +144 -0
- data/lib/cfnvpn/{sessions.rb → actions/sessions.rb} +7 -6
- data/lib/cfnvpn/{share.rb → actions/share.rb} +10 -10
- data/lib/cfnvpn/actions/subnets.rb +78 -0
- data/lib/cfnvpn/certificates.rb +70 -21
- data/lib/cfnvpn/clientvpn.rb +34 -68
- data/lib/cfnvpn/compiler.rb +23 -0
- data/lib/cfnvpn/config.rb +34 -77
- data/lib/cfnvpn/{cloudformation.rb → deployer.rb} +48 -20
- data/lib/cfnvpn/globals.rb +16 -0
- data/lib/cfnvpn/log.rb +26 -26
- data/lib/cfnvpn/s3.rb +13 -3
- data/lib/cfnvpn/string.rb +29 -0
- data/lib/cfnvpn/templates/helper.rb +14 -0
- data/lib/cfnvpn/templates/vpn.rb +344 -0
- data/lib/cfnvpn/version.rb +1 -1
- metadata +56 -40
- data/lib/cfnvpn/cfhighlander.rb +0 -49
- data/lib/cfnvpn/init.rb +0 -107
- data/lib/cfnvpn/modify.rb +0 -102
- data/lib/cfnvpn/routes.rb +0 -83
- data/lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt +0 -27
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -44,46 +44,26 @@ dependencies:
|
|
44
44
|
- - "<"
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '2'
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: cfhighlander
|
49
|
-
requirement: !ruby/object:Gem::Requirement
|
50
|
-
requirements:
|
51
|
-
- - "~>"
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: '0.9'
|
54
|
-
- - "<"
|
55
|
-
- !ruby/object:Gem::Version
|
56
|
-
version: '1'
|
57
|
-
type: :runtime
|
58
|
-
prerelease: false
|
59
|
-
version_requirements: !ruby/object:Gem::Requirement
|
60
|
-
requirements:
|
61
|
-
- - "~>"
|
62
|
-
- !ruby/object:Gem::Version
|
63
|
-
version: '0.9'
|
64
|
-
- - "<"
|
65
|
-
- !ruby/object:Gem::Version
|
66
|
-
version: '1'
|
67
47
|
- !ruby/object:Gem::Dependency
|
68
48
|
name: cfndsl
|
69
49
|
requirement: !ruby/object:Gem::Requirement
|
70
50
|
requirements:
|
71
51
|
- - "~>"
|
72
52
|
- !ruby/object:Gem::Version
|
73
|
-
version: '
|
53
|
+
version: '1'
|
74
54
|
- - "<"
|
75
55
|
- !ruby/object:Gem::Version
|
76
|
-
version: '
|
56
|
+
version: '2'
|
77
57
|
type: :runtime
|
78
58
|
prerelease: false
|
79
59
|
version_requirements: !ruby/object:Gem::Requirement
|
80
60
|
requirements:
|
81
61
|
- - "~>"
|
82
62
|
- !ruby/object:Gem::Version
|
83
|
-
version: '
|
63
|
+
version: '1'
|
84
64
|
- - "<"
|
85
65
|
- !ruby/object:Gem::Version
|
86
|
-
version: '
|
66
|
+
version: '2'
|
87
67
|
- !ruby/object:Gem::Dependency
|
88
68
|
name: netaddr
|
89
69
|
requirement: !ruby/object:Gem::Requirement
|
@@ -178,6 +158,26 @@ dependencies:
|
|
178
158
|
- - "<"
|
179
159
|
- !ruby/object:Gem::Version
|
180
160
|
version: '2'
|
161
|
+
- !ruby/object:Gem::Dependency
|
162
|
+
name: aws-sdk-ssm
|
163
|
+
requirement: !ruby/object:Gem::Requirement
|
164
|
+
requirements:
|
165
|
+
- - "~>"
|
166
|
+
- !ruby/object:Gem::Version
|
167
|
+
version: '1'
|
168
|
+
- - "<"
|
169
|
+
- !ruby/object:Gem::Version
|
170
|
+
version: '2'
|
171
|
+
type: :runtime
|
172
|
+
prerelease: false
|
173
|
+
version_requirements: !ruby/object:Gem::Requirement
|
174
|
+
requirements:
|
175
|
+
- - "~>"
|
176
|
+
- !ruby/object:Gem::Version
|
177
|
+
version: '1'
|
178
|
+
- - "<"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '2'
|
181
181
|
- !ruby/object:Gem::Dependency
|
182
182
|
name: bundler
|
183
183
|
requirement: !ruby/object:Gem::Requirement
|
@@ -198,14 +198,14 @@ dependencies:
|
|
198
198
|
requirements:
|
199
199
|
- - "~>"
|
200
200
|
- !ruby/object:Gem::Version
|
201
|
-
version: '
|
201
|
+
version: '13.0'
|
202
202
|
type: :development
|
203
203
|
prerelease: false
|
204
204
|
version_requirements: !ruby/object:Gem::Requirement
|
205
205
|
requirements:
|
206
206
|
- - "~>"
|
207
207
|
- !ruby/object:Gem::Version
|
208
|
-
version: '
|
208
|
+
version: '13.0'
|
209
209
|
description: creates and manages resources for the aws client vpn
|
210
210
|
email:
|
211
211
|
- guslington@gmail.com
|
@@ -214,32 +214,49 @@ executables:
|
|
214
214
|
extensions: []
|
215
215
|
extra_rdoc_files: []
|
216
216
|
files:
|
217
|
+
- ".github/workflows/build-gem.yml"
|
218
|
+
- ".github/workflows/release-gem.yml"
|
219
|
+
- ".github/workflows/release-image.yml"
|
217
220
|
- ".gitignore"
|
218
221
|
- ".travis.yml"
|
222
|
+
- Dockerfile
|
219
223
|
- Gemfile
|
220
224
|
- Gemfile.lock
|
221
225
|
- LICENSE.txt
|
222
226
|
- README.md
|
223
227
|
- Rakefile
|
224
228
|
- cfn-vpn.gemspec
|
229
|
+
- docs/README.md
|
230
|
+
- docs/certificate-users.md
|
231
|
+
- docs/getting-started.md
|
232
|
+
- docs/modifying.md
|
233
|
+
- docs/routes.md
|
234
|
+
- docs/scheduling.md
|
235
|
+
- docs/sessions.md
|
225
236
|
- exe/cfn-vpn
|
226
237
|
- lib/cfnvpn.rb
|
227
238
|
- lib/cfnvpn/acm.rb
|
239
|
+
- lib/cfnvpn/actions/client.rb
|
240
|
+
- lib/cfnvpn/actions/embedded.rb
|
241
|
+
- lib/cfnvpn/actions/init.rb
|
242
|
+
- lib/cfnvpn/actions/modify.rb
|
243
|
+
- lib/cfnvpn/actions/params.rb
|
244
|
+
- lib/cfnvpn/actions/revoke.rb
|
245
|
+
- lib/cfnvpn/actions/routes.rb
|
246
|
+
- lib/cfnvpn/actions/sessions.rb
|
247
|
+
- lib/cfnvpn/actions/share.rb
|
248
|
+
- lib/cfnvpn/actions/subnets.rb
|
228
249
|
- lib/cfnvpn/certificates.rb
|
229
|
-
- lib/cfnvpn/cfhighlander.rb
|
230
|
-
- lib/cfnvpn/client.rb
|
231
250
|
- lib/cfnvpn/clientvpn.rb
|
232
|
-
- lib/cfnvpn/
|
251
|
+
- lib/cfnvpn/compiler.rb
|
233
252
|
- lib/cfnvpn/config.rb
|
234
|
-
- lib/cfnvpn/
|
253
|
+
- lib/cfnvpn/deployer.rb
|
254
|
+
- lib/cfnvpn/globals.rb
|
235
255
|
- lib/cfnvpn/log.rb
|
236
|
-
- lib/cfnvpn/modify.rb
|
237
|
-
- lib/cfnvpn/revoke.rb
|
238
|
-
- lib/cfnvpn/routes.rb
|
239
256
|
- lib/cfnvpn/s3.rb
|
240
|
-
- lib/cfnvpn/
|
241
|
-
- lib/cfnvpn/
|
242
|
-
- lib/cfnvpn/templates/
|
257
|
+
- lib/cfnvpn/string.rb
|
258
|
+
- lib/cfnvpn/templates/helper.rb
|
259
|
+
- lib/cfnvpn/templates/vpn.rb
|
243
260
|
- lib/cfnvpn/version.rb
|
244
261
|
homepage: https://github.com/base2services/aws-client-vpn
|
245
262
|
licenses:
|
@@ -263,8 +280,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
263
280
|
- !ruby/object:Gem::Version
|
264
281
|
version: '0'
|
265
282
|
requirements: []
|
266
|
-
|
267
|
-
rubygems_version: 2.7.6
|
283
|
+
rubygems_version: 3.1.4
|
268
284
|
signing_key:
|
269
285
|
specification_version: 4
|
270
286
|
summary: creates and manages resources for the aws client vpn
|
data/lib/cfnvpn/cfhighlander.rb
DELETED
@@ -1,49 +0,0 @@
|
|
1
|
-
require 'cfhighlander.publisher'
|
2
|
-
require 'cfhighlander.factory'
|
3
|
-
require 'cfhighlander.validator'
|
4
|
-
|
5
|
-
require 'cfnvpn/version'
|
6
|
-
|
7
|
-
module CfnVpn
|
8
|
-
class CfHiglander
|
9
|
-
|
10
|
-
def initialize(region, name, config, output_dir)
|
11
|
-
@component_name = name
|
12
|
-
@region = region
|
13
|
-
@config = config
|
14
|
-
@cfn_output_format = 'yaml'
|
15
|
-
ENV['CFHIGHLANDER_WORKDIR'] = output_dir
|
16
|
-
end
|
17
|
-
|
18
|
-
def render()
|
19
|
-
component = load_component(@component_name)
|
20
|
-
compiled = compile_component(component)
|
21
|
-
validate_component(component,compiled.cfn_template_paths)
|
22
|
-
cfn_template_paths = compiled.cfn_template_paths
|
23
|
-
return cfn_template_paths.select { |path| path.match(@component_name) }.first
|
24
|
-
end
|
25
|
-
|
26
|
-
private
|
27
|
-
|
28
|
-
def load_component(component_name)
|
29
|
-
factory = Cfhighlander::Factory::ComponentFactory.new
|
30
|
-
component = factory.loadComponentFromTemplate(component_name)
|
31
|
-
component.config = @config
|
32
|
-
component.version = CfnVpn::VERSION
|
33
|
-
component.load()
|
34
|
-
return component
|
35
|
-
end
|
36
|
-
|
37
|
-
def compile_component(component)
|
38
|
-
component_compiler = Cfhighlander::Compiler::ComponentCompiler.new(component)
|
39
|
-
component_compiler.compileCloudFormation(@cfn_output_format)
|
40
|
-
return component_compiler
|
41
|
-
end
|
42
|
-
|
43
|
-
def validate_component(component,template_paths)
|
44
|
-
component_validator = Cfhighlander::Cloudformation::Validator.new(component)
|
45
|
-
component_validator.validate(template_paths, @cfn_output_format)
|
46
|
-
end
|
47
|
-
|
48
|
-
end
|
49
|
-
end
|
data/lib/cfnvpn/init.rb
DELETED
@@ -1,107 +0,0 @@
|
|
1
|
-
require 'thor'
|
2
|
-
require 'fileutils'
|
3
|
-
require 'cfnvpn/cloudformation'
|
4
|
-
require 'cfnvpn/certificates'
|
5
|
-
require 'cfnvpn/cfhighlander'
|
6
|
-
require 'cfnvpn/cloudformation'
|
7
|
-
require 'cfnvpn/log'
|
8
|
-
require 'cfnvpn/clientvpn'
|
9
|
-
|
10
|
-
module CfnVpn
|
11
|
-
class Init < Thor::Group
|
12
|
-
include Thor::Actions
|
13
|
-
include CfnVpn::Log
|
14
|
-
|
15
|
-
argument :name
|
16
|
-
|
17
|
-
class_option :profile, aliases: :p, desc: 'AWS Profile'
|
18
|
-
class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
19
|
-
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
20
|
-
|
21
|
-
class_option :server_cn, required: true, desc: 'server certificate common name'
|
22
|
-
class_option :client_cn, desc: 'client certificate common name'
|
23
|
-
class_option :bucket, required: true, desc: 's3 bucket'
|
24
|
-
|
25
|
-
class_option :subnet_id, required: true, desc: 'subnet id to associate your vpn with'
|
26
|
-
class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
|
27
|
-
class_option :dns_servers, desc: 'DNS Servers to push to clients.'
|
28
|
-
|
29
|
-
class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
|
30
|
-
class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
|
31
|
-
class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
|
32
|
-
|
33
|
-
|
34
|
-
def self.source_root
|
35
|
-
File.dirname(__FILE__)
|
36
|
-
end
|
37
|
-
|
38
|
-
def set_loglevel
|
39
|
-
Log.logger.level = Logger::DEBUG if @options['verbose']
|
40
|
-
end
|
41
|
-
|
42
|
-
def create_build_directory
|
43
|
-
@build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
|
44
|
-
Log.logger.debug "creating directory #{@build_dir}"
|
45
|
-
FileUtils.mkdir_p(@build_dir)
|
46
|
-
end
|
47
|
-
|
48
|
-
def initialize_config
|
49
|
-
@config = {}
|
50
|
-
@config['parameters'] = {}
|
51
|
-
@config['parameters']['EnvironmentName'] = @name
|
52
|
-
@config['parameters']['AssociationSubnetId'] = @options['subnet_id']
|
53
|
-
@config['parameters']['ClientCidrBlock'] = @options['cidr']
|
54
|
-
@config['parameters']['DnsServers'] = @options['dns_servers']
|
55
|
-
@config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
|
56
|
-
@config['parameters']['InternetRoute'] = @options['internet_route'].to_s
|
57
|
-
@config['parameters']['Protocol'] = @options['protocol']
|
58
|
-
@config['template_version'] = '0.2.0'
|
59
|
-
end
|
60
|
-
|
61
|
-
def stack_exist
|
62
|
-
@cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
63
|
-
if @cfn.does_cf_stack_exist()
|
64
|
-
Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}"
|
65
|
-
exit 1
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
# create certificates
|
70
|
-
def generate_server_certificates
|
71
|
-
Log.logger.info "Generating certificates using openvpn easy-rsa"
|
72
|
-
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
73
|
-
@client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
|
74
|
-
Log.logger.debug cert.generate_ca(@options['server_cn'],@client_cn)
|
75
|
-
end
|
76
|
-
|
77
|
-
def upload_certificates
|
78
|
-
cert = CfnVpn::Certificates.new(@build_dir,@name)
|
79
|
-
@config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
|
80
|
-
@config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
|
81
|
-
s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
82
|
-
s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
|
83
|
-
end
|
84
|
-
|
85
|
-
def deploy_vpn
|
86
|
-
template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
|
87
|
-
Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
|
88
|
-
cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
|
89
|
-
template_path = cfhl.render()
|
90
|
-
Log.logger.debug "Cloudformation template #{template_path} generated and validated"
|
91
|
-
Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
|
92
|
-
cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
93
|
-
change_set, change_set_type = cfn.create_change_set(template_path, @config['parameters'])
|
94
|
-
cfn.wait_for_changeset(change_set.id)
|
95
|
-
cfn.execute_change_set(change_set.id)
|
96
|
-
cfn.wait_for_execute(change_set_type)
|
97
|
-
Log.logger.debug "Changeset #{change_set_type} complete"
|
98
|
-
end
|
99
|
-
|
100
|
-
def finish
|
101
|
-
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
102
|
-
@endpoint_id = vpn.get_endpoint_id()
|
103
|
-
Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
|
104
|
-
end
|
105
|
-
|
106
|
-
end
|
107
|
-
end
|
data/lib/cfnvpn/modify.rb
DELETED
@@ -1,102 +0,0 @@
|
|
1
|
-
require 'thor'
|
2
|
-
require 'fileutils'
|
3
|
-
require 'cfnvpn/cloudformation'
|
4
|
-
require 'cfnvpn/certificates'
|
5
|
-
require 'cfnvpn/cfhighlander'
|
6
|
-
require 'cfnvpn/cloudformation'
|
7
|
-
require 'cfnvpn/log'
|
8
|
-
require 'cfnvpn/clientvpn'
|
9
|
-
|
10
|
-
module CfnVpn
|
11
|
-
class Modify < Thor::Group
|
12
|
-
include Thor::Actions
|
13
|
-
include CfnVpn::Log
|
14
|
-
|
15
|
-
argument :name
|
16
|
-
|
17
|
-
class_option :profile, aliases: :p, desc: 'AWS Profile'
|
18
|
-
class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
19
|
-
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
20
|
-
|
21
|
-
class_option :subnet_id, desc: 'subnet id to associate your vpn with'
|
22
|
-
class_option :cidr, desc: 'cidr from which to assign client IP addresses'
|
23
|
-
class_option :dns_servers, desc: 'DNS Servers to push to clients.'
|
24
|
-
|
25
|
-
class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
|
26
|
-
class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
|
27
|
-
class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
|
28
|
-
|
29
|
-
def self.source_root
|
30
|
-
File.dirname(__FILE__)
|
31
|
-
end
|
32
|
-
|
33
|
-
def set_loglevel
|
34
|
-
Log.logger.level = Logger::DEBUG if @options['verbose']
|
35
|
-
end
|
36
|
-
|
37
|
-
def create_build_directory
|
38
|
-
@build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
|
39
|
-
Log.logger.debug "creating directory #{@build_dir}"
|
40
|
-
FileUtils.mkdir_p(@build_dir)
|
41
|
-
end
|
42
|
-
|
43
|
-
def initialize_config
|
44
|
-
@config = {}
|
45
|
-
@config['parameters'] = {}
|
46
|
-
@config['parameters']['AssociationSubnetId'] = @options['subnet_id']
|
47
|
-
@config['parameters']['ClientCidrBlock'] = @options['cidr']
|
48
|
-
@config['parameters']['DnsServers'] = @options['dns_servers']
|
49
|
-
@config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
|
50
|
-
@config['parameters']['InternetRoute'] = @options['internet_route'].to_s
|
51
|
-
@config['parameters']['Protocol'] = @options['protocol']
|
52
|
-
@config['template_version'] = '0.2.0'
|
53
|
-
end
|
54
|
-
|
55
|
-
def stack_exist
|
56
|
-
@cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
57
|
-
if !@cfn.does_cf_stack_exist()
|
58
|
-
Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
|
59
|
-
exit 1
|
60
|
-
end
|
61
|
-
end
|
62
|
-
|
63
|
-
def deploy_vpn
|
64
|
-
template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
|
65
|
-
Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
|
66
|
-
cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
|
67
|
-
template_path = cfhl.render()
|
68
|
-
Log.logger.debug "Cloudformation template #{template_path} generated and validated"
|
69
|
-
|
70
|
-
Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
|
71
|
-
cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
72
|
-
change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
|
73
|
-
cfn.wait_for_changeset(change_set.id)
|
74
|
-
changes = cfn.get_change_set(change_set.id)
|
75
|
-
|
76
|
-
Log.logger.warn("The following changes to the cfnvpn stack will be made")
|
77
|
-
changes.changes.each do |change|
|
78
|
-
Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
|
79
|
-
change.resource_change.details.each do |details|
|
80
|
-
Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
continue = yes? "Continue?", :green
|
85
|
-
if !continue
|
86
|
-
Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
|
87
|
-
exit 1
|
88
|
-
end
|
89
|
-
|
90
|
-
cfn.execute_change_set(change_set.id)
|
91
|
-
cfn.wait_for_execute(change_set_type)
|
92
|
-
Log.logger.debug "Changeset #{change_set_type} complete"
|
93
|
-
end
|
94
|
-
|
95
|
-
def finish
|
96
|
-
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
97
|
-
@endpoint_id = vpn.get_endpoint_id()
|
98
|
-
Log.logger.info "Client VPN #{@endpoint_id} modified."
|
99
|
-
end
|
100
|
-
|
101
|
-
end
|
102
|
-
end
|
data/lib/cfnvpn/routes.rb
DELETED
@@ -1,83 +0,0 @@
|
|
1
|
-
require 'thor'
|
2
|
-
require 'cfnvpn/log'
|
3
|
-
require 'cfnvpn/s3'
|
4
|
-
|
5
|
-
module CfnVpn
|
6
|
-
class Routes < Thor::Group
|
7
|
-
include Thor::Actions
|
8
|
-
include CfnVpn::Log
|
9
|
-
|
10
|
-
argument :name
|
11
|
-
|
12
|
-
class_option :profile, aliases: :p, desc: 'AWS Profile'
|
13
|
-
class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
14
|
-
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
15
|
-
|
16
|
-
class_option :add, desc: 'add cidr to route through the client vpn'
|
17
|
-
class_option :del, desc: 'delete cidr route from the client vpn'
|
18
|
-
class_option :desc, desc: 'description of the route'
|
19
|
-
|
20
|
-
def self.source_root
|
21
|
-
File.dirname(__FILE__)
|
22
|
-
end
|
23
|
-
|
24
|
-
def set_loglevel
|
25
|
-
Log.logger.level = Logger::DEBUG if @options['verbose']
|
26
|
-
end
|
27
|
-
|
28
|
-
def set_directory
|
29
|
-
@build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
|
30
|
-
end
|
31
|
-
|
32
|
-
def add_route
|
33
|
-
if !@options['add'].nil?
|
34
|
-
if @options['desc'].nil?
|
35
|
-
Log.logger.error "--desc option must be provided if adding a new route"
|
36
|
-
exit 1
|
37
|
-
end
|
38
|
-
|
39
|
-
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
40
|
-
|
41
|
-
if vpn.route_exists?(@options['add'])
|
42
|
-
Log.logger.error "route #{@options['add']} already exists in the client vpn"
|
43
|
-
exit 1
|
44
|
-
end
|
45
|
-
|
46
|
-
Log.logger.info "Adding new route for #{@options['add']}"
|
47
|
-
vpn.add_route(@options['add'],@options['desc'])
|
48
|
-
end
|
49
|
-
end
|
50
|
-
|
51
|
-
def del_route
|
52
|
-
if !@options['del'].nil?
|
53
|
-
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
54
|
-
|
55
|
-
if !vpn.route_exists?(@options['del'])
|
56
|
-
Log.logger.error "route #{@options['del']} doesn't exist in the client vpn"
|
57
|
-
exit 1
|
58
|
-
end
|
59
|
-
delete = yes? "Delete route #{@options['del']}?", :yellow
|
60
|
-
if delete
|
61
|
-
Log.logger.info "Deleting route for #{@options['del']}"
|
62
|
-
vpn.del_route(@options['del'])
|
63
|
-
end
|
64
|
-
end
|
65
|
-
end
|
66
|
-
|
67
|
-
def get_routes
|
68
|
-
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
69
|
-
@routes = vpn.get_routes()
|
70
|
-
end
|
71
|
-
|
72
|
-
def display_routes
|
73
|
-
rows = @routes.collect do |s|
|
74
|
-
[ s.destination_cidr, s.description, s.status.code, s.target_subnet, s.type, s.origin ]
|
75
|
-
end
|
76
|
-
table = Terminal::Table.new(
|
77
|
-
:headings => ['Route', 'Description', 'Status', 'Target', 'Type', 'Origin'],
|
78
|
-
:rows => rows)
|
79
|
-
puts table
|
80
|
-
end
|
81
|
-
|
82
|
-
end
|
83
|
-
end
|