cfn-vpn 0.4.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 76c6ac6edaf3eb278cc8a9fc5cb7dd30e6dc41c282170dffaa9907acf30a7926
4
- data.tar.gz: 989702a95796354e7d74fb4bb810de2fcd31f39e122d44ae978702ccd247a06e
3
+ metadata.gz: 4f6be01a5786f8ea62be6d6b7f781ad1036b8edff08ba7d509707565fbeb5862
4
+ data.tar.gz: 9a9a2038b6c955871983649f1c2627c6c2eedf9a64cae20ceb04ba73c25a3616
5
5
  SHA512:
6
- metadata.gz: 0b58001f192eaa370b33bf3f672c89424d64aa653c7e069f8d494680f75b4a095830036542ddbf9fa6e517d662875880116714da5875dc964fdc1bffec1a732f
7
- data.tar.gz: f2984e88ce01da5987a19c66f4c57b24133aa45e075ed4fdce3b88d76b2df7cbef25ec1c9d136cbb1f0fdcb8458e4ead968798d3a52b17e2b65a7c669af15030
6
+ metadata.gz: d0a839efc1e6d5826fc9b9edfcd3c608b0eb3a1f6b79df624de1be888b4d817a4c9c6994e9ea806e002998e0affa9cb5b0db1b25c04fa12677181e7d504fc958
7
+ data.tar.gz: 051bc8385ced35fafbcffa4b013cb8e4d962dafb74f88c1574df4684f37b64fd074dfa4bdcdba0edafa3bc3dee855bd83217a3c23a00f60be6c18dad6f728052
data/README.md CHANGED
@@ -69,6 +69,7 @@ Commands:
69
69
  cfn-vpn --version, -v # print the version
70
70
  cfn-vpn client [name] --bucket=BUCKET --client-cn=CLIENT_CN # Create a new client certificate
71
71
  cfn-vpn config [name] --bucket=BUCKET --client-cn=CLIENT_CN # Retrieve the config for the AWS Client VPN
72
+ cfn-vpn embedded [name] --bucket=BUCKET --client-cn=CLIENT_CN # Embed client certs into config and generate S3 presigned URL
72
73
  cfn-vpn help [COMMAND] # Describe available commands or one specific command
73
74
  cfn-vpn init [name] --bucket=BUCKET --server-cn=SERVER_CN --subnet-id=SUBNET_ID # Create a AWS Client VPN
74
75
  cfn-vpn modify [name] # Modify your AWS Client VPN
@@ -225,6 +226,13 @@ to delete a route specify the `--del` flag with the cidr you want to delete.
225
226
  `cfn-vpn routes myvpn --del 10.10.0.0/16`
226
227
 
227
228
 
229
+ ### Embed client certificates into config file and share
230
+
231
+ This will pull the clients certificate and key archives from S3 and embed them into the config file, upload it back to S3 and generate a presigned URL for the user.
232
+ This allows the you to download or share a single, ready to import config file into a OpenVPN client.
233
+
234
+ `cfn-vpn embedded myvpn --client-cn user1 --bucket mybucket`
235
+
228
236
  ## Contributing
229
237
 
230
238
  Bug reports and pull requests are welcome on GitHub at https://github.com/base2services/aws-client-vpn.
data/lib/cfnvpn.rb CHANGED
@@ -8,6 +8,7 @@ require 'cfnvpn/revoke'
8
8
  require 'cfnvpn/sessions'
9
9
  require 'cfnvpn/routes'
10
10
  require 'cfnvpn/share'
11
+ require 'cfnvpn/embedded'
11
12
 
12
13
  module CfnVpn
13
14
  class Cli < Thor
@@ -42,5 +43,8 @@ module CfnVpn
42
43
  register CfnVpn::Share, 'share', 'share [name]', 'Provide a user with a s3 signed download for certificates and config'
43
44
  tasks["share"].options = CfnVpn::Share.class_options
44
45
 
46
+ register CfnVpn::Embedded, 'embedded', 'embedded [name]', 'Embed client certs into config and generate S3 presigned URL'
47
+ tasks["embedded"].options = CfnVpn::Embedded.class_options
48
+
45
49
  end
46
50
  end
@@ -0,0 +1,108 @@
1
+ require 'cfnvpn/log'
2
+ require 'cfnvpn/s3'
3
+
4
+ module CfnVpn
5
+ class Embedded < Thor::Group
6
+ include Thor::Actions
7
+ include CfnVpn::Log
8
+
9
+ argument :name
10
+
11
+ class_option :profile, desc: 'AWS Profile'
12
+ class_option :region, default: ENV['AWS_REGION'], desc: 'AWS Region'
13
+ class_option :verbose, desc: 'set log level to debug', type: :boolean
14
+
15
+ class_option :bucket, required: true, desc: 'S3 bucket'
16
+ class_option :client_cn, required: true, desc: 'Client certificates to download'
17
+ class_option :ignore_routes, alias: :i, type: :boolean, desc: 'Ignore client VPN pushed routes and set routes in config file'
18
+
19
+ def self.source_root
20
+ File.dirname(__FILE__)
21
+ end
22
+
23
+ def set_loglevel
24
+ Log.logger.level = Logger::DEBUG if @options['verbose']
25
+ end
26
+
27
+ def create_config_directory
28
+ @build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
29
+ @config_dir = "#{@build_dir}/config"
30
+ Log.logger.debug("Creating config directory #{@config_dir}")
31
+ FileUtils.mkdir_p(@config_dir)
32
+ end
33
+
34
+ def download_certificates
35
+ download = true
36
+ if File.exists?("#{@config_dir}/#{@options['client_cn']}.crt")
37
+ download = yes? "Certificates for #{@options['client_cn']} already exist in #{@config_dir}. Do you want to download again? ", :green
38
+ end
39
+
40
+ if download
41
+ Log.logger.info "Downloading certificates for #{@options['client_cn']} to #{@config_dir}"
42
+ s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
43
+ s3.get_object("#{@config_dir}/#{@options['client_cn']}.tar.gz")
44
+ cert = CfnVpn::Certificates.new(@build_dir,@name)
45
+ Log.logger.debug cert.extract_certificate(@options['client_cn'])
46
+ end
47
+ end
48
+
49
+ def download_config
50
+ vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
51
+ @endpoint_id = vpn.get_endpoint_id()
52
+ Log.logger.debug "downloading client config for #{@endpoint_id}"
53
+ @config = vpn.get_config(@endpoint_id)
54
+ string = (0...8).map { (65 + rand(26)).chr.downcase }.join
55
+ @config.sub!(@endpoint_id, "#{string}.#{@endpoint_id}")
56
+ end
57
+
58
+ def add_routes
59
+ if @options['ignore_routes']
60
+ Log.logger.debug "Ignoring routes pushed by the client vpn"
61
+ @config.concat("\nroute-nopull\n")
62
+ vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
63
+ routes = vpn.get_route_with_mask
64
+ Log.logger.debug "Found routes #{routes}"
65
+ routes.each do |r|
66
+ @config.concat("route #{r[:route]} #{r[:mask]}\n")
67
+ end
68
+ dns_servers = vpn.get_dns_servers()
69
+ if dns_servers.any?
70
+ Log.logger.debug "Found DNS servers #{dns_servers.join(' ')}"
71
+ @config.concat("dhcp-option DNS #{dns_servers.first}\n")
72
+ end
73
+ end
74
+ end
75
+
76
+ def embed_certs
77
+ cert = CfnVpn::Certificates.new(@build_dir,@name)
78
+ Log.logger.debug cert.extract_certificate(@options['client_cn'])
79
+ Log.logger.debug "Reading extracted certificate and private key"
80
+ key = File.read("#{@config_dir}/#{@options['client_cn']}.key")
81
+ crt = File.read("#{@config_dir}/#{@options['client_cn']}.crt")
82
+ Log.logger.debug "Embedding certificate and private key into config"
83
+ @config.concat("\n<key>\n#{key}\n</key>\n")
84
+ @config.concat("\n<cert>\n#{crt}\n</cert>\n")
85
+ end
86
+
87
+ def upload_embedded_config
88
+ @s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
89
+ @s3.store_embedded_config(@config, @options['client_cn'])
90
+ end
91
+
92
+ def get_presigned_url
93
+ @cn = @options['client_cn']
94
+ @config_url = @s3.get_url("#{@name}_#{@cn}.config.ovpn")
95
+ Log.logger.debug "Config presigned url: #{@config_url}"
96
+ end
97
+
98
+ def display_url
99
+ Log.logger.info "Share the below instructions with the user..."
100
+ say "\nDownload the embedded config from the below presigned URL which will expire in 1 hour."
101
+ say "\nConfig:\n"
102
+ say "\tcurl #{@config_url} > #{@name}_#{@cn}.config.ovpn", :cyan
103
+ say "\nOpen #{@name}_#{@cn}.config.ovpn with your favourite openvpn client."
104
+ end
105
+
106
+ end
107
+
108
+ end
data/lib/cfnvpn/s3.rb CHANGED
@@ -53,5 +53,15 @@ module CfnVpn
53
53
  presigner.presigned_url(:get_object, params)
54
54
  end
55
55
 
56
+ def store_embedded_config(config, cn)
57
+ Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}_#{cn}.config.ovpn")
58
+ @client.put_object({
59
+ body: config,
60
+ bucket: @bucket,
61
+ key: "#{@path}/#{@name}_#{cn}.config.ovpn",
62
+ tagging: "cfnvpn:name=#{@name}"
63
+ })
64
+ end
65
+
56
66
  end
57
67
  end
@@ -1,4 +1,4 @@
1
1
  module CfnVpn
2
- VERSION = "0.4.1".freeze
2
+ VERSION = "0.4.2".freeze
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-vpn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.1
4
+ version: 0.4.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2019-12-16 00:00:00.000000000 Z
11
+ date: 2020-02-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -231,6 +231,7 @@ files:
231
231
  - lib/cfnvpn/clientvpn.rb
232
232
  - lib/cfnvpn/cloudformation.rb
233
233
  - lib/cfnvpn/config.rb
234
+ - lib/cfnvpn/embedded.rb
234
235
  - lib/cfnvpn/init.rb
235
236
  - lib/cfnvpn/log.rb
236
237
  - lib/cfnvpn/modify.rb