cfn-vpn 0.4.2 → 1.2.0

data/lib/cfnvpn/version.rb

@@ -1,4 +1,4 @@
 module CfnVpn
-  VERSION = "0.4.2".freeze
+  VERSION = "1.2.0".freeze
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-vpn
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 1.2.0
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-02-14 00:00:00.000000000 Z
+date: 2021-03-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -44,46 +44,26 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
-- !ruby/object:Gem::Dependency
-  name: cfhighlander
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '1'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '0.9'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '1'
 - !ruby/object:Gem::Dependency
   name: cfndsl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.17'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: netaddr
   requirement: !ruby/object:Gem::Requirement
@@ -178,6 +158,26 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ssm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -198,14 +198,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 description: creates and manages resources for the aws client vpn
 email:
 - guslington@gmail.com
@@ -214,39 +214,54 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build-gem.yml"
+- ".github/workflows/release-gem.yml"
+- ".github/workflows/release-image.yml"
 - ".gitignore"
 - ".travis.yml"
+- Dockerfile
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - cfn-vpn.gemspec
+- docs/README.md
+- docs/certificate-users.md
+- docs/getting-started.md
+- docs/modifying.md
+- docs/routes.md
+- docs/scheduling.md
+- docs/sessions.md
 - exe/cfn-vpn
 - lib/cfnvpn.rb
 - lib/cfnvpn/acm.rb
+- lib/cfnvpn/actions/client.rb
+- lib/cfnvpn/actions/embedded.rb
+- lib/cfnvpn/actions/init.rb
+- lib/cfnvpn/actions/modify.rb
+- lib/cfnvpn/actions/params.rb
+- lib/cfnvpn/actions/revoke.rb
+- lib/cfnvpn/actions/routes.rb
+- lib/cfnvpn/actions/sessions.rb
+- lib/cfnvpn/actions/share.rb
+- lib/cfnvpn/actions/subnets.rb
 - lib/cfnvpn/certificates.rb
-- lib/cfnvpn/cfhighlander.rb
-- lib/cfnvpn/client.rb
 - lib/cfnvpn/clientvpn.rb
-- lib/cfnvpn/cloudformation.rb
+- lib/cfnvpn/compiler.rb
 - lib/cfnvpn/config.rb
-- lib/cfnvpn/embedded.rb
-- lib/cfnvpn/init.rb
+- lib/cfnvpn/deployer.rb
+- lib/cfnvpn/globals.rb
 - lib/cfnvpn/log.rb
-- lib/cfnvpn/modify.rb
-- lib/cfnvpn/revoke.rb
-- lib/cfnvpn/routes.rb
 - lib/cfnvpn/s3.rb
-- lib/cfnvpn/sessions.rb
-- lib/cfnvpn/share.rb
-- lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt
+- lib/cfnvpn/string.rb
+- lib/cfnvpn/templates/helper.rb
+- lib/cfnvpn/templates/vpn.rb
 - lib/cfnvpn/version.rb
 homepage: https://github.com/base2services/aws-client-vpn
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/base2services/aws-client-vpn
   source_code_uri: https://github.com/base2services/aws-client-vpn
 post_install_message: 
@@ -264,8 +279,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: creates and manages resources for the aws client vpn

data/lib/cfnvpn/cfhighlander.rb

@@ -1,49 +0,0 @@
-require 'cfhighlander.publisher'
-require 'cfhighlander.factory'
-require 'cfhighlander.validator'
-
-require 'cfnvpn/version'
-
-module CfnVpn
-  class CfHiglander
-
-    def initialize(region, name, config, output_dir)
-      @component_name = name
-      @region = region
-      @config = config
-      @cfn_output_format = 'yaml'
-      ENV['CFHIGHLANDER_WORKDIR'] = output_dir
-    end
-
-    def render()
-      component = load_component(@component_name)
-      compiled = compile_component(component)
-      validate_component(component,compiled.cfn_template_paths)
-      cfn_template_paths = compiled.cfn_template_paths
-      return cfn_template_paths.select { |path| path.match(@component_name) }.first
-    end
-
-    private
-
-    def load_component(component_name)
-      factory = Cfhighlander::Factory::ComponentFactory.new
-      component = factory.loadComponentFromTemplate(component_name)
-      component.config = @config
-      component.version = CfnVpn::VERSION
-      component.load()
-      return component
-    end
-
-    def compile_component(component)
-      component_compiler = Cfhighlander::Compiler::ComponentCompiler.new(component)
-      component_compiler.compileCloudFormation(@cfn_output_format)
-      return component_compiler
-    end
-
-    def validate_component(component,template_paths)
-      component_validator = Cfhighlander::Cloudformation::Validator.new(component)
-      component_validator.validate(template_paths, @cfn_output_format)
-    end
-
-  end
-end

data/lib/cfnvpn/init.rb

@@ -1,107 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-
-module CfnVpn
-  class Init < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-
-    argument :name
-
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :bucket, required: true, desc: 's3 bucket'
-
-    class_option :subnet_id, required: true, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-
-
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-
-    def create_build_directory
-      @build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['EnvironmentName'] = @name
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
-      @config['template_version'] = '0.2.0'
-    end
-
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if @cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}"
-        exit 1
-      end
-    end
-
-    # create certificates
-    def generate_server_certificates
-      Log.logger.info "Generating certificates using openvpn easy-rsa"
-      cert = CfnVpn::Certificates.new(@build_dir,@name)
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-      Log.logger.debug cert.generate_ca(@options['server_cn'],@client_cn)
-    end
-
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name)
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path, @config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
-    end
-
-  end
-end

data/lib/cfnvpn/modify.rb

@@ -1,102 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-
-module CfnVpn
-  class Modify < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-
-    argument :name
-
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-
-    class_option :subnet_id, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-
-    def create_build_directory
-      @build_dir = "#{ENV['HOME']}/.cfnvpn/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
-      @config['template_version'] = '0.2.0'
-    end
-
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-
-  end
-end