cfn-vpn 0.5.0 → 0.5.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +28 -0
- data/.github/workflows/release-gem.yml +34 -0
- data/.github/workflows/release-image.yml +33 -0
- data/Dockerfile +9 -8
- data/Gemfile.lock +39 -30
- data/lib/cfnvpn/certificates.rb +59 -0
- data/lib/cfnvpn/renew_certificate.rb +120 -0
- data/lib/cfnvpn/version.rb +1 -1
- data/lib/cfnvpn.rb +4 -0
- metadata +7 -5
- data/.travis.yml +0 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de3c2f9a982c9bf8839d76776c94d1763411d712a10846830b26350d51bb6ec0
|
4
|
+
data.tar.gz: b30dc39010bc1f67d3a3c070087c25cfd7b9d0201b1ee6be5390c28988a10d64
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4db85589a2ac42680a662cc2d5fc10e903da31dc059b200c65373e637a4c6b17f78662ec186e7bfe74840ee081d7576083ab21544827cdfa29ef80570c13e0be
|
7
|
+
data.tar.gz: 9f0b4111dcd0d253b5c34738cd538cc709ecfa5ed77f75f6d947bfd93e70b3b48c0a2595dfa9a4cef7f090c197d9edb80be81855343f3f8994ab6b44e361373c
|
@@ -0,0 +1,28 @@
|
|
1
|
+
name: test and build gem
|
2
|
+
on:
|
3
|
+
push:
|
4
|
+
branches: [ master ]
|
5
|
+
pull_request:
|
6
|
+
branches: [ master ]
|
7
|
+
|
8
|
+
jobs:
|
9
|
+
build:
|
10
|
+
name: test + build
|
11
|
+
runs-on: ubuntu-latest
|
12
|
+
|
13
|
+
steps:
|
14
|
+
- uses: actions/checkout@v3
|
15
|
+
|
16
|
+
- name: Set up ruby 2.7
|
17
|
+
uses: ruby/setup-ruby@v1
|
18
|
+
with:
|
19
|
+
ruby-version: 2.7
|
20
|
+
|
21
|
+
- name: rspec
|
22
|
+
run: |
|
23
|
+
gem install rspec
|
24
|
+
rspec
|
25
|
+
|
26
|
+
- name: build gem
|
27
|
+
run: |
|
28
|
+
gem build cfn-vpn.gemspec
|
@@ -0,0 +1,34 @@
|
|
1
|
+
name: release gem
|
2
|
+
|
3
|
+
on:
|
4
|
+
release:
|
5
|
+
types: [published]
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
build:
|
9
|
+
name: Build + Publish Gem
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
|
12
|
+
steps:
|
13
|
+
- name: Check out the repo
|
14
|
+
uses: actions/checkout@v3
|
15
|
+
|
16
|
+
- name: Set up ruby 2.7
|
17
|
+
uses: ruby/setup-ruby@v1
|
18
|
+
with:
|
19
|
+
ruby-version: 2.7
|
20
|
+
|
21
|
+
- name: rspec
|
22
|
+
run: |
|
23
|
+
gem install rspec
|
24
|
+
rspec
|
25
|
+
|
26
|
+
- name: build gem
|
27
|
+
run: |
|
28
|
+
gem build cfn-vpn.gemspec
|
29
|
+
|
30
|
+
- name: Publish gem
|
31
|
+
uses: dawidd6/action-publish-gem@v1
|
32
|
+
with:
|
33
|
+
api_key: ${{secrets.RUBYGEMS_API_KEY}}
|
34
|
+
github_token: ${{secrets.GITHUB_TOKEN}}
|
@@ -0,0 +1,33 @@
|
|
1
|
+
name: release docker image
|
2
|
+
|
3
|
+
on:
|
4
|
+
release:
|
5
|
+
types: [published]
|
6
|
+
|
7
|
+
jobs:
|
8
|
+
build:
|
9
|
+
name: Build + Publish Container Image
|
10
|
+
runs-on: ubuntu-latest
|
11
|
+
|
12
|
+
steps:
|
13
|
+
- name: Check out the repo
|
14
|
+
uses: actions/checkout@v3
|
15
|
+
|
16
|
+
- name: Set up Docker Buildx
|
17
|
+
uses: docker/setup-buildx-action@v1
|
18
|
+
|
19
|
+
- name: Login to GitHub Container Repository
|
20
|
+
uses: docker/login-action@v1
|
21
|
+
with:
|
22
|
+
registry: ghcr.io
|
23
|
+
username: ${{ github.repository_owner }}
|
24
|
+
password: ${{ secrets.GHCR_PUSH_TOKEN }}
|
25
|
+
|
26
|
+
- name: Build and push Container Image to GitHub Container Repository
|
27
|
+
uses: docker/build-push-action@v3
|
28
|
+
with:
|
29
|
+
context: .
|
30
|
+
file: ./Dockerfile
|
31
|
+
push: true
|
32
|
+
tags: ghcr.io/base2services/cfnvpn:${{ github.event.release.tag_name }}
|
33
|
+
build-args: CFNVPN_VERSION=${{ github.event.release.tag_name }}
|
data/Dockerfile
CHANGED
@@ -1,14 +1,15 @@
|
|
1
|
-
FROM ruby:2.7
|
1
|
+
FROM ruby:2.7
|
2
2
|
|
3
|
-
RUN
|
4
|
-
|
5
|
-
|
3
|
+
RUN apt-get update -qq \
|
4
|
+
&& apt-get install -qqy \
|
5
|
+
easy-rsa \
|
6
|
+
git \
|
6
7
|
&& ln -s /usr/share/easy-rsa/easyrsa /usr/bin/
|
7
8
|
|
8
9
|
ENV EASYRSA=/usr/share/easy-rsa
|
9
10
|
ENV EASYRSA_BATCH=yes
|
10
11
|
|
11
|
-
ARG CFNVPN_VERSION="
|
12
|
+
ARG CFNVPN_VERSION="1.5.0"
|
12
13
|
|
13
14
|
COPY . /src
|
14
15
|
|
@@ -17,9 +18,9 @@ WORKDIR /src
|
|
17
18
|
RUN gem build cfn-vpn.gemspec \
|
18
19
|
&& gem install cfn-vpn-${CFNVPN_VERSION}.gem \
|
19
20
|
&& rm -rf /src
|
20
|
-
|
21
|
-
RUN addgroup
|
22
|
-
adduser
|
21
|
+
|
22
|
+
RUN addgroup --gid 1000 cfnvpn && \
|
23
|
+
adduser --home /home/cfnvpn --uid 1000 --disabled-password --gecos GECOS --gid 1000 cfnvpn
|
23
24
|
|
24
25
|
USER cfnvpn
|
25
26
|
|
data/Gemfile.lock
CHANGED
@@ -1,66 +1,75 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cfn-vpn (0.
|
4
|
+
cfn-vpn (0.5.0)
|
5
5
|
aws-sdk-acm (~> 1, < 2)
|
6
6
|
aws-sdk-cloudformation (~> 1, < 2)
|
7
7
|
aws-sdk-ec2 (~> 1.95, < 2)
|
8
8
|
aws-sdk-s3 (~> 1, < 2)
|
9
9
|
cfhighlander (~> 0.9, < 1)
|
10
|
-
|
10
|
+
netaddr (= 2.0.4)
|
11
11
|
terminal-table (~> 1, < 2)
|
12
12
|
thor (~> 0.20)
|
13
13
|
|
14
14
|
GEM
|
15
15
|
remote: https://rubygems.org/
|
16
16
|
specs:
|
17
|
-
|
18
|
-
|
19
|
-
aws-
|
20
|
-
|
17
|
+
addressable (2.8.1)
|
18
|
+
public_suffix (>= 2.0.2, < 6.0)
|
19
|
+
aws-eventstream (1.2.0)
|
20
|
+
aws-partitions (1.707.0)
|
21
|
+
aws-sdk-acm (1.55.0)
|
22
|
+
aws-sdk-core (~> 3, >= 3.165.0)
|
21
23
|
aws-sigv4 (~> 1.1)
|
22
|
-
aws-sdk-cloudformation (1.
|
23
|
-
aws-sdk-core (~> 3, >= 3.
|
24
|
+
aws-sdk-cloudformation (1.76.0)
|
25
|
+
aws-sdk-core (~> 3, >= 3.165.0)
|
24
26
|
aws-sigv4 (~> 1.1)
|
25
|
-
aws-sdk-core (3.
|
26
|
-
aws-eventstream (~> 1
|
27
|
-
aws-partitions (~> 1, >= 1.
|
27
|
+
aws-sdk-core (3.170.0)
|
28
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
29
|
+
aws-partitions (~> 1, >= 1.651.0)
|
30
|
+
aws-sigv4 (~> 1.5)
|
31
|
+
jmespath (~> 1, >= 1.6.1)
|
32
|
+
aws-sdk-ec2 (1.364.0)
|
33
|
+
aws-sdk-core (~> 3, >= 3.165.0)
|
28
34
|
aws-sigv4 (~> 1.1)
|
29
|
-
|
30
|
-
|
31
|
-
aws-sdk-core (~> 3, >= 3.71.0)
|
35
|
+
aws-sdk-kms (1.62.0)
|
36
|
+
aws-sdk-core (~> 3, >= 3.165.0)
|
32
37
|
aws-sigv4 (~> 1.1)
|
33
|
-
aws-sdk-
|
34
|
-
aws-sdk-core (~> 3, >= 3.
|
35
|
-
aws-sigv4 (~> 1.1)
|
36
|
-
aws-sdk-s3 (1.59.0)
|
37
|
-
aws-sdk-core (~> 3, >= 3.83.0)
|
38
|
+
aws-sdk-s3 (1.119.0)
|
39
|
+
aws-sdk-core (~> 3, >= 3.165.0)
|
38
40
|
aws-sdk-kms (~> 1)
|
39
|
-
aws-sigv4 (~> 1.
|
40
|
-
aws-sigv4 (1.
|
41
|
-
aws-eventstream (~> 1
|
42
|
-
cfhighlander (0.
|
41
|
+
aws-sigv4 (~> 1.4)
|
42
|
+
aws-sigv4 (1.5.2)
|
43
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
44
|
+
cfhighlander (0.12.8)
|
43
45
|
aws-sdk-cloudformation (~> 1, < 2)
|
44
46
|
aws-sdk-core (~> 3, < 4)
|
45
47
|
aws-sdk-ec2 (~> 1, < 2)
|
46
48
|
aws-sdk-s3 (~> 1, < 2)
|
47
|
-
cfndsl (
|
49
|
+
cfndsl (~> 1.3, < 2)
|
48
50
|
duplicate (~> 1.1)
|
49
51
|
git (~> 1.4, < 2)
|
50
52
|
highline (>= 1.7.10, < 1.8)
|
51
53
|
rubyzip (>= 2.0.0, < 3)
|
52
54
|
thor (~> 0.20, < 1)
|
53
|
-
cfndsl (
|
55
|
+
cfndsl (1.6.0)
|
56
|
+
hana (~> 1.3)
|
54
57
|
duplicate (1.1.1)
|
55
|
-
git (1.
|
58
|
+
git (1.13.2)
|
59
|
+
addressable (~> 2.8)
|
60
|
+
rchardet (~> 1.8)
|
61
|
+
hana (1.3.7)
|
56
62
|
highline (1.7.10)
|
57
|
-
jmespath (1.
|
63
|
+
jmespath (1.6.2)
|
64
|
+
netaddr (2.0.4)
|
65
|
+
public_suffix (5.0.1)
|
58
66
|
rake (10.5.0)
|
59
|
-
|
67
|
+
rchardet (1.8.0)
|
68
|
+
rubyzip (2.3.2)
|
60
69
|
terminal-table (1.8.0)
|
61
70
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
62
71
|
thor (0.20.3)
|
63
|
-
unicode-display_width (1.
|
72
|
+
unicode-display_width (1.8.0)
|
64
73
|
|
65
74
|
PLATFORMS
|
66
75
|
ruby
|
@@ -71,4 +80,4 @@ DEPENDENCIES
|
|
71
80
|
rake (~> 10.0)
|
72
81
|
|
73
82
|
BUNDLED WITH
|
74
|
-
2.
|
83
|
+
2.3.13
|
data/lib/cfnvpn/certificates.rb
CHANGED
@@ -48,6 +48,65 @@ module CfnVpn
|
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
51
|
+
def renew(server_cn,client_cn,expiry=nil)
|
52
|
+
opts = ""
|
53
|
+
unless expiry.nil?
|
54
|
+
opts += "--days=#{expiry}"
|
55
|
+
end
|
56
|
+
|
57
|
+
if @easyrsa_local
|
58
|
+
ENV["EASYRSA_REQ_CN"] = server_cn
|
59
|
+
ENV["EASYRSA_PKI"] = @pki_dir
|
60
|
+
system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
|
61
|
+
system("easyrsa #{opts} renew server nopass")
|
62
|
+
system("easyrsa #{opts} renew #{client_cn} nopass")
|
63
|
+
FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
|
64
|
+
system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
|
65
|
+
else
|
66
|
+
@docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
|
67
|
+
@docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
|
68
|
+
@docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
|
69
|
+
@docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
|
70
|
+
@docker_cmd << @easyrsa_image
|
71
|
+
@docker_cmd << "sh -c 'renew'"
|
72
|
+
CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def rebuild(server_cn,client_cn,expiry=nil)
|
77
|
+
timestamp = Time.now.getutc.to_i
|
78
|
+
opts = ""
|
79
|
+
unless expiry.nil?
|
80
|
+
opts += "--days=#{expiry}"
|
81
|
+
end
|
82
|
+
|
83
|
+
if @easyrsa_local
|
84
|
+
ENV["EASYRSA_REQ_CN"] = server_cn
|
85
|
+
ENV["EASYRSA_PKI"] = @pki_dir
|
86
|
+
system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
|
87
|
+
|
88
|
+
FileUtils.mv("#{@pki_dir}/reqs/server.req", "#{@pki_dir}/reqs/server.req.bak-#{timestamp}")
|
89
|
+
FileUtils.mv("#{@pki_dir}/issued/server.crt", "#{@pki_dir}/issued/server.req.bak-#{timestamp}")
|
90
|
+
FileUtils.mv("#{@pki_dir}/private/server.key", "#{@pki_dir}/private/server.req.bak-#{timestamp}")
|
91
|
+
FileUtils.mv("#{@pki_dir}/reqs/#{client_cn}.req", "#{@pki_dir}/reqs/#{client_cn}.req.bak-#{timestamp}")
|
92
|
+
FileUtils.mv("#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/issued/#{client_cn}.req.bak-#{timestamp}")
|
93
|
+
FileUtils.mv("#{@pki_dir}/private/#{client_cn}.key", "#{@pki_dir}/private/#{client_cn}.req.bak-#{timestamp}")
|
94
|
+
|
95
|
+
system("easyrsa #{opts} build-server-full server nopass")
|
96
|
+
system("easyrsa #{opts} build-client-full #{client_cn} nopass")
|
97
|
+
FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
|
98
|
+
system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
|
99
|
+
else
|
100
|
+
@docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
|
101
|
+
@docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
|
102
|
+
@docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
|
103
|
+
@docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
|
104
|
+
@docker_cmd << @easyrsa_image
|
105
|
+
@docker_cmd << "sh -c 'rebuild'"
|
106
|
+
CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
51
110
|
def generate_client(client_cn)
|
52
111
|
if @easyrsa_local
|
53
112
|
ENV["EASYRSA_PKI"] = @pki_dir
|
@@ -0,0 +1,120 @@
|
|
1
|
+
require 'thor'
|
2
|
+
require 'fileutils'
|
3
|
+
require 'cfnvpn/cloudformation'
|
4
|
+
require 'cfnvpn/certificates'
|
5
|
+
require 'cfnvpn/cfhighlander'
|
6
|
+
require 'cfnvpn/cloudformation'
|
7
|
+
require 'cfnvpn/log'
|
8
|
+
require 'cfnvpn/clientvpn'
|
9
|
+
require 'cfnvpn/globals'
|
10
|
+
|
11
|
+
module CfnVpn
|
12
|
+
class RenewCertificate < Thor::Group
|
13
|
+
include Thor::Actions
|
14
|
+
include CfnVpn::Log
|
15
|
+
|
16
|
+
argument :name
|
17
|
+
|
18
|
+
class_option :profile, aliases: :p, desc: 'AWS Profile'
|
19
|
+
class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
|
20
|
+
class_option :verbose, desc: 'set log level to debug', type: :boolean
|
21
|
+
|
22
|
+
class_option :server_cn, required: true, desc: 'server certificate common name'
|
23
|
+
class_option :client_cn, desc: 'client certificate common name'
|
24
|
+
class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
|
25
|
+
class_option :certificate_expiry, type: :string, desc: 'value in days for when the server certificates expire, defaults to 825 days'
|
26
|
+
class_option :rebuild, type: :boolean, default: false, desc: 'generates new certificates from the existing CA for certiciate type VPNs'
|
27
|
+
class_option :bucket, required: true, desc: 's3 bucket'
|
28
|
+
|
29
|
+
def self.source_root
|
30
|
+
File.dirname(__FILE__)
|
31
|
+
end
|
32
|
+
|
33
|
+
def set_loglevel
|
34
|
+
Log.logger.level = Logger::DEBUG if @options['verbose']
|
35
|
+
end
|
36
|
+
|
37
|
+
def create_build_directory
|
38
|
+
@build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
|
39
|
+
Log.logger.debug "creating directory #{@build_dir}"
|
40
|
+
FileUtils.mkdir_p(@build_dir)
|
41
|
+
end
|
42
|
+
|
43
|
+
def initialize_config
|
44
|
+
@config = {}
|
45
|
+
@config['parameters'] = {}
|
46
|
+
@config['template_version'] = '0.2.0'
|
47
|
+
end
|
48
|
+
|
49
|
+
def stack_exist
|
50
|
+
@cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
51
|
+
if !@cfn.does_cf_stack_exist()
|
52
|
+
Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
|
53
|
+
exit 1
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def set_client_cn
|
58
|
+
@client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
|
59
|
+
end
|
60
|
+
|
61
|
+
# create certificates
|
62
|
+
def generate_server_certificates
|
63
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
|
64
|
+
if @options['rebuild']
|
65
|
+
Log.logger.info "rebuilding certificates using openvpn easy-rsa"
|
66
|
+
cert.rebuild(@options['server_cn'],@client_cn,@options['certificate_expiry'])
|
67
|
+
else
|
68
|
+
Log.logger.info "rebuilding certificates using openvpn easy-rsa"
|
69
|
+
cert.renew(@options['server_cn'],@client_cn,@options['certificate_expiry'])
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def upload_certificates
|
74
|
+
cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
|
75
|
+
@config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
|
76
|
+
@config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
|
77
|
+
s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
|
78
|
+
s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
|
79
|
+
end
|
80
|
+
|
81
|
+
def deploy_vpn
|
82
|
+
template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
|
83
|
+
Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
|
84
|
+
cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
|
85
|
+
template_path = cfhl.render()
|
86
|
+
Log.logger.debug "Cloudformation template #{template_path} generated and validated"
|
87
|
+
|
88
|
+
Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
|
89
|
+
cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
|
90
|
+
change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
|
91
|
+
cfn.wait_for_changeset(change_set.id)
|
92
|
+
changes = cfn.get_change_set(change_set.id)
|
93
|
+
|
94
|
+
Log.logger.warn("The following changes to the cfnvpn stack will be made")
|
95
|
+
changes.changes.each do |change|
|
96
|
+
Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
|
97
|
+
change.resource_change.details.each do |details|
|
98
|
+
Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
continue = yes? "Continue?", :green
|
103
|
+
if !continue
|
104
|
+
Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
|
105
|
+
exit 1
|
106
|
+
end
|
107
|
+
|
108
|
+
cfn.execute_change_set(change_set.id)
|
109
|
+
cfn.wait_for_execute(change_set_type)
|
110
|
+
Log.logger.debug "Changeset #{change_set_type} complete"
|
111
|
+
end
|
112
|
+
|
113
|
+
def finish
|
114
|
+
vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
|
115
|
+
@endpoint_id = vpn.get_endpoint_id()
|
116
|
+
Log.logger.info "Client VPN #{@endpoint_id} modified."
|
117
|
+
end
|
118
|
+
|
119
|
+
end
|
120
|
+
end
|
data/lib/cfnvpn/version.rb
CHANGED
data/lib/cfnvpn.rb
CHANGED
@@ -9,6 +9,7 @@ require 'cfnvpn/sessions'
|
|
9
9
|
require 'cfnvpn/routes'
|
10
10
|
require 'cfnvpn/share'
|
11
11
|
require 'cfnvpn/embedded'
|
12
|
+
require 'cfnvpn/renew_certificate'
|
12
13
|
|
13
14
|
module CfnVpn
|
14
15
|
class Cli < Thor
|
@@ -21,6 +22,9 @@ module CfnVpn
|
|
21
22
|
|
22
23
|
register CfnVpn::Init, 'init', 'init [name]', 'Create a AWS Client VPN'
|
23
24
|
tasks["init"].options = CfnVpn::Init.class_options
|
25
|
+
|
26
|
+
register CfnVpn::RenewCertificate, 'renew', 'renew [name]', 'Create a AWS Client VPN'
|
27
|
+
tasks["renew"].options = CfnVpn::RenewCertificate.class_options
|
24
28
|
|
25
29
|
register CfnVpn::Modify, 'modify', 'modify [name]', 'Modify your AWS Client VPN'
|
26
30
|
tasks["modify"].options = CfnVpn::Modify.class_options
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.0
|
4
|
+
version: 0.5.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-02-08 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -194,8 +194,10 @@ executables:
|
|
194
194
|
extensions: []
|
195
195
|
extra_rdoc_files: []
|
196
196
|
files:
|
197
|
+
- ".github/workflows/build-gem.yml"
|
198
|
+
- ".github/workflows/release-gem.yml"
|
199
|
+
- ".github/workflows/release-image.yml"
|
197
200
|
- ".gitignore"
|
198
|
-
- ".travis.yml"
|
199
201
|
- Dockerfile
|
200
202
|
- Gemfile
|
201
203
|
- Gemfile.lock
|
@@ -217,6 +219,7 @@ files:
|
|
217
219
|
- lib/cfnvpn/init.rb
|
218
220
|
- lib/cfnvpn/log.rb
|
219
221
|
- lib/cfnvpn/modify.rb
|
222
|
+
- lib/cfnvpn/renew_certificate.rb
|
220
223
|
- lib/cfnvpn/revoke.rb
|
221
224
|
- lib/cfnvpn/routes.rb
|
222
225
|
- lib/cfnvpn/s3.rb
|
@@ -246,8 +249,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
246
249
|
- !ruby/object:Gem::Version
|
247
250
|
version: '0'
|
248
251
|
requirements: []
|
249
|
-
|
250
|
-
rubygems_version: 2.7.6
|
252
|
+
rubygems_version: 3.1.6
|
251
253
|
signing_key:
|
252
254
|
specification_version: 4
|
253
255
|
summary: creates and manages resources for the aws client vpn
|
data/.travis.yml
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
sudo: required
|
2
|
-
dist: trusty
|
3
|
-
language: ruby
|
4
|
-
rvm:
|
5
|
-
- 2.5
|
6
|
-
script:
|
7
|
-
- bundle install
|
8
|
-
- gem build cfn-vpn.gemspec
|
9
|
-
- gem install cfn-vpn-*.gem
|
10
|
-
- cfn-vpn help
|
11
|
-
deploy:
|
12
|
-
provider: rubygems
|
13
|
-
api_key: "${RUBYGEMS_API_KEY}"
|
14
|
-
gem: cfn-vpn
|
15
|
-
on:
|
16
|
-
all_branches: true
|
17
|
-
condition: $TRAVIS_BRANCH =~ ^develop|master && $TRAVIS_EVENT_TYPE =~ ^push|api$ && $TRAVIS_REPO_SLUG == "base2services/aws-client-vpn"
|