cfn-vpn 0.5.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +31 -0
- data/.github/workflows/release-image.yml +33 -0
- data/Gemfile.lock +30 -38
- data/README.md +1 -247
- data/cfn-vpn.gemspec +3 -2
- data/docs/README.md +44 -0
- data/docs/certificate-users.md +89 -0
- data/docs/getting-started.md +87 -0
- data/docs/modifying.md +67 -0
- data/docs/routes.md +82 -0
- data/docs/scheduling.md +32 -0
- data/docs/sessions.md +27 -0
- data/lib/cfnvpn.rb +31 -27
- data/lib/cfnvpn/{client.rb → actions/client.rb} +5 -6
- data/lib/cfnvpn/{embedded.rb → actions/embedded.rb} +15 -15
- data/lib/cfnvpn/actions/init.rb +130 -0
- data/lib/cfnvpn/actions/modify.rb +149 -0
- data/lib/cfnvpn/actions/params.rb +73 -0
- data/lib/cfnvpn/{revoke.rb → actions/revoke.rb} +6 -6
- data/lib/cfnvpn/actions/routes.rb +144 -0
- data/lib/cfnvpn/{sessions.rb → actions/sessions.rb} +5 -5
- data/lib/cfnvpn/{share.rb → actions/share.rb} +10 -10
- data/lib/cfnvpn/actions/subnets.rb +78 -0
- data/lib/cfnvpn/certificates.rb +5 -5
- data/lib/cfnvpn/clientvpn.rb +34 -68
- data/lib/cfnvpn/compiler.rb +23 -0
- data/lib/cfnvpn/config.rb +34 -78
- data/lib/cfnvpn/{cloudformation.rb → deployer.rb} +47 -19
- data/lib/cfnvpn/log.rb +26 -26
- data/lib/cfnvpn/s3.rb +4 -4
- data/lib/cfnvpn/string.rb +29 -0
- data/lib/cfnvpn/templates/helper.rb +14 -0
- data/lib/cfnvpn/templates/vpn.rb +344 -0
- data/lib/cfnvpn/version.rb +1 -1
- metadata +55 -22
- data/lib/cfnvpn/cfhighlander.rb +0 -49
- data/lib/cfnvpn/init.rb +0 -109
- data/lib/cfnvpn/modify.rb +0 -103
- data/lib/cfnvpn/routes.rb +0 -84
- data/lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt +0 -27
data/lib/cfnvpn/s3.rb
CHANGED
@@ -14,7 +14,7 @@ module CfnVpn
|
|
14
14
|
def store_object(file)
|
15
15
|
body = File.open(file, 'rb').read
|
16
16
|
file_name = file.split('/').last
|
17
|
-
Log.logger.debug("uploading #{file} to s3://#{@bucket}/#{@path}/#{file_name}")
|
17
|
+
CfnVpn::Log.logger.debug("uploading #{file} to s3://#{@bucket}/#{@path}/#{file_name}")
|
18
18
|
@client.put_object({
|
19
19
|
body: body,
|
20
20
|
bucket: @bucket,
|
@@ -26,7 +26,7 @@ module CfnVpn
|
|
26
26
|
|
27
27
|
def get_object(file)
|
28
28
|
file_name = file.split('/').last
|
29
|
-
Log.logger.debug("downloading s3://#{@bucket}/#{@path}/#{file_name} to #{file}")
|
29
|
+
CfnVpn::Log.logger.debug("downloading s3://#{@bucket}/#{@path}/#{file_name} to #{file}")
|
30
30
|
@client.get_object(
|
31
31
|
response_target: file,
|
32
32
|
bucket: @bucket,
|
@@ -34,7 +34,7 @@ module CfnVpn
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def store_config(config)
|
37
|
-
Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}.config.ovpn")
|
37
|
+
CfnVpn::Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}.config.ovpn")
|
38
38
|
@client.put_object({
|
39
39
|
body: config,
|
40
40
|
bucket: @bucket,
|
@@ -54,7 +54,7 @@ module CfnVpn
|
|
54
54
|
end
|
55
55
|
|
56
56
|
def store_embedded_config(config, cn)
|
57
|
-
Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}_#{cn}.config.ovpn")
|
57
|
+
CfnVpn::Log.logger.debug("uploading config to s3://#{@bucket}/#{@path}/#{@name}_#{cn}.config.ovpn")
|
58
58
|
@client.put_object({
|
59
59
|
body: config,
|
60
60
|
bucket: @bucket,
|
@@ -0,0 +1,29 @@
|
|
1
|
+
class String
|
2
|
+
def underscore
|
3
|
+
self.gsub(/::/, '/').
|
4
|
+
gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
|
5
|
+
gsub(/([a-z\d])([A-Z])/,'\1_\2').
|
6
|
+
tr("-", "_").
|
7
|
+
downcase
|
8
|
+
end
|
9
|
+
|
10
|
+
def resource_safe
|
11
|
+
self.gsub(/[^a-zA-Z0-9]/, "").capitalize
|
12
|
+
end
|
13
|
+
|
14
|
+
def colorize(color_code)
|
15
|
+
"\e[#{color_code}m#{self}\e[0m"
|
16
|
+
end
|
17
|
+
|
18
|
+
def red
|
19
|
+
colorize(31)
|
20
|
+
end
|
21
|
+
|
22
|
+
def green
|
23
|
+
colorize(32)
|
24
|
+
end
|
25
|
+
|
26
|
+
def yellow
|
27
|
+
colorize(33)
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
require 'aws-sdk-ec2'
|
2
|
+
|
3
|
+
module CfnVpn
|
4
|
+
module Templates
|
5
|
+
class Helper
|
6
|
+
def self.get_auth_cidr(region, subnet_id)
|
7
|
+
client = Aws::EC2::Client.new(region: region)
|
8
|
+
subnets = client.describe_subnets({subnet_ids:[subnet_id]})
|
9
|
+
vpcs = client.describe_vpcs({vpc_ids:[subnets.subnets[0].vpc_id]})
|
10
|
+
return vpcs.vpcs[0].cidr_block
|
11
|
+
end
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,344 @@
|
|
1
|
+
require 'cfndsl'
|
2
|
+
require 'cfnvpn/templates/helper'
|
3
|
+
|
4
|
+
module CfnVpn
|
5
|
+
module Templates
|
6
|
+
class Vpn < CfnDsl::CloudFormationTemplate
|
7
|
+
|
8
|
+
def initialize
|
9
|
+
super
|
10
|
+
end
|
11
|
+
|
12
|
+
def render(name, config)
|
13
|
+
Description "cfnvpn #{name} AWS Client-VPN"
|
14
|
+
Parameter(:AssociateSubnets) {
|
15
|
+
Type 'String'
|
16
|
+
Default 'true'
|
17
|
+
AllowedValues ['true', 'false']
|
18
|
+
Description 'Toggle to false to disassociate all Client VPN subnet associations'
|
19
|
+
}
|
20
|
+
|
21
|
+
Condition(:EnableSubnetAssociation, FnEquals(Ref(:AssociateSubnets), 'true'))
|
22
|
+
|
23
|
+
Logs_LogGroup(:ClientVpnLogGroup) {
|
24
|
+
LogGroupName FnSub("#{name}-ClientVpn")
|
25
|
+
RetentionInDays 30
|
26
|
+
}
|
27
|
+
|
28
|
+
EC2_ClientVpnEndpoint(:ClientVpnEndpoint) {
|
29
|
+
Description FnSub("cfnvpn #{name} AWS Client-VPN")
|
30
|
+
AuthenticationOptions([
|
31
|
+
if config[:type] == 'federated'
|
32
|
+
{
|
33
|
+
FederatedAuthentication: {
|
34
|
+
SAMLProviderArn: config[:saml_arn],
|
35
|
+
SelfServiceSAMLProviderArn: config[:saml_arn]
|
36
|
+
},
|
37
|
+
Type: 'federated-authentication'
|
38
|
+
}
|
39
|
+
else
|
40
|
+
{
|
41
|
+
MutualAuthentication: {
|
42
|
+
ClientRootCertificateChainArn: config[:client_cert_arn]
|
43
|
+
},
|
44
|
+
Type: 'certificate-authentication'
|
45
|
+
}
|
46
|
+
end
|
47
|
+
])
|
48
|
+
ServerCertificateArn config[:server_cert_arn]
|
49
|
+
ClientCidrBlock config[:cidr]
|
50
|
+
ConnectionLogOptions({
|
51
|
+
CloudwatchLogGroup: Ref(:ClientVpnLogGroup),
|
52
|
+
Enabled: true
|
53
|
+
})
|
54
|
+
DnsServers config[:dns_servers].any? ? config[:dns_servers] : Ref('AWS::NoValue')
|
55
|
+
TagSpecifications([{
|
56
|
+
ResourceType: "client-vpn-endpoint",
|
57
|
+
Tags: [
|
58
|
+
{ Key: 'Name', Value: name }
|
59
|
+
]
|
60
|
+
}])
|
61
|
+
TransportProtocol config[:protocol]
|
62
|
+
SplitTunnel config[:split_tunnel]
|
63
|
+
}
|
64
|
+
|
65
|
+
config[:subnet_ids].each_with_index do |subnet, index|
|
66
|
+
suffix = index == 0 ? "" : "For#{subnet.resource_safe}"
|
67
|
+
|
68
|
+
EC2_ClientVpnTargetNetworkAssociation(:"ClientVpnTargetNetworkAssociation#{suffix}") {
|
69
|
+
Condition(:EnableSubnetAssociation)
|
70
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
71
|
+
SubnetId subnet
|
72
|
+
}
|
73
|
+
|
74
|
+
if config[:default_groups].any?
|
75
|
+
config[:default_groups].each do |group|
|
76
|
+
EC2_ClientVpnAuthorizationRule(:"TargetNetworkAuthorizationRule#{suffix}#{group.resource_safe}"[0..255]) {
|
77
|
+
Condition(:EnableSubnetAssociation)
|
78
|
+
DependsOn "ClientVpnTargetNetworkAssociation#{suffix}"
|
79
|
+
Description FnSub("#{name} client-vpn auth rule for subnet association")
|
80
|
+
AccessGroupId group
|
81
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
82
|
+
TargetNetworkCidr CfnVpn::Templates::Helper.get_auth_cidr(config[:region], subnet)
|
83
|
+
}
|
84
|
+
end
|
85
|
+
else
|
86
|
+
EC2_ClientVpnAuthorizationRule(:"TargetNetworkAuthorizationRule#{suffix}") {
|
87
|
+
Condition(:EnableSubnetAssociation)
|
88
|
+
DependsOn "ClientVpnTargetNetworkAssociation#{suffix}"
|
89
|
+
Description FnSub("#{name} client-vpn auth rule for subnet association")
|
90
|
+
AuthorizeAllGroups true
|
91
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
92
|
+
TargetNetworkCidr CfnVpn::Templates::Helper.get_auth_cidr(config[:region], subnet)
|
93
|
+
}
|
94
|
+
end
|
95
|
+
|
96
|
+
if subnet == config[:internet_route]
|
97
|
+
EC2_ClientVpnRoute(:RouteToInternet) {
|
98
|
+
Condition(:EnableSubnetAssociation)
|
99
|
+
DependsOn "ClientVpnTargetNetworkAssociation#{suffix}"
|
100
|
+
Description 'Route to the internet'
|
101
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
102
|
+
DestinationCidrBlock '0.0.0.0/0'
|
103
|
+
TargetVpcSubnetId config[:internet_route]
|
104
|
+
}
|
105
|
+
|
106
|
+
EC2_ClientVpnAuthorizationRule(:RouteToInternetAuthorizationRule) {
|
107
|
+
Condition(:EnableSubnetAssociation)
|
108
|
+
DependsOn "ClientVpnTargetNetworkAssociation#{suffix}"
|
109
|
+
Description 'Route to the internet'
|
110
|
+
AuthorizeAllGroups true
|
111
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
112
|
+
TargetNetworkCidr '0.0.0.0/0'
|
113
|
+
}
|
114
|
+
|
115
|
+
output(:InternetRoute, config[:internet_route])
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
config[:routes].each do |route|
|
120
|
+
EC2_ClientVpnRoute(:"#{route[:cidr].resource_safe}VpnRoute") {
|
121
|
+
Description route[:desc]
|
122
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
123
|
+
DestinationCidrBlock route[:cidr]
|
124
|
+
TargetVpcSubnetId route[:subnet]
|
125
|
+
}
|
126
|
+
if route[:groups].any?
|
127
|
+
route[:groups].each do |group|
|
128
|
+
EC2_ClientVpnAuthorizationRule(:"#{route[:cidr].resource_safe}AuthorizationRule#{group.resource_safe}"[0..255]) {
|
129
|
+
Description route[:desc]
|
130
|
+
AccessGroupId group
|
131
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
132
|
+
TargetNetworkCidr route[:cidr]
|
133
|
+
}
|
134
|
+
end
|
135
|
+
else
|
136
|
+
EC2_ClientVpnAuthorizationRule(:"#{route[:cidr].resource_safe}AllowAllAuthorizationRule") {
|
137
|
+
Description route[:desc]
|
138
|
+
AuthorizeAllGroups true
|
139
|
+
ClientVpnEndpointId Ref(:ClientVpnEndpoint)
|
140
|
+
TargetNetworkCidr route[:cidr]
|
141
|
+
}
|
142
|
+
end
|
143
|
+
end
|
144
|
+
|
145
|
+
SSM_Parameter(:CfnVpnConfig) {
|
146
|
+
Description "#{name} cfnvpn config"
|
147
|
+
Name "/cfnvpn/config/#{name}"
|
148
|
+
Tier 'Standard'
|
149
|
+
Type 'String'
|
150
|
+
Value config.to_json
|
151
|
+
Tags({
|
152
|
+
Name: "#{name}-cfnvpn-config",
|
153
|
+
Environment: 'cfnvpn'
|
154
|
+
})
|
155
|
+
}
|
156
|
+
|
157
|
+
if config[:start] || config[:stop]
|
158
|
+
scheduler(name, config[:start], config[:stop])
|
159
|
+
output(:Start, config[:start]) if config[:start]
|
160
|
+
output(:Stop, config[:stop]) if config[:stop]
|
161
|
+
end
|
162
|
+
|
163
|
+
output(:ServerCertArn, config[:server_cert_arn])
|
164
|
+
output(:Cidr, config[:cidr])
|
165
|
+
output(:DnsServers, config.fetch(:dns_servers, []).join(','))
|
166
|
+
output(:SubnetIds, config[:subnet_ids].join(','))
|
167
|
+
output(:SplitTunnel, config[:split_tunnel])
|
168
|
+
output(:Protocol, config[:protocol])
|
169
|
+
output(:Type, config[:type])
|
170
|
+
|
171
|
+
if config[:type] == 'federated'
|
172
|
+
output(:SamlArn, config[:saml_arn])
|
173
|
+
else
|
174
|
+
output(:ClientCertArn, config[:client_cert_arn])
|
175
|
+
end
|
176
|
+
end
|
177
|
+
|
178
|
+
def output(name, value)
|
179
|
+
Output(name) { Value value }
|
180
|
+
end
|
181
|
+
|
182
|
+
def scheduler(name, start, stop)
|
183
|
+
IAM_Role(:ClientVpnSchedulerRole) {
|
184
|
+
AssumeRolePolicyDocument({
|
185
|
+
Version: '2012-10-17',
|
186
|
+
Statement: [{
|
187
|
+
Effect: 'Allow',
|
188
|
+
Principal: { Service: [ 'lambda.amazonaws.com' ] },
|
189
|
+
Action: [ 'sts:AssumeRole' ]
|
190
|
+
}]
|
191
|
+
})
|
192
|
+
Path '/cfnvpn/'
|
193
|
+
Policies([
|
194
|
+
{
|
195
|
+
PolicyName: 'cloudformation',
|
196
|
+
PolicyDocument: {
|
197
|
+
Version: '2012-10-17',
|
198
|
+
Statement: [{
|
199
|
+
Effect: 'Allow',
|
200
|
+
Action: [
|
201
|
+
'cloudformation:UpdateStack'
|
202
|
+
],
|
203
|
+
Resource: FnSub("arn:aws:cloudformation:${AWS::Region}:${AWS::AccountId}:stack/#{name}-cfnvpn/*")
|
204
|
+
}]
|
205
|
+
}
|
206
|
+
},
|
207
|
+
{
|
208
|
+
PolicyName: 'client-vpn',
|
209
|
+
PolicyDocument: {
|
210
|
+
Version: '2012-10-17',
|
211
|
+
Statement: [{
|
212
|
+
Effect: 'Allow',
|
213
|
+
Action: [
|
214
|
+
'ec2:AssociateClientVpnTargetNetwork',
|
215
|
+
'ec2:DisassociateClientVpnTargetNetwork',
|
216
|
+
'ec2:DescribeClientVpnTargetNetworks',
|
217
|
+
'ec2:AuthorizeClientVpnIngress',
|
218
|
+
'ec2:RevokeClientVpnIngress',
|
219
|
+
'ec2:DescribeClientVpnAuthorizationRules',
|
220
|
+
'ec2:DescribeClientVpnEndpoints',
|
221
|
+
'ec2:DescribeClientVpnConnections',
|
222
|
+
'ec2:TerminateClientVpnConnections'
|
223
|
+
],
|
224
|
+
Resource: '*'
|
225
|
+
}]
|
226
|
+
}
|
227
|
+
},
|
228
|
+
{
|
229
|
+
PolicyName: 'logging',
|
230
|
+
PolicyDocument: {
|
231
|
+
Version: '2012-10-17',
|
232
|
+
Statement: [{
|
233
|
+
Effect: 'Allow',
|
234
|
+
Action: [
|
235
|
+
'logs:DescribeLogGroups',
|
236
|
+
'logs:CreateLogGroup',
|
237
|
+
'logs:CreateLogStream',
|
238
|
+
'logs:DescribeLogStreams',
|
239
|
+
'logs:PutLogEvents'
|
240
|
+
],
|
241
|
+
Resource: '*'
|
242
|
+
}]
|
243
|
+
}
|
244
|
+
}
|
245
|
+
])
|
246
|
+
Tags([
|
247
|
+
{ Key: 'Name', Value: "#{name}-cfnvpn-scheduler-role" },
|
248
|
+
{ Key: 'Environment', Value: 'cfnvpn' }
|
249
|
+
])
|
250
|
+
}
|
251
|
+
|
252
|
+
Lambda_Function(:ClientVpnSchedulerFunction) {
|
253
|
+
Runtime 'python3.7'
|
254
|
+
Role FnGetAtt(:ClientVpnSchedulerRole, :Arn)
|
255
|
+
MemorySize '128'
|
256
|
+
Handler 'index.handler'
|
257
|
+
Code({
|
258
|
+
ZipFile: <<~EOS
|
259
|
+
import boto3
|
260
|
+
|
261
|
+
def handler(event, context):
|
262
|
+
|
263
|
+
print(f"updating cfn-vpn stack {event['StackName']} parameter AssociateSubnets with value {event['AssociateSubnets']}")
|
264
|
+
|
265
|
+
if event['AssociateSubnets'] == 'false':
|
266
|
+
print(f"terminating current vpn sessions to {event['ClientVpnEndpointId']}")
|
267
|
+
ec2 = boto3.client('ec2')
|
268
|
+
resp = ec2.describe_client_vpn_connections(ClientVpnEndpointId=event['ClientVpnEndpointId'])
|
269
|
+
for conn in resp['Connections']:
|
270
|
+
if conn['Status']['Code'] == 'active':
|
271
|
+
ec2.terminate_client_vpn_connections(
|
272
|
+
ClientVpnEndpointId=event['ClientVpnEndpointId'],
|
273
|
+
ConnectionId=conn['ConnectionId']
|
274
|
+
)
|
275
|
+
print(f"terminated session {conn['ConnectionId']}")
|
276
|
+
|
277
|
+
client = boto3.client('cloudformation')
|
278
|
+
print(client.update_stack(
|
279
|
+
StackName=event['StackName'],
|
280
|
+
UsePreviousTemplate=True,
|
281
|
+
Capabilities=['CAPABILITY_IAM'],
|
282
|
+
Parameters=[
|
283
|
+
{
|
284
|
+
'ParameterKey': 'AssociateSubnets',
|
285
|
+
'ParameterValue': event['AssociateSubnets']
|
286
|
+
}
|
287
|
+
]
|
288
|
+
))
|
289
|
+
|
290
|
+
return 'OK'
|
291
|
+
EOS
|
292
|
+
})
|
293
|
+
Tags([
|
294
|
+
{ Key: 'Name', Value: "#{name}-cfnvpn-scheduler-function" },
|
295
|
+
{ Key: 'Environment', Value: 'cfnvpn' }
|
296
|
+
])
|
297
|
+
}
|
298
|
+
|
299
|
+
Logs_LogGroup(:ClientVpnSchedulerLogGroup) {
|
300
|
+
LogGroupName FnSub("/aws/lambda/${ClientVpnSchedulerFunction}")
|
301
|
+
RetentionInDays 30
|
302
|
+
}
|
303
|
+
|
304
|
+
Lambda_Permission(:ClientVpnSchedulerFunctionPermissions) {
|
305
|
+
FunctionName Ref(:ClientVpnSchedulerFunction)
|
306
|
+
Action 'lambda:InvokeFunction'
|
307
|
+
Principal 'events.amazonaws.com'
|
308
|
+
}
|
309
|
+
|
310
|
+
if start
|
311
|
+
Events_Rule(:ClientVpnSchedulerStart) {
|
312
|
+
State 'ENABLED'
|
313
|
+
Description "cfnvpn start schedule"
|
314
|
+
ScheduleExpression "cron(#{start})"
|
315
|
+
Targets([
|
316
|
+
{
|
317
|
+
Arn: FnGetAtt(:ClientVpnSchedulerFunction, :Arn),
|
318
|
+
Id: 'cfnvpnschedulerstart',
|
319
|
+
Input: FnSub({ StackName: "#{name}-cfnvpn", AssociateSubnets: 'true', ClientVpnEndpointId: "${ClientVpnEndpoint}" }.to_json)
|
320
|
+
}
|
321
|
+
])
|
322
|
+
}
|
323
|
+
end
|
324
|
+
|
325
|
+
if stop
|
326
|
+
Events_Rule(:ClientVpnSchedulerStop) {
|
327
|
+
State 'ENABLED'
|
328
|
+
Description "cfnvpn stop schedule"
|
329
|
+
ScheduleExpression "cron(#{stop})"
|
330
|
+
Targets([
|
331
|
+
{
|
332
|
+
Arn: FnGetAtt(:ClientVpnSchedulerFunction, :Arn),
|
333
|
+
Id: 'cfnvpnschedulerstop',
|
334
|
+
Input: FnSub({ StackName: "#{name}-cfnvpn", AssociateSubnets: 'false', ClientVpnEndpointId: "${ClientVpnEndpoint}" }.to_json)
|
335
|
+
}
|
336
|
+
])
|
337
|
+
}
|
338
|
+
end
|
339
|
+
|
340
|
+
end
|
341
|
+
|
342
|
+
end
|
343
|
+
end
|
344
|
+
end
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-02-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -45,25 +45,25 @@ dependencies:
|
|
45
45
|
- !ruby/object:Gem::Version
|
46
46
|
version: '2'
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
|
-
name:
|
48
|
+
name: cfndsl
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: '
|
53
|
+
version: '1'
|
54
54
|
- - "<"
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version: '
|
56
|
+
version: '2'
|
57
57
|
type: :runtime
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - "~>"
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version: '
|
63
|
+
version: '1'
|
64
64
|
- - "<"
|
65
65
|
- !ruby/object:Gem::Version
|
66
|
-
version: '
|
66
|
+
version: '2'
|
67
67
|
- !ruby/object:Gem::Dependency
|
68
68
|
name: netaddr
|
69
69
|
requirement: !ruby/object:Gem::Requirement
|
@@ -158,6 +158,26 @@ dependencies:
|
|
158
158
|
- - "<"
|
159
159
|
- !ruby/object:Gem::Version
|
160
160
|
version: '2'
|
161
|
+
- !ruby/object:Gem::Dependency
|
162
|
+
name: aws-sdk-ssm
|
163
|
+
requirement: !ruby/object:Gem::Requirement
|
164
|
+
requirements:
|
165
|
+
- - "~>"
|
166
|
+
- !ruby/object:Gem::Version
|
167
|
+
version: '1'
|
168
|
+
- - "<"
|
169
|
+
- !ruby/object:Gem::Version
|
170
|
+
version: '2'
|
171
|
+
type: :runtime
|
172
|
+
prerelease: false
|
173
|
+
version_requirements: !ruby/object:Gem::Requirement
|
174
|
+
requirements:
|
175
|
+
- - "~>"
|
176
|
+
- !ruby/object:Gem::Version
|
177
|
+
version: '1'
|
178
|
+
- - "<"
|
179
|
+
- !ruby/object:Gem::Version
|
180
|
+
version: '2'
|
161
181
|
- !ruby/object:Gem::Dependency
|
162
182
|
name: bundler
|
163
183
|
requirement: !ruby/object:Gem::Requirement
|
@@ -178,14 +198,14 @@ dependencies:
|
|
178
198
|
requirements:
|
179
199
|
- - "~>"
|
180
200
|
- !ruby/object:Gem::Version
|
181
|
-
version: '
|
201
|
+
version: '13.0'
|
182
202
|
type: :development
|
183
203
|
prerelease: false
|
184
204
|
version_requirements: !ruby/object:Gem::Requirement
|
185
205
|
requirements:
|
186
206
|
- - "~>"
|
187
207
|
- !ruby/object:Gem::Version
|
188
|
-
version: '
|
208
|
+
version: '13.0'
|
189
209
|
description: creates and manages resources for the aws client vpn
|
190
210
|
email:
|
191
211
|
- guslington@gmail.com
|
@@ -194,6 +214,9 @@ executables:
|
|
194
214
|
extensions: []
|
195
215
|
extra_rdoc_files: []
|
196
216
|
files:
|
217
|
+
- ".github/workflows/build-gem.yml"
|
218
|
+
- ".github/workflows/release-gem.yml"
|
219
|
+
- ".github/workflows/release-image.yml"
|
197
220
|
- ".gitignore"
|
198
221
|
- ".travis.yml"
|
199
222
|
- Dockerfile
|
@@ -203,26 +226,37 @@ files:
|
|
203
226
|
- README.md
|
204
227
|
- Rakefile
|
205
228
|
- cfn-vpn.gemspec
|
229
|
+
- docs/README.md
|
230
|
+
- docs/certificate-users.md
|
231
|
+
- docs/getting-started.md
|
232
|
+
- docs/modifying.md
|
233
|
+
- docs/routes.md
|
234
|
+
- docs/scheduling.md
|
235
|
+
- docs/sessions.md
|
206
236
|
- exe/cfn-vpn
|
207
237
|
- lib/cfnvpn.rb
|
208
238
|
- lib/cfnvpn/acm.rb
|
239
|
+
- lib/cfnvpn/actions/client.rb
|
240
|
+
- lib/cfnvpn/actions/embedded.rb
|
241
|
+
- lib/cfnvpn/actions/init.rb
|
242
|
+
- lib/cfnvpn/actions/modify.rb
|
243
|
+
- lib/cfnvpn/actions/params.rb
|
244
|
+
- lib/cfnvpn/actions/revoke.rb
|
245
|
+
- lib/cfnvpn/actions/routes.rb
|
246
|
+
- lib/cfnvpn/actions/sessions.rb
|
247
|
+
- lib/cfnvpn/actions/share.rb
|
248
|
+
- lib/cfnvpn/actions/subnets.rb
|
209
249
|
- lib/cfnvpn/certificates.rb
|
210
|
-
- lib/cfnvpn/cfhighlander.rb
|
211
|
-
- lib/cfnvpn/client.rb
|
212
250
|
- lib/cfnvpn/clientvpn.rb
|
213
|
-
- lib/cfnvpn/
|
251
|
+
- lib/cfnvpn/compiler.rb
|
214
252
|
- lib/cfnvpn/config.rb
|
215
|
-
- lib/cfnvpn/
|
253
|
+
- lib/cfnvpn/deployer.rb
|
216
254
|
- lib/cfnvpn/globals.rb
|
217
|
-
- lib/cfnvpn/init.rb
|
218
255
|
- lib/cfnvpn/log.rb
|
219
|
-
- lib/cfnvpn/modify.rb
|
220
|
-
- lib/cfnvpn/revoke.rb
|
221
|
-
- lib/cfnvpn/routes.rb
|
222
256
|
- lib/cfnvpn/s3.rb
|
223
|
-
- lib/cfnvpn/
|
224
|
-
- lib/cfnvpn/
|
225
|
-
- lib/cfnvpn/templates/
|
257
|
+
- lib/cfnvpn/string.rb
|
258
|
+
- lib/cfnvpn/templates/helper.rb
|
259
|
+
- lib/cfnvpn/templates/vpn.rb
|
226
260
|
- lib/cfnvpn/version.rb
|
227
261
|
homepage: https://github.com/base2services/aws-client-vpn
|
228
262
|
licenses:
|
@@ -246,8 +280,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
246
280
|
- !ruby/object:Gem::Version
|
247
281
|
version: '0'
|
248
282
|
requirements: []
|
249
|
-
|
250
|
-
rubygems_version: 2.7.6
|
283
|
+
rubygems_version: 3.1.4
|
251
284
|
signing_key:
|
252
285
|
specification_version: 4
|
253
286
|
summary: creates and manages resources for the aws client vpn
|