cfn-vpn 0.5.1 → 1.1.0

data/lib/cfnvpn/cfhighlander.rb

@@ -1,49 +0,0 @@
-require 'cfhighlander.publisher'
-require 'cfhighlander.factory'
-require 'cfhighlander.validator'
-
-require 'cfnvpn/version'
-
-module CfnVpn
-  class CfHiglander
-
-    def initialize(region, name, config, output_dir)
-      @component_name = name
-      @region = region
-      @config = config
-      @cfn_output_format = 'yaml'
-      ENV['CFHIGHLANDER_WORKDIR'] = output_dir
-    end
-
-    def render()
-      component = load_component(@component_name)
-      compiled = compile_component(component)
-      validate_component(component,compiled.cfn_template_paths)
-      cfn_template_paths = compiled.cfn_template_paths
-      return cfn_template_paths.select { |path| path.match(@component_name) }.first
-    end
-
-    private
-
-    def load_component(component_name)
-      factory = Cfhighlander::Factory::ComponentFactory.new
-      component = factory.loadComponentFromTemplate(component_name)
-      component.config = @config
-      component.version = CfnVpn::VERSION
-      component.load()
-      return component
-    end
-
-    def compile_component(component)
-      component_compiler = Cfhighlander::Compiler::ComponentCompiler.new(component)
-      component_compiler.compileCloudFormation(@cfn_output_format)
-      return component_compiler
-    end
-
-    def validate_component(component,template_paths)
-      component_validator = Cfhighlander::Cloudformation::Validator.new(component)
-      component_validator.validate(template_paths, @cfn_output_format)
-    end
-
-  end
-end

data/lib/cfnvpn/init.rb

@@ -1,109 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-
-module CfnVpn
-  class Init < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-
-    argument :name
-
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
-    class_option :bucket, required: true, desc: 's3 bucket'
-
-    class_option :subnet_id, required: true, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-
-
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['EnvironmentName'] = @name
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
-      @config['template_version'] = '0.2.0'
-    end
-
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if @cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}"
-        exit 1
-      end
-    end
-
-    # create certificates
-    def generate_server_certificates
-      Log.logger.info "Generating certificates using openvpn easy-rsa"
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-      cert.generate_ca(@options['server_cn'],@client_cn)
-    end
-
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path, @config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
-    end
-
-  end
-end

data/lib/cfnvpn/modify.rb

@@ -1,103 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-
-module CfnVpn
-  class Modify < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-
-    argument :name
-
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-
-    class_option :subnet_id, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-
-    class_option :split_tunnel, type: :boolean, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id'] unless @options['subnet_id'].nil?
-      @config['parameters']['ClientCidrBlock'] = @options['cidr'] unless @options['cidr'].nil?
-      @config['parameters']['DnsServers'] = @options['dns_servers'] unless @options['dns_servers'].nil?
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s unless @options['split_tunnel'].nil?
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s unless @options['internet_route'].nil?
-      @config['parameters']['Protocol'] = @options['protocol'] unless @options['protocol'].nil?
-      @config['template_version'] = '0.2.0'
-    end
-
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-
-  end
-end

data/lib/cfnvpn/routes.rb

@@ -1,84 +0,0 @@
-require 'thor'
-require 'cfnvpn/log'
-require 'cfnvpn/s3'
-require 'cfnvpn/globals'
-
-module CfnVpn
-  class Routes < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-
-    argument :name
-
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-
-    class_option :add, desc: 'add cidr to route through the client vpn'
-    class_option :del, desc: 'delete cidr route from the client vpn'
-    class_option :desc, desc: 'description of the route'
-
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-
-    def set_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-    end
-
-    def add_route
-      if !@options['add'].nil?
-        if @options['desc'].nil?
-          Log.logger.error "--desc option must be provided if adding a new route"
-          exit 1
-        end
-
-        vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-
-        if vpn.route_exists?(@options['add'])
-          Log.logger.error "route #{@options['add']} already exists in the client vpn"
-          exit 1
-        end
-
-        Log.logger.info "Adding new route for #{@options['add']}"
-        vpn.add_route(@options['add'],@options['desc'])
-      end
-    end
-
-    def del_route
-      if !@options['del'].nil?
-        vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-
-        if !vpn.route_exists?(@options['del'])
-          Log.logger.error "route #{@options['del']} doesn't exist in the client vpn"
-          exit 1
-        end
-        delete = yes? "Delete route #{@options['del']}?", :yellow
-        if delete
-          Log.logger.info "Deleting route for #{@options['del']}"
-          vpn.del_route(@options['del'])
-        end
-      end
-    end
-
-    def get_routes
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @routes = vpn.get_routes()
-    end
-
-    def display_routes
-      rows = @routes.collect do |s|
-        [ s.destination_cidr, s.description, s.status.code, s.target_subnet, s.type, s.origin ]
-      end
-      table = Terminal::Table.new(
-        :headings => ['Route', 'Description', 'Status', 'Target', 'Type', 'Origin'],
-        :rows => rows)
-      puts table
-    end
-
-  end
-end

data/lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt

@@ -1,27 +0,0 @@
-CfhighlanderTemplate do
-  
-  Parameters do
-    ComponentParam 'EnvironmentName'
-    ComponentParam 'AssociationSubnetId'
-    ComponentParam 'ClientCidrBlock'
-    ComponentParam 'DnsServers'
-    ComponentParam 'SplitTunnel'
-    ComponentParam 'InternetRoute'
-    ComponentParam 'Protocol'
-    ComponentParam 'ServerCertificateArn'
-    ComponentParam 'ClientCertificateArn'
-  end
-  
-  Component template: 'client-vpn@<%= @config['template_version'] %>', name: 'vpn', render: Inline do
-      parameter name: 'EnvironmentName', value: Ref('EnvironmentName')
-      parameter name: 'AssociationSubnetId', value: Ref('AssociationSubnetId')
-      parameter name: 'ClientCidrBlock', value: Ref('ClientCidrBlock')
-      parameter name: 'DnsServers', value: Ref('DnsServers')
-      parameter name: 'SplitTunnel', value: Ref('SplitTunnel')
-      parameter name: 'InternetRoute', value: Ref('InternetRoute')
-      parameter name: 'Protocol', value: Ref('Protocol')
-      parameter name: 'ServerCertificateArn', value: Ref('ServerCertificateArn')
-      parameter name: 'ClientCertificateArn', value: Ref('ClientCertificateArn')
-  end
-  
-end