RubyGems - cfn-vpn - Versions diffs - 0.5.1 → 1.3.1 - Mend

cfn-vpn 0.5.1 → 1.3.1

Files changed (46) hide show

checksums.yaml +4 -4
data/.github/workflows/build-gem.yml +25 -0
data/.github/workflows/release-gem.yml +34 -0
data/.github/workflows/release-image.yml +33 -0
data/Gemfile.lock +33 -39
data/README.md +1 -247
data/cfn-vpn.gemspec +4 -4
data/docs/README.md +44 -0
data/docs/certificate-users.md +89 -0
data/docs/getting-started.md +128 -0
data/docs/modifying.md +67 -0
data/docs/routes.md +98 -0
data/docs/scheduling.md +32 -0
data/docs/sessions.md +27 -0
data/lib/cfnvpn.rb +31 -27
data/lib/cfnvpn/{client.rb → actions/client.rb} +5 -6
data/lib/cfnvpn/{embedded.rb → actions/embedded.rb} +15 -15
data/lib/cfnvpn/actions/init.rb +144 -0
data/lib/cfnvpn/actions/modify.rb +169 -0
data/lib/cfnvpn/actions/params.rb +73 -0
data/lib/cfnvpn/{revoke.rb → actions/revoke.rb} +6 -6
data/lib/cfnvpn/actions/routes.rb +196 -0
data/lib/cfnvpn/{sessions.rb → actions/sessions.rb} +5 -5
data/lib/cfnvpn/{share.rb → actions/share.rb} +10 -10
data/lib/cfnvpn/actions/subnets.rb +78 -0
data/lib/cfnvpn/certificates.rb +5 -5
data/lib/cfnvpn/clientvpn.rb +49 -65
data/lib/cfnvpn/compiler.rb +23 -0
data/lib/cfnvpn/config.rb +34 -78
data/lib/cfnvpn/{cloudformation.rb → deployer.rb} +47 -19
data/lib/cfnvpn/log.rb +26 -26
data/lib/cfnvpn/s3.rb +34 -4
data/lib/cfnvpn/s3_bucket.rb +48 -0
data/lib/cfnvpn/string.rb +33 -0
data/lib/cfnvpn/templates/helper.rb +14 -0
data/lib/cfnvpn/templates/lambdas.rb +35 -0
data/lib/cfnvpn/templates/lambdas/auto_route_populator/app.py +175 -0
data/lib/cfnvpn/templates/lambdas/scheduler/app.py +36 -0
data/lib/cfnvpn/templates/vpn.rb +449 -0
data/lib/cfnvpn/version.rb +1 -1
metadata +73 -23
data/lib/cfnvpn/cfhighlander.rb +0 -49
data/lib/cfnvpn/init.rb +0 -109
data/lib/cfnvpn/modify.rb +0 -103
data/lib/cfnvpn/routes.rb +0 -84
data/lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt +0 -27

data/lib/cfnvpn/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module CfnVpn
-  VERSION = "0.5.1".freeze
+  VERSION = "1.3.1".freeze
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-vpn
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 1.3.1
 platform: ruby
 authors:
 - Guslington
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-05-18 00:00:00.000000000 Z
+date: 2021-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -45,25 +45,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
-  name: cfhighlander
+  name: cfndsl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: netaddr
   requirement: !ruby/object:Gem::Requirement
@@ -78,6 +78,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.0.4
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ec2
   requirement: !ruby/object:Gem::Requirement
@@ -158,6 +172,26 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ssm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -178,14 +212,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 description: creates and manages resources for the aws client vpn
 email:
 - guslington@gmail.com
@@ -194,6 +228,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build-gem.yml"
+- ".github/workflows/release-gem.yml"
+- ".github/workflows/release-image.yml"
 - ".gitignore"
 - ".travis.yml"
 - Dockerfile
@@ -203,32 +240,46 @@ files:
 - README.md
 - Rakefile
 - cfn-vpn.gemspec
+- docs/README.md
+- docs/certificate-users.md
+- docs/getting-started.md
+- docs/modifying.md
+- docs/routes.md
+- docs/scheduling.md
+- docs/sessions.md
 - exe/cfn-vpn
 - lib/cfnvpn.rb
 - lib/cfnvpn/acm.rb
+- lib/cfnvpn/actions/client.rb
+- lib/cfnvpn/actions/embedded.rb
+- lib/cfnvpn/actions/init.rb
+- lib/cfnvpn/actions/modify.rb
+- lib/cfnvpn/actions/params.rb
+- lib/cfnvpn/actions/revoke.rb
+- lib/cfnvpn/actions/routes.rb
+- lib/cfnvpn/actions/sessions.rb
+- lib/cfnvpn/actions/share.rb
+- lib/cfnvpn/actions/subnets.rb
 - lib/cfnvpn/certificates.rb
-- lib/cfnvpn/cfhighlander.rb
-- lib/cfnvpn/client.rb
 - lib/cfnvpn/clientvpn.rb
-- lib/cfnvpn/cloudformation.rb
+- lib/cfnvpn/compiler.rb
 - lib/cfnvpn/config.rb
-- lib/cfnvpn/embedded.rb
+- lib/cfnvpn/deployer.rb
 - lib/cfnvpn/globals.rb
-- lib/cfnvpn/init.rb
 - lib/cfnvpn/log.rb
-- lib/cfnvpn/modify.rb
-- lib/cfnvpn/revoke.rb
-- lib/cfnvpn/routes.rb
 - lib/cfnvpn/s3.rb
-- lib/cfnvpn/sessions.rb
-- lib/cfnvpn/share.rb
-- lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt
+- lib/cfnvpn/s3_bucket.rb
+- lib/cfnvpn/string.rb
+- lib/cfnvpn/templates/helper.rb
+- lib/cfnvpn/templates/lambdas.rb
+- lib/cfnvpn/templates/lambdas/auto_route_populator/app.py
+- lib/cfnvpn/templates/lambdas/scheduler/app.py
+- lib/cfnvpn/templates/vpn.rb
 - lib/cfnvpn/version.rb
 homepage: https://github.com/base2services/aws-client-vpn
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/base2services/aws-client-vpn
   source_code_uri: https://github.com/base2services/aws-client-vpn
 post_install_message:
@@ -246,8 +297,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: creates and manages resources for the aws client vpn

data/lib/cfnvpn/cfhighlander.rb DELETED Viewed

@@ -1,49 +0,0 @@
-require 'cfhighlander.publisher'
-require 'cfhighlander.factory'
-require 'cfhighlander.validator'
-require 'cfnvpn/version'
-module CfnVpn
-  class CfHiglander
-    def initialize(region, name, config, output_dir)
-      @component_name = name
-      @region = region
-      @config = config
-      @cfn_output_format = 'yaml'
-      ENV['CFHIGHLANDER_WORKDIR'] = output_dir
-    end
-    def render()
-      component = load_component(@component_name)
-      compiled = compile_component(component)
-      validate_component(component,compiled.cfn_template_paths)
-      cfn_template_paths = compiled.cfn_template_paths
-      return cfn_template_paths.select { |path| path.match(@component_name) }.first
-    end
-    private
-    def load_component(component_name)
-      factory = Cfhighlander::Factory::ComponentFactory.new
-      component = factory.loadComponentFromTemplate(component_name)
-      component.config = @config
-      component.version = CfnVpn::VERSION
-      component.load()
-      return component
-    end
-    def compile_component(component)
-      component_compiler = Cfhighlander::Compiler::ComponentCompiler.new(component)
-      component_compiler.compileCloudFormation(@cfn_output_format)
-      return component_compiler
-    end
-    def validate_component(component,template_paths)
-      component_validator = Cfhighlander::Cloudformation::Validator.new(component)
-      component_validator.validate(template_paths, @cfn_output_format)
-    end
-  end
-end

data/lib/cfnvpn/init.rb DELETED Viewed

@@ -1,109 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class Init < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
-    class_option :bucket, required: true, desc: 's3 bucket'
-    class_option :subnet_id, required: true, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['EnvironmentName'] = @name
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if @cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}"
-        exit 1
-      end
-    end
-    # create certificates
-    def generate_server_certificates
-      Log.logger.info "Generating certificates using openvpn easy-rsa"
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-      cert.generate_ca(@options['server_cn'],@client_cn)
-    end
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path, @config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
-    end
-  end
-end

data/lib/cfnvpn/modify.rb DELETED Viewed

@@ -1,103 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class Modify < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :subnet_id, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id'] unless @options['subnet_id'].nil?
-      @config['parameters']['ClientCidrBlock'] = @options['cidr'] unless @options['cidr'].nil?
-      @config['parameters']['DnsServers'] = @options['dns_servers'] unless @options['dns_servers'].nil?
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s unless @options['split_tunnel'].nil?
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s unless @options['internet_route'].nil?
-      @config['parameters']['Protocol'] = @options['protocol'] unless @options['protocol'].nil?
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-  end
-end