RubyGems - cfn-vpn - Versions diffs - 0.5.1 → 1.3.1 - Mend

cfn-vpn 0.5.1 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (46) hide show

checksums.yaml +4 -4
data/.github/workflows/build-gem.yml +25 -0
data/.github/workflows/release-gem.yml +34 -0
data/.github/workflows/release-image.yml +33 -0
data/Gemfile.lock +33 -39
data/README.md +1 -247
data/cfn-vpn.gemspec +4 -4
data/docs/README.md +44 -0
data/docs/certificate-users.md +89 -0
data/docs/getting-started.md +128 -0
data/docs/modifying.md +67 -0
data/docs/routes.md +98 -0
data/docs/scheduling.md +32 -0
data/docs/sessions.md +27 -0
data/lib/cfnvpn.rb +31 -27
data/lib/cfnvpn/{client.rb → actions/client.rb} +5 -6
data/lib/cfnvpn/{embedded.rb → actions/embedded.rb} +15 -15
data/lib/cfnvpn/actions/init.rb +144 -0
data/lib/cfnvpn/actions/modify.rb +169 -0
data/lib/cfnvpn/actions/params.rb +73 -0
data/lib/cfnvpn/{revoke.rb → actions/revoke.rb} +6 -6
data/lib/cfnvpn/actions/routes.rb +196 -0
data/lib/cfnvpn/{sessions.rb → actions/sessions.rb} +5 -5
data/lib/cfnvpn/{share.rb → actions/share.rb} +10 -10
data/lib/cfnvpn/actions/subnets.rb +78 -0
data/lib/cfnvpn/certificates.rb +5 -5
data/lib/cfnvpn/clientvpn.rb +49 -65
data/lib/cfnvpn/compiler.rb +23 -0
data/lib/cfnvpn/config.rb +34 -78
data/lib/cfnvpn/{cloudformation.rb → deployer.rb} +47 -19
data/lib/cfnvpn/log.rb +26 -26
data/lib/cfnvpn/s3.rb +34 -4
data/lib/cfnvpn/s3_bucket.rb +48 -0
data/lib/cfnvpn/string.rb +33 -0
data/lib/cfnvpn/templates/helper.rb +14 -0
data/lib/cfnvpn/templates/lambdas.rb +35 -0
data/lib/cfnvpn/templates/lambdas/auto_route_populator/app.py +175 -0
data/lib/cfnvpn/templates/lambdas/scheduler/app.py +36 -0
data/lib/cfnvpn/templates/vpn.rb +449 -0
data/lib/cfnvpn/version.rb +1 -1
metadata +73 -23
data/lib/cfnvpn/cfhighlander.rb +0 -49
data/lib/cfnvpn/init.rb +0 -109
data/lib/cfnvpn/modify.rb +0 -103
data/lib/cfnvpn/routes.rb +0 -84
data/lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt +0 -27

data/lib/cfnvpn/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module CfnVpn
-  VERSION = "0.5.1".freeze
+  VERSION = "1.3.1".freeze
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-vpn
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 1.3.1
 platform: ruby
 authors:
 - Guslington
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2020-05-18 00:00:00.000000000 Z
+date: 2021-06-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -45,25 +45,25 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2'
 - !ruby/object:Gem::Dependency
-  name: cfhighlander
+  name: cfndsl
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '1'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '1'
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: netaddr
   requirement: !ruby/object:Gem::Requirement
@@ -78,6 +78,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 2.0.4
+- !ruby/object:Gem::Dependency
+  name: rubyzip
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.3'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-ec2
   requirement: !ruby/object:Gem::Requirement
@@ -158,6 +172,26 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: '2'
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-ssm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -178,14 +212,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 description: creates and manages resources for the aws client vpn
 email:
 - guslington@gmail.com
@@ -194,6 +228,9 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/build-gem.yml"
+- ".github/workflows/release-gem.yml"
+- ".github/workflows/release-image.yml"
 - ".gitignore"
 - ".travis.yml"
 - Dockerfile
@@ -203,32 +240,46 @@ files:
 - README.md
 - Rakefile
 - cfn-vpn.gemspec
+- docs/README.md
+- docs/certificate-users.md
+- docs/getting-started.md
+- docs/modifying.md
+- docs/routes.md
+- docs/scheduling.md
+- docs/sessions.md
 - exe/cfn-vpn
 - lib/cfnvpn.rb
 - lib/cfnvpn/acm.rb
+- lib/cfnvpn/actions/client.rb
+- lib/cfnvpn/actions/embedded.rb
+- lib/cfnvpn/actions/init.rb
+- lib/cfnvpn/actions/modify.rb
+- lib/cfnvpn/actions/params.rb
+- lib/cfnvpn/actions/revoke.rb
+- lib/cfnvpn/actions/routes.rb
+- lib/cfnvpn/actions/sessions.rb
+- lib/cfnvpn/actions/share.rb
+- lib/cfnvpn/actions/subnets.rb
 - lib/cfnvpn/certificates.rb
-- lib/cfnvpn/cfhighlander.rb
-- lib/cfnvpn/client.rb
 - lib/cfnvpn/clientvpn.rb
-- lib/cfnvpn/cloudformation.rb
+- lib/cfnvpn/compiler.rb
 - lib/cfnvpn/config.rb
-- lib/cfnvpn/embedded.rb
+- lib/cfnvpn/deployer.rb
 - lib/cfnvpn/globals.rb
-- lib/cfnvpn/init.rb
 - lib/cfnvpn/log.rb
-- lib/cfnvpn/modify.rb
-- lib/cfnvpn/revoke.rb
-- lib/cfnvpn/routes.rb
 - lib/cfnvpn/s3.rb
-- lib/cfnvpn/sessions.rb
-- lib/cfnvpn/share.rb
-- lib/cfnvpn/templates/cfnvpn.cfhighlander.rb.tt
+- lib/cfnvpn/s3_bucket.rb
+- lib/cfnvpn/string.rb
+- lib/cfnvpn/templates/helper.rb
+- lib/cfnvpn/templates/lambdas.rb
+- lib/cfnvpn/templates/lambdas/auto_route_populator/app.py
+- lib/cfnvpn/templates/lambdas/scheduler/app.py
+- lib/cfnvpn/templates/vpn.rb
 - lib/cfnvpn/version.rb
 homepage: https://github.com/base2services/aws-client-vpn
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/base2services/aws-client-vpn
   source_code_uri: https://github.com/base2services/aws-client-vpn
 post_install_message:
@@ -246,8 +297,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: creates and manages resources for the aws client vpn

data/lib/cfnvpn/cfhighlander.rb DELETED Viewed

@@ -1,49 +0,0 @@
-require 'cfhighlander.publisher'
-require 'cfhighlander.factory'
-require 'cfhighlander.validator'
-require 'cfnvpn/version'
-module CfnVpn
-  class CfHiglander
-    def initialize(region, name, config, output_dir)
-      @component_name = name
-      @region = region
-      @config = config
-      @cfn_output_format = 'yaml'
-      ENV['CFHIGHLANDER_WORKDIR'] = output_dir
-    end
-    def render()
-      component = load_component(@component_name)
-      compiled = compile_component(component)
-      validate_component(component,compiled.cfn_template_paths)
-      cfn_template_paths = compiled.cfn_template_paths
-      return cfn_template_paths.select { |path| path.match(@component_name) }.first
-    end
-    private
-    def load_component(component_name)
-      factory = Cfhighlander::Factory::ComponentFactory.new
-      component = factory.loadComponentFromTemplate(component_name)
-      component.config = @config
-      component.version = CfnVpn::VERSION
-      component.load()
-      return component
-    end
-    def compile_component(component)
-      component_compiler = Cfhighlander::Compiler::ComponentCompiler.new(component)
-      component_compiler.compileCloudFormation(@cfn_output_format)
-      return component_compiler
-    end
-    def validate_component(component,template_paths)
-      component_validator = Cfhighlander::Cloudformation::Validator.new(component)
-      component_validator.validate(template_paths, @cfn_output_format)
-    end
-  end
-end

data/lib/cfnvpn/init.rb DELETED Viewed

@@ -1,109 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class Init < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
-    class_option :bucket, required: true, desc: 's3 bucket'
-    class_option :subnet_id, required: true, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['EnvironmentName'] = @name
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if @cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}"
-        exit 1
-      end
-    end
-    # create certificates
-    def generate_server_certificates
-      Log.logger.info "Generating certificates using openvpn easy-rsa"
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-      cert.generate_ca(@options['server_cn'],@client_cn)
-    end
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path, @config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
-    end
-  end
-end

data/lib/cfnvpn/modify.rb DELETED Viewed

@@ -1,103 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class Modify < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :subnet_id, desc: 'subnet id to associate your vpn with'
-    class_option :cidr, desc: 'cidr from which to assign client IP addresses'
-    class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      Log.logger.debug "creating directory #{@build_dir}"
-      FileUtils.mkdir_p(@build_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id'] unless @options['subnet_id'].nil?
-      @config['parameters']['ClientCidrBlock'] = @options['cidr'] unless @options['cidr'].nil?
-      @config['parameters']['DnsServers'] = @options['dns_servers'] unless @options['dns_servers'].nil?
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s unless @options['split_tunnel'].nil?
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s unless @options['internet_route'].nil?
-      @config['parameters']['Protocol'] = @options['protocol'] unless @options['protocol'].nil?
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-  end
-end