RubyGems - cfn-vpn - Versions diffs - 0.5.0.2 → 0.5.1 - Mend

cfn-vpn 0.5.0.2 → 0.5.1

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +17 -0
data/Dockerfile +8 -9
data/Gemfile.lock +30 -39
data/README.md +15 -0
data/lib/cfnvpn/certificates.rb +0 -59
data/lib/cfnvpn/cloudformation.rb +3 -3
data/lib/cfnvpn/modify.rb +9 -9
data/lib/cfnvpn/version.rb +1 -1
data/lib/cfnvpn.rb +0 -4
metadata +5 -7
data/.github/workflows/build-gem.yml +0 -28
data/.github/workflows/release-gem.yml +0 -34
data/.github/workflows/release-image.yml +0 -33
data/lib/cfnvpn/renew_certificate.rb +0 -123

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca6d3909d559c6d338f7dc2852384adae1933b87fac5e2bcac9c44aefea8346e
-  data.tar.gz: 72322a94697e760b779ac103e20107af16536d09453862eb59c1faa9a175061f
+  metadata.gz: a41e3f9d96119e2dd991397c46dd76a4b2a3512b96019ca0a26882423ffd4d58
+  data.tar.gz: ed90e797f95c1a36cdbc740102bd8f764f1168b3fa13cfb0b30cd76b57d857dd
 SHA512:
-  metadata.gz: e84e913fae2c4e04670c9b3dea94f4154770557b8da6cc3ac82a26aa3d1b723e30dd523a3bb65387ecb21c7b9e2b4d98fd1c9ec901b3e3f6aaf691c429ec43e4
-  data.tar.gz: 311eb8388373d7e869b70a4ec5e018fd829edf9ada41e300b3ae7c19ac0ba360e134ee1fd58b5a626871b79c6060e193b2e1823cefa794e5c5ea3a8e8a8d371e
+  metadata.gz: 739c501d83e59f546eff20f0e6e5f1e4cbe521ee744b469eaa686209738c561c8fc06168354ad110647525e6074919387b8fe46bce6d652d5a52a583d787d0f2
+  data.tar.gz: 7ec851a23a53e3f6d670fde5fd7348fe4f23f3b01c372efb3bc1487682514555a57a9b173f273e46b3808c8878b4589a6350ce7fc6c2471c5c5273139fbb437c

data/.travis.yml ADDED Viewed

@@ -0,0 +1,17 @@
+sudo: required
+dist: trusty
+language: ruby
+rvm:
+  - 2.5
+script:
+  - bundle install
+  - gem build cfn-vpn.gemspec
+  - gem install cfn-vpn-*.gem
+  - cfn-vpn help
+deploy:
+  provider: rubygems
+  api_key: "${RUBYGEMS_API_KEY}"
+  gem: cfn-vpn
+  on:
+   all_branches: true
+   condition: $TRAVIS_BRANCH =~ ^develop|master &&  $TRAVIS_EVENT_TYPE =~ ^push|api$ && $TRAVIS_REPO_SLUG == "base2services/aws-client-vpn"

data/Dockerfile CHANGED Viewed

@@ -1,15 +1,14 @@
-FROM ruby:2.7
+FROM ruby:2.7-alpine
-RUN apt-get update -qq \
-    && apt-get install -qqy \
-        easy-rsa \
-        git \
+RUN apk add --no-cache easy-rsa git \
+    # Hack until easy-rsa 3.0.7 is released https://github.com/OpenVPN/easy-rsa/issues/261
+    && sed -i 's/^RANDFILE\s*=\s\$ENV.*/#&/' /usr/share/easy-rsa/openssl-easyrsa.cnf \
     && ln -s /usr/share/easy-rsa/easyrsa  /usr/bin/
 ENV EASYRSA=/usr/share/easy-rsa
 ENV EASYRSA_BATCH=yes
-ARG CFNVPN_VERSION="1.5.0"
+ARG CFNVPN_VERSION="0.5.0"
 COPY . /src
@@ -18,9 +17,9 @@ WORKDIR /src
 RUN gem build cfn-vpn.gemspec \
     && gem install cfn-vpn-${CFNVPN_VERSION}.gem \
     && rm -rf /src
-RUN addgroup --gid 1000 cfnvpn && \
-    adduser --home /home/cfnvpn --uid 1000 --disabled-password --gecos GECOS --gid 1000 cfnvpn
+RUN addgroup -g 1000 cfnvpn && \
+    adduser -D -u 1000 -G cfnvpn cfnvpn
 USER cfnvpn

data/Gemfile.lock CHANGED Viewed

@@ -1,75 +1,66 @@
 PATH
   remote: .
   specs:
-    cfn-vpn (0.5.0)
+    cfn-vpn (0.2.0)
       aws-sdk-acm (~> 1, < 2)
       aws-sdk-cloudformation (~> 1, < 2)
       aws-sdk-ec2 (~> 1.95, < 2)
       aws-sdk-s3 (~> 1, < 2)
       cfhighlander (~> 0.9, < 1)
-      netaddr (= 2.0.4)
+      cfndsl (~> 0.17, < 1)
       terminal-table (~> 1, < 2)
       thor (~> 0.20)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 6.0)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.707.0)
-    aws-sdk-acm (1.55.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-eventstream (1.0.3)
+    aws-partitions (1.253.0)
+    aws-sdk-acm (1.23.0)
+      aws-sdk-core (~> 3, >= 3.56.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudformation (1.76.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-cloudformation (1.29.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.170.0)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
-      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.364.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-core (3.85.1)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.62.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+      jmespath (~> 1.0)
+    aws-sdk-ec2 (1.124.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.119.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-kms (1.27.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.59.0)
+      aws-sdk-core (~> 3, >= 3.83.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.5.2)
-      aws-eventstream (~> 1, >= 1.0.2)
-    cfhighlander (0.12.8)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.1.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+    cfhighlander (0.10.7)
       aws-sdk-cloudformation (~> 1, < 2)
       aws-sdk-core (~> 3, < 4)
       aws-sdk-ec2 (~> 1, < 2)
       aws-sdk-s3 (~> 1, < 2)
-      cfndsl (~> 1.3, < 2)
+      cfndsl (= 0.17.2)
       duplicate (~> 1.1)
       git (~> 1.4, < 2)
       highline (>= 1.7.10, < 1.8)
       rubyzip (>= 2.0.0, < 3)
       thor (~> 0.20, < 1)
-    cfndsl (1.6.0)
-      hana (~> 1.3)
+    cfndsl (0.17.2)
     duplicate (1.1.1)
-    git (1.13.2)
-      addressable (~> 2.8)
-      rchardet (~> 1.8)
-    hana (1.3.7)
+    git (1.5.0)
     highline (1.7.10)
-    jmespath (1.6.2)
-    netaddr (2.0.4)
-    public_suffix (5.0.1)
+    jmespath (1.4.0)
     rake (10.5.0)
-    rchardet (1.8.0)
-    rubyzip (2.3.2)
+    rubyzip (2.0.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thor (0.20.3)
-    unicode-display_width (1.8.0)
+    unicode-display_width (1.6.0)
 PLATFORMS
   ruby
@@ -80,4 +71,4 @@ DEPENDENCIES
   rake (~> 10.0)
 BUNDLED WITH
-   2.3.13
+   2.0.1

data/README.md CHANGED Viewed

@@ -16,11 +16,22 @@ Install `cfn-vpn` gem
 gem install cfn-vpn
 ```
+### easy-rsa
+**Option 1 - Docker**
 Install [docker](https://docs.docker.com/install/)
 Docker is required to generate the certificates required for the client vpn.
 The gem uses [openvpn/easy-rsa](https://github.com/OpenVPN/easy-rsa) project in [base2/aws-client-vpn](https://hub.docker.com/r/base2/aws-client-vpn) docker image. [repo](https://github.com/base2Services/ciinabox-containers/tree/master/easy-rsa)
+**Option 1 - local**
+If you would rather setup easy-rsa than install docker, you can use the `--easyrsa-local` flag when running the commands to use a local copy of easy-rsa, the binary just needs to be available in the `$PATH`. Install from [openvpn/easy-rsa](https://github.com/OpenVPN/easy-rsa)
+### AWS Credentials
 Setup your [AWS credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) by either setting a profile or exporting them as environment variables.
 ```bash
@@ -35,6 +46,10 @@ Optionally export the AWS region if not providing `--region` flag
 export AWS_REGION="us-east-1"
 ```
+## Docker Image
+[base2/cfn-vpn](https://hub.docker.com/r/base2/cfn-vpn) docker image for usage in a pipeline which comes pre packaged with all dependencies.
 ## Scenarios
 For further AWS documentation please visit https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario.html

data/lib/cfnvpn/certificates.rb CHANGED Viewed

@@ -48,65 +48,6 @@ module CfnVpn
       end
     end
-    def renew(server_cn,client_cn,expiry=nil)
-      opts = ""
-      unless expiry.nil?
-        opts += "--days=#{expiry}"
-      end
-      if @easyrsa_local
-        ENV["EASYRSA_REQ_CN"] = server_cn
-        ENV["EASYRSA_PKI"] = @pki_dir
-        system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
-        system("easyrsa #{opts} renew server nopass")
-        system("easyrsa #{opts} renew #{client_cn} nopass")
-        FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
-        system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
-      else
-        @docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
-        @docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
-        @docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
-        @docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
-        @docker_cmd << @easyrsa_image
-        @docker_cmd << "sh -c 'renew'"
-        CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
-      end
-    end
-    def rebuild(server_cn,client_cn,expiry=nil)
-      timestamp = Time.now.getutc.to_i
-      opts = ""
-      unless expiry.nil?
-        opts += "--days=#{expiry}"
-      end
-      if @easyrsa_local
-        ENV["EASYRSA_REQ_CN"] = server_cn
-        ENV["EASYRSA_PKI"] = @pki_dir
-        system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
-        FileUtils.mv("#{@pki_dir}/reqs/server.req", "#{@pki_dir}/reqs/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/issued/server.crt", "#{@pki_dir}/issued/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/private/server.key", "#{@pki_dir}/private/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/reqs/#{client_cn}.req", "#{@pki_dir}/reqs/#{client_cn}.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/issued/#{client_cn}.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/private/#{client_cn}.key", "#{@pki_dir}/private/#{client_cn}.req.bak-#{timestamp}")
-        system("easyrsa #{opts} build-server-full server nopass")
-        system("easyrsa #{opts} build-client-full #{client_cn} nopass")
-        FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
-        system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
-      else
-        @docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
-        @docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
-        @docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
-        @docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
-        @docker_cmd << @easyrsa_image
-        @docker_cmd << "sh -c 'rebuild'"
-        CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
-      end
-    end
     def generate_client(client_cn)
       if @easyrsa_local
         ENV["EASYRSA_PKI"] = @pki_dir

data/lib/cfnvpn/cloudformation.rb CHANGED Viewed

@@ -41,11 +41,11 @@ module CfnVpn
       params.each do |param|
         if !parameters[param[:parameter_key]].nil?
-          param['parameter_value'] = parameters[param[:parameter_key]]
-          param['use_previous_value'] = false
+          param[:parameter_value] = parameters[param[:parameter_key]]
+          param[:use_previous_value] = false
         end
       end
       template_body = File.read(template_path)
       Log.logger.debug "Creating changeset"
       change_set = @client.create_change_set({

data/lib/cfnvpn/modify.rb CHANGED Viewed

@@ -23,9 +23,9 @@ module CfnVpn
     class_option :cidr, desc: 'cidr from which to assign client IP addresses'
     class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
+    class_option :split_tunnel, type: :boolean, desc: 'only push routes to the client on the vpn endpoint'
+    class_option :internet_route, type: :boolean, desc: 'create a default route to the internet'
+    class_option :protocol, type: :string, enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
     def self.source_root
       File.dirname(__FILE__)
@@ -44,12 +44,12 @@ module CfnVpn
     def initialize_config
       @config = {}
       @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
+      @config['parameters']['AssociationSubnetId'] = @options['subnet_id'] unless @options['subnet_id'].nil?
+      @config['parameters']['ClientCidrBlock'] = @options['cidr'] unless @options['cidr'].nil?
+      @config['parameters']['DnsServers'] = @options['dns_servers'] unless @options['dns_servers'].nil?
+      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s unless @options['split_tunnel'].nil?
+      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s unless @options['internet_route'].nil?
+      @config['parameters']['Protocol'] = @options['protocol'] unless @options['protocol'].nil?
       @config['template_version'] = '0.2.0'
     end

data/lib/cfnvpn/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module CfnVpn
-  VERSION = "0.5.0.2".freeze
+  VERSION = "0.5.1".freeze
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

data/lib/cfnvpn.rb CHANGED Viewed

@@ -9,7 +9,6 @@ require 'cfnvpn/sessions'
 require 'cfnvpn/routes'
 require 'cfnvpn/share'
 require 'cfnvpn/embedded'
-require 'cfnvpn/renew_certificate'
 module CfnVpn
   class Cli < Thor
@@ -22,9 +21,6 @@ module CfnVpn
     register CfnVpn::Init, 'init', 'init [name]', 'Create a AWS Client VPN'
     tasks["init"].options = CfnVpn::Init.class_options
-    register CfnVpn::RenewCertificate, 'renew', 'renew [name]', 'Create a AWS Client VPN'
-    tasks["renew"].options = CfnVpn::RenewCertificate.class_options
     register CfnVpn::Modify, 'modify', 'modify [name]', 'Modify your AWS Client VPN'
     tasks["modify"].options = CfnVpn::Modify.class_options

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-vpn
 version: !ruby/object:Gem::Version
-  version: 0.5.0.2
+  version: 0.5.1
 platform: ruby
 authors:
 - Guslington
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-02-08 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -194,10 +194,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/build-gem.yml"
-- ".github/workflows/release-gem.yml"
-- ".github/workflows/release-image.yml"
 - ".gitignore"
+- ".travis.yml"
 - Dockerfile
 - Gemfile
 - Gemfile.lock
@@ -219,7 +217,6 @@ files:
 - lib/cfnvpn/init.rb
 - lib/cfnvpn/log.rb
 - lib/cfnvpn/modify.rb
-- lib/cfnvpn/renew_certificate.rb
 - lib/cfnvpn/revoke.rb
 - lib/cfnvpn/routes.rb
 - lib/cfnvpn/s3.rb
@@ -249,7 +246,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubyforge_project:
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: creates and manages resources for the aws client vpn

data/.github/workflows/build-gem.yml DELETED Viewed

@@ -1,28 +0,0 @@
-name: test and build gem
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-jobs:
-  build:
-    name: test + build
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up ruby 2.7
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.7
-    - name: rspec
-      run: |
-        gem install rspec
-        rspec
-    - name: build gem
-      run: |
-        gem build cfn-vpn.gemspec

data/.github/workflows/release-gem.yml DELETED Viewed

@@ -1,34 +0,0 @@
-name: release gem
-on:
-  release:
-    types: [published]
-jobs:
-  build:
-    name: Build + Publish Gem
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out the repo
-      uses: actions/checkout@v3
-    - name: Set up ruby 2.7
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.7
-    - name: rspec
-      run: |
-        gem install rspec
-        rspec
-    - name: build gem
-      run: |
-        gem build cfn-vpn.gemspec
-    - name: Publish gem
-      uses: dawidd6/action-publish-gem@v1
-      with:
-        api_key: ${{secrets.RUBYGEMS_API_KEY}}
-        github_token: ${{secrets.GITHUB_TOKEN}}

data/.github/workflows/release-image.yml DELETED Viewed

@@ -1,33 +0,0 @@
-name: release docker image
-on:
-  release:
-    types: [published]
-jobs:
-  build:
-    name: Build + Publish Container Image
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out the repo
-      uses: actions/checkout@v3
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-    - name: Login to  GitHub Container Repository
-      uses: docker/login-action@v1
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
-    - name: Build and push Container Image to GitHub Container Repository
-      uses: docker/build-push-action@v3
-      with:
-        context: .
-        file: ./Dockerfile
-        push: true
-        tags: ghcr.io/base2services/cfnvpn:${{ github.event.release.tag_name }}
-        build-args: CFNVPN_VERSION=${{ github.event.release.tag_name }}

data/lib/cfnvpn/renew_certificate.rb DELETED Viewed

@@ -1,123 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class RenewCertificate < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
-    class_option :certificate_expiry, type: :string, desc: 'value in days for when the server certificates expire, defaults to 825 days'
-    class_option :rebuild, type: :boolean, default: false, desc: 'generates new certificates from the existing CA for certiciate type VPNs'
-    class_option :bucket, required: true, desc: 's3 bucket'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      @cert_dir = "#{@build_dir}/certificates"
-      Log.logger.debug "creating directory #{@cert_dir}"
-      FileUtils.mkdir_p(@cert_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-    def set_client_cn
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-    end
-    # create certificates
-    def generate_server_certificates
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.get_object("#{@cert_dir}/ca.tar.gz")
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      if @options['rebuild']
-        Log.logger.info "rebuilding certificates using openvpn easy-rsa"
-        cert.rebuild(@options['server_cn'],@client_cn,@options['certificate_expiry'])
-      else
-        Log.logger.info "renewing certificates using openvpn easy-rsa"
-        cert.renew(@options['server_cn'],@client_cn,@options['certificate_expiry'])
-      end
-    end
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-  end
-end