RubyGems - cfn-vpn - Versions diffs - 0.5.0.2 → 0.5.1 - Mend

cfn-vpn 0.5.0.2 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/.travis.yml +17 -0
data/Dockerfile +8 -9
data/Gemfile.lock +30 -39
data/README.md +15 -0
data/lib/cfnvpn/certificates.rb +0 -59
data/lib/cfnvpn/cloudformation.rb +3 -3
data/lib/cfnvpn/modify.rb +9 -9
data/lib/cfnvpn/version.rb +1 -1
data/lib/cfnvpn.rb +0 -4
metadata +5 -7
data/.github/workflows/build-gem.yml +0 -28
data/.github/workflows/release-gem.yml +0 -34
data/.github/workflows/release-image.yml +0 -33
data/lib/cfnvpn/renew_certificate.rb +0 -123

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ca6d3909d559c6d338f7dc2852384adae1933b87fac5e2bcac9c44aefea8346e
-  data.tar.gz: 72322a94697e760b779ac103e20107af16536d09453862eb59c1faa9a175061f
+  metadata.gz: a41e3f9d96119e2dd991397c46dd76a4b2a3512b96019ca0a26882423ffd4d58
+  data.tar.gz: ed90e797f95c1a36cdbc740102bd8f764f1168b3fa13cfb0b30cd76b57d857dd
 SHA512:
-  metadata.gz: e84e913fae2c4e04670c9b3dea94f4154770557b8da6cc3ac82a26aa3d1b723e30dd523a3bb65387ecb21c7b9e2b4d98fd1c9ec901b3e3f6aaf691c429ec43e4
-  data.tar.gz: 311eb8388373d7e869b70a4ec5e018fd829edf9ada41e300b3ae7c19ac0ba360e134ee1fd58b5a626871b79c6060e193b2e1823cefa794e5c5ea3a8e8a8d371e
+  metadata.gz: 739c501d83e59f546eff20f0e6e5f1e4cbe521ee744b469eaa686209738c561c8fc06168354ad110647525e6074919387b8fe46bce6d652d5a52a583d787d0f2
+  data.tar.gz: 7ec851a23a53e3f6d670fde5fd7348fe4f23f3b01c372efb3bc1487682514555a57a9b173f273e46b3808c8878b4589a6350ce7fc6c2471c5c5273139fbb437c

data/.travis.yml ADDED Viewed

@@ -0,0 +1,17 @@
+sudo: required
+dist: trusty
+language: ruby
+rvm:
+  - 2.5
+script:
+  - bundle install
+  - gem build cfn-vpn.gemspec
+  - gem install cfn-vpn-*.gem
+  - cfn-vpn help
+deploy:
+  provider: rubygems
+  api_key: "${RUBYGEMS_API_KEY}"
+  gem: cfn-vpn
+  on:
+   all_branches: true
+   condition: $TRAVIS_BRANCH =~ ^develop|master &&  $TRAVIS_EVENT_TYPE =~ ^push|api$ && $TRAVIS_REPO_SLUG == "base2services/aws-client-vpn"

data/Dockerfile CHANGED Viewed

@@ -1,15 +1,14 @@
-FROM ruby:2.7
+FROM ruby:2.7-alpine
-RUN apt-get update -qq \
-    && apt-get install -qqy \
-        easy-rsa \
-        git \
+RUN apk add --no-cache easy-rsa git \
+    # Hack until easy-rsa 3.0.7 is released https://github.com/OpenVPN/easy-rsa/issues/261
+    && sed -i 's/^RANDFILE\s*=\s\$ENV.*/#&/' /usr/share/easy-rsa/openssl-easyrsa.cnf \
     && ln -s /usr/share/easy-rsa/easyrsa  /usr/bin/
 ENV EASYRSA=/usr/share/easy-rsa
 ENV EASYRSA_BATCH=yes
-ARG CFNVPN_VERSION="1.5.0"
+ARG CFNVPN_VERSION="0.5.0"
 COPY . /src
@@ -18,9 +17,9 @@ WORKDIR /src
 RUN gem build cfn-vpn.gemspec \
     && gem install cfn-vpn-${CFNVPN_VERSION}.gem \
     && rm -rf /src
-RUN addgroup --gid 1000 cfnvpn && \
-    adduser --home /home/cfnvpn --uid 1000 --disabled-password --gecos GECOS --gid 1000 cfnvpn
+RUN addgroup -g 1000 cfnvpn && \
+    adduser -D -u 1000 -G cfnvpn cfnvpn
 USER cfnvpn

data/Gemfile.lock CHANGED Viewed

@@ -1,75 +1,66 @@
 PATH
   remote: .
   specs:
-    cfn-vpn (0.5.0)
+    cfn-vpn (0.2.0)
       aws-sdk-acm (~> 1, < 2)
       aws-sdk-cloudformation (~> 1, < 2)
       aws-sdk-ec2 (~> 1.95, < 2)
       aws-sdk-s3 (~> 1, < 2)
       cfhighlander (~> 0.9, < 1)
-      netaddr (= 2.0.4)
+      cfndsl (~> 0.17, < 1)
       terminal-table (~> 1, < 2)
       thor (~> 0.20)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.1)
-      public_suffix (>= 2.0.2, < 6.0)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.707.0)
-    aws-sdk-acm (1.55.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-eventstream (1.0.3)
+    aws-partitions (1.253.0)
+    aws-sdk-acm (1.23.0)
+      aws-sdk-core (~> 3, >= 3.56.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-cloudformation (1.76.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-cloudformation (1.29.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-core (3.170.0)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
-      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-ec2 (1.364.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-core (3.85.1)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+      aws-partitions (~> 1, >= 1.239.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-kms (1.62.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+      jmespath (~> 1.0)
+    aws-sdk-ec2 (1.124.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
       aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.119.0)
-      aws-sdk-core (~> 3, >= 3.165.0)
+    aws-sdk-kms (1.27.0)
+      aws-sdk-core (~> 3, >= 3.71.0)
+      aws-sigv4 (~> 1.1)
+    aws-sdk-s3 (1.59.0)
+      aws-sdk-core (~> 3, >= 3.83.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.4)
-    aws-sigv4 (1.5.2)
-      aws-eventstream (~> 1, >= 1.0.2)
-    cfhighlander (0.12.8)
+      aws-sigv4 (~> 1.1)
+    aws-sigv4 (1.1.0)
+      aws-eventstream (~> 1.0, >= 1.0.2)
+    cfhighlander (0.10.7)
       aws-sdk-cloudformation (~> 1, < 2)
       aws-sdk-core (~> 3, < 4)
       aws-sdk-ec2 (~> 1, < 2)
       aws-sdk-s3 (~> 1, < 2)
-      cfndsl (~> 1.3, < 2)
+      cfndsl (= 0.17.2)
       duplicate (~> 1.1)
       git (~> 1.4, < 2)
       highline (>= 1.7.10, < 1.8)
       rubyzip (>= 2.0.0, < 3)
       thor (~> 0.20, < 1)
-    cfndsl (1.6.0)
-      hana (~> 1.3)
+    cfndsl (0.17.2)
     duplicate (1.1.1)
-    git (1.13.2)
-      addressable (~> 2.8)
-      rchardet (~> 1.8)
-    hana (1.3.7)
+    git (1.5.0)
     highline (1.7.10)
-    jmespath (1.6.2)
-    netaddr (2.0.4)
-    public_suffix (5.0.1)
+    jmespath (1.4.0)
     rake (10.5.0)
-    rchardet (1.8.0)
-    rubyzip (2.3.2)
+    rubyzip (2.0.0)
     terminal-table (1.8.0)
       unicode-display_width (~> 1.1, >= 1.1.1)
     thor (0.20.3)
-    unicode-display_width (1.8.0)
+    unicode-display_width (1.6.0)
 PLATFORMS
   ruby
@@ -80,4 +71,4 @@ DEPENDENCIES
   rake (~> 10.0)
 BUNDLED WITH
-   2.3.13
+   2.0.1

data/README.md CHANGED Viewed

@@ -16,11 +16,22 @@ Install `cfn-vpn` gem
 gem install cfn-vpn
 ```
+### easy-rsa
+**Option 1 - Docker**
 Install [docker](https://docs.docker.com/install/)
 Docker is required to generate the certificates required for the client vpn.
 The gem uses [openvpn/easy-rsa](https://github.com/OpenVPN/easy-rsa) project in [base2/aws-client-vpn](https://hub.docker.com/r/base2/aws-client-vpn) docker image. [repo](https://github.com/base2Services/ciinabox-containers/tree/master/easy-rsa)
+**Option 1 - local**
+If you would rather setup easy-rsa than install docker, you can use the `--easyrsa-local` flag when running the commands to use a local copy of easy-rsa, the binary just needs to be available in the `$PATH`. Install from [openvpn/easy-rsa](https://github.com/OpenVPN/easy-rsa)
+### AWS Credentials
 Setup your [AWS credentials](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html) by either setting a profile or exporting them as environment variables.
 ```bash
@@ -35,6 +46,10 @@ Optionally export the AWS region if not providing `--region` flag
 export AWS_REGION="us-east-1"
 ```
+## Docker Image
+[base2/cfn-vpn](https://hub.docker.com/r/base2/cfn-vpn) docker image for usage in a pipeline which comes pre packaged with all dependencies.
 ## Scenarios
 For further AWS documentation please visit https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/scenario.html

data/lib/cfnvpn/certificates.rb CHANGED Viewed

@@ -48,65 +48,6 @@ module CfnVpn
       end
     end
-    def renew(server_cn,client_cn,expiry=nil)
-      opts = ""
-      unless expiry.nil?
-        opts += "--days=#{expiry}"
-      end
-      if @easyrsa_local
-        ENV["EASYRSA_REQ_CN"] = server_cn
-        ENV["EASYRSA_PKI"] = @pki_dir
-        system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
-        system("easyrsa #{opts} renew server nopass")
-        system("easyrsa #{opts} renew #{client_cn} nopass")
-        FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
-        system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
-      else
-        @docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
-        @docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
-        @docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
-        @docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
-        @docker_cmd << @easyrsa_image
-        @docker_cmd << "sh -c 'renew'"
-        CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
-      end
-    end
-    def rebuild(server_cn,client_cn,expiry=nil)
-      timestamp = Time.now.getutc.to_i
-      opts = ""
-      unless expiry.nil?
-        opts += "--days=#{expiry}"
-      end
-      if @easyrsa_local
-        ENV["EASYRSA_REQ_CN"] = server_cn
-        ENV["EASYRSA_PKI"] = @pki_dir
-        system("tar xzfv #{@cert_dir}/ca.tar.gz --directory #{@build_dir}")
-        FileUtils.mv("#{@pki_dir}/reqs/server.req", "#{@pki_dir}/reqs/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/issued/server.crt", "#{@pki_dir}/issued/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/private/server.key", "#{@pki_dir}/private/server.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/reqs/#{client_cn}.req", "#{@pki_dir}/reqs/#{client_cn}.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/issued/#{client_cn}.req.bak-#{timestamp}")
-        FileUtils.mv("#{@pki_dir}/private/#{client_cn}.key", "#{@pki_dir}/private/#{client_cn}.req.bak-#{timestamp}")
-        system("easyrsa #{opts} build-server-full server nopass")
-        system("easyrsa #{opts} build-client-full #{client_cn} nopass")
-        FileUtils.cp(["#{@pki_dir}/ca.crt", "#{@pki_dir}/issued/server.crt", "#{@pki_dir}/private/server.key", "#{@pki_dir}/issued/#{client_cn}.crt", "#{@pki_dir}/private/#{client_cn}.key"], @cert_dir)
-        system("tar czfv #{@cert_dir}/ca.tar.gz -C #{@build_dir} pki/")
-      else
-        @docker_cmd << "-e EASYRSA_REQ_CN=#{server_cn}"
-        @docker_cmd << "-e EASYRSA_CLIENT_CN=#{client_cn}"
-        @docker_cmd << "-e EASYRSA_OPTS=\"#{opts}\""
-        @docker_cmd << "-v #{@cert_dir}:/easy-rsa/output"
-        @docker_cmd << @easyrsa_image
-        @docker_cmd << "sh -c 'rebuild'"
-        CfnVpn::Log.logger.debug `#{@docker_cmd.join(' ')}`
-      end
-    end
     def generate_client(client_cn)
       if @easyrsa_local
         ENV["EASYRSA_PKI"] = @pki_dir

data/lib/cfnvpn/cloudformation.rb CHANGED Viewed

@@ -41,11 +41,11 @@ module CfnVpn
       params.each do |param|
         if !parameters[param[:parameter_key]].nil?
-          param['parameter_value'] = parameters[param[:parameter_key]]
-          param['use_previous_value'] = false
+          param[:parameter_value] = parameters[param[:parameter_key]]
+          param[:use_previous_value] = false
         end
       end
       template_body = File.read(template_path)
       Log.logger.debug "Creating changeset"
       change_set = @client.create_change_set({

data/lib/cfnvpn/modify.rb CHANGED Viewed

@@ -23,9 +23,9 @@ module CfnVpn
     class_option :cidr, desc: 'cidr from which to assign client IP addresses'
     class_option :dns_servers, desc: 'DNS Servers to push to clients.'
-    class_option :split_tunnel, type: :boolean, default: false, desc: 'only push routes to the client on the vpn endpoint'
-    class_option :internet_route, type: :boolean, default: true, desc: 'create a default route to the internet'
-    class_option :protocol, type: :string, default: 'udp', enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
+    class_option :split_tunnel, type: :boolean, desc: 'only push routes to the client on the vpn endpoint'
+    class_option :internet_route, type: :boolean, desc: 'create a default route to the internet'
+    class_option :protocol, type: :string, enum: ['udp','tcp'], desc: 'set the protocol for the vpn connections'
     def self.source_root
       File.dirname(__FILE__)
@@ -44,12 +44,12 @@ module CfnVpn
     def initialize_config
       @config = {}
       @config['parameters'] = {}
-      @config['parameters']['AssociationSubnetId'] = @options['subnet_id']
-      @config['parameters']['ClientCidrBlock'] = @options['cidr']
-      @config['parameters']['DnsServers'] = @options['dns_servers']
-      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s
-      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s
-      @config['parameters']['Protocol'] = @options['protocol']
+      @config['parameters']['AssociationSubnetId'] = @options['subnet_id'] unless @options['subnet_id'].nil?
+      @config['parameters']['ClientCidrBlock'] = @options['cidr'] unless @options['cidr'].nil?
+      @config['parameters']['DnsServers'] = @options['dns_servers'] unless @options['dns_servers'].nil?
+      @config['parameters']['SplitTunnel'] = @options['split_tunnel'].to_s unless @options['split_tunnel'].nil?
+      @config['parameters']['InternetRoute'] = @options['internet_route'].to_s unless @options['internet_route'].nil?
+      @config['parameters']['Protocol'] = @options['protocol'] unless @options['protocol'].nil?
       @config['template_version'] = '0.2.0'
     end

data/lib/cfnvpn/version.rb CHANGED Viewed

@@ -1,4 +1,4 @@
 module CfnVpn
-  VERSION = "0.5.0.2".freeze
+  VERSION = "0.5.1".freeze
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

data/lib/cfnvpn.rb CHANGED Viewed

@@ -9,7 +9,6 @@ require 'cfnvpn/sessions'
 require 'cfnvpn/routes'
 require 'cfnvpn/share'
 require 'cfnvpn/embedded'
-require 'cfnvpn/renew_certificate'
 module CfnVpn
   class Cli < Thor
@@ -22,9 +21,6 @@ module CfnVpn
     register CfnVpn::Init, 'init', 'init [name]', 'Create a AWS Client VPN'
     tasks["init"].options = CfnVpn::Init.class_options
-    register CfnVpn::RenewCertificate, 'renew', 'renew [name]', 'Create a AWS Client VPN'
-    tasks["renew"].options = CfnVpn::RenewCertificate.class_options
     register CfnVpn::Modify, 'modify', 'modify [name]', 'Modify your AWS Client VPN'
     tasks["modify"].options = CfnVpn::Modify.class_options

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-vpn
 version: !ruby/object:Gem::Version
-  version: 0.5.0.2
+  version: 0.5.1
 platform: ruby
 authors:
 - Guslington
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-02-08 00:00:00.000000000 Z
+date: 2020-05-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -194,10 +194,8 @@ executables:
 extensions: []
 extra_rdoc_files: []
 files:
-- ".github/workflows/build-gem.yml"
-- ".github/workflows/release-gem.yml"
-- ".github/workflows/release-image.yml"
 - ".gitignore"
+- ".travis.yml"
 - Dockerfile
 - Gemfile
 - Gemfile.lock
@@ -219,7 +217,6 @@ files:
 - lib/cfnvpn/init.rb
 - lib/cfnvpn/log.rb
 - lib/cfnvpn/modify.rb
-- lib/cfnvpn/renew_certificate.rb
 - lib/cfnvpn/revoke.rb
 - lib/cfnvpn/routes.rb
 - lib/cfnvpn/s3.rb
@@ -249,7 +246,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubyforge_project:
+rubygems_version: 2.7.6
 signing_key:
 specification_version: 4
 summary: creates and manages resources for the aws client vpn

data/.github/workflows/build-gem.yml DELETED Viewed

@@ -1,28 +0,0 @@
-name: test and build gem
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-jobs:
-  build:
-    name: test + build
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v3
-    - name: Set up ruby 2.7
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.7
-    - name: rspec
-      run: |
-        gem install rspec
-        rspec
-    - name: build gem
-      run: |
-        gem build cfn-vpn.gemspec

data/.github/workflows/release-gem.yml DELETED Viewed

@@ -1,34 +0,0 @@
-name: release gem
-on:
-  release:
-    types: [published]
-jobs:
-  build:
-    name: Build + Publish Gem
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out the repo
-      uses: actions/checkout@v3
-    - name: Set up ruby 2.7
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 2.7
-    - name: rspec
-      run: |
-        gem install rspec
-        rspec
-    - name: build gem
-      run: |
-        gem build cfn-vpn.gemspec
-    - name: Publish gem
-      uses: dawidd6/action-publish-gem@v1
-      with:
-        api_key: ${{secrets.RUBYGEMS_API_KEY}}
-        github_token: ${{secrets.GITHUB_TOKEN}}

data/.github/workflows/release-image.yml DELETED Viewed

@@ -1,33 +0,0 @@
-name: release docker image
-on:
-  release:
-    types: [published]
-jobs:
-  build:
-    name: Build + Publish Container Image
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out the repo
-      uses: actions/checkout@v3
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v1
-    - name: Login to  GitHub Container Repository
-      uses: docker/login-action@v1
-      with:
-        registry: ghcr.io
-        username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PUSH_TOKEN }}
-    - name: Build and push Container Image to GitHub Container Repository
-      uses: docker/build-push-action@v3
-      with:
-        context: .
-        file: ./Dockerfile
-        push: true
-        tags: ghcr.io/base2services/cfnvpn:${{ github.event.release.tag_name }}
-        build-args: CFNVPN_VERSION=${{ github.event.release.tag_name }}

data/lib/cfnvpn/renew_certificate.rb DELETED Viewed

@@ -1,123 +0,0 @@
-require 'thor'
-require 'fileutils'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/certificates'
-require 'cfnvpn/cfhighlander'
-require 'cfnvpn/cloudformation'
-require 'cfnvpn/log'
-require 'cfnvpn/clientvpn'
-require 'cfnvpn/globals'
-module CfnVpn
-  class RenewCertificate < Thor::Group
-    include Thor::Actions
-    include CfnVpn::Log
-    argument :name
-    class_option :profile, aliases: :p, desc: 'AWS Profile'
-    class_option :region, aliases: :r, default: ENV['AWS_REGION'], desc: 'AWS Region'
-    class_option :verbose, desc: 'set log level to debug', type: :boolean
-    class_option :server_cn, required: true, desc: 'server certificate common name'
-    class_option :client_cn, desc: 'client certificate common name'
-    class_option :easyrsa_local, type: :boolean, default: false, desc: 'run the easyrsa executable from your local rather than from docker'
-    class_option :certificate_expiry, type: :string, desc: 'value in days for when the server certificates expire, defaults to 825 days'
-    class_option :rebuild, type: :boolean, default: false, desc: 'generates new certificates from the existing CA for certiciate type VPNs'
-    class_option :bucket, required: true, desc: 's3 bucket'
-    def self.source_root
-      File.dirname(__FILE__)
-    end
-    def set_loglevel
-      Log.logger.level = Logger::DEBUG if @options['verbose']
-    end
-    def create_build_directory
-      @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
-      @cert_dir = "#{@build_dir}/certificates"
-      Log.logger.debug "creating directory #{@cert_dir}"
-      FileUtils.mkdir_p(@cert_dir)
-    end
-    def initialize_config
-      @config = {}
-      @config['parameters'] = {}
-      @config['template_version'] = '0.2.0'
-    end
-    def stack_exist
-      @cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      if !@cfn.does_cf_stack_exist()
-        Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
-        exit 1
-      end
-    end
-    def set_client_cn
-      @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
-    end
-    # create certificates
-    def generate_server_certificates
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.get_object("#{@cert_dir}/ca.tar.gz")
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      if @options['rebuild']
-        Log.logger.info "rebuilding certificates using openvpn easy-rsa"
-        cert.rebuild(@options['server_cn'],@client_cn,@options['certificate_expiry'])
-      else
-        Log.logger.info "renewing certificates using openvpn easy-rsa"
-        cert.renew(@options['server_cn'],@client_cn,@options['certificate_expiry'])
-      end
-    end
-    def upload_certificates
-      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
-      @config['parameters']['ServerCertificateArn'] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
-      @config['parameters']['ClientCertificateArn'] = cert.upload_certificates(@options['region'],@client_cn,'client')
-      s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
-      s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
-    end
-    def deploy_vpn
-      template('templates/cfnvpn.cfhighlander.rb.tt', "#{@build_dir}/#{@name}.cfhighlander.rb", @config, force: true)
-      Log.logger.debug "Generating cloudformation from #{@build_dir}/#{@name}.cfhighlander.rb"
-      cfhl = CfnVpn::CfHiglander.new(@options['region'],@name,@config,@build_dir)
-      template_path = cfhl.render()
-      Log.logger.debug "Cloudformation template #{template_path} generated and validated"
-      Log.logger.info "Modifying cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
-      cfn = CfnVpn::Cloudformation.new(@options['region'],@name)
-      change_set, change_set_type = cfn.create_change_set(template_path,@config['parameters'])
-      cfn.wait_for_changeset(change_set.id)
-      changes = cfn.get_change_set(change_set.id)
-      Log.logger.warn("The following changes to the cfnvpn stack will be made")
-      changes.changes.each do |change|
-        Log.logger.warn("ID: #{change.resource_change.logical_resource_id} Action: #{change.resource_change.action}")
-        change.resource_change.details.each do |details|
-          Log.logger.warn("Name: #{details.target.name} Attribute: #{details.target.attribute} Cause: #{details.causing_entity}")
-        end
-      end
-      continue = yes? "Continue?", :green
-      if !continue
-        Log.logger.error("Cancelled cfn-vpn modifiy #{@name}")
-        exit 1
-      end
-      cfn.execute_change_set(change_set.id)
-      cfn.wait_for_execute(change_set_type)
-      Log.logger.debug "Changeset #{change_set_type} complete"
-    end
-    def finish
-      vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
-      @endpoint_id = vpn.get_endpoint_id()
-      Log.logger.info "Client VPN #{@endpoint_id} modified."
-    end
-  end
-end