cfn-vpn 1.1.0 → 1.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/release-gem.yml +15 -12
- data/cfn-vpn.gemspec +0 -2
- data/docs/getting-started.md +12 -0
- data/docs/routes.md +2 -0
- data/lib/cfnvpn/actions/init.rb +1 -1
- data/lib/cfnvpn/version.rb +1 -1
- metadata +2 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: bb42ae1b12eb544e6d2d54276bb387efb5383c2037502a2ec155fd41ad522221
|
|
4
|
+
data.tar.gz: c3e774c1baf08c3ca0cdca6dc7b11014191f69eb183b63fddd6bbb56be522362
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b7c73bf1fcd82cb53a571f3bf60223b8eff89183a7afca82beead5b1ceb422370165b3a39c08c90ccf823a64bca8560babbda4210079a4a7a3c2122f0edf2a79
|
|
7
|
+
data.tar.gz: 5e944fa67a1fee92a5a42bb2f6ae5117a9907443cca284dde9a49e25899fd719adc5e5e96e3a45095090e16e0f615b72348ddac24798a3d4636019c849f15d13
|
|
@@ -13,19 +13,22 @@ jobs:
|
|
|
13
13
|
- name: Check out the repo
|
|
14
14
|
uses: actions/checkout@v2
|
|
15
15
|
|
|
16
|
-
- name: Set up Ruby 2.
|
|
16
|
+
- name: Set up Ruby 2.7
|
|
17
17
|
uses: actions/setup-ruby@v1
|
|
18
18
|
with:
|
|
19
|
-
ruby-version: 2.
|
|
20
|
-
|
|
21
|
-
- name:
|
|
19
|
+
ruby-version: 2.7.x
|
|
20
|
+
|
|
21
|
+
- name: rspec
|
|
22
|
+
run: |
|
|
23
|
+
gem install rspec
|
|
24
|
+
rspec
|
|
25
|
+
|
|
26
|
+
- name: build gem
|
|
22
27
|
run: |
|
|
23
|
-
mkdir -p $HOME/.gem
|
|
24
|
-
touch $HOME/.gem/credentials
|
|
25
|
-
chmod 0600 $HOME/.gem/credentials
|
|
26
|
-
printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
|
27
28
|
gem build cfn-vpn.gemspec
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
|
|
30
|
+
- name: Publish gem
|
|
31
|
+
uses: dawidd6/action-publish-gem@v1
|
|
32
|
+
with:
|
|
33
|
+
api_key: ${{secrets.RUBYGEMS_API_KEY}}
|
|
34
|
+
github_token: ${{secrets.GITHUB_TOKEN}}
|
data/cfn-vpn.gemspec
CHANGED
|
@@ -17,8 +17,6 @@ Gem::Specification.new do |spec|
|
|
|
17
17
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
|
18
18
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
|
19
19
|
if spec.respond_to?(:metadata)
|
|
20
|
-
spec.metadata["allowed_push_host"] = 'https://rubygems.org'
|
|
21
|
-
|
|
22
20
|
spec.metadata["homepage_uri"] = spec.homepage
|
|
23
21
|
spec.metadata["source_code_uri"] = "https://github.com/base2services/aws-client-vpn"
|
|
24
22
|
else
|
data/docs/getting-started.md
CHANGED
|
@@ -60,6 +60,17 @@ The following command and required option will launch a new federated based Clie
|
|
|
60
60
|
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn]
|
|
61
61
|
```
|
|
62
62
|
|
|
63
|
+
The default authorization rule for the associated subets allows all. You can optionally change this by using the `--default-groups` flag to set groups on the default authorization rule.
|
|
64
|
+
|
|
65
|
+
```sh
|
|
66
|
+
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn] --default-groups [list of group ids]
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Subnet Associations and Authorisation
|
|
70
|
+
|
|
71
|
+
AWS ClientVPN requires one or more subnets to be associated with the vpn. These subnets setup the default routes and by default cfn-vpn creates a allow all auth for the default routes.
|
|
72
|
+
When using a federated ClientVPN you can modify the default auth to only allow specific groups by setting the groups in the `--default-groups` flag. This can also be modified later using the `modify` command.
|
|
73
|
+
|
|
63
74
|
## Additional Initialising Options
|
|
64
75
|
|
|
65
76
|
```
|
|
@@ -72,6 +83,7 @@ Options:
|
|
|
72
83
|
[--easyrsa-local], [--no-easyrsa-local] # run the easyrsa executable from your local rather than from docker
|
|
73
84
|
[--bucket=BUCKET] # s3 bucket
|
|
74
85
|
--subnet-ids=one two three # subnet id to associate your vpn with
|
|
86
|
+
[--default-groups=one two three] # groups to allow through the subnet associations when using federated auth
|
|
75
87
|
[--cidr=CIDR] # cidr from which to assign client IP addresses
|
|
76
88
|
# Default: 10.250.0.0/16
|
|
77
89
|
[--dns-servers=one two three] # DNS Servers to push to clients.
|
data/docs/routes.md
CHANGED
|
@@ -2,6 +2,8 @@
|
|
|
2
2
|
|
|
3
3
|
Management of the VPN routes can be altered using the `routes` command or by using the `modify` command along with the yaml config file.
|
|
4
4
|
|
|
5
|
+
**Note:** The default route via subnet association cannot be modified through this command. Use the `modify` command to alter the subnet associations.
|
|
6
|
+
|
|
5
7
|
## Routes Command
|
|
6
8
|
|
|
7
9
|
```
|
data/lib/cfnvpn/actions/init.rb
CHANGED
|
@@ -23,7 +23,7 @@ module CfnVpn::Actions
|
|
|
23
23
|
class_option :bucket, desc: 's3 bucket'
|
|
24
24
|
|
|
25
25
|
class_option :subnet_ids, required: true, type: :array, desc: 'subnet id to associate your vpn with'
|
|
26
|
-
class_option :default_groups, type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
|
|
26
|
+
class_option :default_groups, default: [], type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
|
|
27
27
|
class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
|
|
28
28
|
class_option :dns_servers, default: [], type: :array, desc: 'DNS Servers to push to clients.'
|
|
29
29
|
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-vpn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-02-
|
|
11
|
+
date: 2021-02-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -262,7 +262,6 @@ homepage: https://github.com/base2services/aws-client-vpn
|
|
|
262
262
|
licenses:
|
|
263
263
|
- MIT
|
|
264
264
|
metadata:
|
|
265
|
-
allowed_push_host: https://rubygems.org
|
|
266
265
|
homepage_uri: https://github.com/base2services/aws-client-vpn
|
|
267
266
|
source_code_uri: https://github.com/base2services/aws-client-vpn
|
|
268
267
|
post_install_message:
|