cfn-vpn 1.1.0 → 1.1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 15da75354bf027cc2140fab12465e6cb9ff6090cd26eb11495ba63546a476eb0
4
- data.tar.gz: b6058447275663117acc7b473960cb28bc524886e5d9771f944b6e835dc8b04c
3
+ metadata.gz: bb42ae1b12eb544e6d2d54276bb387efb5383c2037502a2ec155fd41ad522221
4
+ data.tar.gz: c3e774c1baf08c3ca0cdca6dc7b11014191f69eb183b63fddd6bbb56be522362
5
5
  SHA512:
6
- metadata.gz: e61cef4dfc247340ebc639871d053dac6319ce8d658afb5551f3fe1901b533860a43b44ac036e2721478db013e81e3c4aa182adb1bf87cc96c10206b9670b2f9
7
- data.tar.gz: 75c182953a0538329d57d669c73e5d7943bea388072b0ce0a010ac2dd4ba86f484978fe51164ef6a43e36a3f0809a0999c0493bac792c530783ef4cadc69667f
6
+ metadata.gz: b7c73bf1fcd82cb53a571f3bf60223b8eff89183a7afca82beead5b1ceb422370165b3a39c08c90ccf823a64bca8560babbda4210079a4a7a3c2122f0edf2a79
7
+ data.tar.gz: 5e944fa67a1fee92a5a42bb2f6ae5117a9907443cca284dde9a49e25899fd719adc5e5e96e3a45095090e16e0f615b72348ddac24798a3d4636019c849f15d13
@@ -13,19 +13,22 @@ jobs:
13
13
  - name: Check out the repo
14
14
  uses: actions/checkout@v2
15
15
 
16
- - name: Set up Ruby 2.6
16
+ - name: Set up Ruby 2.7
17
17
  uses: actions/setup-ruby@v1
18
18
  with:
19
- ruby-version: 2.6.x
20
-
21
- - name: Publish Gem to Github Packages Respository
19
+ ruby-version: 2.7.x
20
+
21
+ - name: rspec
22
+ run: |
23
+ gem install rspec
24
+ rspec
25
+
26
+ - name: build gem
22
27
  run: |
23
- mkdir -p $HOME/.gem
24
- touch $HOME/.gem/credentials
25
- chmod 0600 $HOME/.gem/credentials
26
- printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
27
28
  gem build cfn-vpn.gemspec
28
- gem push --KEY github --host https://rubygems.pkg.github.com/${OWNER} *.gem
29
- env:
30
- GEM_HOST_API_KEY: "Bearer ${{secrets.GITHUB_TOKEN}}"
31
- OWNER: ${{ github.repository_owner }}
29
+
30
+ - name: Publish gem
31
+ uses: dawidd6/action-publish-gem@v1
32
+ with:
33
+ api_key: ${{secrets.RUBYGEMS_API_KEY}}
34
+ github_token: ${{secrets.GITHUB_TOKEN}}
data/cfn-vpn.gemspec CHANGED
@@ -17,8 +17,6 @@ Gem::Specification.new do |spec|
17
17
  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
18
18
  # to allow pushing to a single host or delete this section to allow pushing to any host.
19
19
  if spec.respond_to?(:metadata)
20
- spec.metadata["allowed_push_host"] = 'https://rubygems.org'
21
-
22
20
  spec.metadata["homepage_uri"] = spec.homepage
23
21
  spec.metadata["source_code_uri"] = "https://github.com/base2services/aws-client-vpn"
24
22
  else
@@ -60,6 +60,17 @@ The following command and required option will launch a new federated based Clie
60
60
  cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn]
61
61
  ```
62
62
 
63
+ The default authorization rule for the associated subets allows all. You can optionally change this by using the `--default-groups` flag to set groups on the default authorization rule.
64
+
65
+ ```sh
66
+ cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn] --default-groups [list of group ids]
67
+ ```
68
+
69
+ ## Subnet Associations and Authorisation
70
+
71
+ AWS ClientVPN requires one or more subnets to be associated with the vpn. These subnets setup the default routes and by default cfn-vpn creates a allow all auth for the default routes.
72
+ When using a federated ClientVPN you can modify the default auth to only allow specific groups by setting the groups in the `--default-groups` flag. This can also be modified later using the `modify` command.
73
+
63
74
  ## Additional Initialising Options
64
75
 
65
76
  ```
@@ -72,6 +83,7 @@ Options:
72
83
  [--easyrsa-local], [--no-easyrsa-local] # run the easyrsa executable from your local rather than from docker
73
84
  [--bucket=BUCKET] # s3 bucket
74
85
  --subnet-ids=one two three # subnet id to associate your vpn with
86
+ [--default-groups=one two three] # groups to allow through the subnet associations when using federated auth
75
87
  [--cidr=CIDR] # cidr from which to assign client IP addresses
76
88
  # Default: 10.250.0.0/16
77
89
  [--dns-servers=one two three] # DNS Servers to push to clients.
data/docs/routes.md CHANGED
@@ -2,6 +2,8 @@
2
2
 
3
3
  Management of the VPN routes can be altered using the `routes` command or by using the `modify` command along with the yaml config file.
4
4
 
5
+ **Note:** The default route via subnet association cannot be modified through this command. Use the `modify` command to alter the subnet associations.
6
+
5
7
  ## Routes Command
6
8
 
7
9
  ```
@@ -23,7 +23,7 @@ module CfnVpn::Actions
23
23
  class_option :bucket, desc: 's3 bucket'
24
24
 
25
25
  class_option :subnet_ids, required: true, type: :array, desc: 'subnet id to associate your vpn with'
26
- class_option :default_groups, type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
26
+ class_option :default_groups, default: [], type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
27
27
  class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
28
28
  class_option :dns_servers, default: [], type: :array, desc: 'DNS Servers to push to clients.'
29
29
 
@@ -1,4 +1,4 @@
1
1
  module CfnVpn
2
- VERSION = "1.1.0".freeze
2
+ VERSION = "1.1.1".freeze
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-vpn
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 1.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-02-03 00:00:00.000000000 Z
11
+ date: 2021-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -262,7 +262,6 @@ homepage: https://github.com/base2services/aws-client-vpn
262
262
  licenses:
263
263
  - MIT
264
264
  metadata:
265
- allowed_push_host: https://rubygems.org
266
265
  homepage_uri: https://github.com/base2services/aws-client-vpn
267
266
  source_code_uri: https://github.com/base2services/aws-client-vpn
268
267
  post_install_message: