cfn-vpn 1.1.0 → 1.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/release-gem.yml +15 -12
- data/cfn-vpn.gemspec +0 -2
- data/docs/getting-started.md +12 -0
- data/docs/routes.md +2 -0
- data/lib/cfnvpn/actions/init.rb +1 -1
- data/lib/cfnvpn/version.rb +1 -1
- metadata +2 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bb42ae1b12eb544e6d2d54276bb387efb5383c2037502a2ec155fd41ad522221
|
4
|
+
data.tar.gz: c3e774c1baf08c3ca0cdca6dc7b11014191f69eb183b63fddd6bbb56be522362
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b7c73bf1fcd82cb53a571f3bf60223b8eff89183a7afca82beead5b1ceb422370165b3a39c08c90ccf823a64bca8560babbda4210079a4a7a3c2122f0edf2a79
|
7
|
+
data.tar.gz: 5e944fa67a1fee92a5a42bb2f6ae5117a9907443cca284dde9a49e25899fd719adc5e5e96e3a45095090e16e0f615b72348ddac24798a3d4636019c849f15d13
|
@@ -13,19 +13,22 @@ jobs:
|
|
13
13
|
- name: Check out the repo
|
14
14
|
uses: actions/checkout@v2
|
15
15
|
|
16
|
-
- name: Set up Ruby 2.
|
16
|
+
- name: Set up Ruby 2.7
|
17
17
|
uses: actions/setup-ruby@v1
|
18
18
|
with:
|
19
|
-
ruby-version: 2.
|
20
|
-
|
21
|
-
- name:
|
19
|
+
ruby-version: 2.7.x
|
20
|
+
|
21
|
+
- name: rspec
|
22
|
+
run: |
|
23
|
+
gem install rspec
|
24
|
+
rspec
|
25
|
+
|
26
|
+
- name: build gem
|
22
27
|
run: |
|
23
|
-
mkdir -p $HOME/.gem
|
24
|
-
touch $HOME/.gem/credentials
|
25
|
-
chmod 0600 $HOME/.gem/credentials
|
26
|
-
printf -- "---\n:github: ${GEM_HOST_API_KEY}\n" > $HOME/.gem/credentials
|
27
28
|
gem build cfn-vpn.gemspec
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
|
30
|
+
- name: Publish gem
|
31
|
+
uses: dawidd6/action-publish-gem@v1
|
32
|
+
with:
|
33
|
+
api_key: ${{secrets.RUBYGEMS_API_KEY}}
|
34
|
+
github_token: ${{secrets.GITHUB_TOKEN}}
|
data/cfn-vpn.gemspec
CHANGED
@@ -17,8 +17,6 @@ Gem::Specification.new do |spec|
|
|
17
17
|
# Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
|
18
18
|
# to allow pushing to a single host or delete this section to allow pushing to any host.
|
19
19
|
if spec.respond_to?(:metadata)
|
20
|
-
spec.metadata["allowed_push_host"] = 'https://rubygems.org'
|
21
|
-
|
22
20
|
spec.metadata["homepage_uri"] = spec.homepage
|
23
21
|
spec.metadata["source_code_uri"] = "https://github.com/base2services/aws-client-vpn"
|
24
22
|
else
|
data/docs/getting-started.md
CHANGED
@@ -60,6 +60,17 @@ The following command and required option will launch a new federated based Clie
|
|
60
60
|
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn]
|
61
61
|
```
|
62
62
|
|
63
|
+
The default authorization rule for the associated subets allows all. You can optionally change this by using the `--default-groups` flag to set groups on the default authorization rule.
|
64
|
+
|
65
|
+
```sh
|
66
|
+
cfn-vpn init [name] --server-cn [server certificate name] --subnet-ids [list of subets to associate with the vpn] --saml-arn [identity providor arn] --default-groups [list of group ids]
|
67
|
+
```
|
68
|
+
|
69
|
+
## Subnet Associations and Authorisation
|
70
|
+
|
71
|
+
AWS ClientVPN requires one or more subnets to be associated with the vpn. These subnets setup the default routes and by default cfn-vpn creates a allow all auth for the default routes.
|
72
|
+
When using a federated ClientVPN you can modify the default auth to only allow specific groups by setting the groups in the `--default-groups` flag. This can also be modified later using the `modify` command.
|
73
|
+
|
63
74
|
## Additional Initialising Options
|
64
75
|
|
65
76
|
```
|
@@ -72,6 +83,7 @@ Options:
|
|
72
83
|
[--easyrsa-local], [--no-easyrsa-local] # run the easyrsa executable from your local rather than from docker
|
73
84
|
[--bucket=BUCKET] # s3 bucket
|
74
85
|
--subnet-ids=one two three # subnet id to associate your vpn with
|
86
|
+
[--default-groups=one two three] # groups to allow through the subnet associations when using federated auth
|
75
87
|
[--cidr=CIDR] # cidr from which to assign client IP addresses
|
76
88
|
# Default: 10.250.0.0/16
|
77
89
|
[--dns-servers=one two three] # DNS Servers to push to clients.
|
data/docs/routes.md
CHANGED
@@ -2,6 +2,8 @@
|
|
2
2
|
|
3
3
|
Management of the VPN routes can be altered using the `routes` command or by using the `modify` command along with the yaml config file.
|
4
4
|
|
5
|
+
**Note:** The default route via subnet association cannot be modified through this command. Use the `modify` command to alter the subnet associations.
|
6
|
+
|
5
7
|
## Routes Command
|
6
8
|
|
7
9
|
```
|
data/lib/cfnvpn/actions/init.rb
CHANGED
@@ -23,7 +23,7 @@ module CfnVpn::Actions
|
|
23
23
|
class_option :bucket, desc: 's3 bucket'
|
24
24
|
|
25
25
|
class_option :subnet_ids, required: true, type: :array, desc: 'subnet id to associate your vpn with'
|
26
|
-
class_option :default_groups, type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
|
26
|
+
class_option :default_groups, default: [], type: :array, desc: 'groups to allow through the subnet associations when using federated auth'
|
27
27
|
class_option :cidr, default: '10.250.0.0/16', desc: 'cidr from which to assign client IP addresses'
|
28
28
|
class_option :dns_servers, default: [], type: :array, desc: 'DNS Servers to push to clients.'
|
29
29
|
|
data/lib/cfnvpn/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-vpn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.1.
|
4
|
+
version: 1.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-02-
|
11
|
+
date: 2021-02-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -262,7 +262,6 @@ homepage: https://github.com/base2services/aws-client-vpn
|
|
262
262
|
licenses:
|
263
263
|
- MIT
|
264
264
|
metadata:
|
265
|
-
allowed_push_host: https://rubygems.org
|
266
265
|
homepage_uri: https://github.com/base2services/aws-client-vpn
|
267
266
|
source_code_uri: https://github.com/base2services/aws-client-vpn
|
268
267
|
post_install_message:
|