terrafying-components 1.11.3 → 1.11.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/terrafying/components/version.rb +1 -1
  3. data/lib/terrafying/components/vpn.rb +42 -5
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 12a356bb3bd059ffcde3680685f307fb7a89755cd89a881cd879566397968ce9
4
- data.tar.gz: 214186688d3906b86c78b1167a40e860c673268367f989cad82c78a899e91fec
3
+ metadata.gz: b9ba3f6790937e43326088e2e77daeb418ae044c68e45b0460aa392a06276db5
4
+ data.tar.gz: a2e46ea27137ba9890caab6a35569bac628cd071f23bf462cc8df5d173ba4805
5
5
  SHA512:
6
- metadata.gz: 51936f3ef40d7a9307791c8b4cd612be2461e8eca85795ed78e25f80f019f4e3dc970ede362ea52eb740ac3f29e3deb1256957b42660c8568d49a5ee7c959b68
7
- data.tar.gz: b3b6a8fe8528f3fbc95c1e8dbc2f9c5f88b80c520d37b131ba8aa0aee22fe2adc3fa84ab2cedca5741017f0e31f494cd2e90ae1bb988565fd56183d750292083
6
+ metadata.gz: 95345ab09c06d5b69370bdb078207d464f371ab7d9a2b3eab31d3f9d662f5076682227adaf2ccfad5972355ce771ce654657e7191e4b18516488fb0ed393354b
7
+ data.tar.gz: 5b0a8e035624fb3a4d4075e23d95da163c4af304187c45860fa799e64a758eba90fe4f3fa8ce74558071938ad2dcee5583edecdb41c8f48f005b9e943599a3f8
data/lib/terrafying/components/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Terrafying
2
2
  module Components
3
- VERSION = "1.11.3"
3
+ VERSION = "1.11.4"
4
4
  end
5
5
  end
data/lib/terrafying/components/vpn.rb CHANGED
@@ -28,7 +28,7 @@ module Terrafying
28
28
 
29
29
  class VPN < Terrafying::Context
30
30
 
31
- attr_reader :name, :cidr
31
+ attr_reader :name, :cidr, :service, :ip_address
32
32
 
33
33
  def self.create_in(vpc, name, provider, options={})
34
34
  VPN.new.create_in vpc, name, provider, options
@@ -46,6 +46,7 @@ module Terrafying
46
46
  subnets: vpc.subnets.fetch(:public, []),
47
47
  static: false,
48
48
  route_all_traffic: false,
49
+ route_dns_entries: [],
49
50
  units: [],
50
51
  tags: {},
51
52
  service: {},
@@ -68,7 +69,7 @@ module Terrafying
68
69
 
69
70
  units = [
70
71
  openvpn_service,
71
- openvpn_authz_service(options[:route_all_traffic]),
72
+ openvpn_authz_service(options[:route_all_traffic], options[:route_dns_entries]),
72
73
  caddy_service(options[:ca])
73
74
  ]
74
75
  files = [
@@ -98,10 +99,11 @@ module Terrafying
98
99
  instances = [{}]
99
100
  end
100
101
 
102
+ @is_public = options[:public]
101
103
  @service = add! Service.create_in(
102
104
  vpc, name,
103
105
  {
104
- public: options[:public],
106
+ public: @is_public,
105
107
  ports: [22, 443, { number: 1194, type: "udp" }],
106
108
  tags: options[:tags],
107
109
  units: units + options[:units],
@@ -122,9 +124,40 @@ module Terrafying
122
124
  ],
123
125
  }.merge(options[:service])
124
126
  )
127
+
128
+ @ip_address = @service.instance_set.instances[0].ip_address
129
+
125
130
  self
126
131
  end
127
132
 
133
+ def allow_security_group_in(vpc, name: "")
134
+ name = "allow-#{@vpc.name}-vpn".downcase if name.empty?
135
+
136
+ ingress_rules = [
137
+ {
138
+ from_port: 0,
139
+ to_port: 0,
140
+ protocol: -1,
141
+ security_groups: [ @service.egress_security_group ],
142
+ },
143
+ ]
144
+
145
+ if @is_public
146
+ ingress_rules << {
147
+ from_port: 0,
148
+ to_port: 0,
149
+ protocol: -1,
150
+ cidr_blocks: [ "#{@ip_address}/32" ],
151
+ }
152
+ end
153
+
154
+ resource :aws_security_group, tf_safe("#{name}-#{vpc.name}"), {
155
+ name: name,
156
+ vpc_id: vpc.id,
157
+ ingress: ingress_rules,
158
+ }
159
+ end
160
+
128
161
  def openvpn_service
129
162
  Ignition.container_unit(
130
163
  "openvpn", "kylemanna/openvpn",
@@ -140,15 +173,19 @@ module Terrafying
140
173
  )
141
174
  end
142
175
 
143
- def openvpn_authz_service(route_all_traffic)
176
+ def openvpn_authz_service(route_all_traffic, route_dns_entry)
144
177
  optional_arguments = []
145
178
 
146
179
  if route_all_traffic
147
180
  optional_arguments << "--route-all"
148
181
  end
149
182
 
183
+ if route_dns_entry.count > 0
184
+ optional_arguments = optional_arguments + route_dns_entry.map { |entry| "--route-dns-entries #{entry}" }
185
+ end
186
+
150
187
  Ignition.container_unit(
151
- "openvpn-authz", "quay.io/uswitch/openvpn-authz:1.1",
188
+ "openvpn-authz", "quay.io/uswitch/openvpn-authz:1.2",
152
189
  {
153
190
  host_networking: true,
154
191
  volumes: [
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: terrafying-components
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.11.3
4
+ version: 1.11.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - uSwitch Limited
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-01-22 00:00:00.000000000 Z
11
+ date: 2019-01-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler