RubyGems - terrafying-components - Versions diffs - 1.15.3 → 1.15.4 - Mend

terrafying-components 1.15.3 → 1.15.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

checksums.yaml +4 -4
data/lib/terrafying/components/version.rb +1 -1
data/lib/terrafying/components/vpn_oidc.rb +87 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 648c39b75d70ae5118c23b85faa7f4f787586a8d8081963e68128a3d0fcc7bf2
-  data.tar.gz: 3279e18fe55d877a10db483d6dabe76c1bde2a40d439ae22593a1e72ee27063b
+  metadata.gz: 7d362211008d95a4bd62f5181a67c1d4dad0a2316da9883cfb6aa59a4c2038c0
+  data.tar.gz: d6db4b592001e08129dcb29c47b8e80a350c2fb935351a5e1f4cec091770902d
 SHA512:
-  metadata.gz: aa81b077a82a5967fa34d9b261a5f3c41b033853b04d71ccda1feabe77c6144411085a0702d772c5460fe5fef5ff8561fe92816db28800a86d9ddf6aaa70cb1a
-  data.tar.gz: 97f068bfa761c59c3fbb52a2619d35ed954ab576fc21d35dee96f2373de857d2b8bcf6fce5ea317537f0f4ef364acfa1971ded838643b7acf3f6f559555957ca
+  metadata.gz: c61093528dbaa6eb9879d036960137e31fcbf1703ccfe170409b4d12f47d3340468fde524cd302546bde7e186d37a2f3427153dd6a1774246a80dab868c7a779
+  data.tar.gz: 518ce60a8c157293057ef5b0e4430046b2573707fc4c69c2341cf3d8b4eebda7c75ba9bc327c18f3c9b67ef2b3c8f8cf2001bc619baf16f0e8bb5d7e114f4ea9

data/lib/terrafying/components/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module Terrafying
   module Components
-    VERSION = '1.15.3'
+    VERSION = '1.15.4'
   end
 end

data/lib/terrafying/components/vpn_oidc.rb CHANGED Viewed

@@ -74,11 +74,18 @@ module Terrafying
           openvpn_service,
           openvpn_authz_service(@ca, @fqdn, @route_all_traffic, @route_dns_entries, @groups, @client_id, @issuer_url),
         ]
         files = [
           openvpn_conf,
           openvpn_env,
           openvpn_ip_delay,
         ]
+        if @ca
+          units += [cert_checking_service, cert_checking_path, cert_checking_timer,restart_openvpn_authz_service]
+          files << cert_checking_conf
+        end
         keypairs = []
         keypairs.push(@ca.create_keypair_in(self, @fqdn, zone: @zone)) if @ca
@@ -144,6 +151,86 @@ module Terrafying
                  ingress: ingress_rules
       end
+      def cert_checking_conf
+        {
+          path: '/opt/cert_checking.yml',
+          mode: '0644',
+          contents: <<~CERT_CHECKING_CONF
+            casource: #{@ca.name}
+            caname: #{@ca.source}
+            fqdn: #{@fqdn}
+          CERT_CHECKING_CONF
+        }
+      end
+      def cert_checking_timer
+        {
+          name: 'cert_checking.timer',
+          contents: <<~CERT_CHECKING_TIMER
+            [Unit]
+            Description=Certificate Checking Service Timer
+            [Timer]
+            OnCalendar=*-*-* 00:00:00
+            Unit=cert_checking.service
+            [Install]
+            WantedBy=multi-user.target
+          CERT_CHECKING_TIMER
+        }
+      end
+      def cert_checking_service
+        {
+        name: 'cert-checking.service',
+        enabled: false,
+        contents: <<~CERT_CHECKING_SERVICE
+            [Install]
+            WantedBy=multi-user.target
+            [Unit]
+            Description=cert-checking
+            [Service]
+            Type=oneshot
+            ExecStartPre=-/usr/bin/docker rm -f cert-checking
+            ExecStart=/usr/bin/docker run --name cert-checking  \
+            -e AWS_REGION=#{aws.region} \
+            -v /etc/ssl/#{@ca.name}:/etc/ssl/#{@ca.name} \
+            -v /opt/cert_checking.yml:/cert_checking.yml quay.io/uswitch/cert-downloader:v0.1
+        CERT_CHECKING_SERVICE
+        }
+      end
+      def cert_checking_path
+        {
+          name: 'cert_checking.path',
+          contents: <<~CERT_CHECKING_PATH
+            [Unit]
+            Description=Monitor the file for changes
+            [Path]
+            PathChanged=/etc/ssl/#{@ca.name}
+            Unit=restart-openvpn-authz.service
+            [Install]
+            WantedBy=multi-user.target
+          CERT_CHECKING_PATH
+        }
+      end
+      def restart_openvpn_authz_service
+        {
+          name: 'restart-openvpn-authz.service',
+          enabled: false,
+          contents: <<~RESTART_OPENVPN_AUTHZ
+              [Install]
+              WantedBy=multi-user.target
+              [Unit]
+              Description=restart openvpn-authz service
+              [Service]
+              Type=oneshot
+              ExecStart=/usr/bin/systemctl restart openvpn-authz.service
+          RESTART_OPENVPN_AUTHZ
+          }
+      end
       def openvpn_service
         Ignition.container_unit(
           'openvpn', 'kylemanna/openvpn',

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 1.15.3
+  version: 1.15.4
 platform: ruby
 authors:
 - uSwitch Limited
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-15 00:00:00.000000000 Z
+date: 2020-01-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake