class CfnVpn::ClientVpn

Public Class Methods

new(name,region) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 9
def initialize(name,region)
  @client = Aws::EC2::Client.new(region: region)
  @name = name
  @endpoint_id = self.get_endpoint_id()
end

Public Instance Methods

delete_route(cidr, subnet) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 120
def delete_route(cidr, subnet)
  @client.delete_client_vpn_route({
    client_vpn_endpoint_id: @endpoint_id,
    target_vpc_subnet_id: subnet,
    destination_cidr_block: cidr
  })
end
get_associations(endpoint) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 94
def get_associations(endpoint)
  associations = []
  resp = @client.describe_client_vpn_target_networks({
    client_vpn_endpoint_id: endpoint
  })

  resp.client_vpn_target_networks.each do |net|
    subnet_resp = @client.describe_subnets({
      subnet_ids: [net.target_network_id]
    })
    subnet = subnet_resp.subnets.first
    groups = get_groups_for_route(endpoint, subnet.cidr_block)
    
    associations.push({
      association_id: net.association_id,
      target_network_id: net.target_network_id,
      status: net.status.code,
      cidr: subnet.cidr_block,
      az: subnet.availability_zone,
      groups: groups.join(' ')
    })
  end

  return associations
end
get_config(endpoint_id) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 34
def get_config(endpoint_id)
  resp = @client.export_client_vpn_client_configuration({
    client_vpn_endpoint_id: endpoint_id
  })
  return resp.client_configuration
end
get_dns_servers() click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 30
def get_dns_servers()
  return get_endpoint().dns_servers
end
get_endpoint() click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 15
def get_endpoint()
  resp = @client.describe_client_vpn_endpoints({
    filters: [{ name: "tag:cfnvpn:name", values: [@name] }]
  })
  if resp.client_vpn_endpoints.empty?
    CfnVpn::Log.logger.error "unable to find endpoint with tag Key: cfnvpn:name with Value: #{@name}"
    raise "Unable to find client vpn"
  end
  return resp.client_vpn_endpoints.first
end
get_endpoint_id() click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 26
def get_endpoint_id()
  return get_endpoint().client_vpn_endpoint_id
end
get_groups_for_route(endpoint, cidr) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 81
def get_groups_for_route(endpoint, cidr)
  auth_resp = @client.describe_client_vpn_authorization_rules({
    client_vpn_endpoint_id: endpoint,
    filters: [
      {
        name: 'destination-cidr',
        values: [cidr]
      }
    ]
  })
  return auth_resp.authorization_rules.map {|rule| rule.group_id }
end
get_rekove_list(endpoint_id) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 41
def get_rekove_list(endpoint_id)
  resp = @client.export_client_vpn_client_certificate_revocation_list({
    client_vpn_endpoint_id: endpoint_id
  })
  return resp.certificate_revocation_list
end
get_routes() click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 72
def get_routes()
  endpoint_id = get_endpoint_id()
  resp = @client.describe_client_vpn_routes({
    client_vpn_endpoint_id: endpoint_id,
    max_results: 20
  })
  return resp.routes
end
get_sessions(endpoint_id) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 56
def get_sessions(endpoint_id)
  params = {
    client_vpn_endpoint_id: endpoint_id,
    max_results: 20
  }
  resp = @client.describe_client_vpn_connections(params)
  return resp.connections
end
kill_session(endpoint_id, connection_id) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 65
def kill_session(endpoint_id, connection_id)
  @client.terminate_client_vpn_connections({
    client_vpn_endpoint_id: endpoint_id,
    connection_id: connection_id
  })
end
put_revoke_list(endpoint_id,revoke_list) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 48
def put_revoke_list(endpoint_id,revoke_list)
  list = File.read(revoke_list)
  @client.import_client_vpn_client_certificate_revocation_list({
    client_vpn_endpoint_id: endpoint_id,
    certificate_revocation_list: list
  })
end
revoke_auth(cidr) click to toggle source
# File lib/cfnvpn/clientvpn.rb, line 128
def revoke_auth(cidr)
  endpoint_id = get_endpoint_id()
  @client.revoke_client_vpn_ingress({
    client_vpn_endpoint_id: @endpoint_id,
    target_network_cidr: cidr,
    revoke_all_groups: true
  })
end