class CfnVpn::Actions::Routes

Public Class Methods

source_root() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 26
def self.source_root
  File.dirname(__FILE__)
end

Public Instance Methods

cleanup_dns_routes() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 166
def cleanup_dns_routes
  @vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
  unless @dns_route_cleanup.nil?
    routes = @vpn.get_routes()
    CfnVpn::Log.logger.info("Cleaning up expired routes for #{@dns_route_cleanup}")
    expired_routes = routes.select {|route| route.description.include?(@dns_route_cleanup) }
    expired_routes.each do |route|
      @vpn.delete_route(route.destination_cidr, route.target_subnet)
      @vpn.revoke_auth(route.destination_cidr)
    end
  end
end
create_bucket_if_bucket_not_set() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 112
def create_bucket_if_bucket_not_set
  if !@config.has_key?(:bucket)
    CfnVpn::Log.logger.error "no bucket found in the config, run the cfn-vpn modify #{name} command to add a bucket"
    exit 1
  end
end
deploy_vpn() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 119
def deploy_vpn
  unless @skip_update
    compiler = CfnVpn::Compiler.new(@name, @config)
    template_body = compiler.compile
    CfnVpn::Log.logger.info "Creating cloudformation changeset for stack #{@name}-cfnvpn in #{@options['region']}"
    @deployer = CfnVpn::Deployer.new(@options['region'],@name)
    change_set, change_set_type = @deployer.create_change_set(template_body: template_body)
    @deployer.wait_for_changeset(change_set.id)
    changeset_response = @deployer.get_change_set(change_set.id)

    changes = {"Add" => [], "Modify" => [], "Remove" => []}
    change_colours = {"Add" => "green", "Modify" => 'yellow', "Remove" => 'red'}

    changeset_response.changes.each do |change|
      action = change.resource_change.action
      changes[action].push([
        change.resource_change.logical_resource_id,
        change.resource_change.resource_type,
        change.resource_change.replacement ? change.resource_change.replacement : 'N/A',
        change.resource_change.details.collect {|detail| detail.target.name }.join(' , ')
      ])
    end

    changes.each do |type, rows|
      next if !rows.any?
      puts "\n"
      table = Terminal::Table.new(
        :title => type,
        :headings => ['Logical Resource Id', 'Resource Type', 'Replacement', 'Changes'],
        :rows => rows)
      puts table.to_s.send(change_colours[type])
    end

    CfnVpn::Log.logger.info "Cloudformation changeset changes:"
    puts "\n"
    continue = yes? "Continue?", :green
    if !continue
      CfnVpn::Log.logger.info("Cancelled cfn-vpn modifiy #{@name}")
      exit 1
    end

    @deployer.execute_change_set(change_set.id)
    @deployer.wait_for_execute(change_set_type)
    CfnVpn::Log.logger.info "Changeset #{change_set_type} complete"
  end
end
display_routes() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 184
def display_routes
  rows = @routes.collect do |s|
    groups = @vpn.get_groups_for_route(@endpoint, s.destination_cidr)
    [ s.destination_cidr, s.description, s.status.code, s.target_subnet, s.type, s.origin, (!groups.join("").empty? ? groups.join(' ') : 'AllowAll') ]
  end
  table = Terminal::Table.new(
    :headings => ['Route', 'Description', 'Status', 'Target', 'Type', 'Origin', 'Groups'],
    :rows => rows)
  puts table
end
get_routes() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 179
def get_routes
  @endpoint = @vpn.get_endpoint_id()
  @routes = @vpn.get_routes()
end
set_config() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 34
def set_config
  @config = CfnVpn::Config.get_config(@options[:region], @name)

  if @options[:cidr] && @options[:dns]
    CfnVpn::Log.logger.error "only one of --dns or --cidr can be set"
    exit 1
  end

  if @options[:dns]
    if @options[:dns].include?("*")
      CfnVpn::Log.logger.error("wild card DNS resolution is not supported, use a record that will be resolved by the wild card instead")
      exit 1
    end
    @route = @config[:routes].detect {|route| route[:dns] == @options[:dns]}      
  elsif @options[:cidr]
    @route = @config[:routes].detect {|route| route[:cidr] == @options[:cidr]}      
  end
end
set_loglevel() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 30
def set_loglevel
  CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose']
end
set_route() click to toggle source
# File lib/cfnvpn/actions/routes.rb, line 53
def set_route
  @skip_update = false
  @dns_route_cleanup = nil
  if @route && @options[:delete]
    if @options[:dns]
      CfnVpn::Log.logger.info "deleting auto lookup route for endpoint #{@options[:dns]}"
      @config[:routes].reject! {|route| route[:dns] == @options[:dns]}
      @dns_route_cleanup = @options[:dns]
    elsif @options[:cidr]
      CfnVpn::Log.logger.info "deleting route #{@options[:cidr]}"
      @config[:routes].reject! {|route| route[:cidr] == @options[:cidr]}
    end
  elsif @route
    CfnVpn::Log.logger.info "existing route for #{@options[:cidr] ? @options[:cidr] : @options[:dns]} found"
    if @options[:groups]
      CfnVpn::Log.logger.info "replacing groups #{@route[:groups]} with new #{@options[:groups]} for route authorization rule"
      @route[:groups] = @options[:groups]
    end

    if @options[:add_groups]
      CfnVpn::Log.logger.info "adding new group(s) #{@options[:add_groups]} to route authorization rule" 
      @route[:groups].concat(@options[:add_groups]).uniq!
    end

    if @options[:del_groups]
      CfnVpn::Log.logger.info "removing new group(s) #{@options[:del_groups]} to route authorization rule" 
      @route[:groups].reject! {|group| @options[:del_groups].include? group}
    end

    if @options[:desc]
      CfnVpn::Log.logger.warn "description for this route cannot be updated in place. To alter delete the route and add with the new description"
    end

    if @options[:subnet]
      CfnVpn::Log.logger.warn "the target subnet for this route cannot be updated in place. To alter delete the route and add with the new target subnet"
    end
  elsif !@route && @options[:cidr]
    CfnVpn::Log.logger.info "adding new route for #{@options[:cidr]}"
    @config[:routes] << {
      cidr: @options[:cidr],
      desc: @options.fetch(:desc, ""),
      subnet: @options.fetch(:subnet, @config[:subnet_ids].first),
      groups: @options.fetch(:groups, []) + @options.fetch(:add_groups, [])
    }
  elsif !@route && @options[:dns]
    CfnVpn::Log.logger.info "adding new route lookup for dns record #{@options[:dns]}"
    @config[:routes] << {
      dns: @options[:dns],
      desc: @options.fetch(:desc, ""),
      subnet: @options.fetch(:subnet, @config[:subnet_ids].first),
      groups: @options.fetch(:groups, []) + @options.fetch(:add_groups, [])
    }
  else
    @skip_update = true
  end

  CfnVpn::Log.logger.debug "CONFIG: #{@config}"
end