class CfnVpn::Actions::Init

Public Class Methods

source_root() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 41
def self.source_root
  File.dirname(__FILE__)
end

Public Instance Methods

create_bucket_if_bucket_not_set() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 72
def create_bucket_if_bucket_not_set
  if !@options['bucket']
    CfnVpn::Log.logger.info "creating s3 bucket"
    bucket = CfnVpn::S3Bucket.new(@options['region'], @name)
    bucket_name = bucket.generate_bucket_name
    bucket.create_bucket(bucket_name)
    @config[:bucket] = bucket_name
  else
    @config[:bucket] = @options['bucket']
  end
end
create_build_directory() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 49
def create_build_directory
  @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
  CfnVpn::Log.logger.debug "creating directory #{@build_dir}"
  FileUtils.mkdir_p(@build_dir)
end
deploy_vpn() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 126
def deploy_vpn
  compiler = CfnVpn::Compiler.new(@name, @config)
  template_body = compiler.compile
  CfnVpn::Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
  change_set, change_set_type = @deployer.create_change_set(template_body: template_body)
  @deployer.wait_for_changeset(change_set.id)
  @deployer.execute_change_set(change_set.id)
  @deployer.wait_for_execute(change_set_type)
  CfnVpn::Log.logger.info "Changeset #{change_set_type} complete"
end
finish() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 137
def finish
  vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
  @endpoint_id = vpn.get_endpoint_id()
  CfnVpn::Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
end
generate_server_certificates() click to toggle source

create certificates

# File lib/cfnvpn/actions/init.rb, line 107
def generate_server_certificates
  CfnVpn::Log.logger.info "Generating certificates using openvpn easy-rsa"
  cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
  @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
  cert.generate_ca(@options['server_cn'],@client_cn)
end
initialize_config() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 55
def initialize_config
  @config = {
    region: @options['region'],
    subnet_ids: @options['subnet_ids'],
    cidr: @options['cidr'],
    dns_servers: @options['dns_servers'],
    split_tunnel: @options['split_tunnel'],
    internet_route: @options['internet_route'],
    protocol: @options['protocol'],
    start: @options['start'],
    stop: @options['stop'],
    saml_arn: @options['saml_arn'],
    directory_id: @options['directory_id'],
    routes: []
  }
end
set_loglevel() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 45
def set_loglevel
  CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose']
end
set_type() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 84
def set_type
  if @options['saml_arn']
    @config[:type] = 'federated'
    @config[:default_groups] = @options['default_groups']
  elsif @options['directory_id']
    @config[:type] = 'active-directory'
    @config[:default_groups] = @options['default_groups']
  else
    @config[:type] = 'certificate'
    @config[:default_groups] = []
  end
  CfnVpn::Log.logger.info "initialising #{@config[:type]} client vpn"
end
stack_exist() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 98
def stack_exist
  @deployer = CfnVpn::Deployer.new(@options['region'],@name)
  if @deployer.does_cf_stack_exist()
    CfnVpn::Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}, use the modify command to alter the stack"
    exit 1
  end
end
upload_certificates() click to toggle source
# File lib/cfnvpn/actions/init.rb, line 114
def upload_certificates
  cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
  @config[:server_cert_arn] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
  if @config[:type] == 'certificate'
     # we only need the server certificate to ACM if it is a SAML federated client vpn
    @config[:client_cert_arn] = cert.upload_certificates(@options['region'],@client_cn,'client')
    # and only need to upload the certs to s3 if using certificate authenitcation
    s3 = CfnVpn::S3.new(@options['region'],@config[:bucket],@name)
    s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
  end
end