class CfnVpn::Actions::Init
Public Class Methods
source_root()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 41 def self.source_root File.dirname(__FILE__) end
Public Instance Methods
create_bucket_if_bucket_not_set()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 72 def create_bucket_if_bucket_not_set if !@options['bucket'] CfnVpn::Log.logger.info "creating s3 bucket" bucket = CfnVpn::S3Bucket.new(@options['region'], @name) bucket_name = bucket.generate_bucket_name bucket.create_bucket(bucket_name) @config[:bucket] = bucket_name else @config[:bucket] = @options['bucket'] end end
create_build_directory()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 49 def create_build_directory @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}" CfnVpn::Log.logger.debug "creating directory #{@build_dir}" FileUtils.mkdir_p(@build_dir) end
deploy_vpn()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 126 def deploy_vpn compiler = CfnVpn::Compiler.new(@name, @config) template_body = compiler.compile CfnVpn::Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}" change_set, change_set_type = @deployer.create_change_set(template_body: template_body) @deployer.wait_for_changeset(change_set.id) @deployer.execute_change_set(change_set.id) @deployer.wait_for_execute(change_set_type) CfnVpn::Log.logger.info "Changeset #{change_set_type} complete" end
finish()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 137 def finish vpn = CfnVpn::ClientVpn.new(@name,@options['region']) @endpoint_id = vpn.get_endpoint_id() CfnVpn::Log.logger.info "Client VPN #{@endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config" end
generate_server_certificates()
click to toggle source
create certificates
# File lib/cfnvpn/actions/init.rb, line 107 def generate_server_certificates CfnVpn::Log.logger.info "Generating certificates using openvpn easy-rsa" cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local']) @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}" cert.generate_ca(@options['server_cn'],@client_cn) end
initialize_config()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 55 def initialize_config @config = { region: @options['region'], subnet_ids: @options['subnet_ids'], cidr: @options['cidr'], dns_servers: @options['dns_servers'], split_tunnel: @options['split_tunnel'], internet_route: @options['internet_route'], protocol: @options['protocol'], start: @options['start'], stop: @options['stop'], saml_arn: @options['saml_arn'], directory_id: @options['directory_id'], routes: [] } end
set_loglevel()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 45 def set_loglevel CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose'] end
set_type()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 84 def set_type if @options['saml_arn'] @config[:type] = 'federated' @config[:default_groups] = @options['default_groups'] elsif @options['directory_id'] @config[:type] = 'active-directory' @config[:default_groups] = @options['default_groups'] else @config[:type] = 'certificate' @config[:default_groups] = [] end CfnVpn::Log.logger.info "initialising #{@config[:type]} client vpn" end
stack_exist()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 98 def stack_exist @deployer = CfnVpn::Deployer.new(@options['region'],@name) if @deployer.does_cf_stack_exist() CfnVpn::Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}, use the modify command to alter the stack" exit 1 end end
upload_certificates()
click to toggle source
# File lib/cfnvpn/actions/init.rb, line 114 def upload_certificates cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local']) @config[:server_cert_arn] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn']) if @config[:type] == 'certificate' # we only need the server certificate to ACM if it is a SAML federated client vpn @config[:client_cert_arn] = cert.upload_certificates(@options['region'],@client_cn,'client') # and only need to upload the certs to s3 if using certificate authenitcation s3 = CfnVpn::S3.new(@options['region'],@config[:bucket],@name) s3.store_object("#{@build_dir}/certificates/ca.tar.gz") end end