Class: CfnVpn::Actions::Init

Inherits:
Thor::Group
  • Object
show all
Includes:
Thor::Actions
Defined in:
lib/cfnvpn/actions/init.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.source_rootObject 



46
47
48
 
# File 'lib/cfnvpn/actions/init.rb', line 46

def self.source_root
  File.dirname(__FILE__)
end

Instance Method Details

#create_bucket_if_bucket_not_setObject 



80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/cfnvpn/actions/init.rb', line 80

def create_bucket_if_bucket_not_set
  if !@options['bucket']
    CfnVpn::Log.logger.info "creating s3 bucket"
    bucket = CfnVpn::S3Bucket.new(@options['region'], @name)
    bucket_name = bucket.generate_bucket_name
    bucket.create_bucket(bucket_name)
    @config[:bucket] = bucket_name
  else
    @config[:bucket] = @options['bucket']
  end
end

#create_build_directoryObject 



54
55
56
57
58
 
# File 'lib/cfnvpn/actions/init.rb', line 54

def create_build_directory
  @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
  CfnVpn::Log.logger.debug "creating directory #{@build_dir}"
  FileUtils.mkdir_p(@build_dir)
end

#deploy_vpnObject 



134
135
136
137
138
139
140
141
142
143
 
# File 'lib/cfnvpn/actions/init.rb', line 134

def deploy_vpn
  compiler = CfnVpn::Compiler.new(@name, @config)
  template_body = compiler.compile
  CfnVpn::Log.logger.info "Launching cloudformation stack #{@name}-cfnvpn in #{@options['region']}"
  change_set, change_set_type = @deployer.create_change_set(template_body: template_body)
  @deployer.wait_for_changeset(change_set.id)
  @deployer.execute_change_set(change_set.id)
  @deployer.wait_for_execute(change_set_type)
  CfnVpn::Log.logger.info "Changeset #{change_set_type} complete"
end

#finishObject 



145
146
147
148
 
# File 'lib/cfnvpn/actions/init.rb', line 145

def finish
  vpn = CfnVpn::ClientVpn.new(@name,@options['region'])
  CfnVpn::Log.logger.info "Client VPN #{vpn.endpoint_id} created. Run `cfn-vpn config #{@name}` to setup the client config"
end

#generate_server_certificatesObject

create certificates



115
116
117
118
119
120
 
# File 'lib/cfnvpn/actions/init.rb', line 115

def generate_server_certificates
  CfnVpn::Log.logger.info "Generating certificates using openvpn easy-rsa"
  cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
  @client_cn = @options['client_cn'] ? @options['client_cn'] : "client-vpn.#{@options['server_cn']}"
  cert.generate_ca(@options['server_cn'],@client_cn,@options['certificate_expiry'])
end

#initialize_configObject 



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
 
# File 'lib/cfnvpn/actions/init.rb', line 60

def initialize_config
  @config = {
    region: @options['region'],
    subnet_ids: @options['subnet_ids'],
    cidr: @options['cidr'],
    dns_servers: @options['dns_servers'],
    split_tunnel: @options['split_tunnel'],
    internet_route: @options['internet_route'],
    protocol: @options['protocol'],
    start: @options['start'],
    stop: @options['stop'],
    saml_arn: @options['saml_arn'],
    saml_self_service_arn: @options['saml_self_service_arn'],
    directory_id: @options['directory_id'],
    slack_webhook_url: @options['slack_webhook_url'],
    auto_limit_increase: @options['auto_limit_increase'],
    routes: []
  }
end

#set_loglevelObject 



50
51
52
 
# File 'lib/cfnvpn/actions/init.rb', line 50

def set_loglevel
  CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose']
end

#set_typeObject 



92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/cfnvpn/actions/init.rb', line 92

def set_type
  if @options['saml_arn']
    @config[:type] = 'federated'
    @config[:default_groups] = @options['default_groups']
  elsif @options['directory_id']
    @config[:type] = 'active-directory'
    @config[:default_groups] = @options['default_groups']
  else
    @config[:type] = 'certificate'
    @config[:default_groups] = []
  end
  CfnVpn::Log.logger.info "initialising #{@config[:type]} client vpn"
end

#stack_existObject 



106
107
108
109
110
111
112
 
# File 'lib/cfnvpn/actions/init.rb', line 106

def stack_exist
  @deployer = CfnVpn::Deployer.new(@options['region'],@name)
  if @deployer.does_cf_stack_exist()
    CfnVpn::Log.logger.error "#{@name}-cfnvpn stack already exists in this account in region #{@options['region']}, use the modify command to alter the stack"
    exit 1
  end
end

#upload_certificatesObject 



122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/cfnvpn/actions/init.rb', line 122

def upload_certificates
  cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
  @config[:server_cert_arn] = cert.upload_certificates(@options['region'],'server','server',@options['server_cn'])
  if @config[:type] == 'certificate'
     # we only need the server certificate to ACM if it is a SAML federated client vpn
    @config[:client_cert_arn] = cert.upload_certificates(@options['region'],@client_cn,'client')
    # and only need to upload the certs to s3 if using certificate authenitcation
    s3 = CfnVpn::S3.new(@options['region'],@config[:bucket],@name)
    s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
  end
end