Class: CfnVpn::Actions::RenewCertificate

Inherits:
Thor::Group
  • Object
show all
Includes:
Thor::Actions
Defined in:
lib/cfnvpn/actions/renew_certificate.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.source_rootObject 



26
27
28
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 26

def self.source_root
  File.dirname(__FILE__)
end

Instance Method Details

#create_build_directoryObject 



34
35
36
37
38
39
40
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 34

def create_build_directory
  @build_dir = "#{CfnVpn.cfnvpn_path}/#{@name}"
  CfnVpn::Log.logger.debug "creating directory #{@build_dir}"
  FileUtils.mkdir_p(@build_dir)
  @cert_dir = "#{@build_dir}/certificates"
  FileUtils.mkdir_p(@cert_dir)
end

#deploy_vpnObject 



96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 96

def deploy_vpn
  compiler = CfnVpn::Compiler.new(@name, @config)
  template_body = compiler.compile
  CfnVpn::Log.logger.info "Creating cloudformation changeset for stack #{@name}-cfnvpn in #{@options['region']}"
  change_set, change_set_type = @deployer.create_change_set(template_body: template_body)
  @deployer.wait_for_changeset(change_set.id)
  changeset_response = @deployer.get_change_set(change_set.id)

  changes = {"Add" => [], "Modify" => [], "Remove" => []}
  change_colours = {"Add" => "green", "Modify" => 'yellow', "Remove" => 'red'}

  changeset_response.changes.each do |change|
    action = change.resource_change.action
    changes[action].push([
      change.resource_change.logical_resource_id,
      change.resource_change.resource_type,
      change.resource_change.replacement ? change.resource_change.replacement : 'N/A',
      change.resource_change.details.collect {|detail| detail.target.name }.join(' , ')
    ])
  end

  changes.each do |type, rows|
    next if !rows.any?
    puts "\n"
    table = Terminal::Table.new(
      :title => type,
      :headings => ['Logical Resource Id', 'Resource Type', 'Replacement', 'Changes'],
      :rows => rows)
    puts table.to_s.send(change_colours[type])
  end

  CfnVpn::Log.logger.info "Cloudformation changeset changes:"
  puts "\n"
  continue = yes? "Continue?", :green
  if !continue
    CfnVpn::Log.logger.info("Cancelled cfn-vpn modifiy #{@name}")
    exit 1
  end

  @deployer.execute_change_set(change_set.id)
  @deployer.wait_for_execute(change_set_type)
  CfnVpn::Log.logger.info "Changeset #{change_set_type} complete"
end

#initialize_configObject 



50
51
52
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 50

def initialize_config
  @config = CfnVpn::Config.get_config(@options['region'], @name)
end

#renew_certificatesObject 



63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 63

def renew_certificates
  if @config[:type] == 'certificate'
    s3 = CfnVpn::S3.new(@options['region'],@options['bucket'],@name)
    s3.get_object("#{@cert_dir}/ca.tar.gz")

    if @options['rebuild']
      CfnVpn::Log.logger.info "rebuilding server and #{@client_cn} certificates"
      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
      cert.rebuild(@config[:server_cn],@client_cn,@options['certificate_expiry'])
    else
      CfnVpn::Log.logger.info "renewing server and #{@client_cn} certificates"
      cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
      cert.renew(@config[:server_cn],@client_cn,@options['certificate_expiry'])
    end
  else
    CfnVpn::Log.logger.info "recreating server and #{@client_cn} certificates with a new CA"
    cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
    cert.generate_ca(@options['server_cn'],@options['certificate_expiry'])
  end
end

#set_client_cnObject 



54
55
56
57
58
59
60
61
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 54

def set_client_cn
  @client_cn = nil
  if @config[:type] == 'certificate'
    acm = CfnVpn::Acm.new(@options['region'], @cert_dir)
    @client_cn = acm.get_certificate_tags(@config[:client_cert_arn],'Name')
    CfnVpn::Log.logger.info "Client CN #{@client_cn}"
  end
end

#set_loglevelObject 



30
31
32
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 30

def set_loglevel
  CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose']
end

#stack_existObject 



42
43
44
45
46
47
48
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 42

def stack_exist
  @deployer = CfnVpn::Deployer.new(@options['region'],@name)
  if !@deployer.does_cf_stack_exist()
    CfnVpn::Log.logger.error "#{@name}-cfnvpn stack doesn't exists in this account in region #{@options['region']}\n Try running `cfn-vpn init #{@name}` to setup the stack"
    exit 1
  end
end

#upload_certificatesObject 



84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/cfnvpn/actions/renew_certificate.rb', line 84

def upload_certificates
  cert = CfnVpn::Certificates.new(@build_dir,@name,@options['easyrsa_local'])
  @config[:server_cert_arn] = cert.upload_certificates(@options['region'],'server','server',@config[:server_cn])
  if @config[:type] == 'certificate'
     # we only need the server certificate to ACM if it is a SAML federated client vpn
    @config[:client_cert_arn] = cert.upload_certificates(@options['region'],@client_cn,'client')
    # and only need to upload the certs to s3 if using certificate authenitcation
    s3 = CfnVpn::S3.new(@options['region'],@config[:bucket],@name)
    s3.store_object("#{@build_dir}/certificates/ca.tar.gz")
  end
end