Class: CfnVpn::Actions::Routes

Inherits:
Thor::Group
  • Object
show all
Includes:
Thor::Actions
Defined in:
lib/cfnvpn/actions/routes.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.source_rootObject 



26
27
28
 
# File 'lib/cfnvpn/actions/routes.rb', line 26

def self.source_root
  File.dirname(__FILE__)
end

Instance Method Details

#cleanup_dns_routesObject 



170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
 
# File 'lib/cfnvpn/actions/routes.rb', line 170

def cleanup_dns_routes
  unless @dns_route_cleanup.nil?
    CfnVpn::Log.logger.info("Cleaning up expired routes for #{@dns_route_cleanup}")
    expired_routes = @vpn.get_routes(@dns_route_cleanup)
    expired_routes.each do |route|
      CfnVpn::Log.logger.info("Removing expired route #{route.destination_cidr} for target subnet #{route.target_subnet}")
      @vpn.delete_route(route.destination_cidr, route.target_subnet)
    end

    expired_rules = @vpn.get_auth_rules(@dns_route_cleanup)
    expired_rules.each do |rule|
      CfnVpn::Log.logger.info("Removing expired auth rule for route #{route.destination_cidr}")
      @vpn.revoke_auth(rule.destination_cidr)
    end
  end
end

#create_bucket_if_bucket_not_setObject 



112
113
114
115
116
117
 
# File 'lib/cfnvpn/actions/routes.rb', line 112

def create_bucket_if_bucket_not_set
  if !@config.has_key?(:bucket)
    CfnVpn::Log.logger.error "no bucket found in the config, run the cfn-vpn modify #{name} command to add a bucket"
    exit 1
  end
end

#deploy_vpnObject 



119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
 
# File 'lib/cfnvpn/actions/routes.rb', line 119

def deploy_vpn
  unless @skip_update
    compiler = CfnVpn::Compiler.new(@name, @config)
    template_body = compiler.compile
    CfnVpn::Log.logger.info "Creating cloudformation changeset for stack #{@name}-cfnvpn in #{@options['region']}"
    @deployer = CfnVpn::Deployer.new(@options['region'],@name)
    change_set, change_set_type = @deployer.create_change_set(template_body: template_body)
    @deployer.wait_for_changeset(change_set.id)
    changeset_response = @deployer.get_change_set(change_set.id)

    changes = {"Add" => [], "Modify" => [], "Remove" => []}
    change_colours = {"Add" => "green", "Modify" => 'yellow', "Remove" => 'red'}

    changeset_response.changes.each do |change|
      action = change.resource_change.action
      changes[action].push([
        change.resource_change.logical_resource_id,
        change.resource_change.resource_type,
        change.resource_change.replacement ? change.resource_change.replacement : 'N/A',
        change.resource_change.details.collect {|detail| detail.target.name }.join(' , ')
      ])
    end

    changes.each do |type, rows|
      next if !rows.any?
      puts "\n"
      table = Terminal::Table.new(
        :title => type,
        :headings => ['Logical Resource Id', 'Resource Type', 'Replacement', 'Changes'],
        :rows => rows)
      puts table.to_s.send(change_colours[type])
    end

    CfnVpn::Log.logger.info "Cloudformation changeset changes:"
    puts "\n"
    continue = yes? "Continue?", :green
    if !continue
      CfnVpn::Log.logger.info("Cancelled cfn-vpn modifiy #{@name}")
      exit 1
    end

    @deployer.execute_change_set(change_set.id)
    @deployer.wait_for_execute(change_set_type)
    CfnVpn::Log.logger.info "Changeset #{change_set_type} complete"
  end
end

#display_routesObject 



187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/cfnvpn/actions/routes.rb', line 187

def display_routes
  routes = @vpn.get_routes()
  rows = routes.collect do |s|
    groups = @vpn.get_groups_for_route(s.destination_cidr)
    [ s.destination_cidr, s.description, s.status.code, s.target_subnet, s.type, s.origin, (!groups.join("").empty? ? groups.join(' ') : 'AllowAll') ]
  end
  table = Terminal::Table.new(
    :headings => ['Route', 'Description', 'Status', 'Target', 'Type', 'Origin', 'Groups'],
    :rows => rows)
  puts table
end

#get_routesObject 



166
167
168
 
# File 'lib/cfnvpn/actions/routes.rb', line 166

def get_routes
  @vpn = CfnVpn::ClientVpn.new(@name, @options['region'])
end

#set_configObject 



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/cfnvpn/actions/routes.rb', line 34

def set_config
  @config = CfnVpn::Config.get_config(@options[:region], @name)

  if @options[:cidr] && @options[:dns]
    CfnVpn::Log.logger.error "only one of --dns or --cidr can be set"
    exit 1
  end

  if @options[:dns]
    if @options[:dns].include?("*")
      CfnVpn::Log.logger.error("wild card DNS resolution is not supported, use a record that will be resolved by the wild card instead")
      exit 1
    end
    @route = @config[:routes].detect {|route| route[:dns] == @options[:dns]}      
  elsif @options[:cidr]
    @route = @config[:routes].detect {|route| route[:cidr] == @options[:cidr]}      
  end
end

#set_loglevelObject 



30
31
32
 
# File 'lib/cfnvpn/actions/routes.rb', line 30

def set_loglevel
  CfnVpn::Log.logger.level = Logger::DEBUG if @options['verbose']
end

#set_routeObject 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/cfnvpn/actions/routes.rb', line 53

def set_route
  @skip_update = false
  @dns_route_cleanup = nil
  if @route && @options[:delete]
    if @options[:dns]
      CfnVpn::Log.logger.info "deleting auto lookup route for endpoint #{@options[:dns]}"
      @config[:routes].reject! {|route| route[:dns] == @options[:dns]}
      @dns_route_cleanup = @options[:dns]
    elsif @options[:cidr]
      CfnVpn::Log.logger.info "deleting route #{@options[:cidr]}"
      @config[:routes].reject! {|route| route[:cidr] == @options[:cidr]}
    end
  elsif @route
    CfnVpn::Log.logger.info "existing route for #{@options[:cidr] ? @options[:cidr] : @options[:dns]} found"
    if @options[:groups]
      CfnVpn::Log.logger.info "replacing groups #{@route[:groups]} with new #{@options[:groups]} for route authorization rule"
      @route[:groups] = @options[:groups]
    end

    if @options[:add_groups]
      CfnVpn::Log.logger.info "adding new group(s) #{@options[:add_groups]} to route authorization rule" 
      @route[:groups].concat(@options[:add_groups]).uniq!
    end

    if @options[:del_groups]
      CfnVpn::Log.logger.info "removing new group(s) #{@options[:del_groups]} to route authorization rule" 
      @route[:groups].reject! {|group| @options[:del_groups].include? group}
    end

    if @options[:desc]
      CfnVpn::Log.logger.warn "description for this route cannot be updated in place. To alter delete the route and add with the new description"
    end

    if @options[:subnets]
      CfnVpn::Log.logger.warn "the target subnets for this route cannot be updated in place. To alter delete the route and add with the new target subnet"
    end
  elsif !@route && @options[:cidr]
    CfnVpn::Log.logger.info "adding new route for #{@options[:cidr]}"
    @config[:routes] << {
      cidr: @options[:cidr],
      desc: @options.fetch(:desc, ""),
      subnets: @options.fetch(:subnets, @config[:subnet_ids]),
      groups: @options.fetch(:groups, []) + @options.fetch(:add_groups, [])
    }
  elsif !@route && @options[:dns]
    CfnVpn::Log.logger.info "adding new route lookup for dns record #{@options[:dns]}"
    @config[:routes] << {
      dns: @options[:dns],
      desc: @options.fetch(:desc, ""),
      subnets: @options.fetch(:subnets, @config[:subnet_ids]),
      groups: @options.fetch(:groups, []) + @options.fetch(:add_groups, [])
    }
  else
    @skip_update = true
  end

  CfnVpn::Log.logger.debug "CONFIG: #{@config}"
end