unifio
diff --git a/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎Rakefile‎
Lines changed: 2 additions & 1 deletion b/‎Rakefile‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎examples/cert-gen/main.tf‎
Lines changed: 40 additions & 0 deletions b/‎examples/cert-gen/main.tf‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎examples/cert-gen/variables.tf‎
Lines changed: 136 additions & 0 deletions b/‎examples/cert-gen/variables.tf‎
Lines changed: 136 additions & 0 deletions
diff --git a/‎examples/openvpn/outputs.tf‎
Lines changed: 0 additions & 1 deletion b/‎examples/openvpn/outputs.tf‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎examples/openvpn/main.tf‎ renamed to ‎examples/server/main.tf‎ b/‎examples/openvpn/main.tf‎ renamed to ‎examples/server/main.tf‎
diff --git a/‎examples/openvpn/variables.tf‎ renamed to ‎examples/server/variables.tf‎ b/‎examples/openvpn/variables.tf‎ renamed to ‎examples/server/variables.tf‎
diff --git a/‎generate-certs/templates/user_data.tpl‎
Lines changed: 1 addition & 1 deletion b/‎generate-certs/templates/user_data.tpl‎
Lines changed: 1 addition & 1 deletion
@@ -7,6 +7,11 @@
 - Fix the 4 subnet fixed mapping
 - Fill in some examples
 
+## 0.0.7
+
+#### BUG FIXES:
+- Resolved regression in certificate generator user data template.
+
 ## 0.0.6
 
 #### BREAKING CHANGES:
 
@@ -11,6 +11,7 @@ inputs = {
   'route_cidrs'         => '10.10.0.0/25,10.10.0.128/25,10.10.4.0/25,10.10.4.128/25',
   's3_bucket'           => 'openvpn-certs',
   's3_bucket_prefix'    => '20160603',
+  'openvpn_host'        => 'vpn.example.io'
 }
 
 task :default => :verify
@@ -23,7 +24,7 @@ task :verify do
     vars.push("-var #{var}=\"#{value}\"")
   end
 
-  ['openvpn'].each do |stack|
+  ['server','cert-gen'].each do |stack|
     task_args = {:stack => stack, :args => vars.join(' ')}
     Rake::Task['clean'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
     Rake::Task['plan'].execute(Rake::TaskArguments.new(task_args.keys, task_args.values))
 
@@ -0,0 +1,40 @@
+# OpenVPN Certificate Generator
+
+## Configures AWS provider
+provider "aws" {
+  region = "${var.region}"
+}
+
+## Creates generator
+module "cert_generator" {
+  source = "../../generate-certs"
+
+  # Resource labels
+  stack_item_label    = "${var.stack_item_label}"
+  stack_item_fullname = "${var.stack_item_fullname}"
+
+  # Instance parameters
+  ami_custom    = "${var.ami_custom}"
+  instance_type = "${var.instance_type}"
+  key_name      = "${var.key_name}"
+  region        = "${var.region}"
+  subnet        = "${element(split(",",var.subnets),0)}"
+  vpc_id        = "${var.vpc_id}"
+
+  # Generator parameters
+  active_clients   = "${var.active_clients}"
+  cert_key_name    = "${var.cert_key_name}"
+  cert_key_size    = "${var.cert_key_size}"
+  force_cert_regen = "${var.force_cert_regen}"
+  key_city         = "${var.key_city}"
+  key_country      = "${var.key_country}"
+  key_email        = "${var.key_email}"
+  key_org          = "${var.key_org}"
+  key_ou           = "${var.key_ou}"
+  key_province     = "${var.key_province}"
+  openvpn_host     = "${var.openvpn_host}"
+  revoked_clients  = "${var.revoked_clients}"
+  s3_bucket        = "${var.s3_bucket}"
+  s3_bucket_prefix = "${var.s3_bucket_prefix}"
+  s3_push_dryrun   = "${var.s3_push_dryrun}"
+}
@@ -0,0 +1,136 @@
+# Input Variables
+
+## Resource tags
+variable "stack_item_label" {
+  type        = "string"
+  description = "Short form identifier for this stack. This value is used to create the 'Name' resource tag for resources created by this stack item, and also serves as a unique key for re-use."
+}
+
+variable "stack_item_fullname" {
+  type        = "string"
+  description = "Long form descriptive name for this stack item. This value is used to create the 'application' resource tag for resources created by this stack item."
+}
+
+## Instance parameters
+variable "ami_custom" {
+  type        = "string"
+  description = "Custom AMI to utilize"
+  default     = ""
+}
+
+variable "instance_type" {
+  type        = "string"
+  description = "EC2 instance type to associate with the launch configuration."
+  default     = "t2.medium"
+}
+
+variable "key_name" {
+  type        = "string"
+  description = "SSH key pair to associate with the launch configuration."
+}
+
+variable "region" {
+  type        = "string"
+  description = "AWS region to be utilized."
+}
+
+variable "subnets" {
+  tpye        = "string"
+  description = "List of VPC subnets eligible for instance deployment"
+}
+
+variable "vpc_id" {
+  type        = "string"
+  description = "ID of the target VPC."
+}
+
+## Generator parameters
+
+### Order matters. Do not remove clients here, use the 'revoked_clients' list instead.
+variable "active_clients" {
+  type        = "string"
+  description = "Comma delimited list of active clients"
+  default     = ""
+}
+
+variable "cert_key_name" {
+  type    = "string"
+  default = "EasyRSA"
+}
+
+variable "cert_key_size" {
+  type    = "string"
+  default = 4096
+}
+
+variable "force_cert_regen" {
+  type        = "string"
+  description = "Force all certificates to be regenerated."
+  default     = false
+}
+
+variable "key_city" {
+  type        = "string"
+  description = "City to be associated with the certificate."
+  default     = "San Francisco"
+}
+
+variable "key_country" {
+  type        = "string"
+  description = "Country to be associated with the certificate."
+  default     = "US"
+}
+
+variable "key_email" {
+  type        = "string"
+  description = "Email address to be associated with the certificate."
+  default     = "support@example.io"
+}
+
+variable "key_org" {
+  type        = "string"
+  description = "Organization to be associated with the certificate."
+  default     = "Example, Inc."
+}
+
+variable "key_ou" {
+  type        = "string"
+  description = "Organizational unit to be associated with the certificate."
+  default     = "Operations"
+}
+
+variable "key_province" {
+  type        = "string"
+  description = "Province to be associated with the certificate."
+  default     = "CA"
+}
+
+variable "openvpn_host" {
+  type        = "string"
+  description = "Publicly accessible hostname of the OpenVPN server(s)."
+}
+
+# Comma delimited list
+variable "revoked_clients" {
+  type        = "string"
+  description = "Comma delimited list of existing clients who are to have their privileges revoked."
+  default     = ""
+}
+
+variable "s3_bucket" {
+  type        = "string"
+  description = "The S3 bucket where certificate and configuration are stored."
+}
+
+### Do not include the trailing slash
+variable "s3_bucket_prefix" {
+  type        = "string"
+  description = "The S3 bucket prefix. Certificates and configuration will be sourced from the root if not configured."
+  default     = ""
+}
+
+variable "s3_push_dryrun" {
+  type        = "string"
+  description = "Dry-run push of certificates into s3 location"
+  default     = false
+}
@@ -5,7 +5,7 @@ runcmd:
   - echo "S3_REGION=\"${region}\"" > /etc/default/openvpn-cert-generator
   - echo "S3_CERT_ROOT_PATH=\"s3://${replace(s3_bucket,"/(\/)+$/","")}/\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_SIZE=${cert_key_size}" >> /etc/default/openvpn-cert-generator
-  - echo "S3_DIR_OVERRIDE=\"${replace(s3_bucket_prefix,"/^(\/)+|(\/)+$/","")}\"" >> /etc/default/openvpn-cert-generator
+  - echo "S3_DIR_OVERRIDE=\"${replace(s3_dir_override,"/^(\/)+|(\/)+$/","")}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_CITY=\"${key_city}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_ORG=\"${key_org}\"" >> /etc/default/openvpn-cert-generator
   - echo "KEY_EMAIL=\"${key_email}\"" >> /etc/default/openvpn-cert-generator