2022-05-08 17:20:04 +01:00
|
|
|
import logging
|
2022-11-28 19:03:24 +00:00
|
|
|
import os
|
2022-11-16 15:47:36 +00:00
|
|
|
import shutil
|
|
|
|
|
import tempfile
|
2024-12-06 16:08:48 +00:00
|
|
|
from datetime import datetime, timedelta, timezone
|
2022-05-12 09:57:42 +01:00
|
|
|
from traceback import TracebackException
|
2022-06-17 13:21:35 +01:00
|
|
|
from typing import Type
|
2022-05-08 17:20:04 +01:00
|
|
|
|
|
|
|
|
from app import app
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.cli import BaseCliHandler, _SubparserType
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.extensions import db
|
2022-05-14 10:18:00 +01:00
|
|
|
from app.models.activity import Activity
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.models.automation import Automation, AutomationLogs, AutomationState
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform import BaseAutomation
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.terraform.alarms.eotk_aws import AlarmEotkAwsAutomation
|
|
|
|
|
from app.terraform.alarms.proxy_azure_cdn import AlarmProxyAzureCdnAutomation
|
2024-12-06 18:15:47 +00:00
|
|
|
from app.terraform.alarms.proxy_cloudfront import AlarmProxyCloudfrontAutomation
|
|
|
|
|
from app.terraform.alarms.proxy_http_status import AlarmProxyHTTPStatusAutomation
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.terraform.alarms.smart_aws import AlarmSmartAwsAutomation
|
2024-11-16 13:17:39 +00:00
|
|
|
from app.terraform.block.block_blocky import BlockBlockyAutomation
|
2024-12-06 18:15:47 +00:00
|
|
|
from app.terraform.block.block_scriptzteam import BlockBridgeScriptzteamAutomation
|
2022-07-12 11:09:23 +01:00
|
|
|
from app.terraform.block.bridge_github import BlockBridgeGitHubAutomation
|
2022-08-30 11:52:55 +01:00
|
|
|
from app.terraform.block.bridge_gitlab import BlockBridgeGitlabAutomation
|
2024-12-06 18:15:47 +00:00
|
|
|
from app.terraform.block.bridge_roskomsvoboda import BlockBridgeRoskomsvobodaAutomation
|
2022-05-09 08:09:57 +01:00
|
|
|
from app.terraform.block_external import BlockExternalAutomation
|
|
|
|
|
from app.terraform.block_ooni import BlockOONIAutomation
|
2022-05-09 14:11:05 +01:00
|
|
|
from app.terraform.block_roskomsvoboda import BlockRoskomsvobodaAutomation
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform.bridge.aws import BridgeAWSAutomation
|
|
|
|
|
from app.terraform.bridge.gandi import BridgeGandiAutomation
|
|
|
|
|
from app.terraform.bridge.hcloud import BridgeHcloudAutomation
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.terraform.bridge.meta import BridgeMetaAutomation
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform.bridge.ovh import BridgeOvhAutomation
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.terraform.eotk.aws import EotkAWSAutomation
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform.list.github import ListGithubAutomation
|
|
|
|
|
from app.terraform.list.gitlab import ListGitlabAutomation
|
2022-11-08 14:31:45 +00:00
|
|
|
from app.terraform.list.http_post import ListHttpPostAutomation
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform.list.s3 import ListS3Automation
|
|
|
|
|
from app.terraform.proxy.azure_cdn import ProxyAzureCdnAutomation
|
|
|
|
|
from app.terraform.proxy.cloudfront import ProxyCloudfrontAutomation
|
2022-06-23 15:49:09 +01:00
|
|
|
from app.terraform.proxy.fastly import ProxyFastlyAutomation
|
2024-12-06 16:08:48 +00:00
|
|
|
from app.terraform.proxy.meta import ProxyMetaAutomation
|
2023-05-25 15:32:31 +01:00
|
|
|
from app.terraform.static.aws import StaticAWSAutomation
|
2023-05-31 13:59:45 +01:00
|
|
|
from app.terraform.static.meta import StaticMetaAutomation
|
2022-05-08 17:20:04 +01:00
|
|
|
|
|
|
|
|
jobs = {
|
2022-11-28 18:55:10 +00:00
|
|
|
x.short_name: x # type: ignore[attr-defined]
|
2022-05-08 17:20:04 +01:00
|
|
|
for x in [
|
2023-02-26 12:11:30 +00:00
|
|
|
# Check for blocked resources first
|
2022-05-09 08:09:57 +01:00
|
|
|
BlockBridgeGitHubAutomation,
|
2022-08-30 11:52:55 +01:00
|
|
|
BlockBridgeGitlabAutomation,
|
2022-11-13 13:22:01 +00:00
|
|
|
BlockBridgeRoskomsvobodaAutomation,
|
2023-02-27 12:29:21 +00:00
|
|
|
BlockBridgeScriptzteamAutomation,
|
2024-11-16 13:17:39 +00:00
|
|
|
BlockBlockyAutomation,
|
2022-05-09 08:09:57 +01:00
|
|
|
BlockExternalAutomation,
|
|
|
|
|
BlockOONIAutomation,
|
2022-05-09 14:11:05 +01:00
|
|
|
BlockRoskomsvobodaAutomation,
|
2023-02-26 12:11:30 +00:00
|
|
|
# Create new resources
|
|
|
|
|
BridgeMetaAutomation,
|
2023-05-31 13:59:45 +01:00
|
|
|
StaticMetaAutomation,
|
2023-02-26 12:11:30 +00:00
|
|
|
ProxyMetaAutomation,
|
|
|
|
|
# Terraform
|
2022-05-08 17:20:04 +01:00
|
|
|
BridgeAWSAutomation,
|
|
|
|
|
BridgeGandiAutomation,
|
|
|
|
|
BridgeHcloudAutomation,
|
|
|
|
|
BridgeOvhAutomation,
|
2023-05-25 15:32:31 +01:00
|
|
|
StaticAWSAutomation,
|
2022-05-13 15:40:59 +01:00
|
|
|
EotkAWSAutomation,
|
2023-02-26 12:11:30 +00:00
|
|
|
ProxyAzureCdnAutomation,
|
|
|
|
|
ProxyCloudfrontAutomation,
|
|
|
|
|
ProxyFastlyAutomation,
|
|
|
|
|
# Import alarms
|
|
|
|
|
AlarmEotkAwsAutomation,
|
|
|
|
|
AlarmProxyAzureCdnAutomation,
|
|
|
|
|
AlarmProxyCloudfrontAutomation,
|
|
|
|
|
AlarmProxyHTTPStatusAutomation,
|
|
|
|
|
AlarmSmartAwsAutomation,
|
|
|
|
|
# Update lists
|
2022-05-08 17:20:04 +01:00
|
|
|
ListGithubAutomation,
|
|
|
|
|
ListGitlabAutomation,
|
2022-11-08 14:31:45 +00:00
|
|
|
ListHttpPostAutomation,
|
2022-05-08 17:20:04 +01:00
|
|
|
ListS3Automation,
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2022-05-16 09:24:37 +01:00
|
|
|
def run_all(**kwargs: bool) -> None:
|
2022-06-17 13:21:35 +01:00
|
|
|
"""
|
|
|
|
|
Run all automation tasks.
|
|
|
|
|
|
|
|
|
|
:param kwargs: this function takes the same arguments as :func:`run_job` and will pass the same arguments
|
|
|
|
|
to every task
|
|
|
|
|
:return: None
|
|
|
|
|
"""
|
2022-05-08 17:20:04 +01:00
|
|
|
for job in jobs.values():
|
2022-11-28 18:55:10 +00:00
|
|
|
run_job(job, **kwargs)
|
2022-05-08 17:20:04 +01:00
|
|
|
|
|
|
|
|
|
2024-12-06 18:15:47 +00:00
|
|
|
def run_job(
|
|
|
|
|
job_cls: Type[BaseAutomation], *, force: bool = False, ignore_schedule: bool = False
|
|
|
|
|
) -> None:
|
|
|
|
|
automation = Automation.query.filter(
|
|
|
|
|
Automation.short_name == job_cls.short_name
|
|
|
|
|
).first()
|
2022-05-08 17:20:04 +01:00
|
|
|
if automation is None:
|
|
|
|
|
automation = Automation()
|
2022-05-16 09:24:37 +01:00
|
|
|
automation.short_name = job_cls.short_name
|
|
|
|
|
automation.description = job_cls.description
|
2022-05-14 10:18:47 +01:00
|
|
|
automation.enabled = False
|
2022-05-08 17:20:04 +01:00
|
|
|
automation.next_is_full = False
|
2024-12-06 16:08:48 +00:00
|
|
|
automation.added = datetime.now(tz=timezone.utc)
|
2022-05-08 17:20:04 +01:00
|
|
|
automation.updated = automation.added
|
|
|
|
|
db.session.add(automation)
|
2022-05-14 12:05:06 +01:00
|
|
|
db.session.commit()
|
2022-05-08 17:20:04 +01:00
|
|
|
else:
|
|
|
|
|
if automation.state == AutomationState.RUNNING and not force:
|
|
|
|
|
logging.warning("Not running an already running automation")
|
|
|
|
|
return
|
|
|
|
|
if not ignore_schedule and not force:
|
2024-12-06 18:15:47 +00:00
|
|
|
if automation.next_run is not None and automation.next_run > datetime.now(
|
|
|
|
|
tz=timezone.utc
|
|
|
|
|
):
|
2022-05-08 17:20:04 +01:00
|
|
|
logging.warning("Not time to run this job yet")
|
|
|
|
|
return
|
|
|
|
|
if not automation.enabled and not force:
|
2024-12-06 18:15:47 +00:00
|
|
|
logging.warning(
|
|
|
|
|
"job %s is disabled and --force not specified", job_cls.short_name
|
|
|
|
|
)
|
2022-05-08 17:20:04 +01:00
|
|
|
return
|
|
|
|
|
automation.state = AutomationState.RUNNING
|
|
|
|
|
db.session.commit()
|
|
|
|
|
try:
|
2024-12-06 18:15:47 +00:00
|
|
|
if "TERRAFORM_DIRECTORY" in app.config:
|
|
|
|
|
working_dir = os.path.join(
|
|
|
|
|
app.config["TERRAFORM_DIRECTORY"],
|
|
|
|
|
job_cls.short_name or job_cls.__class__.__name__.lower(),
|
|
|
|
|
)
|
2022-11-28 19:03:24 +00:00
|
|
|
else:
|
|
|
|
|
working_dir = tempfile.mkdtemp()
|
|
|
|
|
job: BaseAutomation = job_cls(working_dir)
|
2022-11-28 18:55:10 +00:00
|
|
|
success, logs = job.automate()
|
2022-05-17 09:03:43 +01:00
|
|
|
# We want to catch any and all exceptions that would cause problems here, because
|
|
|
|
|
# the error handling process isn't really handling the error, but rather causing it
|
|
|
|
|
# to be logged for investigation. Catching more specific exceptions would just mean that
|
|
|
|
|
# others go unrecorded and are difficult to debug.
|
2022-06-17 13:21:35 +01:00
|
|
|
except Exception as exc: # pylint: disable=broad-except
|
2023-02-27 12:29:21 +00:00
|
|
|
if logging.getLogger().level == logging.DEBUG:
|
|
|
|
|
raise exc
|
2022-06-17 13:21:35 +01:00
|
|
|
trace = TracebackException.from_exception(exc)
|
2022-05-08 17:20:04 +01:00
|
|
|
success = False
|
2022-06-17 13:21:35 +01:00
|
|
|
logs = "\n".join(trace.format())
|
2023-01-21 15:15:07 +00:00
|
|
|
if job is not None and success:
|
2022-05-08 17:20:04 +01:00
|
|
|
automation.state = AutomationState.IDLE
|
2024-12-06 16:08:48 +00:00
|
|
|
automation.next_run = datetime.now(tz=timezone.utc) + timedelta(
|
2024-12-06 18:15:47 +00:00
|
|
|
minutes=getattr(job, "frequency", 7)
|
|
|
|
|
)
|
|
|
|
|
if "TERRAFORM_DIRECTORY" not in app.config and working_dir is not None:
|
2022-11-28 19:03:24 +00:00
|
|
|
# We used a temporary working directory
|
|
|
|
|
shutil.rmtree(working_dir)
|
2022-05-08 17:20:04 +01:00
|
|
|
else:
|
|
|
|
|
automation.state = AutomationState.ERROR
|
2024-02-19 11:38:05 +00:00
|
|
|
safe_jobs = [
|
2024-11-09 11:10:05 +00:00
|
|
|
"proxy_cloudfront",
|
|
|
|
|
"static_aws",
|
|
|
|
|
"list_http_post",
|
|
|
|
|
"list_s3",
|
|
|
|
|
"list_github",
|
|
|
|
|
"list_gitlab",
|
2024-11-29 18:43:56 +00:00
|
|
|
"block_blocky",
|
2024-11-29 18:44:29 +00:00
|
|
|
"block_external",
|
2024-12-06 18:15:47 +00:00
|
|
|
"block_ooni",
|
2024-02-19 12:21:02 +00:00
|
|
|
]
|
2024-02-19 11:38:05 +00:00
|
|
|
if job.short_name not in safe_jobs:
|
|
|
|
|
automation.enabled = False
|
2022-05-08 17:20:04 +01:00
|
|
|
automation.next_run = None
|
|
|
|
|
log = AutomationLogs()
|
|
|
|
|
log.automation_id = automation.id
|
2024-12-06 16:08:48 +00:00
|
|
|
log.added = datetime.now(tz=timezone.utc)
|
|
|
|
|
log.updated = datetime.now(tz=timezone.utc)
|
2022-06-18 14:17:46 +01:00
|
|
|
log.logs = str(logs)
|
2022-05-08 17:20:04 +01:00
|
|
|
db.session.add(log)
|
2022-08-30 14:15:06 +01:00
|
|
|
db.session.commit()
|
2022-05-14 10:18:00 +01:00
|
|
|
activity = Activity(
|
|
|
|
|
activity_type="automation",
|
2024-12-06 18:15:47 +00:00
|
|
|
text=(
|
|
|
|
|
f"[{automation.short_name}] 🚨 Automation failure: It was not possible to handle this failure safely "
|
|
|
|
|
"and so the automation task has been automatically disabled. It may be possible to simply re-enable "
|
|
|
|
|
"the task, but repeated failures will usually require deeper investigation. See logs for full "
|
|
|
|
|
"details."
|
|
|
|
|
),
|
2022-05-14 10:18:00 +01:00
|
|
|
)
|
2022-05-16 14:06:07 +01:00
|
|
|
db.session.add(activity)
|
2022-05-14 10:18:00 +01:00
|
|
|
activity.notify() # Notify before commit because the failure occurred even if we can't commit.
|
2024-12-06 16:08:48 +00:00
|
|
|
automation.last_run = datetime.now(tz=timezone.utc)
|
2022-05-08 17:20:04 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
|
2022-06-17 13:21:35 +01:00
|
|
|
class AutomateCliHandler(BaseCliHandler):
|
2022-05-08 17:20:04 +01:00
|
|
|
@classmethod
|
2022-05-16 09:24:37 +01:00
|
|
|
def add_subparser_to(cls, subparsers: _SubparserType) -> None:
|
2022-05-08 17:20:04 +01:00
|
|
|
parser = subparsers.add_parser("automate", help="automation operations")
|
2024-12-06 18:15:47 +00:00
|
|
|
parser.add_argument(
|
|
|
|
|
"-a",
|
|
|
|
|
"--all",
|
|
|
|
|
dest="all",
|
|
|
|
|
help="run all automation jobs",
|
|
|
|
|
action="store_true",
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
"-j",
|
|
|
|
|
"--job",
|
|
|
|
|
dest="job",
|
|
|
|
|
choices=sorted(jobs.keys()),
|
|
|
|
|
help="run a specific automation job",
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
"--force",
|
|
|
|
|
help="run job even if disabled and it's not time yet",
|
|
|
|
|
action="store_true",
|
|
|
|
|
)
|
|
|
|
|
parser.add_argument(
|
|
|
|
|
"--ignore-schedule",
|
|
|
|
|
help="run job even if it's not time yet",
|
|
|
|
|
action="store_true",
|
|
|
|
|
)
|
2022-05-08 17:20:04 +01:00
|
|
|
parser.set_defaults(cls=cls)
|
|
|
|
|
|
2022-05-16 09:24:37 +01:00
|
|
|
def run(self) -> None:
|
2022-05-08 17:20:04 +01:00
|
|
|
with app.app_context():
|
|
|
|
|
if self.args.job:
|
2024-12-06 18:15:47 +00:00
|
|
|
run_job(
|
|
|
|
|
jobs[self.args.job],
|
|
|
|
|
force=self.args.force,
|
|
|
|
|
ignore_schedule=self.args.ignore_schedule,
|
|
|
|
|
)
|
2022-05-08 17:20:04 +01:00
|
|
|
elif self.args.all:
|
2024-12-06 18:15:47 +00:00
|
|
|
run_all(
|
|
|
|
|
force=self.args.force, ignore_schedule=self.args.ignore_schedule
|
|
|
|
|
)
|
2022-05-08 17:20:04 +01:00
|
|
|
else:
|
|
|
|
|
logging.error("No action requested")
|
