majuna/app/terraform/eotk/aws.py

import os
from datetime import datetime, timezone
from typing import Any

from app import app
from app.extensions import db
from app.models.base import Group
from app.models.onions import Eotk
from app.terraform import DeterministicZip
from app.terraform.eotk import eotk_configuration
from app.terraform.terraform import TerraformAutomation


def update_eotk_instance(group_id: int, region: str, instance_id: str) -> None:
    instance = Eotk.query.filter(
        Eotk.group_id == group_id,
        Eotk.region == region,
        Eotk.provider == "aws",
        Eotk.destroyed.is_(None),
    ).first()
    if instance is None:
        instance = Eotk()
        instance.added = datetime.now(tz=timezone.utc)
        instance.group_id = group_id
        instance.provider = "aws"
        instance.region = region
        db.session.add(instance)
    instance.updated = datetime.now(tz=timezone.utc)
    instance.instance_id = instance_id


class EotkAWSAutomation(TerraformAutomation):
    short_name = "eotk_aws"
    description = "Deploy EOTK instances to AWS"

    template_parameters = ["aws_access_key", "aws_secret_key"]

    template = """
    terraform {
      {{ backend_config }}
      required_providers {
        aws = {
          version = "~> 4.4.0"
        }
      }
    }

    provider "aws" {
      access_key = "{{ aws_access_key }}"
      secret_key = "{{ aws_secret_key }}"
      region = "us-east-2"
    }

    {% for group in groups %}
    module "eotk_{{ group.id }}" {
      source = "{{ terraform_modules_path }}/terraform-aws-bc-eotk"
      namespace = "{{ global_namespace }}"
      tenant = "{{ group.group_name }}"
      name = "eotk"
      label_order = ["namespace", "tenant", "name", "attributes"]
      tags = {
        "Application" = "EOTK"
      }
      configuration_bundle = "{{ group.id }}.zip"
    }

    output "eotk_instances_{{ group.id }}" {
      value = module.eotk_{{ group.id }}.instances
    }
    {% endfor %}
    """

    def tf_generate(self) -> None:
        if not self.working_dir:
            raise RuntimeError("No working directory specified.")
        self.tf_write(
            self.template,
            groups=Group.query.filter(
                Group.eotk.is_(True), Group.destroyed.is_(None)
            ).all(),
            global_namespace=app.config["GLOBAL_NAMESPACE"],
            terraform_modules_path=os.path.join(
                *list(os.path.split(app.root_path))[:-1], "terraform-modules"
            ),
            backend_config=f"""backend "http" {{
              lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
              unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
              address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
            }}""",
            **{k: app.config[k.upper()] for k in self.template_parameters},
        )
        for group in (
            Group.query.filter(Group.eotk.is_(True), Group.destroyed.is_(None))
            .order_by(Group.id)
            .all()
        ):
            with DeterministicZip(
                os.path.join(self.working_dir, f"{group.id}.zip")
            ) as dzip:
                dzip.add_file("sites.conf", eotk_configuration(group).encode("utf-8"))
                for onion in sorted(group.onions, key=lambda o: o.onion_name):
                    dzip.add_file(
                        f"{onion.onion_name}.v3pub.key", onion.onion_public_key
                    )
                    dzip.add_file(
                        f"{onion.onion_name}.v3sec.key", onion.onion_private_key
                    )
                    dzip.add_file(
                        f"{onion.onion_name[:20]}-v3.cert", onion.tls_public_key
                    )
                    dzip.add_file(
                        f"{onion.onion_name[:20]}-v3.pem", onion.tls_private_key
                    )

    def tf_posthook(self, *, prehook_result: Any = None) -> None:
        for e in Eotk.query.all():
            db.session.delete(e)
        outputs = self.tf_output()
        for output in outputs:
            if output.startswith("eotk_instances_"):
                try:
                    group_id = int(output[len("eotk_instance_") + 1 :])
                    for az in outputs[output]["value"]:
                        update_eotk_instance(group_id, az, outputs[output]["value"][az])
                except ValueError:
                    pass
        db.session.commit()
terraform: generate conf with http backend 2022-08-30 10:05:12 +01:00			`import os`
feat: switch all timezone naive datetimes to timezone aware 2024-12-06 16:08:48 +00:00			`from datetime import datetime, timezone`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`from typing import Any`

			`from app import app`
			`from app.extensions import db`
			`from app.models.base import Group`
			`from app.models.onions import Eotk`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`from app.terraform import DeterministicZip`
			`from app.terraform.eotk import eotk_configuration`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`from app.terraform.terraform import TerraformAutomation`


lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`def update_eotk_instance(group_id: int, region: str, instance_id: str) -> None:`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`instance = Eotk.query.filter(`
			`Eotk.group_id == group_id,`
			`Eotk.region == region,`
			`Eotk.provider == "aws",`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`Eotk.destroyed.is_(None),`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`).first()`
			`if instance is None:`
			`instance = Eotk()`
feat: switch all timezone naive datetimes to timezone aware 2024-12-06 16:08:48 +00:00			`instance.added = datetime.now(tz=timezone.utc)`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`instance.group_id = group_id`
			`instance.provider = "aws"`
			`instance.region = region`
			`db.session.add(instance)`
feat: switch all timezone naive datetimes to timezone aware 2024-12-06 16:08:48 +00:00			`instance.updated = datetime.now(tz=timezone.utc)`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`instance.instance_id = instance_id`


			`class EotkAWSAutomation(TerraformAutomation):`
			`short_name = "eotk_aws"`
			`description = "Deploy EOTK instances to AWS"`

lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`template_parameters = ["aws_access_key", "aws_secret_key"]`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00
			`template = """`
			`terraform {`
terraform: generate conf with http backend 2022-08-30 10:05:12 +01:00			`{{ backend_config }}`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`required_providers {`
			`aws = {`
			`version = "~> 4.4.0"`
			`}`
			`}`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`provider "aws" {`
			`access_key = "{{ aws_access_key }}"`
			`secret_key = "{{ aws_secret_key }}"`
			`region = "us-east-2"`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`{% for group in groups %}`
			`module "eotk_{{ group.id }}" {`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`source = "{{ terraform_modules_path }}/terraform-aws-bc-eotk"`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`namespace = "{{ global_namespace }}"`
			`tenant = "{{ group.group_name }}"`
			`name = "eotk"`
			`label_order = ["namespace", "tenant", "name", "attributes"]`
fix(eotk): properly tag the EOTK resources for the SSO permissions to work 2022-12-14 10:27:48 +00:00			`tags = {`
			`"Application" = "EOTK"`
			`}`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`configuration_bundle = "{{ group.id }}.zip"`
			`}`

			`output "eotk_instances_{{ group.id }}" {`
			`value = module.eotk_{{ group.id }}.instances`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`}`
			`{% endfor %}`
			`"""`

lots of typing fixes 2022-05-16 11:44:03 +01:00			`def tf_generate(self) -> None:`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`if not self.working_dir:`
			`raise RuntimeError("No working directory specified.")`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`self.tf_write(`
			`self.template,`
			`groups=Group.query.filter(`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`Group.eotk.is_(True), Group.destroyed.is_(None)`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`).all(),`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`global_namespace=app.config["GLOBAL_NAMESPACE"],`
			`terraform_modules_path=os.path.join(`
			`*list(os.path.split(app.root_path))[:-1], "terraform-modules"`
			`),`
terraform: generate conf with http backend 2022-08-30 10:05:12 +01:00			`backend_config=f"""backend "http" {{`
			`lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"`
			`unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"`
			`address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"`
			`}}""",`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`**{k: app.config[k.upper()] for k in self.template_parameters},`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`)`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`for group in (`
			`Group.query.filter(Group.eotk.is_(True), Group.destroyed.is_(None))`
			`.order_by(Group.id)`
			`.all()`
			`):`
			`with DeterministicZip(`
			`os.path.join(self.working_dir, f"{group.id}.zip")`
			`) as dzip:`
			`dzip.add_file("sites.conf", eotk_configuration(group).encode("utf-8"))`
lint: remove redundant type ignores after mypy upgrade 2023-06-25 13:30:41 +01:00			`for onion in sorted(group.onions, key=lambda o: o.onion_name):`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`dzip.add_file(`
			`f"{onion.onion_name}.v3pub.key", onion.onion_public_key`
			`)`
			`dzip.add_file(`
			`f"{onion.onion_name}.v3sec.key", onion.onion_private_key`
			`)`
			`dzip.add_file(`
			`f"{onion.onion_name[:20]}-v3.cert", onion.tls_public_key`
			`)`
			`dzip.add_file(`
			`f"{onion.onion_name[:20]}-v3.pem", onion.tls_private_key`
			`)`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00
			`def tf_posthook(self, *, prehook_result: Any = None) -> None:`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`for e in Eotk.query.all():`
			`db.session.delete(e)`
			`outputs = self.tf_output()`
			`for output in outputs:`
			`if output.startswith("eotk_instances_"):`
			`try:`
lint: reformat python code with black 2024-12-06 18:15:47 +00:00			`group_id = int(output[len("eotk_instance_") + 1 :])`
			`for az in outputs[output]["value"]:`
			`update_eotk_instance(group_id, az, outputs[output]["value"][az])`
feat(eotk): switch to new autonomous eotk instances 2022-12-07 18:13:01 +00:00			`except ValueError:`
			`pass`
eotk: import instance information from terraform 2022-05-13 15:40:59 +01:00			`db.session.commit()`