majuna/app/terraform/proxy/azure_cdn.py

from typing import Optional, Any

from app.extensions import db
from app.models.mirrors import Proxy
from app.terraform.proxy import ProxyAutomation


class ProxyAzureCdnAutomation(ProxyAutomation):
    short_name = "proxy_azure_cdn"
    description = "Deploy proxies to Azure CDN"
    provider = "azure_cdn"
    subgroup_max = 25
    parallelism = 1

    template_parameters = [
        "azure_resource_group_name",
        "azure_storage_account_name",
        "azure_location",
        "azure_client_id",
        "azure_client_secret",
        "azure_subscription_id",
        "azure_tenant_id"
    ]

    template = """
    terraform {
      required_providers {
        azurerm = {
          source  = "hashicorp/azurerm"
          version = "=2.99.0"
        }
      }
    }

    provider "azurerm" {
      features {}
      client_id = "{{ azure_client_id }}"
      client_secret = "{{ azure_client_secret }}"
      subscription_id = "{{ azure_subscription_id }}"
      tenant_id = "{{ azure_tenant_id }}"
      skip_provider_registration = true
    }

    data "azurerm_resource_group" "this" {
      name = "{{ azure_resource_group_name }}"
    }

    resource "azurerm_storage_account" "this" {
      name                     = "{{ azure_storage_account_name }}"
      resource_group_name      = data.azurerm_resource_group.this.name
      location                 = "{{ azure_location }}"
      account_tier             = "Standard"
      account_replication_type = "RAGRS"
    }

    {% for group in groups %}
    module "label_{{ group.id }}" {
      source  = "cloudposse/label/null"
      version = "0.25.0"
      namespace = "{{ global_namespace }}"
      tenant = "{{ group.group_name }}"
      label_order = ["namespace", "tenant", "name", "attributes"]
    }

    {% for subgroup in subgroups[group.id] %}
    resource "azurerm_cdn_profile" "profile_{{ group.id }}_{{ subgroup }}" {
      name                = "${module.label_{{ group.id }}.id}-sub{{ subgroup }}"
      location            = "{{ azure_location }}"
      resource_group_name = data.azurerm_resource_group.this.name
      sku                 = "Standard_Microsoft"
      tags                = module.label_{{ group.id }}.tags
    }

    resource "azurerm_monitor_diagnostic_setting" "profile_diagnostic_{{ group.id }}_{{ subgroup }}" {
      name               = "cdn-diagnostics"
      target_resource_id = azurerm_cdn_profile.profile_{{ group.id }}_{{ subgroup }}.id
      storage_account_id = azurerm_storage_account.this.id

      log {
        category = "AzureCDNAccessLog"
        enabled  = true

        retention_policy {
          enabled = true
          days = 90
        }
      }

      metric {
        category = "AllMetrics"
        enabled  = true

        retention_policy {
          enabled = true
          days = 90
        }
      }
    }

    resource "azurerm_monitor_metric_alert" "response_alert_{{ group.id }}_{{ subgroup }}" {
      name                = "bandwidth-out-high-${module.label_{{ group.id }}.id}-sub{{ subgroup }}"
      resource_group_name = data.azurerm_resource_group.this.name
      scopes              = [azurerm_cdn_profile.profile_{{ group.id }}_{{ subgroup }}.id]
      description         = "Action will be triggered when response size is too high."

      criteria {
        metric_namespace = "Microsoft.Cdn/profiles"
        metric_name      = "ResponseSize"
        aggregation      = "Total"
        operator         = "GreaterThan"
        threshold        = 21474836481
      }

      window_size = "PT1H"
    }
    {% endfor %}
    {% endfor %}

    {% for proxy in proxies %}
    resource "azurerm_cdn_endpoint" "endpoint_{{ proxy.id }}" {
      name                = "{{ proxy.slug }}"
      profile_name        = azurerm_cdn_profile.profile_{{ proxy.origin.group.id }}_{{ proxy.psg }}.name
      location            = "{{ azure_location }}"
      resource_group_name = data.azurerm_resource_group.this.name

      origin_host_header  = "{{ proxy.origin.domain_name }}"

      origin {
        name      = "upstream"
        host_name = "{{ proxy.origin.domain_name }}"
      }

      global_delivery_rule {
        modify_request_header_action {
          action = "Append"
          name = "Bypass-Rate-Limit-Token"
          value = "{{ bypass_token }}"
        }
      }
    }

    resource "azurerm_monitor_diagnostic_setting" "diagnostic_{{ proxy.id }}" {
      name               = "cdn-diagnostics"
      target_resource_id = azurerm_cdn_endpoint.endpoint_{{ proxy.id }}.id
      storage_account_id = azurerm_storage_account.this.id

      log {
        category = "CoreAnalytics"
        enabled  = true

        retention_policy {
          enabled = true
          days = 90
        }
      }
    }
    {% endfor %}
    """

    def import_state(self, state: Optional[Any]) -> None:
        proxies = Proxy.query.filter(
            Proxy.provider == self.provider,
            Proxy.destroyed.is_(None)
        ).all()
        for proxy in proxies:
            proxy.url = f"https://{proxy.slug}.azureedge.net"
        db.session.commit()
lots of typing fixes 2022-05-16 11:44:03 +01:00			`from typing import Optional, Any`

Initial import 2022-03-10 14:26:22 +00:00			`from app.extensions import db`
azure_cdn: use subgroups, attempt 2 2022-04-25 15:05:28 +01:00			`from app.models.mirrors import Proxy`
Initial import 2022-03-10 14:26:22 +00:00			`from app.terraform.proxy import ProxyAutomation`


			`class ProxyAzureCdnAutomation(ProxyAutomation):`
			`short_name = "proxy_azure_cdn"`
automation: establish an automation framework 2022-05-08 17:20:04 +01:00			`description = "Deploy proxies to Azure CDN"`
Initial import 2022-03-10 14:26:22 +00:00			`provider = "azure_cdn"`
automation: pull up terraform funcs to abstract class see #1 2022-05-08 13:01:15 +01:00			`subgroup_max = 25`
			`parallelism = 1`
Initial import 2022-03-10 14:26:22 +00:00
			`template_parameters = [`
			`"azure_resource_group_name",`
			`"azure_storage_account_name",`
			`"azure_location",`
			`"azure_client_id",`
			`"azure_client_secret",`
			`"azure_subscription_id",`
			`"azure_tenant_id"`
			`]`

			`template = """`
			`terraform {`
			`required_providers {`
			`azurerm = {`
			`source = "hashicorp/azurerm"`
			`version = "=2.99.0"`
			`}`
			`}`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`provider "azurerm" {`
			`features {}`
			`client_id = "{{ azure_client_id }}"`
			`client_secret = "{{ azure_client_secret }}"`
			`subscription_id = "{{ azure_subscription_id }}"`
			`tenant_id = "{{ azure_tenant_id }}"`
			`skip_provider_registration = true`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`data "azurerm_resource_group" "this" {`
			`name = "{{ azure_resource_group_name }}"`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`resource "azurerm_storage_account" "this" {`
			`name = "{{ azure_storage_account_name }}"`
			`resource_group_name = data.azurerm_resource_group.this.name`
			`location = "{{ azure_location }}"`
			`account_tier = "Standard"`
			`account_replication_type = "RAGRS"`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`{% for group in groups %}`
			`module "label_{{ group.id }}" {`
			`source = "cloudposse/label/null"`
			`version = "0.25.0"`
			`namespace = "{{ global_namespace }}"`
			`tenant = "{{ group.group_name }}"`
			`label_order = ["namespace", "tenant", "name", "attributes"]`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`{% for subgroup in subgroups[group.id] %}`
			`resource "azurerm_cdn_profile" "profile_{{ group.id }}_{{ subgroup }}" {`
azure_cdn: use subgroups, attempt 4 2022-04-25 15:08:15 +01:00			`name = "${module.label_{{ group.id }}.id}-sub{{ subgroup }}"`
Initial import 2022-03-10 14:26:22 +00:00			`location = "{{ azure_location }}"`
			`resource_group_name = data.azurerm_resource_group.this.name`
			`sku = "Standard_Microsoft"`
ci: add flake8 2022-05-16 13:29:48 +01:00			`tags = module.label_{{ group.id }}.tags`
Initial import 2022-03-10 14:26:22 +00:00			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`resource "azurerm_monitor_diagnostic_setting" "profile_diagnostic_{{ group.id }}_{{ subgroup }}" {`
Initial import 2022-03-10 14:26:22 +00:00			`name = "cdn-diagnostics"`
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`target_resource_id = azurerm_cdn_profile.profile_{{ group.id }}_{{ subgroup }}.id`
Initial import 2022-03-10 14:26:22 +00:00			`storage_account_id = azurerm_storage_account.this.id`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`log {`
			`category = "AzureCDNAccessLog"`
			`enabled = true`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`retention_policy {`
			`enabled = true`
			`days = 90`
			`}`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`metric {`
			`category = "AllMetrics"`
			`enabled = true`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`retention_policy {`
			`enabled = true`
			`days = 90`
			`}`
			`}`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`resource "azurerm_monitor_metric_alert" "response_alert_{{ group.id }}_{{ subgroup }}" {`
			`name = "bandwidth-out-high-${module.label_{{ group.id }}.id}-sub{{ subgroup }}"`
Initial import 2022-03-10 14:26:22 +00:00			`resource_group_name = data.azurerm_resource_group.this.name`
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`scopes = [azurerm_cdn_profile.profile_{{ group.id }}_{{ subgroup }}.id]`
Initial import 2022-03-10 14:26:22 +00:00			`description = "Action will be triggered when response size is too high."`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`criteria {`
			`metric_namespace = "Microsoft.Cdn/profiles"`
			`metric_name = "ResponseSize"`
			`aggregation = "Total"`
			`operator = "GreaterThan"`
			`threshold = 21474836481`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`window_size = "PT1H"`
			`}`
			`{% endfor %}`
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`{% endfor %}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`{% for proxy in proxies %}`
			`resource "azurerm_cdn_endpoint" "endpoint_{{ proxy.id }}" {`
			`name = "{{ proxy.slug }}"`
azure_cdn: use subgroups, attempt 1 2022-04-25 14:56:35 +01:00			`profile_name = azurerm_cdn_profile.profile_{{ proxy.origin.group.id }}_{{ proxy.psg }}.name`
Initial import 2022-03-10 14:26:22 +00:00			`location = "{{ azure_location }}"`
			`resource_group_name = data.azurerm_resource_group.this.name`
ci: add flake8 2022-05-16 13:29:48 +01:00
proxies: add support for bypass token 2022-04-19 14:32:04 +01:00			`origin_host_header = "{{ proxy.origin.domain_name }}"`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`origin {`
			`name = "upstream"`
			`host_name = "{{ proxy.origin.domain_name }}"`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`global_delivery_rule {`
			`modify_request_header_action {`
			`action = "Append"`
proxies: add support for bypass token 2022-04-19 14:32:04 +01:00			`name = "Bypass-Rate-Limit-Token"`
			`value = "{{ bypass_token }}"`
Initial import 2022-03-10 14:26:22 +00:00			`}`
			`}`
			`}`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`resource "azurerm_monitor_diagnostic_setting" "diagnostic_{{ proxy.id }}" {`
			`name = "cdn-diagnostics"`
			`target_resource_id = azurerm_cdn_endpoint.endpoint_{{ proxy.id }}.id`
			`storage_account_id = azurerm_storage_account.this.id`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`log {`
			`category = "CoreAnalytics"`
			`enabled = true`
ci: add flake8 2022-05-16 13:29:48 +01:00
Initial import 2022-03-10 14:26:22 +00:00			`retention_policy {`
			`enabled = true`
			`days = 90`
			`}`
			`}`
			`}`
			`{% endfor %}`
			`"""`

lots of typing fixes 2022-05-16 11:44:03 +01:00			`def import_state(self, state: Optional[Any]) -> None:`
automation: pull up terraform funcs to abstract class see #1 2022-05-08 13:01:15 +01:00			`proxies = Proxy.query.filter(`
			`Proxy.provider == self.provider,`
ci: add flake8 2022-05-16 13:29:48 +01:00			`Proxy.destroyed.is_(None)`
automation: pull up terraform funcs to abstract class see #1 2022-05-08 13:01:15 +01:00			`).all()`
			`for proxy in proxies:`
			`proxy.url = f"https://{proxy.slug}.azureedge.net"`
			`db.session.commit()`