Initial import

app/terraform/bridge/__init__.py

@@ -0,0 +1,77 @@
+import datetime
+
+from app import app
+from app.extensions import db
+from app.models import BridgeConf, Bridge, Group
+from app.terraform import BaseAutomation
+
+
+class BridgeAutomation(BaseAutomation):
+    def create_missing(self):
+        bridgeconfs = BridgeConf.query.filter(
+            BridgeConf.provider == self.provider
+        ).all()
+        for bridgeconf in bridgeconfs:
+            active_bridges = Bridge.query.filter(
+                Bridge.conf_id == bridgeconf.id,
+                Bridge.deprecated == None
+            ).all()
+            if len(active_bridges) < bridgeconf.number:
+                for i in range(bridgeconf.number - len(active_bridges)):
+                    bridge = Bridge()
+                    bridge.conf_id = bridgeconf.id
+                    bridge.added = datetime.datetime.utcnow()
+                    bridge.updated = datetime.datetime.utcnow()
+                    db.session.add(bridge)
+            elif len(active_bridges) > bridgeconf.number:
+                active_bridge_count = len(active_bridges)
+                for bridge in active_bridges:
+                    bridge.deprecate()
+                    active_bridge_count -= 1
+                    if active_bridge_count == bridgeconf.number:
+                        break
+
+    def destroy_expired(self):
+        cutoff = datetime.datetime.utcnow() - datetime.timedelta(days=0)
+        bridges = [b for b in Bridge.query.filter(
+            Bridge.destroyed == None,
+            Bridge.deprecated < cutoff
+        ).all() if b.conf.provider == self.provider]
+        for bridge in bridges:
+            bridge.destroy()
+
+    def generate_terraform(self):
+        self.write_terraform_config(
+            self.template,
+            groups=Group.query.all(),
+            bridgeconfs=BridgeConf.query.filter(
+                BridgeConf.destroyed == None,
+                BridgeConf.provider == self.provider
+            ).all(),
+            global_namespace=app.config['GLOBAL_NAMESPACE'],
+            **{
+                k: app.config[k.upper()]
+                for k in self.template_parameters
+            }
+        )
+
+    def import_terraform(self):
+        outputs = self.terraform_output()
+        for output in outputs:
+            if output.startswith('bridge_hashed_fingerprint_'):
+                parts = outputs[output]['value'].split(" ")
+                if len(parts) < 2:
+                    continue
+                bridge = Bridge.query.filter(Bridge.id == output[len('bridge_hashed_fingerprint_'):]).first()
+                bridge.nickname = parts[0]
+                bridge.hashed_fingerprint = parts[1]
+                bridge.terraform_updated = datetime.datetime.utcnow()
+            if output.startswith('bridge_bridgeline_'):
+                parts = outputs[output]['value'].split(" ")
+                if len(parts) < 4:
+                    continue
+                bridge = Bridge.query.filter(Bridge.id == output[len('bridge_bridgeline_'):]).first()
+                del(parts[3])
+                bridge.bridgeline = " ".join(parts)
+                bridge.terraform_updated = datetime.datetime.utcnow()
+        db.session.commit()

app/terraform/bridge/aws.py

@@ -0,0 +1,84 @@
+from app import app
+from app.terraform.bridge import BridgeAutomation
+
+
+class BridgeAWSAutomation(BridgeAutomation):
+    short_name = "bridge_aws"
+    provider = "aws"
+
+    template_parameters = [
+        "aws_access_key",
+        "aws_secret_key",
+        "ssh_public_key_path"
+    ]
+
+    template = """
+    terraform {
+      required_providers {
+        aws = {
+          version = "~> 4.2.0"
+        }
+      }
+    }
+    
+    provider "aws" {
+      access_key = "{{ aws_access_key }}"
+      secret_key = "{{ aws_secret_key }}"
+      region = "us-east-1"
+    }
+    
+    locals {
+      ssh_key = file("{{ ssh_public_key_path }}")
+    }
+    
+    {% for group in groups %}
+    module "label_{{ group.id }}" {
+      source  = "cloudposse/label/null"
+      version = "0.25.0"
+      namespace = "{{ global_namespace }}"
+      tenant = "{{ group.group_name }}"
+      label_order = ["namespace", "tenant", "name", "attributes"]
+    }
+    {% endfor %}
+    
+    {% for bridgeconf in bridgeconfs %}
+    {% for bridge in bridgeconf.bridges %}
+    {% if not bridge.destroyed %}
+    module "bridge_{{ bridge.id }}" {
+      source = "sr2c/tor-bridge/aws"
+      version = "0.0.1"
+      ssh_key = local.ssh_key
+      contact_info = "hi"
+      context = module.label_{{ bridgeconf.group.id }}.context
+      name = "br"
+      attributes = ["{{ bridge.id }}"]
+      distribution_method = "{{ bridge.conf.method }}"
+    }
+    
+    output "bridge_hashed_fingerprint_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.hashed_fingerprint
+    }
+    
+    output "bridge_bridgeline_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.bridgeline
+      sensitive = true
+    }
+    {% endif %}
+    {% endfor %}
+    {% endfor %}
+    """
+
+
+def automate():
+    auto = BridgeAWSAutomation()
+    auto.destroy_expired()
+    auto.create_missing()
+    auto.generate_terraform()
+    auto.terraform_init()
+    auto.terraform_apply()
+    auto.import_terraform()
+
+
+if __name__ == "__main__":
+    with app.app_context():
+        automate()

app/terraform/bridge/gandi.py

@@ -0,0 +1,95 @@
+from app import app
+from app.terraform.bridge import BridgeAutomation
+
+
+class BridgeGandiAutomation(BridgeAutomation):
+    short_name = "bridge_gandi"
+    provider = "gandi"
+
+    template_parameters = [
+        "gandi_openstack_user",
+        "gandi_openstack_password",
+        "gandi_openstack_tenant_name",
+        "ssh_public_key_path"
+    ]
+
+    template = """
+    terraform {
+      required_providers {
+        openstack = {
+          source  = "terraform-provider-openstack/openstack"
+          version = "~> 1.42.0"
+        }
+      }
+    }
+
+    provider "openstack" {
+      auth_url = "https://keystone.sd6.api.gandi.net:5000/v3"
+      user_domain_name = "public"
+      project_domain_name = "public"
+      user_name = "{{ gandi_openstack_user }}"
+      password = "{{ gandi_openstack_password }}"
+      tenant_name = "{{ gandi_openstack_tenant_name }}"
+      region = "FR-SD6"
+    }
+
+    locals {
+      ssh_key = file("{{ ssh_public_key_path }}")
+    }
+
+    {% for group in groups %}
+    module "label_{{ group.id }}" {
+      source  = "cloudposse/label/null"
+      version = "0.25.0"
+      namespace = "{{ global_namespace }}"
+      tenant = "{{ group.group_name }}"
+      label_order = ["namespace", "tenant", "name", "attributes"]
+    }
+    {% endfor %}
+
+    {% for bridgeconf in bridgeconfs %}
+    {% for bridge in bridgeconf.bridges %}
+    {% if not bridge.destroyed %}
+    module "bridge_{{ bridge.id }}" {
+      source = "sr2c/tor-bridge/openstack"
+      version = "0.0.6"
+      context = module.label_{{ bridgeconf.group.id }}.context
+      name = "br"
+      attributes = ["{{ bridge.id }}"]
+      ssh_key = local.ssh_key
+      contact_info = "hi"
+      distribution_method = "{{ bridge.conf.method }}"
+
+      image_name = "Debian 11 Bullseye"
+      flavor_name = "V-R1"
+      external_network_name = "public"
+      require_block_device_creation = true
+    }
+
+    output "bridge_hashed_fingerprint_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.hashed_fingerprint
+    }
+
+    output "bridge_bridgeline_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.bridgeline
+      sensitive = true
+    }
+    {% endif %}
+    {% endfor %}
+    {% endfor %}
+    """
+
+
+def automate():
+    auto = BridgeGandiAutomation()
+    auto.destroy_expired()
+    auto.create_missing()
+    auto.generate_terraform()
+    auto.terraform_init()
+    auto.terraform_apply()
+    auto.import_terraform()
+
+
+if __name__ == "__main__":
+    with app.app_context():
+        automate()

app/terraform/bridge/hcloud.py

@@ -0,0 +1,98 @@
+from app import app
+from app.terraform.bridge import BridgeAutomation
+
+
+class BridgeHcloudAutomation(BridgeAutomation):
+    short_name = "bridge_hcloud"
+    provider = "hcloud"
+
+    template_parameters = [
+        "hcloud_token"
+    ]
+
+    template = """
+    terraform {
+      required_providers {
+        random = {
+          source = "hashicorp/random"
+          version = "3.1.0"
+        }
+        hcloud = {
+          source  = "hetznercloud/hcloud"
+          version = "1.31.1"
+        }
+      }
+    }
+
+    provider "hcloud" {
+      token = "{{ hcloud_token }}"
+    }
+
+    data "hcloud_datacenters" "ds" {
+    }
+
+    data "hcloud_server_type" "cx11" {
+      name = "cx11"
+    }
+
+    {% for group in groups %}
+    module "label_{{ group.id }}" {
+      source  = "cloudposse/label/null"
+      version = "0.25.0"
+      namespace = "{{ global_namespace }}"
+      tenant = "{{ group.group_name }}"
+      label_order = ["namespace", "tenant", "name", "attributes"]
+    }
+    {% endfor %}
+
+    {% for bridgeconf in bridgeconfs %}
+    {% for bridge in bridgeconf.bridges %}
+    {% if not bridge.destroyed %}
+    resource "random_shuffle" "datacenter_{{ bridge.id }}" {
+      input = [for s in data.hcloud_datacenters.ds.datacenters : s.name if contains(s.available_server_type_ids, data.hcloud_server_type.cx11.id)]
+      result_count = 1
+
+      lifecycle {
+        ignore_changes = [input] # don't replace all the bridges if a new DC appears
+      }
+    }
+
+    module "bridge_{{ bridge.id }}" {
+      source = "sr2c/tor-bridge/hcloud"
+      version = "0.0.2"
+      datacenter = one(random_shuffle.datacenter_{{ bridge.id }}.result)
+      context = module.label_{{ bridgeconf.group.id }}.context
+      name = "br"
+      attributes = ["{{ bridge.id }}"]
+      ssh_key_name = "bc"
+      contact_info = "hi"
+      distribution_method = "{{ bridge.conf.method }}"
+    }
+
+    output "bridge_hashed_fingerprint_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.hashed_fingerprint
+    }
+
+    output "bridge_bridgeline_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.bridgeline
+      sensitive = true
+    }
+    {% endif %}
+    {% endfor %}
+    {% endfor %}
+    """
+
+
+def automate():
+    auto = BridgeHcloudAutomation()
+    auto.destroy_expired()
+    auto.create_missing()
+    auto.generate_terraform()
+    auto.terraform_init()
+    auto.terraform_apply()
+    auto.import_terraform()
+
+
+if __name__ == "__main__":
+    with app.app_context():
+        automate()

app/terraform/bridge/ovh.py

@@ -0,0 +1,122 @@
+from app import app
+from app.terraform.bridge import BridgeAutomation
+
+
+class BridgeOvhAutomation(BridgeAutomation):
+    short_name = "bridge_ovh"
+    provider = "ovh"
+
+    template_parameters = [
+        "ovh_cloud_application_key",
+        "ovh_cloud_application_secret",
+        "ovh_cloud_consumer_key",
+        "ovh_cloud_project_service",
+        "ovh_openstack_user",
+        "ovh_openstack_password",
+        "ovh_openstack_tenant_id",
+        "ssh_public_key_path"
+    ]
+
+    template = """
+    terraform {
+      required_providers {
+        random = {
+          source = "hashicorp/random"
+          version = "3.1.0"
+        }
+        openstack = {
+          source  = "terraform-provider-openstack/openstack"
+          version = "~> 1.42.0"
+        }
+        ovh = {
+          source  = "ovh/ovh"
+          version = ">= 0.13.0"
+        }
+      }
+    }
+    
+    provider "openstack" {
+      auth_url    = "https://auth.cloud.ovh.net/v3/"
+      domain_name = "Default" # Domain name - Always at 'default' for OVHcloud
+      user_name = "{{ ovh_openstack_user }}"
+      password = "{{ ovh_openstack_password }}"
+      tenant_id = "{{ ovh_openstack_tenant_id }}"
+    }
+    
+    provider "ovh" {
+      endpoint           = "ovh-eu"
+      application_key    = "{{ ovh_cloud_application_key }}"
+      application_secret = "{{ ovh_cloud_application_secret }}"
+      consumer_key       = "{{ ovh_cloud_consumer_key }}"
+    }
+    
+    locals {
+      ssh_key = file("{{ ssh_public_key_path }}")
+    }
+    
+    data "ovh_cloud_project_regions" "regions" {
+      service_name = "{{ ovh_cloud_project_service }}"
+      has_services_up = ["instance"]
+    }
+    
+    {% for group in groups %}
+    module "label_{{ group.id }}" {
+      source  = "cloudposse/label/null"
+      version = "0.25.0"
+      namespace = "{{ global_namespace }}"
+      tenant = "{{ group.group_name }}"
+      label_order = ["namespace", "tenant", "name", "attributes"]
+    }
+    {% endfor %}
+    
+    {% for bridgeconf in bridgeconfs %}
+    {% for bridge in bridgeconf.bridges %}
+    {% if not bridge.destroyed %}
+    resource "random_shuffle" "region_{{ bridge.id }}" {
+      input = data.ovh_cloud_project_regions.regions.names
+      result_count = 1
+    
+      lifecycle {
+        ignore_changes = [input] # don't replace all the bridges if a new region appears
+      }
+    }
+    
+    module "bridge_{{ bridge.id }}" {
+      source = "sr2c/tor-bridge/openstack"
+      version = "0.0.6"
+      region = one(random_shuffle.region_{{ bridge.id }}.result)
+      context = module.label_{{ bridgeconf.group.id }}.context
+      name = "br"
+      attributes = ["{{ bridge.id }}"]
+      ssh_key = local.ssh_key
+      contact_info = "hi"
+      distribution_method = "{{ bridge.conf.method }}"
+    }
+    
+    output "bridge_hashed_fingerprint_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.hashed_fingerprint
+    }
+    
+    output "bridge_bridgeline_{{ bridge.id }}" {
+      value = module.bridge_{{ bridge.id }}.bridgeline
+      sensitive = true
+    }
+    {% endif %}
+    {% endfor %}
+    {% endfor %}
+    """
+
+
+def automate():
+    auto = BridgeOvhAutomation()
+    auto.destroy_expired()
+    auto.create_missing()
+    auto.generate_terraform()
+    auto.terraform_init()
+    auto.terraform_apply()
+    auto.import_terraform()
+
+
+if __name__ == "__main__":
+    with app.app_context():
+        automate()