diff --git a/app/terraform/proxy/fastly.py b/app/terraform/proxy/fastly.py new file mode 100644 index 0000000..0437b0f --- /dev/null +++ b/app/terraform/proxy/fastly.py @@ -0,0 +1,138 @@ +import datetime +import os +import string +import random + +import jinja2 +import tldextract + +from app import app +from app.extensions import db +from app.models import Group, Origin, Proxy + +TEMPLATE = """ +terraform { + required_providers { + aws = { + version = "~> 4.4.0" + } + fastly = { + source = "fastly/fastly" + version = ">= 1.1.1" + } + } +} + +provider "aws" { + access_key = "{{ aws_access_key }}" + secret_key = "{{ aws_secret_key }}" + region = "us-east-1" +} + +provider "fastly" { + api_key = "{{ fastly_api_key }}" +} + +{% for group in groups %} +module "label_{{ group.id }}" { + source = "cloudposse/label/null" + version = "0.25.0" + namespace = "bc" + tenant = "{{ group.group_name }}" + label_order = ["namespace", "tenant", "name", "attributes"] +} + +module "log_bucket_{{ group.id }}" { + source = "cloudposse/s3-log-storage/aws" + version = "0.28.0" + context = module.label_{{ group.id }}.context + name = "logs" + attributes = ["fastly"] + acl = "private" + standard_transition_days = 30 + glacier_transition_days = 60 + expiration_days = 90 +} + +{% if group.id == 3 %} +resource "fastly_service_vcl" "service_{{ group.id }}" { + name = module.label_{{ group.id }}.id + + {% for origin in group.origins %} + {% for proxy in origin.proxies %} + {% if proxy.destroyed == None and proxy.provider == "fastly" %} + domain { + name = "{{ proxy.slug }}.global.ssl.fastly.com" + comment = "Mirror" + } + {% endif %} + {% endfor %} + + backend { + address = "{{ origin.domain_name }}" + name = "{{ origin.description }}" + port = 443 + override_host = "{{ origin.domain_name }}" + } + {% endfor %} +} +{% endif %} +{% endfor %} +""" + + +def create_missing_proxies(): + with app.app_context(): + origins = Origin.query.filter(Origin.group_id == 3).all() + for origin in origins: + azure_cdn_proxies = [ + x for x in origin.proxies + if x.provider == "fastly" and x.deprecated is None and x.destroyed is None + ] + if not azure_cdn_proxies: + proxy = Proxy() + proxy.origin_id = origin.id + proxy.provider = "fastly" + proxy.slug = tldextract.extract(origin.domain_name).domain[:5] + ''.join( + random.choices(string.ascii_lowercase, k=random.randint(5, 10))) + proxy.added = datetime.datetime.utcnow() + proxy.updated = datetime.datetime.utcnow() + db.session.add(proxy) + db.session.commit() + + +def destroy_expired_proxies(): + cutoff = datetime.datetime.utcnow() - datetime.timedelta(days=3) + proxies = Proxy.query.filter( + Proxy.destroyed == None, + Proxy.provider == "fastly", + Proxy.deprecated < cutoff + ).all() + for proxy in proxies: + proxy.destroyed = datetime.datetime.utcnow() + proxy.updated = datetime.datetime.utcnow() + db.session.commit() + + +def generate_terraform(): + filename = os.path.join( + app.config['TERRAFORM_DIRECTORY'], + 'fastly', + 'main.tf' + ) + tmpl = jinja2.Template(TEMPLATE) + rendered = tmpl.render( + aws_access_key=app.config['AWS_ACCESS_KEY'], + aws_secret_key=app.config['AWS_SECRET_KEY'], + fastly_api_key=app.config['FASTLY_API_KEY'], + groups=Group.query.all() + ) + with open(filename, 'w') as out: + out.write(rendered) + + +if __name__ == "__main__": + with app.app_context(): + create_missing_proxies() + destroy_expired_proxies() + generate_terraform()