jasima/majuna
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

terraform: generate conf with http backend

Browse source
This commit is contained in:
Iain Learmonth 2022-08-30 10:05:12 +01:00
parent affa0f0149
commit 32239c379a
16 changed files with 43 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
app/cli/automate.py
View file

@ -105,6 +105,7 @@ def run_job(job_cls: Type[BaseAutomation], *,
# to be logged for investigation. Catching more specific exceptions would just mean that # to be logged for investigation. Catching more specific exceptions would just mean that
# others go unrecorded and are difficult to debug. # others go unrecorded and are difficult to debug.
except Exception as exc: # pylint: disable=broad-except except Exception as exc: # pylint: disable=broad-except
raise exc
trace = TracebackException.from_exception(exc) trace = TracebackException.from_exception(exc)
success = False success = False
logs = "\n".join(trace.format()) logs = "\n".join(trace.format())

7
app/terraform/bridge/__init__.py
View file

@ -1,4 +1,5 @@
import datetime import datetime
import os
from typing import Iterable, Optional, Any, List from typing import Iterable, Optional, Any, List
from app import app from app import app
@ -70,6 +71,12 @@ class BridgeAutomation(TerraformAutomation):
BridgeConf.provider == self.provider BridgeConf.provider == self.provider
).all(), ).all(),
global_namespace=app.config['GLOBAL_NAMESPACE'], global_namespace=app.config['GLOBAL_NAMESPACE'],
terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'),
backend_config=f"""backend "http" {{
lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
}}""",
**{ **{
k: app.config[k.upper()] k: app.config[k.upper()]
for k in self.template_parameters for k in self.template_parameters

1
app/terraform/bridge/aws.py
View file

@ -14,6 +14,7 @@ class BridgeAWSAutomation(BridgeAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
aws = { aws = {
version = "~> 4.2.0" version = "~> 4.2.0"

1
app/terraform/bridge/gandi.py
View file

@ -16,6 +16,7 @@ class BridgeGandiAutomation(BridgeAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
openstack = { openstack = {
source = "terraform-provider-openstack/openstack" source = "terraform-provider-openstack/openstack"

1
app/terraform/bridge/hcloud.py
View file

@ -13,6 +13,7 @@ class BridgeHcloudAutomation(BridgeAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
random = { random = {
source = "hashicorp/random" source = "hashicorp/random"

1
app/terraform/bridge/ovh.py
View file

@ -19,6 +19,7 @@ class BridgeOvhAutomation(BridgeAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
random = { random = {
source = "hashicorp/random" source = "hashicorp/random"

8
app/terraform/eotk/aws.py
View file

@ -1,4 +1,5 @@
import datetime import datetime
import os
from typing import Any from typing import Any
from app import app from app import app
@ -39,6 +40,7 @@ class EotkAWSAutomation(TerraformAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
aws = { aws = {
version = "~> 4.4.0" version = "~> 4.4.0"
@ -84,6 +86,12 @@ class EotkAWSAutomation(TerraformAutomation):
Group.destroyed.is_(None) Group.destroyed.is_(None)
).all(), ).all(),
global_namespace=app.config['GLOBAL_NAMESPACE'], global_namespace=app.config['GLOBAL_NAMESPACE'],
terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'),
backend_config=f"""backend "http" {{
lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
}}""",
**{ **{
k: app.config[k.upper()] k: app.config[k.upper()]
for k in self.template_parameters for k in self.template_parameters

6
app/terraform/list/__init__.py
View file

@ -50,6 +50,12 @@ class ListAutomation(TerraformAutomation):
MirrorList.provider == self.provider, MirrorList.provider == self.provider,
).all(), ).all(),
global_namespace=app.config['GLOBAL_NAMESPACE'], global_namespace=app.config['GLOBAL_NAMESPACE'],
terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'),
backend_config=f"""backend "http" {{
lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
}}""",
**{ **{
k: app.config[k.upper()] k: app.config[k.upper()]
for k in self.template_parameters for k in self.template_parameters

1
app/terraform/list/github.py
View file

@ -17,6 +17,7 @@ class ListGithubAutomation(ListAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
github = { github = {
source = "integrations/github" source = "integrations/github"

1
app/terraform/list/gitlab.py
View file

@ -16,6 +16,7 @@ class ListGitlabAutomation(ListAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
gitlab = { gitlab = {
source = "gitlabhq/gitlab" source = "gitlabhq/gitlab"

1
app/terraform/list/s3.py
View file

@ -13,6 +13,7 @@ class ListS3Automation(ListAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
aws = { aws = {
version = "~> 4.4.0" version = "~> 4.4.0"

14
app/terraform/proxy/__init__.py
View file

@ -39,6 +39,10 @@ def update_smart_proxy_instance(group_id: int,
instance.instance_id = instance_id instance.instance_id = instance_id
def sp_trusted_prefixes() -> str:
return "\n".join([f"geoip2_proxy {p};" for p in all_cdn_prefixes()])
class ProxyAutomation(TerraformAutomation): class ProxyAutomation(TerraformAutomation):
subgroup_max = math.inf subgroup_max = math.inf
""" """
@ -154,14 +158,16 @@ class ProxyAutomation(TerraformAutomation):
Proxy.provider == self.provider, Proxy.destroyed.is_(None)).all(), subgroups=self.get_subgroups(), Proxy.provider == self.provider, Proxy.destroyed.is_(None)).all(), subgroups=self.get_subgroups(),
global_namespace=app.config['GLOBAL_NAMESPACE'], bypass_token=app.config['BYPASS_TOKEN'], global_namespace=app.config['GLOBAL_NAMESPACE'], bypass_token=app.config['BYPASS_TOKEN'],
terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'), terraform_modules_path=os.path.join(*list(os.path.split(app.root_path))[:-1], 'terraform-modules'),
backend_config=f"""backend "http" {{
lock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
unlock_address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
address = "{app.config['TFSTATE_BACKEND']}/{self.short_name}"
}}""",
**{k: app.config[k.upper()] for k in self.template_parameters}) **{k: app.config[k.upper()] for k in self.template_parameters})
if self.smart_proxies: if self.smart_proxies:
for group in groups: for group in groups:
self.sp_config(group) self.sp_config(group)
def sp_trusted_prefixes(self) -> str:
return "\n".join([f"geoip2_proxy {p};" for p in all_cdn_prefixes()])
def sp_config(self, group: Group) -> None: def sp_config(self, group: Group) -> None:
group_origins: List[Origin] = Origin.query.filter( group_origins: List[Origin] = Origin.query.filter(
Origin.group_id == group.id, Origin.group_id == group.id,
@ -174,7 +180,7 @@ class ProxyAutomation(TerraformAutomation):
$geoip2_metadata_country_build metadata build_epoch; $geoip2_metadata_country_build metadata build_epoch;
$geoip2_data_country_code default=US country iso_code; $geoip2_data_country_code default=US country iso_code;
} }
""" + self.sp_trusted_prefixes() + """ """ + sp_trusted_prefixes() + """
geoip2_proxy_recursive on; geoip2_proxy_recursive on;
map $geoip2_data_country_code $redirect_country { map $geoip2_data_country_code $redirect_country {
default yes; default yes;

1
app/terraform/proxy/azure_cdn.py
View file

@ -25,6 +25,7 @@ class ProxyAzureCdnAutomation(ProxyAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
azurerm = { azurerm = {
source = "hashicorp/azurerm" source = "hashicorp/azurerm"

1
app/terraform/proxy/cloudfront.py
View file

@ -25,6 +25,7 @@ class ProxyCloudfrontAutomation(ProxyAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
acme = { acme = {
source = "vancluever/acme" source = "vancluever/acme"

1
app/terraform/proxy/fastly.py
View file

@ -20,6 +20,7 @@ class ProxyFastlyAutomation(ProxyAutomation):
template = """ template = """
terraform { terraform {
{{ backend_config }}
required_providers { required_providers {
aws = { aws = {
version = "~> 4.4.0" version = "~> 4.4.0"

1
app/tfstate.py
View file

@ -24,6 +24,7 @@ def handle_update(key):
return "OK", 200 return "OK", 200
state = TerraformState(key=key) state = TerraformState(key=key)
if state.lock and not (request.method == "UNLOCK" and request.args.get('ID') is None): if state.lock and not (request.method == "UNLOCK" and request.args.get('ID') is None):
# force-unlock seems to not give an ID to verify so accept no ID being present
if json.loads(state.lock)['ID'] != request.args.get('ID'): if json.loads(state.lock)['ID'] != request.args.get('ID'):
return Response(state.lock, status=409, content_type="application/json") return Response(state.lock, status=409, content_type="application/json")
if request.method == "POST": if request.method == "POST":