feat(eotk): switch to new autonomous eotk instances

app/terraform/eotk/aws.py

@@ -6,6 +6,8 @@ from app import app
 from app.extensions import db
 from app.models.base import Group
 from app.models.onions import Eotk
+from app.terraform import DeterministicZip
+from app.terraform.eotk import eotk_configuration
 from app.terraform.terraform import TerraformAutomation
 
 
@@ -54,31 +56,25 @@ class EotkAWSAutomation(TerraformAutomation):
       region = "us-east-2"
     }
 
-    provider "aws" {
-      access_key = "{{ aws_access_key }}"
-      secret_key = "{{ aws_secret_key }}"
-      region = "eu-central-1"
-      alias = "second_region"
-    }
-
     {% for group in groups %}
     module "eotk_{{ group.id }}" {
-      providers = {
-        aws = aws,
-        aws.second_region = aws.second_region
-      }
-      source = "sr2c/aws/eotk"
-      version = "0.0.6"
+      source = "{{ terraform_modules_path }}/terraform-aws-bc-eotk"
       namespace = "{{ global_namespace }}"
       tenant = "{{ group.group_name }}"
       name = "eotk"
       label_order = ["namespace", "tenant", "name", "attributes"]
-      disable_api_termination = true
+      configuration_bundle = "{{ group.id }}.zip"
+    }
+
+    output "eotk_instances_{{ group.id }}" {
+      value = module.eotk_{{ group.id }}.instances
     }
     {% endfor %}
     """
 
     def tf_generate(self) -> None:
+        if not self.working_dir:
+            raise RuntimeError("No working directory specified.")
         self.tf_write(
             self.template,
             groups=Group.query.filter(
@@ -97,19 +93,28 @@ class EotkAWSAutomation(TerraformAutomation):
                 for k in self.template_parameters
             }
         )
+        for group in Group.query.filter(
+                Group.eotk.is_(True),
+                Group.destroyed.is_(None)
+        ).order_by(Group.id).all():
+            with DeterministicZip(os.path.join(self.working_dir, f"{group.id}.zip")) as dzip:
+                dzip.add_file("sites.conf", eotk_configuration(group).encode('utf-8'))
+                for onion in sorted(group.onions, key=lambda o: o.onion_name):  # type: ignore[no-any-return]
+                    dzip.add_file(f"{onion.onion_name}.v3pub.key", onion.onion_public_key)
+                    dzip.add_file(f"{onion.onion_name}.v3sec.key", onion.onion_private_key)
+                    dzip.add_file(f"{onion.onion_name[:20]}-v3.cert", onion.tls_public_key)
+                    dzip.add_file(f"{onion.onion_name[:20]}-v3.pem", onion.tls_private_key)
 
     def tf_posthook(self, *, prehook_result: Any = None) -> None:
-        state = self.tf_show()
-        for g in state["values"]["root_module"]["child_modules"]:
-            if g["address"].startswith("module.eotk_"):
-                group_id = int(g["address"][len("module.eotk_"):])
-                for i in g["child_modules"]:
-                    if ".module.instance_" in i["address"]:
-                        instance = int(i["address"][-1])
-                        region = "us-east-2" if instance == 1 else "eu-central-1"
-                        for s in i["child_modules"]:
-                            if s["address"].endswith(".module.instance"):
-                                for x in s["resources"]:
-                                    if x["address"].endswith(".module.instance.aws_instance.default[0]"):
-                                        update_eotk_instance(group_id, region, x['values']['id'])
+        for e in Eotk.query.all():
+            db.session.delete(e)
+        outputs = self.tf_output()
+        for output in outputs:
+            if output.startswith("eotk_instances_"):
+                try:
+                    group_id = int(output[len("eotk_instance_") + 1:])
+                    for az in outputs[output]['value']:
+                        update_eotk_instance(group_id, az, outputs[output]['value'][az])
+                except ValueError:
+                    pass
         db.session.commit()