majuna/app/terraform/proxy/cloudfront.py

import datetime
from typing import Any

from app.extensions import db
from app.models.mirrors import Proxy
from app.terraform.proxy import ProxyAutomation


class ProxyCloudfrontAutomation(ProxyAutomation):
    short_name = "proxy_cloudfront"
    description = "Deploy proxies to AWS CloudFront"
    provider = "cloudfront"

    template_parameters = [
        "aws_access_key",
        "aws_secret_key"
    ]

    template = """
    terraform {
      required_providers {
        aws = {
          version = "~> 4.4.0"
        }
      }
    }
    
    provider "aws" {
      access_key = "{{ aws_access_key }}"
      secret_key = "{{ aws_secret_key }}"
      region = "us-east-2"
    }
    
    {% for group in groups %}
    module "label_{{ group.id }}" {
      source  = "cloudposse/label/null"
      version = "0.25.0"
      namespace = "{{ global_namespace }}"
      tenant = "{{ group.group_name }}"
      label_order = ["namespace", "tenant", "name", "attributes"]
    }
    
    module "log_bucket_{{ group.id }}" {
      source = "cloudposse/s3-log-storage/aws"
      version = "0.28.0"
      context = module.label_{{ group.id }}.context
      name = "logs"
      attributes = ["cloudfront"]
      acl                      = "log-delivery-write"
      standard_transition_days = 30
      glacier_transition_days  = 60
      expiration_days          = 90
    }
    
    resource "aws_sns_topic" "alarms_{{ group.id }}" {
      name = "${module.label_{{ group.id }}.id}-cloudfront-alarms"
    }
    {% endfor %}
    
    {% for proxy in proxies %}
    module "cloudfront_{{ proxy.id }}" {
      source = "sr2c/bc-proxy/aws"
      version = "0.0.7"
      origin_domain = "{{ proxy.origin.domain_name }}"
      logging_bucket = module.log_bucket_{{ proxy.origin.group.id }}.bucket_domain_name
      sns_topic_arn = aws_sns_topic.alarms_{{ proxy.origin.group.id }}.arn
      low_bandwidth_alarm = false
      context = module.label_{{ proxy.origin.group.id }}.context
      name = "proxy"
      attributes = ["{{ proxy.origin.domain_name }}"]
      bypass_token = "{{ bypass_token }}"
    }
    {% endfor %}
    """

    def import_state(self, state: Any) -> None:
        assert(isinstance(state, dict))
        if "child_modules" not in state['values']['root_module']:
            # There are no CloudFront proxies deployed to import state for
            return
        for mod in state['values']['root_module']['child_modules']:
            if mod['address'].startswith('module.cloudfront_'):
                for res in mod['resources']:
                    if res['address'].endswith('aws_cloudfront_distribution.this'):
                        proxy = Proxy.query.filter(Proxy.id == mod['address'][len('module.cloudfront_'):]).first()
                        proxy.url = "https://" + res['values']['domain_name']
                        proxy.slug = res['values']['id']
                        proxy.terraform_updated = datetime.datetime.utcnow()
                        break
        db.session.commit()