[FEAT] Root domain support

appliedblockchain · Jul 4, 2019 · 9c40818 · 9c40818
1 parent 5a18c69
commit 9c40818
Show file tree

Hide file tree

Showing 7 changed files with 133 additions and 15 deletions.
diff --git a/Pipfile b/Pipfile
@@ -7,6 +7,7 @@ name = "pypi"
 "flake8" = "==3.3.0"
 "pytest-flake8" = "==0.8.1"
 pytest = "==3.1.1"
+autopep8 = "*"
 
 [packages]
 salt = "==2019.2.0"

diff --git a/salt/environments/dev/pillars/deployment/k8s/applied_blockchain.sls b/salt/environments/dev/pillars/deployment/k8s/applied_blockchain.sls
diff --git a/salt/environments/dev/states/deployment/k8s/v1_0/init.sls b/salt/environments/dev/states/deployment/k8s/v1_0/init.sls
@@ -31,7 +31,7 @@ domain_test_pillar:
     - present:
       - {{ client_id }}:deployment:k8s:domain:name
       - {{ client_id }}:deployment:k8s:domain:cert64
-      - {{ client_id }}:deployment:k8s:domain:cert_key64
+      - {{ client_id }}:deployment:k8s:domain:wildcard_cert_key64
     - failhard: true
 
 {%- set _auth = salt.pillar.get([client_id, 'authentication', _cluster.provider]|join(':')) %}
@@ -92,24 +92,44 @@ nginx_ingress_deploy:
 {%- set apps_namespace = client_id|replace('_','-') %}
 
 # Setup Certificates
-{%- set cert_file = [base_app_dir, client_id + "_cert.pem"] | join("/") %}
-{%- set cert_key = [base_app_dir, client_id + "_cert.key"] | join("/") %}
-{{ cert_file }}:
+{%- set root_cert_file = [base_app_dir, client_id + "_root_cert.pem"] | join("/") %}
+{%- set root_cert_key = [base_app_dir, client_id + "_root_cert.key"] | join("/") %}
+{%- set wildcard_cert_file = [base_app_dir, client_id + "_cert.pem"] | join("/") %}
+{%- set wildcard_cert_key = [base_app_dir, client_id + "_cert.key"] | join("/") %}
+{{ root_cert_file }}:
   file.managed:
     - template: jinja
     - source: salt://{{tpldir}}/templates/base64_decode.j2
     - failhard: true
     - defaults:
         content: {{ _deploy.domain.cert64 }}
 
-{{ cert_key }}:
+{{ root_cert_key }}:
   file.managed:
     - template: jinja
     - source: salt://{{tpldir}}/templates/base64_decode.j2
     - failhard: true
     - defaults:
         content: {{ _deploy.domain.cert_key64 }}
 
+{%- if _deploy.domain.wildcard_cert64 is defined %}
+{{ wildcard_cert_file }}:
+  file.managed:
+    - template: jinja
+    - source: salt://{{tpldir}}/templates/base64_decode.j2
+    - failhard: true
+    - defaults:
+        content: {{ _deploy.domain.wildcard_cert64 }}
+
+{{ wildcard_cert_key }}:
+  file.managed:
+    - template: jinja
+    - source: salt://{{tpldir}}/templates/base64_decode.j2
+    - failhard: true
+    - defaults:
+        content: {{ _deploy.domain.wildcard_cert_key64 }}
+{%- endif %}
+
 # Setup EFS Provisioner
 # https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs
 {%- set efs_yaml = [base_app_dir, client_id + "_efs.yaml"] | join("/") %}
@@ -244,7 +264,8 @@ nginx_ingress_deploy:
 {{ ingress_service }}_deploy:
     cmd.run:
         - name: |
-            kubectl create secret tls {{ _deploy.domain.name }} --key {{ cert_key }} --cert {{ cert_file }} -n {{ apps_namespace }}
+            {% if _deploy.domain.wildcard_cert64 is defined %}kubectl create secret tls wildcard.{{ _deploy.domain.name }} --key {{ wildcard_cert_key }} --cert {{ wildcard_cert_file }} -n {{ apps_namespace }}{% endif %}
+            kubectl create secret tls {{ _deploy.domain.name }} --key {{ root_cert_key }} --cert {{ root_cert_file }} -n {{ apps_namespace }}
             kubectl apply -f {{ ingress_service }} -n {{ apps_namespace }}
         - env:
             - PATH: {{ path_var }}
@@ -253,8 +274,8 @@ nginx_ingress_deploy:
             - AWS_SECRET_ACCESS_KEY: {{ _auth.saltstack.aws_secret_access_key}}
         - require:
           - {{ kubeconfig }}
-          - {{ cert_key }}
-          - {{ cert_file }}
+          - {{ wildcard_cert_key }}
+          - {{ wildcard_cert_file }}
           - {{ ingress_service }}
           {%- for app in _deploy.apps %}
           - {{ app.name }}_deploy
@@ -280,19 +301,21 @@ nginx_ingress_deploy:
 
 {% for app in _deploy.apps %}
 {{ app.name }}_{{ client_id }}_dns:
-  dnsimple.cname_present:
+  dnsimple.{%- if app.root_application is defined and app.root_application %}alias{% else %}cname{% endif %}_present:
     - client_id: {{ client_id }}
     - domain: {{ _deploy.domain.name }}
+    {%- if app.root_application is defined and app.root_application %}
+    - name: ""
+    {% else %}
     - name: {{ app.name }}
+    {%- endif %}
     - content_file: {{ _configs.work_dir+"/"+ client_id + "/external_ip" }}
     - require:
       - {{ client_id }}_get_external_ip
       - domain_test_pillar
 {% endfor %}
 
-
 {% for job in _deploy.job %}
-
 {%- set env_vars = {} -%}
 {%- if job.requires_database is defined and job.requires_database -%}
   {%- set rds_name = _cluster.cluster_name|replace('-','') -%} # As defined in rds_configs.j2

diff --git a/salt/environments/dev/states/deployment/k8s/v1_0/templates/ingress_service.yaml.j2 b/salt/environments/dev/states/deployment/k8s/v1_0/templates/ingress_service.yaml.j2
@@ -11,17 +11,40 @@ metadata:
     nginx.ingress.kubernetes.io/use-proxy-protocol: "true"
 spec:
   tls:
-    - hosts:
+    {%- set apps_on_wildcard = [] %}
+    {%- set apps_on_root = [] %}
     {%- for app in apps %}
+    {%- if app.root_application is defined and app.root_application %}
+    {%- do apps_on_root.append(app) %}
+    {%- else %}
+    {%- do apps_on_wildcard.append(app) %}
+    {%- endif %}
+    {%- endfor -%}
+
+    {%- if apps_on_wildcard is defined %}
+    - hosts:
+    {%- for app in apps_on_wildcard %}
     {%- if app.public_access is defined and app.public_access %}
       - {{ app.name }}.{{ domain }}
     {%- endif %}
+    {%- endfor %}
+      secretName: wildcard.{{ domain }}
+    {%- endif -%}
+
+    {%- if apps_on_wildcard is defined %}
+    - hosts:
+    {%- for app in apps_on_root %}
+    {%- if app.public_access is defined and app.public_access %}
+      - {{ domain }}
+    {%- endif %}
     {%- endfor %}
       secretName: {{ domain }}
+    {%- endif %}
+
   rules:
   {%- for app in apps %}
     {%- if app.public_access is defined and app.public_access %}
-    - host: {{ app.name }}.{{ domain }}
+    - host: {% if app.root_application is defined and app.root_application %}{{ domain }}{% else %}{{ app.name }}.{{ domain }}{% endif %}
       http:
         paths:
         - path: {% if app.path is defined %}{{app.path}}{% else %}/{% endif %}

diff --git a/salt/ext/_modules/dns_dnsimple/__init__.py b/salt/ext/_modules/dns_dnsimple/__init__.py
@@ -20,3 +20,15 @@ def cname_record_add(client_id, domain, name, content):
 
 def cname_record_update(client_id, domain, name, content):
     return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).cname_record_update(domain=domain, name=name, content=content)
+
+
+def alias_record_exists(client_id, domain, name):
+    return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_exists(domain=domain, name=name)
+
+
+def alias_record_add(client_id, domain, name, content):
+    return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_add(domain=domain, name=name, content=content)
+
+
+def alias_record_update(client_id, domain, name, content):
+    return DNSimpleProvider(account_id=_confs(client_id).get('account_id'), api_token=_confs(client_id).get('api_token')).alias_record_update(domain=domain, name=name, content=content)
diff --git a/salt/ext/_modules/dns_dnsimple/provider.py b/salt/ext/_modules/dns_dnsimple/provider.py
@@ -43,3 +43,41 @@ def rfilter(x):
             return {'result': False, 'data': str(e)}
         except IndexError:
             return {'result': False, 'data': 'record not found'}
+
+    def alias_record_exists(self, domain, name=None):
+        records = self.dnsimple_client.records(domain)
+        try:
+            def rfilter(x):
+                rtype, rname, rzoneid = x.get('record').get('type'), x.get('record').get('name'), x.get('record').get('zone_id')
+                return rtype == "ALIAS" and (rname == name if (name and name != "") else True) and (rzoneid == domain)
+            record = list(filter(rfilter, records))[0]
+            return record
+        except DNSimpleException as e:
+            return {'result': True, 'data': '{}{} alias not found'.format(name + '.' if name else '', domain)}
+        except IndexError as e:
+            return {'result': True, 'data': '{} alias not found'.format(name + '.' if name else '', domain)}
+
+    def alias_record_add(self, domain, name, content):
+        try:
+            return {'result': True, 'data': self.dnsimple_client.add_record(domain, {'type': 'ALIAS', 'name': name, 'content': content})}
+        except DNSimpleException as e:
+            return {'result': False, 'data': str(e)}
+
+    def alias_record_update(self, domain, name=None, content=""):
+        records = self.dnsimple_client.records(domain)
+        try:
+            def rfilter(x):
+                rtype, rname, rzoneid = x.get('record').get('type'), x.get('record').get('name'), x.get('record').get('zone_id')
+                return rtype == "ALIAS" and (rname == name if (name and name != "") else True) and (rzoneid == domain)
+            log.error(">>>>>>>>")
+            log.error(domain)
+            log.error(name)
+            log.error(content)
+            log.error(records)
+            record_id = list(filter(rfilter, records))[0].get('record').get('id')
+            log.error(list(filter(rfilter, records))[0].get('record'))
+            return {'result': True, 'data': self.dnsimple_client.update_record(domain, record_id, {'content': content})}
+        except DNSimpleException as e:
+            return {'result': False, 'data': str(e)}
+        except IndexError:
+            return {'result': False, 'data': 'record not found'}
diff --git a/salt/ext/_states/dnsimple.py b/salt/ext/_states/dnsimple.py
@@ -24,3 +24,22 @@ def execute(op):
         return result_dict(__salt__['dns_dnsimple.cname_record_{0}'.format(op)](client_id=client_id, domain=domain, name=name, content=content))
 
     return execute('update') if exists() else execute('add')
+
+
+def alias_present(client_id, domain, name=None, content_file=None):
+    content = open(content_file, "r").read() if content_file else None
+
+    def result_dict(result):
+        return {
+            'name': 'alias_present',
+            'result': result.get('result'),
+            'changes': result.get('data') if result.get('result') else {},
+            'comment': result.get('data') if not result.get('result') else ''}
+
+    def exists():
+        return __salt__['dns_dnsimple.alias_record_exists'](client_id=client_id, domain=domain, name=name)
+
+    def execute(op):
+        return result_dict(__salt__['dns_dnsimple.alias_record_{0}'.format(op)](client_id=client_id, domain=domain, name=name, content=content))
+
+    return execute('update') if exists() else execute('add')