mirror of
				https://github.com/github/octodns.git
				synced 2024-05-11 05:55:00 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			1465 lines
		
	
	
		
			58 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			1465 lines
		
	
	
		
			58 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #
 | |
| #
 | |
| #
 | |
| 
 | |
| from __future__ import absolute_import, division, print_function, \
 | |
|     unicode_literals
 | |
| 
 | |
| from boto3 import client
 | |
| from botocore.config import Config
 | |
| from collections import defaultdict
 | |
| from ipaddress import AddressValueError, ip_address
 | |
| from pycountry_convert import country_alpha2_to_continent_code
 | |
| from uuid import uuid4
 | |
| import logging
 | |
| import re
 | |
| 
 | |
| from six import text_type
 | |
| 
 | |
| from ..equality import EqualityTupleMixin
 | |
| from ..record import Record, Update
 | |
| from ..record.geo import GeoCodes
 | |
| from . import ProviderException
 | |
| from .base import BaseProvider
 | |
| 
 | |
| octal_re = re.compile(r'\\(\d\d\d)')
 | |
| 
 | |
| 
 | |
| def _octal_replace(s):
 | |
|     # See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/
 | |
|     #     DomainNameFormat.html
 | |
|     return octal_re.sub(lambda m: chr(int(m.group(1), 8)), s)
 | |
| 
 | |
| 
 | |
| class _Route53Record(EqualityTupleMixin):
 | |
| 
 | |
|     @classmethod
 | |
|     def _new_dynamic(cls, provider, record, hosted_zone_id, creating):
 | |
|         # Creates the RRSets that correspond to the given dynamic record
 | |
|         ret = set()
 | |
| 
 | |
|         # HostedZoneId wants just the last bit, but the place we're getting
 | |
|         # this from looks like /hostedzone/Z424CArX3BB224
 | |
|         hosted_zone_id = hosted_zone_id.split('/', 2)[-1]
 | |
| 
 | |
|         # Create the default pool which comes from the base `values` of the
 | |
|         # record object. Its only used if all other values fail their
 | |
|         # healthchecks, which hopefully never happens.
 | |
|         fqdn = record.fqdn
 | |
|         ret.add(_Route53Record(provider, record, creating,
 | |
|                                f'_octodns-default-pool.{fqdn}'))
 | |
| 
 | |
|         # Pools
 | |
|         for pool_name, pool in record.dynamic.pools.items():
 | |
| 
 | |
|             # Create the primary, this will be the rrset that geo targeted
 | |
|             # rrsets will point to when they want to use a pool of values. It's
 | |
|             # a primary and observes target health so if all the values for
 | |
|             # this pool go red, we'll use the fallback/SECONDARY just below
 | |
|             ret.add(_Route53DynamicPool(provider, hosted_zone_id, record,
 | |
|                                         pool_name, creating))
 | |
| 
 | |
|             # Create the fallback for this pool
 | |
|             fallback = pool.data.get('fallback', False)
 | |
|             if fallback:
 | |
|                 # We have an explicitly configured fallback, another pool to
 | |
|                 # use if all our values go red. This RRSet configures that pool
 | |
|                 # as the next best option
 | |
|                 ret.add(_Route53DynamicPool(provider, hosted_zone_id, record,
 | |
|                                             pool_name, creating,
 | |
|                                             target_name=fallback))
 | |
|             else:
 | |
|                 # We fallback on the default, no explicit fallback so if all of
 | |
|                 # this pool's values go red we'll fallback to the base
 | |
|                 # (non-health-checked) default pool of values
 | |
|                 ret.add(_Route53DynamicPool(provider, hosted_zone_id, record,
 | |
|                                             pool_name, creating,
 | |
|                                             target_name='default'))
 | |
| 
 | |
|             # Create the values for this pool. These are health checked and in
 | |
|             # general each unique value will have an associated healthcheck.
 | |
|             # The PRIMARY pool up above will point to these RRSets which will
 | |
|             # be served out according to their weights
 | |
|             for i, value in enumerate(pool.data['values']):
 | |
|                 weight = value['weight']
 | |
|                 value = value['value']
 | |
|                 ret.add(_Route53DynamicValue(provider, record, pool_name,
 | |
|                                              value, weight, i, creating))
 | |
| 
 | |
|         # Rules
 | |
|         for i, rule in enumerate(record.dynamic.rules):
 | |
|             pool_name = rule.data['pool']
 | |
|             geos = rule.data.get('geos', [])
 | |
|             if geos:
 | |
|                 for geo in geos:
 | |
|                     # Create a RRSet for each geo in each rule that uses the
 | |
|                     # desired target pool
 | |
|                     ret.add(_Route53DynamicRule(provider, hosted_zone_id,
 | |
|                                                 record, pool_name, i,
 | |
|                                                 creating, geo=geo))
 | |
|             else:
 | |
|                 # There's no geo's for this rule so it's the catchall that will
 | |
|                 # just point things that don't match any geo rules to the
 | |
|                 # specified pool
 | |
|                 ret.add(_Route53DynamicRule(provider, hosted_zone_id, record,
 | |
|                                             pool_name, i, creating))
 | |
| 
 | |
|         return ret
 | |
| 
 | |
|     @classmethod
 | |
|     def _new_geo(cls, provider, record, creating):
 | |
|         # Creates the RRSets that correspond to the given geo record
 | |
|         ret = set()
 | |
| 
 | |
|         ret.add(_Route53GeoDefault(provider, record, creating))
 | |
|         for ident, geo in record.geo.items():
 | |
|             ret.add(_Route53GeoRecord(provider, record, ident, geo,
 | |
|                                       creating))
 | |
| 
 | |
|         return ret
 | |
| 
 | |
|     @classmethod
 | |
|     def new(cls, provider, record, hosted_zone_id, creating):
 | |
|         # Creates the RRSets that correspond to the given record
 | |
| 
 | |
|         if getattr(record, 'dynamic', False):
 | |
|             ret = cls._new_dynamic(provider, record, hosted_zone_id, creating)
 | |
|             return ret
 | |
|         elif getattr(record, 'geo', False):
 | |
|             return cls._new_geo(provider, record, creating)
 | |
| 
 | |
|         # Its a simple record that translates into a single RRSet
 | |
|         return set((_Route53Record(provider, record, creating),))
 | |
| 
 | |
|     def __init__(self, provider, record, creating, fqdn_override=None):
 | |
|         self.fqdn = fqdn_override or record.fqdn
 | |
|         self._type = record._type
 | |
|         self.ttl = record.ttl
 | |
| 
 | |
|         values_for = getattr(self, f'_values_for_{self._type}')
 | |
|         self.values = values_for(record)
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': {
 | |
|                 'Name': self.fqdn,
 | |
|                 'ResourceRecords': [{'Value': v} for v in self.values],
 | |
|                 'TTL': self.ttl,
 | |
|                 'Type': self._type,
 | |
|             }
 | |
|         }
 | |
| 
 | |
|     # NOTE: we're using __hash__ and ordering methods that consider
 | |
|     # _Route53Records equivalent if they have the same class, fqdn, and _type.
 | |
|     # Values are ignored. This is useful when computing diffs/changes.
 | |
| 
 | |
|     def __hash__(self):
 | |
|         'sub-classes should never use this method'
 | |
|         return f'{self.fqdn}:{self._type}'.__hash__()
 | |
| 
 | |
|     def _equality_tuple(self):
 | |
|         '''Sub-classes should call up to this and return its value and add
 | |
|         any additional fields they need to hav considered.'''
 | |
|         return (self.__class__.__name__, self.fqdn, self._type)
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return '_Route53Record<{self.fqdn} {self._type} {self.ttl} ' \
 | |
|             f'{self.values}>'
 | |
| 
 | |
|     def _value_convert_value(self, value, record):
 | |
|         return value
 | |
| 
 | |
|     _value_convert_A = _value_convert_value
 | |
|     _value_convert_AAAA = _value_convert_value
 | |
|     _value_convert_NS = _value_convert_value
 | |
|     _value_convert_CNAME = _value_convert_value
 | |
|     _value_convert_PTR = _value_convert_value
 | |
| 
 | |
|     def _values_for_values(self, record):
 | |
|         return record.values
 | |
| 
 | |
|     _values_for_A = _values_for_values
 | |
|     _values_for_AAAA = _values_for_values
 | |
|     _values_for_NS = _values_for_values
 | |
| 
 | |
|     def _value_convert_CAA(self, value, record):
 | |
|         return f'{value.flags} {value.tag} "{value.value}"'
 | |
| 
 | |
|     def _values_for_CAA(self, record):
 | |
|         return [self._value_convert_CAA(v, record) for v in record.values]
 | |
| 
 | |
|     def _values_for_value(self, record):
 | |
|         return [record.value]
 | |
| 
 | |
|     _values_for_CNAME = _values_for_value
 | |
|     _values_for_PTR = _values_for_value
 | |
| 
 | |
|     def _value_convert_MX(self, value, record):
 | |
|         return f'{value.preference} {value.exchange}'
 | |
| 
 | |
|     def _values_for_MX(self, record):
 | |
|         return [self._value_convert_MX(v, record) for v in record.values]
 | |
| 
 | |
|     def _value_convert_NAPTR(self, value, record):
 | |
|         flags = value.flags if value.flags else ''
 | |
|         service = value.service if value.service else ''
 | |
|         regexp = value.regexp if value.regexp else ''
 | |
|         return f'{value.order} {value.preference} "{flags}" "{service}" ' \
 | |
|             f'"{regexp}" {value.replacement}'
 | |
| 
 | |
|     def _values_for_NAPTR(self, record):
 | |
|         return [self._value_convert_NAPTR(v, record) for v in record.values]
 | |
| 
 | |
|     def _value_convert_quoted(self, value, record):
 | |
|         return record.chunked_value(value)
 | |
| 
 | |
|     _value_convert_SPF = _value_convert_quoted
 | |
|     _value_convert_TXT = _value_convert_quoted
 | |
| 
 | |
|     def _values_for_quoted(self, record):
 | |
|         return record.chunked_values
 | |
| 
 | |
|     _values_for_SPF = _values_for_quoted
 | |
|     _values_for_TXT = _values_for_quoted
 | |
| 
 | |
|     def _value_for_SRV(self, value, record):
 | |
|         return f'{value.priority} {value.weight} {value.port} {value.target}'
 | |
| 
 | |
|     def _values_for_SRV(self, record):
 | |
|         return [self._value_for_SRV(v, record) for v in record.values]
 | |
| 
 | |
| 
 | |
| class _Route53DynamicPool(_Route53Record):
 | |
| 
 | |
|     def __init__(self, provider, hosted_zone_id, record, pool_name, creating,
 | |
|                  target_name=None):
 | |
|         fqdn_override = f'_octodns-{pool_name}-pool.{record.fqdn}'
 | |
|         super(_Route53DynamicPool, self) \
 | |
|             .__init__(provider, record, creating, fqdn_override=fqdn_override)
 | |
| 
 | |
|         self.hosted_zone_id = hosted_zone_id
 | |
|         self.pool_name = pool_name
 | |
| 
 | |
|         self.target_name = target_name
 | |
|         if target_name:
 | |
|             # We're pointing down the chain
 | |
|             self.target_dns_name = f'_octodns-{target_name}-pool.{record.fqdn}'
 | |
|         else:
 | |
|             # We're a paimary, point at our values
 | |
|             self.target_dns_name = f'_octodns-{pool_name}-value.{record.fqdn}'
 | |
| 
 | |
|     @property
 | |
|     def mode(self):
 | |
|         return 'Secondary' if self.target_name else 'Primary'
 | |
| 
 | |
|     @property
 | |
|     def identifer(self):
 | |
|         if self.target_name:
 | |
|             return f'{self.pool_name}-{self.mode}-{self.target_name}'
 | |
|         return f'{self.pool_name}-{self.mode}'
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': {
 | |
|                 'AliasTarget': {
 | |
|                     'DNSName': self.target_dns_name,
 | |
|                     'EvaluateTargetHealth': True,
 | |
|                     'HostedZoneId': self.hosted_zone_id,
 | |
|                 },
 | |
|                 'Failover': 'SECONDARY' if self.target_name else 'PRIMARY',
 | |
|                 'Name': self.fqdn,
 | |
|                 'SetIdentifier': self.identifer,
 | |
|                 'Type': self._type,
 | |
|             }
 | |
|         }
 | |
| 
 | |
|     def __hash__(self):
 | |
|         return f'{self.fqdn}:{self._type}:{self.identifer}'.__hash__()
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return f'_Route53DynamicPool<{self.fqdn} {self._type} {self.mode} ' \
 | |
|             f'{self.target_dns_name}>'
 | |
| 
 | |
| 
 | |
| class _Route53DynamicRule(_Route53Record):
 | |
| 
 | |
|     def __init__(self, provider, hosted_zone_id, record, pool_name, index,
 | |
|                  creating, geo=None):
 | |
|         super(_Route53DynamicRule, self).__init__(provider, record, creating)
 | |
| 
 | |
|         self.hosted_zone_id = hosted_zone_id
 | |
|         self.geo = geo
 | |
|         self.pool_name = pool_name
 | |
|         self.index = index
 | |
| 
 | |
|         self.target_dns_name = f'_octodns-{pool_name}-pool.{record.fqdn}'
 | |
| 
 | |
|     @property
 | |
|     def identifer(self):
 | |
|         return f'{self.index}-{self.pool_name}-{self.geo}'
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
|         rrset = {
 | |
|             'AliasTarget': {
 | |
|                 'DNSName': self.target_dns_name,
 | |
|                 'EvaluateTargetHealth': True,
 | |
|                 'HostedZoneId': self.hosted_zone_id,
 | |
|             },
 | |
|             'GeoLocation': {
 | |
|                 'CountryCode': '*'
 | |
|             },
 | |
|             'Name': self.fqdn,
 | |
|             'SetIdentifier': self.identifer,
 | |
|             'Type': self._type,
 | |
|         }
 | |
| 
 | |
|         if self.geo:
 | |
|             geo = GeoCodes.parse(self.geo)
 | |
| 
 | |
|             if geo['province_code']:
 | |
|                 rrset['GeoLocation'] = {
 | |
|                     'CountryCode': geo['country_code'],
 | |
|                     'SubdivisionCode': geo['province_code'],
 | |
|                 }
 | |
|             elif geo['country_code']:
 | |
|                 rrset['GeoLocation'] = {
 | |
|                     'CountryCode': geo['country_code']
 | |
|                 }
 | |
|             else:
 | |
|                 rrset['GeoLocation'] = {
 | |
|                     'ContinentCode': geo['continent_code'],
 | |
|                 }
 | |
| 
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': rrset,
 | |
|         }
 | |
| 
 | |
|     def __hash__(self):
 | |
|         return f'{self.fqdn}:{self._type}:{self.identifer}'.__hash__()
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return f'_Route53DynamicRule<{self.fqdn} {self._type} {self.index} ' \
 | |
|             f'{self.geo} {self.target_dns_name}>'
 | |
| 
 | |
| 
 | |
| class _Route53DynamicValue(_Route53Record):
 | |
| 
 | |
|     def __init__(self, provider, record, pool_name, value, weight, index,
 | |
|                  creating):
 | |
|         fqdn_override = f'_octodns-{pool_name}-value.{record.fqdn}'
 | |
|         super(_Route53DynamicValue, self).__init__(provider, record, creating,
 | |
|                                                    fqdn_override=fqdn_override)
 | |
| 
 | |
|         self.pool_name = pool_name
 | |
|         self.index = index
 | |
|         value_convert = getattr(self, f'_value_convert_{record._type}')
 | |
|         self.value = value_convert(value, record)
 | |
|         self.weight = weight
 | |
| 
 | |
|         self.health_check_id = provider.get_health_check_id(record, self.value,
 | |
|                                                             creating)
 | |
| 
 | |
|     @property
 | |
|     def identifer(self):
 | |
|         return f'{self.pool_name}-{self.index:03d}'
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
| 
 | |
|         if action == 'DELETE':
 | |
|             # When deleting records try and find the original rrset so that
 | |
|             # we're 100% sure to have the complete & accurate data (this mostly
 | |
|             # ensures we have the right health check id when there's multiple
 | |
|             # potential matches)
 | |
|             for existing in existing_rrsets:
 | |
|                 if self.fqdn == existing.get('Name') and \
 | |
|                    self.identifer == existing.get('SetIdentifier', None):
 | |
|                     return {
 | |
|                         'Action': action,
 | |
|                         'ResourceRecordSet': existing,
 | |
|                     }
 | |
| 
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': {
 | |
|                 'HealthCheckId': self.health_check_id,
 | |
|                 'Name': self.fqdn,
 | |
|                 'ResourceRecords': [{'Value': self.value}],
 | |
|                 'SetIdentifier': self.identifer,
 | |
|                 'TTL': self.ttl,
 | |
|                 'Type': self._type,
 | |
|                 'Weight': self.weight,
 | |
|             }
 | |
|         }
 | |
| 
 | |
|     def __hash__(self):
 | |
|         return f'{self.fqdn}:{self._type}:{self.identifer}'.__hash__()
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return f'_Route53DynamicValue<{self.fqdn} {self._type} ' \
 | |
|             f'{self.identifer} {self.value}>'
 | |
| 
 | |
| 
 | |
| class _Route53GeoDefault(_Route53Record):
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': {
 | |
|                 'Name': self.fqdn,
 | |
|                 'GeoLocation': {
 | |
|                     'CountryCode': '*'
 | |
|                 },
 | |
|                 'ResourceRecords': [{'Value': v} for v in self.values],
 | |
|                 'SetIdentifier': 'default',
 | |
|                 'TTL': self.ttl,
 | |
|                 'Type': self._type,
 | |
|             }
 | |
|         }
 | |
| 
 | |
|     def __hash__(self):
 | |
|         return f'{self.fqdn}:{self._type}:default'.__hash__()
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return f'_Route53GeoDefault<{self.fqdn} {self._type} {self.ttl} ' \
 | |
|             f'{self.values}>'
 | |
| 
 | |
| 
 | |
| class _Route53GeoRecord(_Route53Record):
 | |
| 
 | |
|     def __init__(self, provider, record, ident, geo, creating):
 | |
|         super(_Route53GeoRecord, self).__init__(provider, record, creating)
 | |
|         self.geo = geo
 | |
| 
 | |
|         value = geo.values[0]
 | |
|         self.health_check_id = provider.get_health_check_id(record, value,
 | |
|                                                             creating)
 | |
| 
 | |
|     def mod(self, action, existing_rrsets):
 | |
|         geo = self.geo
 | |
|         set_identifier = geo.code
 | |
|         fqdn = self.fqdn
 | |
| 
 | |
|         if action == 'DELETE':
 | |
|             # When deleting records try and find the original rrset so that
 | |
|             # we're 100% sure to have the complete & accurate data (this mostly
 | |
|             # ensures we have the right health check id when there's multiple
 | |
|             # potential matches)
 | |
|             for existing in existing_rrsets:
 | |
|                 if fqdn == existing.get('Name') and \
 | |
|                    set_identifier == existing.get('SetIdentifier', None):
 | |
|                     return {
 | |
|                         'Action': action,
 | |
|                         'ResourceRecordSet': existing,
 | |
|                     }
 | |
| 
 | |
|         rrset = {
 | |
|             'Name': self.fqdn,
 | |
|             'GeoLocation': {
 | |
|                 'CountryCode': '*'
 | |
|             },
 | |
|             'ResourceRecords': [{'Value': v} for v in geo.values],
 | |
|             'SetIdentifier': set_identifier,
 | |
|             'TTL': self.ttl,
 | |
|             'Type': self._type,
 | |
|         }
 | |
| 
 | |
|         if self.health_check_id:
 | |
|             rrset['HealthCheckId'] = self.health_check_id
 | |
| 
 | |
|         if geo.subdivision_code:
 | |
|             rrset['GeoLocation'] = {
 | |
|                 'CountryCode': geo.country_code,
 | |
|                 'SubdivisionCode': geo.subdivision_code
 | |
|             }
 | |
|         elif geo.country_code:
 | |
|             rrset['GeoLocation'] = {
 | |
|                 'CountryCode': geo.country_code
 | |
|             }
 | |
|         else:
 | |
|             rrset['GeoLocation'] = {
 | |
|                 'ContinentCode': geo.continent_code
 | |
|             }
 | |
| 
 | |
|         return {
 | |
|             'Action': action,
 | |
|             'ResourceRecordSet': rrset,
 | |
|         }
 | |
| 
 | |
|     def __hash__(self):
 | |
|         return f'{self.fqdn}:{self._type}:{self.geo.code}'.__hash__()
 | |
| 
 | |
|     def _equality_tuple(self):
 | |
|         return super(_Route53GeoRecord, self)._equality_tuple() + \
 | |
|             (self.geo.code,)
 | |
| 
 | |
|     def __repr__(self):
 | |
|         return f'_Route53GeoRecord<{self.fqdn} {self._type} {self.ttl} ' \
 | |
|             f'{self.geo.code} {self.values}>'
 | |
| 
 | |
| 
 | |
| class Route53ProviderException(ProviderException):
 | |
|     pass
 | |
| 
 | |
| 
 | |
| def _mod_keyer(mod):
 | |
|     rrset = mod['ResourceRecordSet']
 | |
| 
 | |
|     # Route53 requires that changes are ordered such that a target of an
 | |
|     # AliasTarget is created or upserted prior to the record that targets it.
 | |
|     # This is complicated by "UPSERT" appearing to be implemented as "DELETE"
 | |
|     # before all changes, followed by a "CREATE", internally in the AWS API.
 | |
|     # Because of this, we order changes as follows:
 | |
|     #   - Delete any records that we wish to delete that are GEOS
 | |
|     #      (because they are never targeted by anything)
 | |
|     #   - Delete any records that we wish to delete that are SECONDARY
 | |
|     #      (because they are no longer targeted by GEOS)
 | |
|     #   - Delete any records that we wish to delete that are PRIMARY
 | |
|     #      (because they are no longer targeted by SECONDARY)
 | |
|     #   - Delete any records that we wish to delete that are VALUES
 | |
|     #      (because they are no longer targeted by PRIMARY)
 | |
|     #   - CREATE/UPSERT any records that are VALUES
 | |
|     #      (because they don't depend on other records)
 | |
|     #   - CREATE/UPSERT any records that are PRIMARY
 | |
|     #      (because they always point to VALUES which now exist)
 | |
|     #   - CREATE/UPSERT any records that are SECONDARY
 | |
|     #      (because they now have PRIMARY records to target)
 | |
|     #   - CREATE/UPSERT any records that are GEOS
 | |
|     #      (because they now have all their PRIMARY pools to target)
 | |
|     #   - :tada:
 | |
|     #
 | |
|     # In theory we could also do this based on actual target reference
 | |
|     # checking, but that's more complex. Since our rules have a known
 | |
|     # dependency order, we just rely on that.
 | |
| 
 | |
|     # Get the unique ID from the name/id to get a consistent ordering.
 | |
|     if rrset.get('GeoLocation', False):
 | |
|         unique_id = rrset['SetIdentifier']
 | |
|     else:
 | |
|         if 'SetIdentifier' in rrset:
 | |
|             unique_id = f'{rrset["Name"]}-{rrset["SetIdentifier"]}'
 | |
|         else:
 | |
|             unique_id = rrset['Name']
 | |
| 
 | |
|     # Prioritise within the action_priority, ensuring targets come first.
 | |
|     if rrset.get('GeoLocation', False):
 | |
|         # Geos reference pools, so they come last.
 | |
|         record_priority = 3
 | |
|     elif rrset.get('AliasTarget', False):
 | |
|         # We use an alias
 | |
|         if rrset.get('Failover', False) == 'SECONDARY':
 | |
|             # We're a secondary, which reference the primary (failover, P1).
 | |
|             record_priority = 2
 | |
|         else:
 | |
|             # We're a primary, we reference values (P0).
 | |
|             record_priority = 1
 | |
|     else:
 | |
|         # We're just a plain value, has no dependencies so first.
 | |
|         record_priority = 0
 | |
| 
 | |
|     if mod['Action'] == 'DELETE':
 | |
|         # Delete things first, so we can never trounce our own additions
 | |
|         action_priority = 0
 | |
|         # Delete in the reverse order of priority, e.g. start with the deepest
 | |
|         # reference and work back to the values, rather than starting at the
 | |
|         # values (still ref'd).
 | |
|         record_priority = -record_priority
 | |
|     else:
 | |
|         # For CREATE and UPSERT, Route53 seems to treat them the same, so
 | |
|         # interleave these, keeping the reference order described above.
 | |
|         action_priority = 1
 | |
| 
 | |
|     return (action_priority, record_priority, unique_id)
 | |
| 
 | |
| 
 | |
| def _parse_pool_name(n):
 | |
|     # Parse the pool name out of _octodns-<pool-name>-pool...
 | |
|     return n.split('.', 1)[0][9:-5]
 | |
| 
 | |
| 
 | |
| class Route53Provider(BaseProvider):
 | |
|     '''
 | |
|     AWS Route53 Provider
 | |
| 
 | |
|     route53:
 | |
|         class: octodns.provider.route53.Route53Provider
 | |
|         # The AWS access key id
 | |
|         access_key_id:
 | |
|         # The AWS secret access key
 | |
|         secret_access_key:
 | |
|         # The AWS session token (optional)
 | |
|         # Only needed if using temporary security credentials
 | |
|         session_token:
 | |
| 
 | |
|     Alternatively, you may leave out access_key_id, secret_access_key
 | |
|     and session_token.
 | |
|     This will result in boto3 deciding authentication dynamically.
 | |
| 
 | |
|     In general the account used will need full permissions on Route53.
 | |
|     '''
 | |
|     SUPPORTS_GEO = True
 | |
|     SUPPORTS_DYNAMIC = True
 | |
|     SUPPORTS = set(('A', 'AAAA', 'CAA', 'CNAME', 'MX', 'NAPTR', 'NS', 'PTR',
 | |
|                     'SPF', 'SRV', 'TXT'))
 | |
| 
 | |
|     # This should be bumped when there are underlying changes made to the
 | |
|     # health check config.
 | |
|     HEALTH_CHECK_VERSION = '0001'
 | |
| 
 | |
|     def __init__(self, id, access_key_id=None, secret_access_key=None,
 | |
|                  max_changes=1000, client_max_attempts=None,
 | |
|                  session_token=None, delegation_set_id=None, *args, **kwargs):
 | |
|         self.max_changes = max_changes
 | |
|         self.delegation_set_id = delegation_set_id
 | |
|         _msg = f'access_key_id={access_key_id}, secret_access_key=***, ' \
 | |
|                'session_token=***'
 | |
|         use_fallback_auth = access_key_id is None and \
 | |
|             secret_access_key is None and session_token is None
 | |
|         if use_fallback_auth:
 | |
|             _msg = 'auth=fallback'
 | |
|         self.log = logging.getLogger(f'Route53Provider[{id}]')
 | |
|         self.log.debug('__init__: id=%s, %s', id, _msg)
 | |
|         super(Route53Provider, self).__init__(id, *args, **kwargs)
 | |
| 
 | |
|         config = None
 | |
|         if client_max_attempts is not None:
 | |
|             self.log.info('__init__: setting max_attempts to %d',
 | |
|                           client_max_attempts)
 | |
|             config = Config(retries={'max_attempts': client_max_attempts})
 | |
| 
 | |
|         if use_fallback_auth:
 | |
|             self._conn = client('route53', config=config)
 | |
|         else:
 | |
|             self._conn = client('route53', aws_access_key_id=access_key_id,
 | |
|                                 aws_secret_access_key=secret_access_key,
 | |
|                                 aws_session_token=session_token,
 | |
|                                 config=config)
 | |
| 
 | |
|         self._r53_zones = None
 | |
|         self._r53_rrsets = {}
 | |
|         self._health_checks = None
 | |
| 
 | |
|     @property
 | |
|     def r53_zones(self):
 | |
|         if self._r53_zones is None:
 | |
|             self.log.debug('r53_zones: loading')
 | |
|             zones = {}
 | |
|             more = True
 | |
|             start = {}
 | |
|             while more:
 | |
|                 resp = self._conn.list_hosted_zones(**start)
 | |
|                 for z in resp['HostedZones']:
 | |
|                     zones[z['Name']] = z['Id']
 | |
|                 more = resp['IsTruncated']
 | |
|                 start['Marker'] = resp.get('NextMarker', None)
 | |
| 
 | |
|             self._r53_zones = zones
 | |
| 
 | |
|         return self._r53_zones
 | |
| 
 | |
|     def _get_zone_id(self, name, create=False):
 | |
|         self.log.debug('_get_zone_id: name=%s', name)
 | |
|         if name in self.r53_zones:
 | |
|             id = self.r53_zones[name]
 | |
|             self.log.debug('_get_zone_id:   id=%s', id)
 | |
|             return id
 | |
|         if create:
 | |
|             ref = uuid4().hex
 | |
|             del_set = self.delegation_set_id
 | |
|             self.log.debug('_get_zone_id:   no matching zone, creating, '
 | |
|                            'ref=%s', ref)
 | |
|             if del_set:
 | |
|                 resp = self._conn.create_hosted_zone(Name=name,
 | |
|                                                      CallerReference=ref,
 | |
|                                                      DelegationSetId=del_set)
 | |
|             else:
 | |
|                 resp = self._conn.create_hosted_zone(Name=name,
 | |
|                                                      CallerReference=ref)
 | |
|             self.r53_zones[name] = id = resp['HostedZone']['Id']
 | |
|             return id
 | |
|         return None
 | |
| 
 | |
|     def _parse_geo(self, rrset):
 | |
|         try:
 | |
|             loc = rrset['GeoLocation']
 | |
|         except KeyError:
 | |
|             # No geo loc
 | |
|             return
 | |
|         try:
 | |
|             return loc['ContinentCode']
 | |
|         except KeyError:
 | |
|             # Must be country
 | |
|             cc = loc['CountryCode']
 | |
|             if cc == '*':
 | |
|                 # This is the default
 | |
|                 return
 | |
|             cn = country_alpha2_to_continent_code(cc)
 | |
|             try:
 | |
|                 return f'{cn}-{cc}-{loc["SubdivisionCode"]}'
 | |
|             except KeyError:
 | |
|                 return f'{cn}-{cc}'
 | |
| 
 | |
|     def _data_for_geo(self, rrset):
 | |
|         ret = {
 | |
|             'type': rrset['Type'],
 | |
|             'values': [v['Value'] for v in rrset['ResourceRecords']],
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
|         geo = self._parse_geo(rrset)
 | |
|         if geo:
 | |
|             ret['geo'] = geo
 | |
|         return ret
 | |
| 
 | |
|     _data_for_A = _data_for_geo
 | |
|     _data_for_AAAA = _data_for_geo
 | |
| 
 | |
|     def _data_for_CAA(self, rrset):
 | |
|         values = []
 | |
|         for rr in rrset['ResourceRecords']:
 | |
|             flags, tag, value = rr['Value'].split()
 | |
|             values.append({
 | |
|                 'flags': flags,
 | |
|                 'tag': tag,
 | |
|                 'value': value[1:-1],
 | |
|             })
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': values,
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     def _data_for_single(self, rrset):
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'value': rrset['ResourceRecords'][0]['Value'],
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     _data_for_PTR = _data_for_single
 | |
|     _data_for_CNAME = _data_for_single
 | |
| 
 | |
|     _fix_semicolons = re.compile(r'(?<!\\);')
 | |
| 
 | |
|     def _data_for_quoted(self, rrset):
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': [self._fix_semicolons.sub('\\;', rr['Value'][1:-1])
 | |
|                        for rr in rrset['ResourceRecords']],
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     _data_for_TXT = _data_for_quoted
 | |
|     _data_for_SPF = _data_for_quoted
 | |
| 
 | |
|     def _data_for_MX(self, rrset):
 | |
|         values = []
 | |
|         for rr in rrset['ResourceRecords']:
 | |
|             preference, exchange = rr['Value'].split()
 | |
|             values.append({
 | |
|                 'preference': preference,
 | |
|                 'exchange': exchange,
 | |
|             })
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': values,
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     def _data_for_NAPTR(self, rrset):
 | |
|         values = []
 | |
|         for rr in rrset['ResourceRecords']:
 | |
|             order, preference, flags, service, regexp, replacement = \
 | |
|                 rr['Value'].split()
 | |
|             flags = flags[1:-1]
 | |
|             service = service[1:-1]
 | |
|             regexp = regexp[1:-1]
 | |
|             values.append({
 | |
|                 'order': order,
 | |
|                 'preference': preference,
 | |
|                 'flags': flags,
 | |
|                 'service': service,
 | |
|                 'regexp': regexp,
 | |
|                 'replacement': replacement,
 | |
|             })
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': values,
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     def _data_for_NS(self, rrset):
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': [v['Value'] for v in rrset['ResourceRecords']],
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     def _data_for_SRV(self, rrset):
 | |
|         values = []
 | |
|         for rr in rrset['ResourceRecords']:
 | |
|             priority, weight, port, target = rr['Value'].split()
 | |
|             values.append({
 | |
|                 'priority': priority,
 | |
|                 'weight': weight,
 | |
|                 'port': port,
 | |
|                 'target': target,
 | |
|             })
 | |
|         return {
 | |
|             'type': rrset['Type'],
 | |
|             'values': values,
 | |
|             'ttl': int(rrset['TTL'])
 | |
|         }
 | |
| 
 | |
|     def _load_records(self, zone_id):
 | |
|         if zone_id not in self._r53_rrsets:
 | |
|             self.log.debug('_load_records: zone_id=%s loading', zone_id)
 | |
|             rrsets = []
 | |
|             more = True
 | |
|             start = {}
 | |
|             while more:
 | |
|                 resp = \
 | |
|                     self._conn.list_resource_record_sets(HostedZoneId=zone_id,
 | |
|                                                          **start)
 | |
|                 rrsets += resp['ResourceRecordSets']
 | |
|                 more = resp['IsTruncated']
 | |
|                 if more:
 | |
|                     start = {
 | |
|                         'StartRecordName': resp['NextRecordName'],
 | |
|                         'StartRecordType': resp['NextRecordType'],
 | |
|                     }
 | |
|                     try:
 | |
|                         start['StartRecordIdentifier'] = \
 | |
|                             resp['NextRecordIdentifier']
 | |
|                     except KeyError:
 | |
|                         pass
 | |
| 
 | |
|             self._r53_rrsets[zone_id] = rrsets
 | |
| 
 | |
|         return self._r53_rrsets[zone_id]
 | |
| 
 | |
|     def _data_for_dynamic(self, name, _type, rrsets):
 | |
|         # This converts a bunch of RRSets into their corresponding dynamic
 | |
|         # Record. It's used by populate.
 | |
|         pools = defaultdict(lambda: {'values': []})
 | |
|         # Data to build our rules will be collected here and "converted" into
 | |
|         # their final form below
 | |
|         rules = defaultdict(lambda: {'pool': None, 'geos': []})
 | |
|         # Base/empty data
 | |
|         data = {
 | |
|             'dynamic': {
 | |
|                 'pools': pools,
 | |
|                 'rules': [],
 | |
|             }
 | |
|         }
 | |
| 
 | |
|         # For all the rrsets that comprise this dynamic record
 | |
|         for rrset in rrsets:
 | |
|             name = rrset['Name']
 | |
|             if '-pool.' in name:
 | |
|                 # This is a pool rrset
 | |
|                 pool_name = _parse_pool_name(name)
 | |
|                 if pool_name == 'default':
 | |
|                     # default becomes the base for the record and its
 | |
|                     # value(s) will fill the non-dynamic values
 | |
|                     data_for = getattr(self, f'_data_for_{_type}')
 | |
|                     data.update(data_for(rrset))
 | |
|                 elif rrset['Failover'] == 'SECONDARY':
 | |
|                     # This is a failover record, we'll ignore PRIMARY, but
 | |
|                     # SECONDARY will tell us what the pool's fallback is
 | |
|                     fallback_name = \
 | |
|                         _parse_pool_name(rrset['AliasTarget']['DNSName'])
 | |
|                     # Don't care about default fallbacks, anything else
 | |
|                     # we'll record
 | |
|                     if fallback_name != 'default':
 | |
|                         pools[pool_name]['fallback'] = fallback_name
 | |
|             elif 'GeoLocation' in rrset:
 | |
|                 # These are rules
 | |
|                 _id = rrset['SetIdentifier']
 | |
|                 # We record rule index as the first part of set-id, the 2nd
 | |
|                 # part just ensures uniqueness across geos and is ignored
 | |
|                 i = int(_id.split('-', 1)[0])
 | |
|                 target_pool = _parse_pool_name(rrset['AliasTarget']['DNSName'])
 | |
|                 # Record the pool
 | |
|                 rules[i]['pool'] = target_pool
 | |
|                 # Record geo if we have one
 | |
|                 geo = self._parse_geo(rrset)
 | |
|                 if geo:
 | |
|                     rules[i]['geos'].append(geo)
 | |
|             else:
 | |
|                 # These are the pool value(s)
 | |
|                 # Grab the pool name out of the SetIdentifier, format looks
 | |
|                 # like ...-000 where 000 is a zero-padded index for the value
 | |
|                 # it's ignored only used to make sure the value is unique
 | |
|                 pool_name = rrset['SetIdentifier'][:-4]
 | |
|                 value = rrset['ResourceRecords'][0]['Value']
 | |
|                 pools[pool_name]['values'].append({
 | |
|                     'value': value,
 | |
|                     'weight': rrset['Weight'],
 | |
|                 })
 | |
| 
 | |
|         # Convert our map of rules into an ordered list now that we have all
 | |
|         # the data
 | |
|         for _, rule in sorted(rules.items()):
 | |
|             r = {
 | |
|                 'pool': rule['pool'],
 | |
|             }
 | |
|             geos = sorted(rule['geos'])
 | |
|             if geos:
 | |
|                 r['geos'] = geos
 | |
|             data['dynamic']['rules'].append(r)
 | |
| 
 | |
|         return data
 | |
| 
 | |
|     def _process_desired_zone(self, desired):
 | |
|         for record in desired.records:
 | |
|             if getattr(record, 'dynamic', False):
 | |
|                 # Make a copy of the record in case we have to muck with it
 | |
|                 dynamic = record.dynamic
 | |
|                 rules = []
 | |
|                 for i, rule in enumerate(dynamic.rules):
 | |
|                     geos = rule.data.get('geos', [])
 | |
|                     if not geos:
 | |
|                         rules.append(rule)
 | |
|                         continue
 | |
|                     filtered_geos = [g for g in geos
 | |
|                                      if not g.startswith('NA-CA-')]
 | |
|                     if not filtered_geos:
 | |
|                         # We've removed all geos, we'll have to skip this rule
 | |
|                         msg = f'NA-CA-* not supported for {record.fqdn}'
 | |
|                         fallback = f'skipping rule {i}'
 | |
|                         self.supports_warn_or_except(msg, fallback)
 | |
|                         continue
 | |
|                     elif geos != filtered_geos:
 | |
|                         msg = f'NA-CA-* not supported for {record.fqdn}'
 | |
|                         before = ', '.join(geos)
 | |
|                         after = ', '.join(filtered_geos)
 | |
|                         fallback = f'filtering rule {i} from ({before}) to ' \
 | |
|                             f'({after})'
 | |
|                         self.supports_warn_or_except(msg, fallback)
 | |
|                         rule.data['geos'] = filtered_geos
 | |
|                     rules.append(rule)
 | |
| 
 | |
|                 if rules != dynamic.rules:
 | |
|                     record = record.copy()
 | |
|                     record.dynamic.rules = rules
 | |
|                     desired.add_record(record, replace=True)
 | |
| 
 | |
|         return super(Route53Provider, self)._process_desired_zone(desired)
 | |
| 
 | |
|     def populate(self, zone, target=False, lenient=False):
 | |
|         self.log.debug('populate: name=%s, target=%s, lenient=%s', zone.name,
 | |
|                        target, lenient)
 | |
| 
 | |
|         before = len(zone.records)
 | |
|         exists = False
 | |
| 
 | |
|         zone_id = self._get_zone_id(zone.name)
 | |
|         if zone_id:
 | |
|             exists = True
 | |
|             records = defaultdict(lambda: defaultdict(list))
 | |
|             dynamic = defaultdict(lambda: defaultdict(list))
 | |
| 
 | |
|             for rrset in self._load_records(zone_id):
 | |
|                 record_name = zone.hostname_from_fqdn(rrset['Name'])
 | |
|                 record_name = _octal_replace(record_name)
 | |
|                 record_type = rrset['Type']
 | |
|                 if record_type not in self.SUPPORTS:
 | |
|                     # Skip stuff we don't support
 | |
|                     continue
 | |
|                 if record_name.startswith('_octodns-'):
 | |
|                     # Part of a dynamic record
 | |
|                     try:
 | |
|                         record_name = record_name.split('.', 1)[1]
 | |
|                     except IndexError:
 | |
|                         record_name = ''
 | |
|                     dynamic[record_name][record_type].append(rrset)
 | |
|                     continue
 | |
|                 elif 'AliasTarget' in rrset:
 | |
|                     if rrset['AliasTarget']['DNSName'].startswith('_octodns-'):
 | |
|                         # Part of a dynamic record
 | |
|                         dynamic[record_name][record_type].append(rrset)
 | |
|                     else:
 | |
|                         # Alias records are Route53 specific and are not
 | |
|                         # portable, so we need to skip them
 | |
|                         self.log.warning("%s is an Alias record. Skipping..."
 | |
|                                          % rrset['Name'])
 | |
|                     continue
 | |
|                 # A basic record (potentially including geo)
 | |
|                 data = getattr(self, f'_data_for_{record_type}')(rrset)
 | |
|                 records[record_name][record_type].append(data)
 | |
| 
 | |
|             # Convert the dynamic rrsets to Records
 | |
|             for name, types in dynamic.items():
 | |
|                 for _type, rrsets in types.items():
 | |
|                     data = self._data_for_dynamic(name, _type, rrsets)
 | |
|                     record = Record.new(zone, name, data, source=self,
 | |
|                                         lenient=lenient)
 | |
|                     zone.add_record(record, lenient=lenient)
 | |
| 
 | |
|             # Convert the basic (potentially with geo) rrsets to records
 | |
|             for name, types in records.items():
 | |
|                 for _type, data in types.items():
 | |
|                     if len(data) > 1:
 | |
|                         # Multiple data indicates a record with GeoDNS, convert
 | |
|                         # them data into the format we need
 | |
|                         geo = {}
 | |
|                         for d in data:
 | |
|                             try:
 | |
|                                 geo[d['geo']] = d['values']
 | |
|                             except KeyError:
 | |
|                                 primary = d
 | |
|                         data = primary
 | |
|                         data['geo'] = geo
 | |
|                     else:
 | |
|                         data = data[0]
 | |
|                     record = Record.new(zone, name, data, source=self,
 | |
|                                         lenient=lenient)
 | |
|                     zone.add_record(record, lenient=lenient)
 | |
| 
 | |
|         self.log.info('populate:   found %s records, exists=%s',
 | |
|                       len(zone.records) - before, exists)
 | |
|         return exists
 | |
| 
 | |
|     def _gen_mods(self, action, records, existing_rrsets):
 | |
|         '''
 | |
|         Turns `_Route53*`s in to `change_resource_record_sets` `Changes`
 | |
|         '''
 | |
|         return [r.mod(action, existing_rrsets) for r in records]
 | |
| 
 | |
|     @property
 | |
|     def health_checks(self):
 | |
|         if self._health_checks is None:
 | |
|             # need to do the first load
 | |
|             self.log.debug('health_checks: loading')
 | |
|             checks = {}
 | |
|             more = True
 | |
|             start = {}
 | |
|             while more:
 | |
|                 resp = self._conn.list_health_checks(**start)
 | |
|                 for health_check in resp['HealthChecks']:
 | |
|                     # our format for CallerReference is dddd:hex-uuid
 | |
|                     ref = health_check.get('CallerReference', 'xxxxx')
 | |
|                     if len(ref) > 4 and ref[4] != ':':
 | |
|                         # ignore anything else
 | |
|                         continue
 | |
|                     checks[health_check['Id']] = health_check
 | |
| 
 | |
|                 more = resp['IsTruncated']
 | |
|                 start['Marker'] = resp.get('NextMarker', None)
 | |
| 
 | |
|             self._health_checks = checks
 | |
| 
 | |
|         # We've got a cached version use it
 | |
|         return self._health_checks
 | |
| 
 | |
|     def _healthcheck_measure_latency(self, record):
 | |
|         return record._octodns.get('route53', {}) \
 | |
|             .get('healthcheck', {}) \
 | |
|             .get('measure_latency', True)
 | |
| 
 | |
|     def _healthcheck_request_interval(self, record):
 | |
|         interval = record._octodns.get('route53', {}) \
 | |
|             .get('healthcheck', {}) \
 | |
|             .get('request_interval', 10)
 | |
|         if (interval in [10, 30]):
 | |
|             return interval
 | |
|         else:
 | |
|             raise Route53ProviderException(
 | |
|                 'route53.healthcheck.request_interval '
 | |
|                 'parameter must be either 10 or 30.')
 | |
| 
 | |
|     def _health_check_equivalent(self, host, path, protocol, port,
 | |
|                                  measure_latency, request_interval,
 | |
|                                  health_check, value=None):
 | |
|         config = health_check['HealthCheckConfig']
 | |
| 
 | |
|         # So interestingly Route53 normalizes IPv6 addresses to a funky, but
 | |
|         # valid, form which will cause us to fail to find see things as
 | |
|         # equivalent. To work around this we'll ip_address's returned objects
 | |
|         # for equivalence.
 | |
|         # E.g 2001:4860:4860:0:0:0:0:8842 -> 2001:4860:4860::8842
 | |
|         if value:
 | |
|             value = ip_address(text_type(value))
 | |
|             config_ip_address = ip_address(text_type(config['IPAddress']))
 | |
|         else:
 | |
|             # No value so give this a None to match value's
 | |
|             config_ip_address = None
 | |
| 
 | |
|         fully_qualified_domain_name = config.get('FullyQualifiedDomainName',
 | |
|                                                  None)
 | |
|         resource_path = config.get('ResourcePath', None)
 | |
|         return host == fully_qualified_domain_name and \
 | |
|             path == resource_path and protocol == config['Type'] and \
 | |
|             port == config['Port'] and \
 | |
|             measure_latency == config['MeasureLatency'] and \
 | |
|             request_interval == config['RequestInterval'] and \
 | |
|             value == config_ip_address
 | |
| 
 | |
|     def get_health_check_id(self, record, value, create):
 | |
|         # fqdn & the first value are special, we use them to match up health
 | |
|         # checks to their records. Route53 health checks check a single ip and
 | |
|         # we're going to assume that ips are interchangeable to avoid
 | |
|         # health-checking each one independently
 | |
|         fqdn = record.fqdn
 | |
|         self.log.debug('get_health_check_id: fqdn=%s, type=%s, value=%s',
 | |
|                        fqdn, record._type, value)
 | |
| 
 | |
|         try:
 | |
|             ip_address(text_type(value))
 | |
|             # We're working with an IP, host is the Host header
 | |
|             healthcheck_host = record.healthcheck_host(value=value)
 | |
|         except (AddressValueError, ValueError):
 | |
|             # This isn't an IP, host is the value, value should be None
 | |
|             healthcheck_host = value
 | |
|             value = None
 | |
| 
 | |
|         healthcheck_path = record.healthcheck_path
 | |
|         healthcheck_protocol = record.healthcheck_protocol
 | |
|         healthcheck_port = record.healthcheck_port
 | |
|         healthcheck_latency = self._healthcheck_measure_latency(record)
 | |
|         healthcheck_interval = self._healthcheck_request_interval(record)
 | |
| 
 | |
|         # we're looking for a healthcheck with the current version & our record
 | |
|         # type, we'll ignore anything else
 | |
|         expected_ref = \
 | |
|             f'{self.HEALTH_CHECK_VERSION}:{record._type}:{record.fqdn}:'
 | |
|         for id, health_check in self.health_checks.items():
 | |
|             if not health_check['CallerReference'].startswith(expected_ref):
 | |
|                 # not match, ignore
 | |
|                 continue
 | |
|             if self._health_check_equivalent(healthcheck_host,
 | |
|                                              healthcheck_path,
 | |
|                                              healthcheck_protocol,
 | |
|                                              healthcheck_port,
 | |
|                                              healthcheck_latency,
 | |
|                                              healthcheck_interval,
 | |
|                                              health_check,
 | |
|                                              value=value):
 | |
|                 # this is the health check we're looking for
 | |
|                 self.log.debug('get_health_check_id:   found match id=%s', id)
 | |
|                 return id
 | |
| 
 | |
|         if not create:
 | |
|             # no existing matches and not allowed to create, return none
 | |
|             self.log.debug('get_health_check_id:   no matches, no create')
 | |
|             return
 | |
| 
 | |
|         # no existing matches, we need to create a new health check
 | |
|         config = {
 | |
|             'EnableSNI': healthcheck_protocol == 'HTTPS',
 | |
|             'FailureThreshold': 6,
 | |
|             'MeasureLatency': healthcheck_latency,
 | |
|             'Port': healthcheck_port,
 | |
|             'RequestInterval': healthcheck_interval,
 | |
|             'Type': healthcheck_protocol,
 | |
|         }
 | |
|         if healthcheck_protocol != 'TCP':
 | |
|             config['FullyQualifiedDomainName'] = healthcheck_host
 | |
|             config['ResourcePath'] = healthcheck_path
 | |
|         if value:
 | |
|             config['IPAddress'] = value
 | |
| 
 | |
|         ref = f'{self.HEALTH_CHECK_VERSION}:{record._type}:{record.fqdn}:' + \
 | |
|             uuid4().hex[:12]
 | |
|         resp = self._conn.create_health_check(CallerReference=ref,
 | |
|                                               HealthCheckConfig=config)
 | |
|         health_check = resp['HealthCheck']
 | |
|         id = health_check['Id']
 | |
| 
 | |
|         # Set a Name for the benefit of the UI
 | |
|         value_or_host = value or healthcheck_host
 | |
|         name = f'{record.fqdn}:{record._type} - {value_or_host}'
 | |
|         self._conn.change_tags_for_resource(ResourceType='healthcheck',
 | |
|                                             ResourceId=id,
 | |
|                                             AddTags=[{
 | |
|                                                 'Key': 'Name',
 | |
|                                                 'Value': name,
 | |
|                                             }])
 | |
|         # Manually add it to our cache
 | |
|         health_check['Tags'] = {
 | |
|             'Name': name
 | |
|         }
 | |
| 
 | |
|         # store the new health check so that we'll be able to find it in the
 | |
|         # future
 | |
|         self._health_checks[id] = health_check
 | |
|         self.log.info('get_health_check_id: created id=%s, host=%s, '
 | |
|                       'path=%s, protocol=%s, port=%d, measure_latency=%r, '
 | |
|                       'request_interval=%d, value=%s',
 | |
|                       id, healthcheck_host, healthcheck_path,
 | |
|                       healthcheck_protocol, healthcheck_port,
 | |
|                       healthcheck_latency, healthcheck_interval, value)
 | |
|         return id
 | |
| 
 | |
|     def _gc_health_checks(self, record, new):
 | |
|         if record._type not in ('A', 'AAAA'):
 | |
|             return
 | |
|         self.log.debug('_gc_health_checks: record=%s', record)
 | |
|         # Find the health checks we're using for the new route53 records
 | |
|         in_use = set()
 | |
|         for r in new:
 | |
|             hc_id = getattr(r, 'health_check_id', False)
 | |
|             if hc_id:
 | |
|                 in_use.add(hc_id)
 | |
|         self.log.debug('_gc_health_checks:   in_use=%s', in_use)
 | |
|         # Now we need to run through ALL the health checks looking for those
 | |
|         # that apply to this record, deleting any that do and are no longer in
 | |
|         # use
 | |
|         expected_re = re.compile(fr'^\d\d\d\d:{record._type}:{record.fqdn}:')
 | |
|         # UNITL 1.0: we'll clean out the previous version of Route53 health
 | |
|         # checks as best as we can.
 | |
|         expected_legacy_host = record.fqdn[:-1]
 | |
|         expected_legacy = f'0000:{record._type}:'
 | |
|         for id, health_check in self.health_checks.items():
 | |
|             ref = health_check['CallerReference']
 | |
|             if expected_re.match(ref) and id not in in_use:
 | |
|                 # this is a health check for this record, but not one we're
 | |
|                 # planning to use going forward
 | |
|                 self.log.info('_gc_health_checks:   deleting id=%s', id)
 | |
|                 self._conn.delete_health_check(HealthCheckId=id)
 | |
|             elif ref.startswith(expected_legacy):
 | |
|                 config = health_check['HealthCheckConfig']
 | |
|                 if expected_legacy_host == config['FullyQualifiedDomainName']:
 | |
|                     self.log.info('_gc_health_checks:   deleting legacy id=%s',
 | |
|                                   id)
 | |
|                     self._conn.delete_health_check(HealthCheckId=id)
 | |
| 
 | |
|     def _gen_records(self, record, zone_id, creating=False):
 | |
|         '''
 | |
|         Turns an octodns.Record into one or more `_Route53*`s
 | |
|         '''
 | |
|         return _Route53Record.new(self, record, zone_id, creating)
 | |
| 
 | |
|     def _mod_Create(self, change, zone_id, existing_rrsets):
 | |
|         # New is the stuff that needs to be created
 | |
|         new_records = self._gen_records(change.new, zone_id, creating=True)
 | |
|         # Now is a good time to clear out any unused health checks since we
 | |
|         # know what we'll be using going forward
 | |
|         self._gc_health_checks(change.new, new_records)
 | |
|         return self._gen_mods('CREATE', new_records, existing_rrsets)
 | |
| 
 | |
|     def _mod_Update(self, change, zone_id, existing_rrsets):
 | |
|         # See comments in _Route53Record for how the set math is made to do our
 | |
|         # bidding here.
 | |
|         existing_records = self._gen_records(change.existing, zone_id,
 | |
|                                              creating=False)
 | |
|         new_records = self._gen_records(change.new, zone_id, creating=True)
 | |
|         # Now is a good time to clear out any unused health checks since we
 | |
|         # know what we'll be using going forward
 | |
|         self._gc_health_checks(change.new, new_records)
 | |
|         # Things in existing, but not new are deletes
 | |
|         deletes = existing_records - new_records
 | |
|         # Things in new, but not existing are the creates
 | |
|         creates = new_records - existing_records
 | |
|         # Things in both need updating, we could optimize this and filter out
 | |
|         # things that haven't actually changed, but that's for another day.
 | |
|         # We can't use set math here b/c we won't be able to control which of
 | |
|         # the two objects will be in the result and we need to ensure it's the
 | |
|         # new one.
 | |
|         upserts = set()
 | |
|         for new_record in new_records:
 | |
|             if new_record in existing_records:
 | |
|                 upserts.add(new_record)
 | |
| 
 | |
|         return self._gen_mods('DELETE', deletes, existing_rrsets) + \
 | |
|             self._gen_mods('CREATE', creates, existing_rrsets) + \
 | |
|             self._gen_mods('UPSERT', upserts, existing_rrsets)
 | |
| 
 | |
|     def _mod_Delete(self, change, zone_id, existing_rrsets):
 | |
|         # Existing is the thing that needs to be deleted
 | |
|         existing_records = self._gen_records(change.existing, zone_id,
 | |
|                                              creating=False)
 | |
|         # Now is a good time to clear out all the health checks since we know
 | |
|         # we're done with them
 | |
|         self._gc_health_checks(change.existing, [])
 | |
|         return self._gen_mods('DELETE', existing_records, existing_rrsets)
 | |
| 
 | |
|     def _extra_changes_update_needed(self, record, rrset):
 | |
|         if record._type == 'CNAME':
 | |
|             # For CNAME, healthcheck host by default points to the CNAME value
 | |
|             healthcheck_host = rrset['ResourceRecords'][0]['Value']
 | |
|         else:
 | |
|             healthcheck_host = record.healthcheck_host()
 | |
| 
 | |
|         healthcheck_path = record.healthcheck_path
 | |
|         healthcheck_protocol = record.healthcheck_protocol
 | |
|         healthcheck_port = record.healthcheck_port
 | |
|         healthcheck_latency = self._healthcheck_measure_latency(record)
 | |
|         healthcheck_interval = self._healthcheck_request_interval(record)
 | |
| 
 | |
|         try:
 | |
|             health_check_id = rrset['HealthCheckId']
 | |
|             health_check = self.health_checks[health_check_id]
 | |
|             caller_ref = health_check['CallerReference']
 | |
|             if caller_ref.startswith(self.HEALTH_CHECK_VERSION):
 | |
|                 if self._health_check_equivalent(healthcheck_host,
 | |
|                                                  healthcheck_path,
 | |
|                                                  healthcheck_protocol,
 | |
|                                                  healthcheck_port,
 | |
|                                                  healthcheck_latency,
 | |
|                                                  healthcheck_interval,
 | |
|                                                  health_check):
 | |
|                     # it has the right health check
 | |
|                     return False
 | |
|         except (IndexError, KeyError):
 | |
|             # no health check id or one that isn't the right version
 | |
|             pass
 | |
| 
 | |
|         # no good, doesn't have the right health check, needs an update
 | |
|         self.log.info('_extra_changes_update_needed: health-check caused '
 | |
|                       'update of %s:%s', record.fqdn, record._type)
 | |
|         return True
 | |
| 
 | |
|     def _extra_changes_geo_needs_update(self, zone_id, record):
 | |
|         # OK this is a record we don't have change for that does have geo
 | |
|         # information. We need to look and see if it needs to be updated b/c of
 | |
|         # a health check version bump or other mismatch
 | |
|         self.log.debug('_extra_changes_geo_needs_update: inspecting=%s, %s',
 | |
|                        record.fqdn, record._type)
 | |
| 
 | |
|         fqdn = record.fqdn
 | |
| 
 | |
|         # loop through all the r53 rrsets
 | |
|         for rrset in self._load_records(zone_id):
 | |
|             if fqdn == rrset['Name'] and record._type == rrset['Type'] and \
 | |
|                rrset.get('GeoLocation', {}).get('CountryCode', False) != '*' \
 | |
|                and self._extra_changes_update_needed(record, rrset):
 | |
|                 # no good, doesn't have the right health check, needs an update
 | |
|                 self.log.info('_extra_changes_geo_needs_update: health-check '
 | |
|                               'caused update of %s:%s', record.fqdn,
 | |
|                               record._type)
 | |
|                 return True
 | |
| 
 | |
|         return False
 | |
| 
 | |
|     def _extra_changes_dynamic_needs_update(self, zone_id, record):
 | |
|         # OK this is a record we don't have change for that does have dynamic
 | |
|         # information. We need to look and see if it needs to be updated b/c of
 | |
|         # a health check version bump or other mismatch
 | |
|         self.log.debug('_extra_changes_dynamic_needs_update: inspecting=%s, '
 | |
|                        '%s', record.fqdn, record._type)
 | |
| 
 | |
|         fqdn = record.fqdn
 | |
|         _type = record._type
 | |
| 
 | |
|         # loop through all the r53 rrsets
 | |
|         for rrset in self._load_records(zone_id):
 | |
|             name = rrset['Name']
 | |
|             # Break off the first piece of the name, it'll let us figure out if
 | |
|             # this is an rrset we're interested in.
 | |
|             maybe_meta, rest = name.split('.', 1)
 | |
| 
 | |
|             if not maybe_meta.startswith('_octodns-') or \
 | |
|                not maybe_meta.endswith('-value') or \
 | |
|                '-default-' in name:
 | |
|                 # We're only interested in non-default dynamic value records,
 | |
|                 # as that's where healthchecks live
 | |
|                 continue
 | |
| 
 | |
|             if rest != fqdn or _type != rrset['Type']:
 | |
|                 # rrset isn't for the current record
 | |
|                 continue
 | |
| 
 | |
|             if self._extra_changes_update_needed(record, rrset):
 | |
|                 # no good, doesn't have the right health check, needs an update
 | |
|                 self.log.info('_extra_changes_dynamic_needs_update: '
 | |
|                               'health-check caused update of %s:%s',
 | |
|                               record.fqdn, record._type)
 | |
|                 return True
 | |
| 
 | |
|         return False
 | |
| 
 | |
|     def _extra_changes(self, desired, changes, **kwargs):
 | |
|         self.log.debug('_extra_changes: desired=%s', desired.name)
 | |
|         zone_id = self._get_zone_id(desired.name)
 | |
|         if not zone_id:
 | |
|             # zone doesn't exist so no extras to worry about
 | |
|             return []
 | |
|         # we'll skip extra checking for anything we're already going to change
 | |
|         changed = set([c.record for c in changes])
 | |
|         # ok, now it's time for the reason we're here, we need to go over all
 | |
|         # the desired records
 | |
|         extras = []
 | |
|         for record in desired.records:
 | |
|             if record in changed:
 | |
|                 # already have a change for it, skipping
 | |
|                 continue
 | |
| 
 | |
|             if getattr(record, 'geo', False):
 | |
|                 if self._extra_changes_geo_needs_update(zone_id, record):
 | |
|                     extras.append(Update(record, record))
 | |
|             elif getattr(record, 'dynamic', False):
 | |
|                 if self._extra_changes_dynamic_needs_update(zone_id, record):
 | |
|                     extras.append(Update(record, record))
 | |
| 
 | |
|         return extras
 | |
| 
 | |
|     def _apply(self, plan):
 | |
|         desired = plan.desired
 | |
|         changes = plan.changes
 | |
|         self.log.info('_apply: zone=%s, len(changes)=%d', desired.name,
 | |
|                       len(changes))
 | |
| 
 | |
|         batch = []
 | |
|         batch_rs_count = 0
 | |
|         zone_id = self._get_zone_id(desired.name, True)
 | |
|         existing_rrsets = self._load_records(zone_id)
 | |
|         for c in changes:
 | |
|             # Generate the mods for this change
 | |
|             klass = c.__class__.__name__
 | |
|             mod_type = getattr(self, f'_mod_{klass}')
 | |
|             mods = mod_type(c, zone_id, existing_rrsets)
 | |
| 
 | |
|             # Order our mods to make sure targets exist before alises point to
 | |
|             # them and we CRUD in the desired order
 | |
|             mods.sort(key=_mod_keyer)
 | |
| 
 | |
|             mods_rs_count = sum(
 | |
|                 [len(m['ResourceRecordSet'].get('ResourceRecords', ''))
 | |
|                  for m in mods]
 | |
|             )
 | |
| 
 | |
|             if mods_rs_count > self.max_changes:
 | |
|                 # a single mod resulted in too many ResourceRecords changes
 | |
|                 raise Exception(f'Too many modifications: {mods_rs_count}')
 | |
| 
 | |
|             # r53 limits changesets to 1000 entries
 | |
|             if (batch_rs_count + mods_rs_count) < self.max_changes:
 | |
|                 # append to the batch
 | |
|                 batch += mods
 | |
|                 batch_rs_count += mods_rs_count
 | |
|             else:
 | |
|                 self.log.info('_apply:   sending change request for batch of '
 | |
|                               '%d mods, %d ResourceRecords', len(batch),
 | |
|                               batch_rs_count)
 | |
|                 # send the batch
 | |
|                 self._really_apply(batch, zone_id)
 | |
|                 # start a new batch with the leftovers
 | |
|                 batch = mods
 | |
|                 batch_rs_count = mods_rs_count
 | |
| 
 | |
|         # the way the above process works there will always be something left
 | |
|         # over in batch to process. In the case that we submit a batch up there
 | |
|         # it was always the case that there was something pushing us over
 | |
|         # max_changes and thus left over to submit.
 | |
|         self.log.info('_apply:   sending change request for batch of %d mods,'
 | |
|                       ' %d ResourceRecords', len(batch),
 | |
|                       batch_rs_count)
 | |
|         self._really_apply(batch, zone_id)
 | |
| 
 | |
|     def _really_apply(self, batch, zone_id):
 | |
|         # Ensure this batch is ordered (deletes before creates etc.)
 | |
|         batch.sort(key=_mod_keyer)
 | |
|         uuid = uuid4().hex
 | |
|         batch = {
 | |
|             'Comment': f'Change: {uuid}',
 | |
|             'Changes': batch,
 | |
|         }
 | |
|         self.log.debug('_really_apply:   sending change request, comment=%s',
 | |
|                        batch['Comment'])
 | |
|         resp = self._conn.change_resource_record_sets(
 | |
|             HostedZoneId=zone_id, ChangeBatch=batch)
 | |
|         self.log.debug('_really_apply:   change info=%s', resp['ChangeInfo'])
 |