支持 ndp_dns_record_set 资源

xiaopal · May 26, 2018 · e2a1ced · e2a1ced
1 parent 7e8e29f
commit e2a1ced
Show file tree

Hide file tree

Showing 6 changed files with 124 additions and 8 deletions.
diff --git a/files/npc-setup.ctx.sh b/files/npc-setup.ctx.sh
@@ -26,19 +26,26 @@ jq_check(){
 
 expand_resources(){
 	local LINE KEY FILTER="${1:-.}" KEY_ATTR="${EXPAND_KEY_ATTR:-name}"
+	dump_str_vals(){
+		local ARG; for ARG in "$@"; do echo "$# $ARG"; done
+	}
 	while read -r LINE; do
 		local KEYS=($(eval "echo $(jq -r ".$KEY_ATTR"'|gsub("^\\*\\:|[\\s\\$]"; "")'<<<"$LINE")")) KEY_INDEX=0
 		for KEY in "${KEYS[@]}"; do
 			[ ! -z "$KEY" ] || continue
 			while read -r STM_LINE; do 
-				jq_check 'length>1 and (.[1]|strings|startswith("*:"))'<<<"$STM_LINE" || {
+				local STM_VAL_JQ STM_VAL STM_VAL_COUNT STM_VAL_INDEX=0
+				if jq_check 'length>1 and (.[1]|strings|startswith("*:"))'<<<"$STM_LINE"; then
+					STM_VAL_JQ='.[1]|gsub("^\\*\\:|[\\s\\$]"; "")'
+				elif jq_check 'length>1 and (.[1]|strings|startswith("@:"))'<<<"$STM_LINE"; then
+					STM_VAL_JQ='.[1]|gsub("^\\@\\:"; "")|gsub("(?<c>[\\s\\$\\*])";"\\\(.c)")'
+				else
 					echo "$STM_LINE" && continue
-				}
-				local STM_VALS=($(eval "echo $(jq -r '.[1]|gsub("^\\*\\:|[\\s\\$]"; "")'<<<"$STM_LINE")")) STM_VAL_INDEX=0
-				for STM_VAL in "${STM_VALS[@]}"; do
-					(( STM_VAL_INDEX++ == KEY_INDEX % ${#STM_VALS[@]} )) \
+				fi
+				while read -r STM_VAL_COUNT STM_VAL; do
+					(( STM_VAL_INDEX++ == KEY_INDEX % STM_VAL_COUNT )) \
 						&& STM_VAL="$STM_VAL" jq -c '[.[0],env.STM_VAL]' <<<"$STM_LINE"
-				done 
+				done < <(eval dump_str_vals $(jq -r "$STM_VAL_JQ"<<<"$STM_LINE"))
 			done < <(KEY="$KEY" jq --argjson index "$((KEY_INDEX))" -c ". + {$KEY_ATTR:env.KEY, ${KEY_ATTR}_index:\$index}|tostream"<<<"$LINE") \
 				| jq -s 'fromstream(.[])'; ((KEY_INDEX++))
 		done

diff --git a/files/npc-setup.dns_record_set.sh b/files/npc-setup.dns_record_set.sh
@@ -0,0 +1,101 @@
+#! /bin/bash
+
+setup_resources "dns_record_sets"
+JQ_DNS_RECORD_SETS='.npc_dns_record_sets[]?, ('"$JQ_DNS_ZONES"'|select(.present != false) | . as $zone | .record_sets[]? | .record_set |= "\(.)@\($zone.name)")'
+
+init_dns_record_sets(){
+	local INPUT="$1" STAGE="$2" DNS_ZONE DNS_ZONE_ID
+	jq_check "$JQ_DNS_RECORD_SETS" $INPUT || return 0
+    (jq -c "[ $JQ_DNS_RECORD_SETS ]" $INPUT || >>$STAGE.error) | EXPAND_KEY_ATTR='record_set' \
+		expand_resources 'map(select(.record_set)
+			| . + (.record_set | capture("(?:(?<type>\\w+),)?(?<record_set_name>[\\w\\-\\.]+)(?:,(?<ttl>\\d+))?(?:@(?<dns_zone>[\\w\\-\\.]+))?")|with_entries(select(.value))) 
+			| select(.record_set_name and .dns_zone)
+			| . + { type: (.type//"A"|ascii_upcase), record_set_name: (.record_set_name|sub("\\.*$"; ".")) } )' >$STAGE.expand
+	>$STAGE.init0;  >$STAGE.init1; 	
+    jq -r 'map(.dns_zone//empty)|unique[]' $STAGE.expand | while read -r DNS_ZONE _; do
+            DNS_ZONE="$DNS_ZONE" dns_zones_lookup "$DNS_ZONE" '"\(env.DNS_ZONE) \(.HostedZoneId)"' || echo "$DNS_ZONE"
+        done | sort -u | while read -r DNS_ZONE DNS_ZONE_ID; do
+        [ ! -z "$DNS_ZONE_ID" ] || { DNS_ZONE="$DNS_ZONE" \
+            jq_check '.[]|select(.dns_zone == env.DNS_ZONE and .present != false)' $STAGE.expand || continue
+            >>$STAGE.error; break
+        }
+        ( export DNS_ZONE DNS_ZONE_ID
+            local LOAD_FILTER='{
+                id: .ResourceRecordSetId,
+                record_set_name: .Name,
+                type: .Type,
+                actual_ttl: .TTL,
+				actual_records: .ResourceRecords 
+            }' RECORD_SET_FILTER='.+{
+                name: "\(.type),\(.record_set_name)@\(env.DNS_ZONE_ID)",
+                dns_zone_id: env.DNS_ZONE_ID
+            }'
+            jq -c "map(select(.dns_zone == env.DNS_ZONE)|$RECORD_SET_FILTER)" $STAGE.expand >>$STAGE.init0 || exit 1
+
+			local LIMIT=100 OFFSET=0 COUNT="$(checked_api2 ".ResourceRecordSetCount" \
+                GET "/dns?Version=2017-12-12&Action=GetResourceRecordSetCount&HostedZoneId=$DNS_ZONE_ID")" && [ ! -z "$COUNT" ] || exit 1
+			while (( OFFSET < COUNT )); do
+				checked_api2 ".ResourceRecordSets//empty|map($LOAD_FILTER|$RECORD_SET_FILTER)" \
+					GET "/dns?Version=2017-12-12&Action=ListResourceRecordSets&HostedZoneId=$DNS_ZONE_ID&Offset=$OFFSET&Limit=$LIMIT" >>$STAGE.init1
+				(( OFFSET += LIMIT ))
+			done
+        ) || { >>$STAGE.error; break; }
+    done
+    [ ! -f $STAGE.error ] && plan_resources "$STAGE" \
+        <(jq -sc 'flatten' $STAGE.init0) <(jq -sc 'flatten' $STAGE.init1) \
+			' . + (if .ttl then {ttl: (.ttl | tonumber)} else {} end)
+			| . + (if (.create or .update) and (.records | not) and (.present_records or .absent_records) then
+					{ records: ((.actual_records//[]) 
+						- ((.absent_records//[]) + (.present_records//[]) | map(., sub("\\.*$"; ".")))
+						+ (.present_records//[])) }
+				else {} end) 
+			| . + (if (.create or .update) and (.records | length == 0) then { present: false, destroy: .update, create: false, update: false} else {} end)
+			| . + {update: (.update and ((.records and ((
+					.actual_records - (.records|map(., sub("\\.*$"; "."))) + .records
+					)|sort) != (.records|sort)) or (.ttl and .ttl != .actual_ttl))) }' || return 1
+	return 0
+}
+
+dns_record_sets_create(){
+	local DNS_RECORD_SET="$1" RESULT="$2" CTX="$3" && [ ! -z "$DNS_RECORD_SET" ] || return 1
+	local CREATE_RECORD_SET="$(jq -c '{
+			Name: .record_set_name,
+			Type: .type,
+			TTL: (.ttl//3600),
+			ResourceRecords: .records
+		}|with_entries(select(.value))'<<<"$DNS_RECORD_SET")"
+    local CREATE_ID="$(NPC_API_LOCK="$NPC_STAGE/dns_record_sets.create_lock" checked_api2 '.ResourceRecordSet.ResourceRecordSetId' \
+			POST "/dns?Version=2017-12-12&Action=CreateResourceRecordSet&HostedZoneId=$(jq -r .dns_zone_id<<<"$DNS_RECORD_SET")" "$CREATE_RECORD_SET")" \
+        && [ ! -z "$CREATE_ID" ] && {
+			echo "[INFO] DNS record set '$CREATE_ID($(jq -r .record_set_name<<<"$DNS_RECORD_SET"))' created." >&2
+			return 0
+        }
+	echo "[ERROR] Failed to create DNS record set: $CREATE_RECORD_SET" >&2
+	return 1
+}
+
+dns_record_sets_update(){
+	local DNS_RECORD_SET="$1" RESULT="$2" CTX="$3" && [ ! -z "$DNS_RECORD_SET" ] || return 1
+	local UPDATE_ID="$(jq -r .id<<<"$DNS_RECORD_SET")" && [ ! -z "$UPDATE_ID" ] || return 1
+	local UPDATE_RECORD_SET="$(jq -c '{
+			TTL: (.ttl//.actual_ttl),
+			ResourceRecords: (.records//.actual_records)
+		}|with_entries(select(.value))'<<<"$DNS_RECORD_SET")"
+    [ ! -z "$(checked_api2 '.ResourceRecordSet.ResourceRecordSetId' POST "/dns?Version=2017-12-12&Action=UpdateResourceRecordSet&ResourceRecordSetId=$UPDATE_ID" "$UPDATE_RECORD_SET")" ] && {
+		echo "[INFO] DNS record set '$UPDATE_ID($(jq -r .record_set_name<<<"$DNS_RECORD_SET"))' updated." >&2
+        return 0
+    }
+	echo "[ERROR] Failed to update DNS record set: $UPDATE_RECORD_SET" >&2
+	return 1
+}
+
+dns_record_sets_destroy(){
+	local DNS_RECORD_SET="$1" RESULT="$2" CTX="$3" && [ ! -z "$DNS_RECORD_SET" ] || return 1
+	local DESTROY_ID="$(jq -r .id<<<"$DNS_RECORD_SET")" && [ ! -z "$DESTROY_ID" ] || return 1
+    [ ! -z "$(checked_api2 '.ResourceRecordSet.ResourceRecordSetId' GET "/dns?Version=2017-12-12&Action=DeleteResourceRecordSet&ResourceRecordSetId=$DESTROY_ID")" ] && {
+		echo "[INFO] DNS record set '$DESTROY_ID($(jq -r .record_set_name<<<"$DNS_RECORD_SET"))' deleted." >&2
+        return 0
+    }
+	echo "[ERROR] Failed to delete DNS record set: $DESTROY_ID($(jq -r .record_set_name<<<"$DNS_RECORD_SET"))" >&2
+	return 1
+}
diff --git a/files/npc-setup.dns_zone.sh b/files/npc-setup.dns_zone.sh
@@ -1,6 +1,7 @@
 #! /bin/bash
 
 setup_resources "dns_zones"
+JQ_DNS_ZONES='.npc_dns_zones[]?'
 
 dns_zones_lookup(){
 	local DNS_ZONE="$1" FILTER="${2:-.HostedZoneId}" STAGE="$NPC_STAGE/dns_zones.lookup"
@@ -17,7 +18,7 @@ dns_zones_lookup(){
  }
 
 init_dns_zones(){
-	local INPUT="$1" STAGE="$2" JQ_DNS_ZONES='.npc_dns_zones[]?' LOAD_FILTER='{
+	local INPUT="$1" STAGE="$2" LOAD_FILTER='{
 		name: .Name,
 		id: .HostedZoneId
 	}'

diff --git a/files/npc-setup.sh b/files/npc-setup.sh
@@ -141,4 +141,5 @@ SCRIPT_DIR="$(cd "$(dirname $SCRIPT)"; pwd)"
 	&& . $SCRIPT_DIR/npc-setup.volume.sh \
 	&& . $SCRIPT_DIR/npc-setup.instance.sh \
 	&& . $SCRIPT_DIR/npc-setup.vpc_route.sh \
+	&& . $SCRIPT_DIR/npc-setup.dns_record_set.sh \
 	&& do_setup "$@"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -11,6 +11,8 @@
       with_fileglob:
         - npc-setup.sh
         - npc-playbook.sh
+    - copy: content={{npc_setup_resources | to_json}} dest={{playbook_dir}}/.npc-setup.input
+      changed_when: false
 
 - name: npc setup
   shell: npc setup
@@ -20,7 +22,7 @@
     {% for action in npc_setup_options.actions %}
       --{{ action }}
     {% endfor %}
-    {{ npc_setup_resources | to_json | quote }}
+    @.npc-setup.input
     {% if npc_setup_options.log | length > 0 %}
       2>> {{ npc_setup_options.log | quote }}
     {% endif %}
@@ -38,6 +40,9 @@
   register: npc_execution
   changed_when: false
 
+- file: state=absent dest={{playbook_dir}}/.npc-setup.input
+  changed_when: false
+
 - name: export 'npc'
   set_fact:
     npc: "{{ npc_execution.stdout | from_json }}"

diff --git a/vars/main.yml b/vars/main.yml
@@ -14,6 +14,7 @@ npc_setup_resources:
   npc_vpc_routes: '{{ npc_setup_effective.vpc_routes | default(npc_vpc_routes, true) | default(false) }}'
   npc_instance_type_specs: '{{ npc_setup_effective.instance_type_specs | default(npc_instance_type_specs, true) | default(false) }}'
   npc_dns_zones: '{{ npc_setup_effective.dns_zones | default(npc_dns_zones, true) | default(false) }}'
+  npc_dns_record_sets: '{{ npc_setup_effective.dns_record_sets | default(npc_dns_record_sets, true) | default(false) }}'
 
 npc_setup_options:
   app_key: '{{npc_setup_effective.app_key | default(lookup("env","NPC_API_KEY"),true) | default("",true)}}'