pulumi/dch_cloud/blackbox/__init__.py

import hashlib
import json
from typing import Any

import pulumi
import pulumi_std as std
import pulumi_aws as aws
import yaml

from dch_cloud.common import aws_region
from dch_cloud.default_vpc import s3_endpoint
from dch_cloud.ecs import cluster


Json = dict[str, Any]


def patch_container_def(ctrdef: list[Json], **args: Any) -> list[Json]:
    for ctr in ctrdef:
        if logcfg := ctr.get('logConfiguration'):
            if logcfg['logDriver'] == 'awslogs':
                logcfg['options'].setdefault('awslogs-region', aws_region)
        if ctr['name'] == 'vmagent':
            ctr['command'].append(
                f'-promscrape.config=https://{args["bucket"]}.s3.{aws_region}.amazonaws.com/scrape.yml',
            )
    return ctrdef


log_group = aws.cloudwatch.LogGroup(
    'blackbox',
    name='ecs-blackbox',
)

config_bucket = aws.s3.BucketV2(
    'config-bucket',
    bucket_prefix='964e1f9c-',
)

scrape_yml = pulumi.FileAsset('blackbox/scrape.yml')

scrape_yml_hash = hashlib.blake2b(
    std.file(scrape_yml.path).result.encode('utf-8')
).hexdigest()

s3_scrape_yml = aws.s3.BucketObject(
    'scrape-yml',
    bucket=config_bucket.id,
    key='scrape.yml',
    source=scrape_yml,
)

exporter_def = yaml.safe_load(std.file('blackbox/blackbox.yaml').result)

exporter_task = aws.ecs.TaskDefinition(
    'blackbox-exporter',
    family='blackbox',
    container_definitions=json.dumps(patch_container_def(exporter_def)),
    memory='64',
    network_mode='host',
)

vmagent_def = yaml.safe_load(std.file('blackbox/vmagent.yaml').result)

vmagent_task = aws.ecs.TaskDefinition(
    'vmagent',
    family='vmagent',
    container_definitions=config_bucket.id.apply(
        lambda b: json.dumps(patch_container_def(vmagent_def, bucket=b))
    ),
    memory='128',
    network_mode='host',
    volumes=[
        aws.ecs.TaskDefinitionVolumeArgs(
            name='vmagent-data',
            docker_volume_configuration=aws.ecs.TaskDefinitionVolumeDockerVolumeConfigurationArgs(
                autoprovision=True,
                scope='shared',
            ),
        ),
    ],
)

exporter_svc = aws.ecs.Service(
    'blackbox-exporter',
    name='blackbox-exporter',
    cluster=cluster.id,
    task_definition=exporter_task.arn,
    desired_count=1,
)

vmagent_svc = aws.ecs.Service(
    'vmagent',
    name='vmagent',
    cluster=cluster.id,
    task_definition=vmagent_task.arn,
    desired_count=1,
    scheduling_strategy='DAEMON',
    force_new_deployment=True,
    triggers={
        'config': scrape_yml_hash,
    },
    opts=pulumi.ResourceOptions(
        depends_on=s3_scrape_yml,
    ),
)

config_bucket_policy = aws.s3.BucketPolicy(
    'config-bucket',
    bucket=config_bucket.id,
    policy=config_bucket.arn.apply(
        lambda a: json.dumps(
            {
                'Version': '2012-10-17',
                'Statement': [
                    {
                        'Principal': '*',
                        'Action': [
                            's3:GetObject',
                            's3:ListBucket',
                        ],
                        'Effect': 'Allow',
                        'Resource': [
                            a,
                            f'{a}/*',
                        ],
                        'Condition': {
                            'StringEquals': {
                                'aws:sourceVpce': s3_endpoint.id,
                            }
                        },
                    }
                ],
            }
        )
    ),
)