From b82221b0b9cdc1162d50b184338baa76acf2afc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arturo=20Filast=C3=B2?= Date: Tue, 17 Sep 2024 17:41:27 -0400 Subject: [PATCH] Setup per-domain based routing for targets --- tf/environments/dev/main.tf | 3 +- tf/modules/ooniapi_frontend/main.tf | 94 ++++++++++++++++++------ tf/modules/ooniapi_frontend/variables.tf | 5 -- 3 files changed, 71 insertions(+), 31 deletions(-) diff --git a/tf/environments/dev/main.tf b/tf/environments/dev/main.tf index 02a9e10..dc1f879 100644 --- a/tf/environments/dev/main.tf +++ b/tf/environments/dev/main.tf @@ -562,8 +562,7 @@ module "ooniapi_frontend" { "8.th.dev.ooni.io" : local.dns_zone_ooni_io } - oonith_domains = ["8.th.dev.ooni.io"] - direct_domain_suffix = "dev.ooni.io" + oonith_domains = ["8.th.dev.ooni.io"] stage = local.environment dns_zone_ooni_io = local.dns_zone_ooni_io diff --git a/tf/modules/ooniapi_frontend/main.tf b/tf/modules/ooniapi_frontend/main.tf index eef04ac..ef59f36 100644 --- a/tf/modules/ooniapi_frontend/main.tf +++ b/tf/modules/ooniapi_frontend/main.tf @@ -1,5 +1,6 @@ locals { - name = "ooni-tier0-api-frontend" + name = "ooni-tier0-api-frontend" + direct_domain_suffix = "${var.stage}.ooni.io" } resource "aws_alb" "ooniapi" { @@ -61,55 +62,75 @@ resource "aws_alb_listener_rule" "ooniapi_th" { tags = var.tags } - -resource "aws_lb_listener_rule" "ooniapi_oonirun_rule" { +resource "aws_lb_listener_rule" "ooniapi_ooniauth_rule" { listener_arn = aws_alb_listener.ooniapi_listener_https.arn - priority = 100 + priority = 108 action { type = "forward" - target_group_arn = var.ooniapi_oonirun_target_group_arn + target_group_arn = var.ooniapi_ooniauth_target_group_arn } condition { path_pattern { - values = ["/api/v2/oonirun/*"] + values = [ + "/api/v2/ooniauth/*", + "/api/v1/user_register", + "/api/v1/user_login", + "/api/v1/user_refresh_token", + "/api/_/account_metadata", + ] } + } + +} + +resource "aws_lb_listener_rule" "ooniapi_ooniauth_rule_host" { + listener_arn = aws_alb_listener.ooniapi_listener_https.arn + priority = 109 + + action { + type = "forward" + target_group_arn = var.ooniapi_ooniauth_target_group_arn } condition { host_header { - values = ["oonirun.${var.direct_domain_suffix}"] + values = ["ooniauth.${local.direct_domain_suffix}"] } } - } -resource "aws_lb_listener_rule" "ooniapi_ooniauth_rule" { +resource "aws_lb_listener_rule" "ooniapi_oonirun_rule" { listener_arn = aws_alb_listener.ooniapi_listener_https.arn - priority = 101 + priority = 110 action { type = "forward" - target_group_arn = var.ooniapi_ooniauth_target_group_arn + target_group_arn = var.ooniapi_oonirun_target_group_arn } condition { path_pattern { - values = [ - "/api/v2/ooniauth/*", - "/api/v1/user_register", - "/api/v1/user_login", - "/api/v1/user_refresh_token", - "/api/_/account_metadata", - ] + values = ["/api/v2/oonirun/*"] } + + } +} + +resource "aws_lb_listener_rule" "ooniapi_oonirun_rule_host" { + listener_arn = aws_alb_listener.ooniapi_listener_https.arn + priority = 111 + + action { + type = "forward" + target_group_arn = var.ooniapi_oonirun_target_group_arn } condition { host_header { - values = ["ooniauth.${var.direct_domain_suffix}"] + values = ["oonirun.${local.direct_domain_suffix}"] } } @@ -117,7 +138,7 @@ resource "aws_lb_listener_rule" "ooniapi_ooniauth_rule" { resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule" { listener_arn = aws_alb_listener.ooniapi_listener_https.arn - priority = 102 + priority = 120 action { type = "forward" @@ -131,10 +152,21 @@ resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule" { ] } } +} + +resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule_host" { + listener_arn = aws_alb_listener.ooniapi_listener_https.arn + priority = 121 + + action { + type = "forward" + target_group_arn = var.ooniapi_ooniprobe_target_group_arn + } + condition { host_header { - values = ["ooniprobe.${var.direct_domain_suffix}"] + values = ["ooniprobe.${local.direct_domain_suffix}"] } } @@ -142,7 +174,7 @@ resource "aws_lb_listener_rule" "ooniapi_ooniprobe_rule" { resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule" { listener_arn = aws_alb_listener.ooniapi_listener_https.arn - priority = 103 + priority = 130 action { type = "forward" @@ -154,10 +186,19 @@ resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule" { values = ["/api/v1/incidents/*"] } } +} + +resource "aws_lb_listener_rule" "ooniapi_oonifindings_rule_host" { + listener_arn = aws_alb_listener.ooniapi_listener_https.arn + priority = 131 + action { + type = "forward" + target_group_arn = var.ooniapi_oonifindings_target_group_arn + } condition { host_header { - values = ["oonifindings.${var.direct_domain_suffix}"] + values = ["oonifindings.${local.direct_domain_suffix}"] } } @@ -174,7 +215,12 @@ module "ooniapi_acm_certificate" { alias_record_domain_name = aws_alb.ooniapi.dns_name alias_record_zone_id = aws_alb.ooniapi.zone_id - alternative_domains = var.alternative_domains + alternative_domains = merge(var.alternative_domains, { + "oonifindings.${local.direct_domain_suffix}" = var.dns_zone_ooni_io, + "oonirun.${local.direct_domain_suffix}" = var.dns_zone_ooni_io, + "ooniprobe.${local.direct_domain_suffix}" = var.dns_zone_ooni_io, + "ooniauth.${local.direct_domain_suffix}" = var.dns_zone_ooni_io, + }) tags = var.tags } diff --git a/tf/modules/ooniapi_frontend/variables.tf b/tf/modules/ooniapi_frontend/variables.tf index 9d5cf06..ba02c08 100644 --- a/tf/modules/ooniapi_frontend/variables.tf +++ b/tf/modules/ooniapi_frontend/variables.tf @@ -55,8 +55,3 @@ variable "oonith_domains" { type = list(string) default = ["*.th.dev.ooni.io"] } - -variable "direct_domain_suffix" { - type = string - default = "dev.ooni.io" -}