granny-devops 0.4.0__py3-none-any.whl

granny/__init__.py

@@ -0,0 +1,19 @@
+"""Granny -- Cloud tools collection for AWS infrastructure and DevOps automation."""
+
+__version__ = "0.4.0"
+__all__ = [
+    "get_secret",
+    "load_secrets_into_env",
+]
+
+
+def __getattr__(name: str):
+    if name == "get_secret":
+        from granny.credentials.secrets import get_secret
+
+        return get_secret
+    if name == "load_secrets_into_env":
+        from granny.credentials.secrets import load_secrets_into_env
+
+        return load_secrets_into_env
+    raise AttributeError(f"module {__name__!r} has no attribute {name!r}")

granny/analyze/__init__.py

@@ -0,0 +1,6 @@
+"""AWS resource analysis and inventory."""
+
+from granny.analyze.lambdas import get_all_regions, list_lambdas
+from granny.analyze.vpcs import list_vpcs
+
+__all__ = ["get_all_regions", "list_lambdas", "list_vpcs"]

granny/analyze/lambdas.py

@@ -0,0 +1,59 @@
+"""List AWS Lambda functions across regions."""
+
+from __future__ import annotations
+
+import logging
+from dataclasses import dataclass
+
+import boto3
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class LambdaFunction:
+    name: str
+    runtime: str
+    version: str
+    region: str
+
+
+def get_all_regions() -> list[str]:
+    """Return all available AWS region names."""
+    ec2 = boto3.client("ec2")
+    response = ec2.describe_regions()
+    return [r["RegionName"] for r in response["Regions"]]
+
+
+def list_lambdas(
+    regions: list[str] | None = None,
+) -> list[LambdaFunction]:
+    """List Lambda functions, optionally filtered by region.
+
+    Args:
+        regions: Specific regions to query. Defaults to all regions.
+
+    Returns:
+        List of LambdaFunction objects.
+    """
+    if regions is None:
+        regions = get_all_regions()
+
+    results: list[LambdaFunction] = []
+    for region in regions:
+        try:
+            client = boto3.client("lambda", region_name=region)
+            paginator = client.get_paginator("list_functions")
+            for page in paginator.paginate():
+                for fn in page.get("Functions", []):
+                    results.append(
+                        LambdaFunction(
+                            name=fn["FunctionName"],
+                            runtime=fn.get("Runtime", "N/A"),
+                            version=fn.get("Version", "N/A"),
+                            region=region,
+                        )
+                    )
+        except Exception as e:
+            logger.warning("Error listing lambdas in %s: %s", region, e)
+    return results

granny/analyze/vpcs.py

@@ -0,0 +1,57 @@
+"""List AWS VPCs."""
+
+from __future__ import annotations
+
+import logging
+from dataclasses import dataclass
+
+import boto3
+
+logger = logging.getLogger(__name__)
+
+
+@dataclass
+class VpcInfo:
+    vpc_id: str
+    cidr_block: str
+    name: str
+    is_default: bool
+    region: str
+
+
+def list_vpcs(regions: list[str] | None = None) -> list[VpcInfo]:
+    """List all VPCs, optionally filtered by region.
+
+    Args:
+        regions: Specific regions to query. Defaults to the session's default region.
+
+    Returns:
+        List of VpcInfo objects.
+    """
+    if regions is None:
+        regions = [boto3.session.Session().region_name or "us-east-1"]
+
+    results: list[VpcInfo] = []
+    for region in regions:
+        try:
+            ec2 = boto3.client("ec2", region_name=region)
+            paginator = ec2.get_paginator("describe_vpcs")
+            for page in paginator.paginate():
+                for vpc in page["Vpcs"]:
+                    name = "N/A"
+                    for tag in vpc.get("Tags", []):
+                        if tag["Key"] == "Name":
+                            name = tag["Value"]
+                            break
+                    results.append(
+                        VpcInfo(
+                            vpc_id=vpc["VpcId"],
+                            cidr_block=vpc["CidrBlock"],
+                            name=name,
+                            is_default=vpc.get("IsDefault", False),
+                            region=region,
+                        )
+                    )
+        except Exception as e:
+            logger.warning("Error listing VPCs in %s: %s", region, e)
+    return results

granny/cdn/__init__.py

@@ -0,0 +1,9 @@
+"""CDN provider clients — Bunny CDN pull zone management.
+
+CloudFront support is deferred to a future PR (the setup_aws_cloudfront.py
+script is 2800 lines and works as-is).
+"""
+
+from granny.cdn.bunny import BunnyCDNClient
+
+__all__ = ["BunnyCDNClient"]

granny/cdn/bunny.py

@@ -0,0 +1,231 @@
+"""Bunny CDN pull zone client — unified from 4 setup scripts.
+
+Merged superset of ``setup_hetzner_bunny.py:BunnyCDNClient`` (token auth,
+origin shield) and ``setup_bunny_storage.py:BunnyCDNClient`` (storage-zone
+pull zones, SPA routing, edge rules). The existing scripts keep their local
+copies; this module is the shared home.
+"""
+
+import logging
+from typing import Any
+
+import requests
+
+from granny.credentials.secrets import get_bunny_api_key
+
+logger = logging.getLogger(__name__)
+
+API_BASE = "https://api.bunny.net"
+
+
+class BunnyCDNClient:
+    """Bunny CDN pull zone management.
+
+    Covers pull zone CRUD, custom hostnames, SSL certificates, edge rules,
+    token authentication, origin shield, and cache purging.
+    """
+
+    def __init__(self, api_key: str | None = None, customer: str | None = None) -> None:
+        api_key = api_key or get_bunny_api_key(customer)
+        if not api_key:
+            label = f"BUNNY_API_KEY_{customer.upper()}" if customer else "BUNNY_API_KEY"
+            raise ValueError(f"{label} not set (env or vault).")
+        self.session = requests.Session()
+        self.session.headers.update(
+            {"AccessKey": api_key, "Content-Type": "application/json"}
+        )
+
+    def _request(self, method: str, path: str, data: dict | None = None) -> Any:
+        url = f"{API_BASE}{path}"
+        resp = getattr(self.session, method.lower())(url, json=data, timeout=30)
+        if resp.status_code >= 400:
+            raise RuntimeError(
+                f"Bunny CDN {method} {path}: {resp.status_code} {resp.text}"
+            )
+        if resp.status_code == 204 or not resp.text:
+            return {}
+        return resp.json()
+
+    # -- Pull Zone CRUD --------------------------------------------------------
+
+    def list_pull_zones(self) -> list[dict]:
+        return self._request("GET", "/pullzone")
+
+    def find_pull_zone(
+        self, *, name: str | None = None, hostname: str | None = None
+    ) -> dict | None:
+        """Find a pull zone by name or by a registered hostname."""
+        for zone in self.list_pull_zones():
+            if name and zone.get("Name") == name:
+                return zone
+            if hostname:
+                for h in zone.get("Hostnames", []):
+                    if h.get("Value") == hostname:
+                        return zone
+        return None
+
+    def get_pull_zone(self, pull_zone_id: int) -> dict:
+        return self._request("GET", f"/pullzone/{pull_zone_id}")
+
+    def create_pull_zone(
+        self,
+        name: str,
+        *,
+        origin_url: str | None = None,
+        storage_zone_id: int | None = None,
+        enable_geo_zones: bool = True,
+    ) -> dict:
+        """Create a pull zone.
+
+        Pass ``origin_url`` for an S3/HTTP origin, or ``storage_zone_id``
+        for a Bunny Storage-backed pull zone. Exactly one must be provided.
+        """
+        if origin_url and storage_zone_id:
+            raise ValueError("Pass origin_url OR storage_zone_id, not both.")
+        if not origin_url and not storage_zone_id:
+            raise ValueError("Either origin_url or storage_zone_id is required.")
+
+        data: dict[str, Any] = {
+            "Name": name,
+            "EnableGeoZoneUS": enable_geo_zones,
+            "EnableGeoZoneEU": enable_geo_zones,
+            "EnableGeoZoneASIA": enable_geo_zones,
+            "EnableGeoZoneSA": enable_geo_zones,
+            "EnableGeoZoneAF": enable_geo_zones,
+        }
+        if storage_zone_id:
+            data["OriginType"] = 2
+            data["StorageZoneId"] = storage_zone_id
+        else:
+            data["OriginUrl"] = origin_url
+            data["Type"] = 0
+
+        result = self._request("POST", "/pullzone", data)
+        logger.info("Created pull zone %s (ID %s)", name, result.get("Id"))
+        return result
+
+    def update_pull_zone(self, pull_zone_id: int, **settings: Any) -> dict:
+        return self._request("POST", f"/pullzone/{pull_zone_id}", settings)
+
+    def delete_pull_zone(self, pull_zone_id: int) -> None:
+        self._request("DELETE", f"/pullzone/{pull_zone_id}")
+
+    # -- Hostnames + SSL -------------------------------------------------------
+
+    def add_hostname(self, pull_zone_id: int, hostname: str) -> dict:
+        """Add a custom hostname. Idempotent — returns status dict."""
+        try:
+            self._request(
+                "POST",
+                f"/pullzone/{pull_zone_id}/addHostname",
+                {"Hostname": hostname},
+            )
+            logger.info("Added hostname %s to pull zone %s", hostname, pull_zone_id)
+            return {"added": True}
+        except RuntimeError as exc:
+            if "hostname_already_registered" in str(exc):
+                logger.info("Hostname %s already registered", hostname)
+                return {"added": False, "exists": True}
+            raise
+
+    def request_ssl_certificate(
+        self, hostname: str, *, use_dns01: bool = False
+    ) -> bool:
+        """Request a free SSL certificate for a hostname."""
+        params = f"hostname={hostname}"
+        if use_dns01:
+            params += "&useOnlyHttp01=false"
+        url = f"{API_BASE}/pullzone/loadFreeCertificate?{params}"
+        resp = self.session.get(url, timeout=30)
+        ok = resp.status_code in (200, 204)
+        if ok:
+            logger.info("SSL certificate requested for %s", hostname)
+        else:
+            logger.warning("SSL request for %s returned %s", hostname, resp.status_code)
+        return ok
+
+    # -- Token Authentication + Origin Shield ----------------------------------
+
+    def enable_token_auth(
+        self, pull_zone_id: int, *, token_key: str | None = None
+    ) -> dict:
+        """Enable token authentication (signed URLs). Returns updated zone."""
+        data: dict[str, Any] = {
+            "ZoneSecurityEnabled": True,
+            "ZoneSecurityIncludeHashRemoteIP": False,
+        }
+        if token_key:
+            data["ZoneSecurityKey"] = token_key
+        self._request("POST", f"/pullzone/{pull_zone_id}", data)
+        logger.info("Token auth enabled on pull zone %s", pull_zone_id)
+        return self.get_pull_zone(pull_zone_id)
+
+    def enable_origin_shield(
+        self, pull_zone_id: int, zone_code: str = "DE"
+    ) -> None:
+        """Block direct origin access — route everything through CDN."""
+        self._request(
+            "POST",
+            f"/pullzone/{pull_zone_id}",
+            {"EnableOriginShield": True, "OriginShieldZoneCode": zone_code},
+        )
+        logger.info("Origin shield enabled on pull zone %s", pull_zone_id)
+
+    # -- SPA + Edge Rules ------------------------------------------------------
+
+    def configure_spa_error_page(self, pull_zone_id: int) -> None:
+        """Configure custom error page for SPA support."""
+        self._request(
+            "POST",
+            f"/pullzone/{pull_zone_id}",
+            {
+                "ErrorPageEnableCustomCode": True,
+                "ErrorPageCustomCode": (
+                    '<!DOCTYPE html><html><head>'
+                    '<script>sessionStorage.redirect=location.pathname'
+                    '+location.search+location.hash;</script>'
+                    '<meta http-equiv="refresh" content="0;url=/"></head></html>'
+                ),
+                "ErrorPageWhitelabel": True,
+            },
+        )
+        logger.info("SPA error page configured on pull zone %s", pull_zone_id)
+
+    def configure_spa_routing(self, storage_zone_id: int) -> None:
+        """Configure SPA routing on a Bunny storage zone (404 -> /index.html)."""
+        self._request(
+            "POST",
+            f"/storagezone/{storage_zone_id}",
+            {"Custom404FilePath": "/index.html", "Rewrite404To200": True},
+        )
+        logger.info("SPA routing configured on storage zone %s", storage_zone_id)
+
+    def get_edge_rules(self, pull_zone_id: int) -> list[dict]:
+        pz = self._request("GET", f"/pullzone/{pull_zone_id}")
+        return pz.get("EdgeRules", [])
+
+    def add_or_update_edge_rule(self, pull_zone_id: int, rule: dict) -> dict:
+        return self._request(
+            "POST", f"/pullzone/{pull_zone_id}/edgerules/addOrUpdate", rule
+        )
+
+    def delete_edge_rule(self, pull_zone_id: int, rule_guid: str) -> dict:
+        return self._request(
+            "DELETE",
+            f"/pullzone/{pull_zone_id}/edgerules/{rule_guid}",
+        )
+
+    # -- Cache -----------------------------------------------------------------
+
+    def purge_cache(self, pull_zone_id: int) -> None:
+        self._request("POST", f"/pullzone/{pull_zone_id}/purgeCache")
+        logger.info("Cache purged for pull zone %s", pull_zone_id)
+
+    # -- Helpers ---------------------------------------------------------------
+
+    def get_default_hostname(self, pull_zone: dict) -> str:
+        """Return the ``*.b-cdn.net`` hostname for a pull zone."""
+        for h in pull_zone.get("Hostnames", []):
+            if h.get("Value", "").endswith(".b-cdn.net"):
+                return h["Value"]
+        return f"{pull_zone['Name']}.b-cdn.net"

granny/cli/analyze.py

@@ -0,0 +1,66 @@
+"""CLI commands for AWS resource analysis."""
+
+import json
+
+import click
+
+
+@click.group()
+def analyze() -> None:
+    """Analyze and inventory AWS resources."""
+
+
+@analyze.command()
+@click.option("--region", multiple=True, help="Specific region(s) to query (default: all)")
+@click.option("--json-output", "as_json", is_flag=True, help="Output as JSON")
+def lambdas(region: tuple[str, ...], as_json: bool) -> None:
+    """List Lambda functions across AWS regions."""
+    from granny.analyze.lambdas import list_lambdas
+
+    regions = list(region) if region else None
+    results = list_lambdas(regions=regions)
+
+    if not results:
+        click.echo("No Lambda functions found.")
+        return
+
+    if as_json:
+        click.echo(json.dumps([vars(r) for r in results], indent=2))
+        return
+
+    current_region = None
+    for fn in results:
+        if fn.region != current_region:
+            current_region = fn.region
+            click.echo(f"\nRegion: {current_region}")
+            click.echo("-" * 70)
+            click.echo(f"{'Function Name':<40} {'Runtime':<15} {'Version':<10}")
+            click.echo("-" * 70)
+        click.echo(f"{fn.name:<40} {fn.runtime:<15} {fn.version:<10}")
+
+
+@analyze.command()
+@click.option("--region", multiple=True, help="Specific region(s) to query")
+@click.option("--json-output", "as_json", is_flag=True, help="Output as JSON")
+def vpcs(region: tuple[str, ...], as_json: bool) -> None:
+    """List VPCs in the AWS account."""
+    from granny.analyze.vpcs import list_vpcs
+
+    regions = list(region) if region else None
+    results = list_vpcs(regions=regions)
+
+    if not results:
+        click.echo("No VPCs found.")
+        return
+
+    if as_json:
+        click.echo(json.dumps([vars(r) for r in results], indent=2))
+        return
+
+    click.echo(f"\n{'VPC ID':<20} {'CIDR Block':<18} {'Name':<30} {'Default':<10} {'Region'}")
+    click.echo("-" * 95)
+    for vpc in results:
+        click.echo(
+            f"{vpc.vpc_id:<20} {vpc.cidr_block:<18} {vpc.name:<30} "
+            f"{str(vpc.is_default):<10} {vpc.region}"
+        )

granny/cli/cdn.py

@@ -0,0 +1,210 @@
+"""``granny cdn`` — Bunny CDN pull zone management.
+
+Expanded from cache-purge-only to full pull zone CRUD using the shared
+``granny.cdn.BunnyCDNClient``.
+"""
+
+from __future__ import annotations
+
+import json
+
+import click
+
+from granny.credentials.secrets import (
+    get_bunny_api_key,
+    list_bunny_customers,
+)
+
+
+def _client(customer: str | None = None):
+    from granny.cdn.bunny import BunnyCDNClient
+
+    return BunnyCDNClient(customer=customer)
+
+
+customer_option = click.option(
+    "--customer",
+    "-c",
+    default=None,
+    help="Bunny customer profile (resolves BUNNY_API_KEY_<CUSTOMER>).",
+)
+
+
+@click.group()
+def cdn() -> None:
+    """Bunny CDN management commands."""
+
+
+@cdn.command()
+@click.argument("pull_zone_id", type=int)
+@customer_option
+def purge(pull_zone_id: int, customer: str | None) -> None:
+    """Purge the Bunny CDN cache for a pull zone."""
+    c = _client(customer)
+    c.purge_cache(pull_zone_id)
+    click.echo(f"Cache purged for pull zone {pull_zone_id}.")
+
+
+@cdn.command("list-customers")
+def list_customers() -> None:
+    """List known Bunny customer profiles."""
+    customers = list_bunny_customers()
+    if not customers:
+        click.echo(
+            "No customer profiles registered. Add names to "
+            "GRANNY_BUNNY_CUSTOMERS or export BUNNY_API_KEY_<NAME>."
+        )
+        return
+    click.echo("Known Bunny customer profiles:")
+    for name in customers:
+        key = get_bunny_api_key(name)
+        indicator = "ok" if key else "MISSING"
+        click.echo(f"  {name:<30} {indicator}")
+
+
+@cdn.command("list-zones")
+@customer_option
+def list_zones(customer: str | None) -> None:
+    """List all Bunny CDN pull zones."""
+    c = _client(customer)
+    zones = c.list_pull_zones()
+    if not zones:
+        click.echo("No pull zones found.")
+        return
+    for z in zones:
+        default_host = c.get_default_hostname(z)
+        click.echo(f"  {z['Id']:<10} {z['Name']:<30} {default_host}")
+
+
+@cdn.command("get-zone")
+@click.argument("pull_zone_id", type=int)
+@customer_option
+def get_zone(pull_zone_id: int, customer: str | None) -> None:
+    """Get details of a pull zone."""
+    c = _client(customer)
+    zone = c.get_pull_zone(pull_zone_id)
+    click.echo(json.dumps(zone, indent=2))
+
+
+@cdn.command("add-hostname")
+@click.argument("pull_zone_id", type=int)
+@click.argument("hostname")
+@customer_option
+def add_hostname(pull_zone_id: int, hostname: str, customer: str | None) -> None:
+    """Add a custom hostname to a pull zone."""
+    c = _client(customer)
+    result = c.add_hostname(pull_zone_id, hostname)
+    if result.get("added"):
+        click.echo(f"Hostname {hostname} added to pull zone {pull_zone_id}.")
+    else:
+        click.echo(f"Hostname {hostname} already registered.")
+
+
+@cdn.command("ssl")
+@click.argument("hostname")
+@click.option("--dns01", is_flag=True, help="Use DNS-01 validation (for Bunny DNS zones).")
+@customer_option
+def ssl(hostname: str, dns01: bool, customer: str | None) -> None:
+    """Request a free SSL certificate for a hostname."""
+    c = _client(customer)
+    ok = c.request_ssl_certificate(hostname, use_dns01=dns01)
+    if ok:
+        click.echo(f"SSL certificate requested for {hostname}.")
+    else:
+        raise click.ClickException(f"SSL request failed for {hostname}.")
+
+
+@cdn.command("list-edge-rules")
+@click.argument("pull_zone_id", type=int)
+@customer_option
+def list_edge_rules(pull_zone_id: int, customer: str | None) -> None:
+    """List edge rules for a pull zone."""
+    c = _client(customer)
+    rules = c.get_edge_rules(pull_zone_id)
+    if not rules:
+        click.echo("No edge rules configured.")
+        return
+    for r in rules:
+        status = "enabled" if r.get("Enabled") else "disabled"
+        desc = r.get("Description", "(no description)")
+        guid = r.get("Guid", "?")
+        action = r.get("ActionType", "?")
+        target = r.get("ActionParameter1", "")
+        triggers = []
+        for t in r.get("Triggers", []):
+            triggers.extend(t.get("PatternMatches", []))
+        click.echo(
+            f"  {guid}  action={action}  {status}  "
+            f"patterns={triggers}  target={target}  {desc}"
+        )
+
+
+@cdn.command("add-redirect")
+@click.argument("pull_zone_id", type=int)
+@click.argument("from_pattern")
+@click.argument("to_url")
+@click.option("--description", "-d", default=None, help="Rule description.")
+@customer_option
+def add_redirect(
+    pull_zone_id: int,
+    from_pattern: str,
+    to_url: str,
+    description: str | None,
+    customer: str | None,
+) -> None:
+    """Add a URL redirect edge rule to a pull zone.
+
+    FROM_PATTERN is a Bunny wildcard pattern (e.g. '*/10-Must-Haves/*').
+    TO_URL is the full redirect target (e.g. 'https://www.example.com/new-path/').
+    """
+    desc = description or f"Redirect {from_pattern} -> {to_url}"
+    rule = {
+        "ActionType": 2,
+        "ActionParameter1": to_url,
+        "Triggers": [
+            {
+                "Type": 0,
+                "PatternMatchingType": 0,
+                "PatternMatches": [from_pattern],
+            }
+        ],
+        "TriggerMatchingType": 0,
+        "Description": desc,
+        "Enabled": True,
+    }
+    c = _client(customer)
+    c.add_or_update_edge_rule(pull_zone_id, rule)
+    click.echo(f"Redirect rule added: {from_pattern} -> {to_url}")
+
+
+@cdn.command("delete-edge-rule")
+@click.argument("pull_zone_id", type=int)
+@click.argument("rule_guid")
+@customer_option
+def delete_edge_rule(pull_zone_id: int, rule_guid: str, customer: str | None) -> None:
+    """Delete an edge rule by its GUID."""
+    c = _client(customer)
+    c.delete_edge_rule(pull_zone_id, rule_guid)
+    click.echo(f"Edge rule {rule_guid} deleted.")
+
+
+@cdn.command("create-zone")
+@click.argument("name")
+@click.option("--origin-url", default=None, help="HTTP origin URL (S3-backed zones).")
+@click.option("--storage-zone-id", default=None, type=int, help="Bunny storage zone ID.")
+@customer_option
+def create_zone(
+    name: str,
+    origin_url: str | None,
+    storage_zone_id: int | None,
+    customer: str | None,
+) -> None:
+    """Create a new Bunny CDN pull zone."""
+    if not origin_url and not storage_zone_id:
+        raise click.UsageError("Either --origin-url or --storage-zone-id is required.")
+    c = _client(customer)
+    zone = c.create_pull_zone(
+        name, origin_url=origin_url, storage_zone_id=storage_zone_id
+    )
+    click.echo(f"Pull zone created: ID={zone['Id']} Name={zone['Name']}")
+    click.echo(f"Default hostname: {c.get_default_hostname(zone)}")