plugins/configuration.py - infrastructure-blocky4 - Git at Google

 #!/usr/bin/env python3

 # Licensed to the Apache Software Foundation (ASF) under one or more
 # contributor license agreements.  See the NOTICE file distributed with
 # this work for additional information regarding copyright ownership.
 # The ASF licenses this file to You under the Apache License, Version 2.0
 # (the "License"); you may not use this file except in compliance with
 # the License.  You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #

 # Configuration objects for Blocky/4

 import asfpy.sqlite
 import elasticsearch
 import plugins.db_create
 import netaddr


 DEFAULT_EXPIRE = 86400 * 30 * 4  # Default expiry of auto-bans = 4 months
 DEFAULT_INDEX_PATTERN = "loggy-%Y-%m-%d"

 # These IP blocks should always be allowed and never blocked, or else...
 DEFAULT_ALLOW_LIST = [
     netaddr.IPNetwork("127.0.0.1/16"),
     netaddr.IPNetwork("10.0.0.1/16"),
     netaddr.IPNetwork("::1/128"),
 ]


 class BlockyConfiguration:
     def __init__(self, yml):
         self.database_filepath = yml.get("database", "blocky.sqlite")
         self.sqlite = asfpy.sqlite.DB(self.database_filepath)
         self.default_expire_seconds = yml.get("default_expire", DEFAULT_EXPIRE)
         self.index_pattern = yml.get("index_pattern", DEFAULT_INDEX_PATTERN)
         self.elasticsearch_url = yml.get("elasticsearch_url")
         self.elasticsearch = elasticsearch.AsyncElasticsearch(hosts=[self.elasticsearch_url])
         self.block_list = []
         self.allow_list = list(DEFAULT_ALLOW_LIST)  # Always pre-seed with the basic default
         self.http_ip = yml.get('bind_ip', '127.0.0.1')
         self.http_port = int(yml.get('bind_port', 8080))

         # Create table if not there yet
         if not self.sqlite.table_exists("rules"):
             print(f"Database file {self.database_filepath} is empty, initializing tables")
             self.sqlite.run(plugins.db_create.CREATE_DB_RULES)
             self.sqlite.run(plugins.db_create.CREATE_DB_BANS)
             self.sqlite.run(plugins.db_create.CREATE_DB_ALLOW)
             self.sqlite.run(plugins.db_create.CREATE_DB_AUDIT)
             print(f"Database file {self.database_filepath} has been successfully initialized")

         # Fetch existing blocks and allows
         for entry in self.sqlite.fetch("blocklist", limit=0):
             self.block_list.append(netaddr.IPNetwork(entry["ip"]))
         for entry in self.sqlite.fetch("allowlist", limit=0):
             self.allow_list.append(netaddr.IPNetwork(entry["ip"]))

     async def test_es(self):
         i = await self.elasticsearch.info()
         es_major = int(i["version"]["number"].split(".")[0])
         assert es_major >= 7, "Blocky/4 requires ElasticSearch 7.x or higher"
	#!/usr/bin/env python3

	# Licensed to the Apache Software Foundation (ASF) under one or more
	# contributor license agreements. See the NOTICE file distributed with
	# this work for additional information regarding copyright ownership.
	# The ASF licenses this file to You under the Apache License, Version 2.0
	# (the "License"); you may not use this file except in compliance with
	# the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing, software
	# distributed under the License is distributed on an "AS IS" BASIS,
	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	# See the License for the specific language governing permissions and
	# limitations under the License.
	#

	# Configuration objects for Blocky/4

	import asfpy.sqlite
	import elasticsearch
	import plugins.db_create
	import netaddr


	DEFAULT_EXPIRE = 86400 * 30 * 4 # Default expiry of auto-bans = 4 months
	DEFAULT_INDEX_PATTERN = "loggy-%Y-%m-%d"

	# These IP blocks should always be allowed and never blocked, or else...
	DEFAULT_ALLOW_LIST = [
	netaddr.IPNetwork("127.0.0.1/16"),
	netaddr.IPNetwork("10.0.0.1/16"),
	netaddr.IPNetwork("::1/128"),
	]


	class BlockyConfiguration:
	def __init__(self, yml):
	self.database_filepath = yml.get("database", "blocky.sqlite")
	self.sqlite = asfpy.sqlite.DB(self.database_filepath)
	self.default_expire_seconds = yml.get("default_expire", DEFAULT_EXPIRE)
	self.index_pattern = yml.get("index_pattern", DEFAULT_INDEX_PATTERN)
	self.elasticsearch_url = yml.get("elasticsearch_url")
	self.elasticsearch = elasticsearch.AsyncElasticsearch(hosts=[self.elasticsearch_url])
	self.block_list = []
	self.allow_list = list(DEFAULT_ALLOW_LIST) # Always pre-seed with the basic default
	self.http_ip = yml.get('bind_ip', '127.0.0.1')
	self.http_port = int(yml.get('bind_port', 8080))

	# Create table if not there yet
	if not self.sqlite.table_exists("rules"):
	print(f"Database file {self.database_filepath} is empty, initializing tables")
	self.sqlite.run(plugins.db_create.CREATE_DB_RULES)
	self.sqlite.run(plugins.db_create.CREATE_DB_BANS)
	self.sqlite.run(plugins.db_create.CREATE_DB_ALLOW)
	self.sqlite.run(plugins.db_create.CREATE_DB_AUDIT)
	print(f"Database file {self.database_filepath} has been successfully initialized")

	# Fetch existing blocks and allows
	for entry in self.sqlite.fetch("blocklist", limit=0):
	self.block_list.append(netaddr.IPNetwork(entry["ip"]))
	for entry in self.sqlite.fetch("allowlist", limit=0):
	self.allow_list.append(netaddr.IPNetwork(entry["ip"]))

	async def test_es(self):
	i = await self.elasticsearch.info()
	es_major = int(i["version"]["number"].split(".")[0])
	assert es_major >= 7, "Blocky/4 requires ElasticSearch 7.x or higher"