update-grafana-cloud-ips.sh

#!/bin/bash

set -e
set -x

vop=/opt/vyatta/bin/vyatta-op-cmd-wrapper
vcfg=/opt/vyatta/sbin/vyatta-cfg-cmd-wrapper


# Hostnames to look up
hostnames=(src-ips.hosted-grafana.grafana.net)

# Static IPs to add to grafana-source-ips
static_ips=()


# get current list of addresses in the grafana-source-ips address group
grafana=($($vop show firewall group grafana-source-ips | grep -A5 Members |grep -v Members | awk '{ print $1 }' ))

# resolve trusted hostnames
resolved_ips=($(getent hosts ${hostnames[@]} | awk '{ print $1 }'))

# add static IPs to resolved IPs
resolved_ips+=(${static_ips[@]})

# match grafana-source-ips IPs against resolved IPs
matched_ips=($(comm -12 <(printf '%s\n' "${grafana[@]}" | LC_ALL=C sort) <(printf '%s\n' "${resolved_ips[@]}" | LC_ALL=C sort)))


# Update address group if IPs changed
if [ ${#matched_ips[@]} -eq ${#grafana[@]} ] && [ ${#matched_ips[@]} -eq ${#resolved_ips[@]} ]; then
  # IPs did not change. Do nothing
  :
else
  #if addresses have changed, remove address-group "grafana-source-ips" and recreate it with the new addresses
  logger "Trusted WAN IPs changed. Updating grafana-source-ips address group."
  PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
  $vcfg begin
  $vcfg delete firewall group address-group grafana-source-ips
  $vcfg set firewall group address-group grafana-source-ips description "Source IPs for Grafana metrics"
  for ip in ${resolved_ips[@]}; do
    $vcfg set firewall group address-group grafana-source-ips address "$ip"
  done
  $vcfg commit
  $vcfg save
  $vcfg end
fi