def createGCPCredentials():
data = dict(request.form)
# Check required fields
if 'account' in request.files:
account = request.files['account'].read().decode("utf-8")
else:
return Response.make_error_resp("Account is required", code=400)
if 'platform' in data:
platform = data['platform']
else:
return Response.make_error_resp("Platform is required", code=400)
if 'name' in data:
name = data['name']
else:
return Response.make_error_resp("Name is required", code=400)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp("User id is Required")
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except Exception as e:
return Response.make_error_resp(msg="Error reading database", code=500)
if pbkdf2_sha256.verify(password, user.password):
account = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=account)
try:
newCreds = GCPCreds.create(name=name, platform=platform, account=account,uid=uid,id=str(uuid.uuid4()))
except Exception as e:
print(e)
return Response.make_error_resp(msg="Error Creating Credentials", code=400)
# Check the creds are there
try:
creds = GCPCreds.get(GCPCreds.id == newCreds.id)
except GCPCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds", code=400)
# Return the name and id of the creds
res = {
'name': creds.name,
'id': creds.id
}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is not correct", code=400)
def getSshKey(uid):
data = request.json
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
# Verify password
if not pbkdf2_sha256.verify(password, user.password):
return Response.make_error_resp(msg="Password is not correct", code=400)
# Encrypt the user ssh key
privateKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=user.privateKey)
publicKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=user.publicKey)
res = {
"publicKey": publicKey,
"privateKey": privateKey
}
return Response.make_json_response(res)
def getAllCreds(uid):
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
response = []
awsQuery = AWSCreds.select(AWSCreds.name, AWSCreds.id).where(AWSCreds.uid == user.uid)
for creds in awsQuery:
cred = {
"name": creds.name,
"id" : creds.id,
"type": "AWS"
}
response.append(cred)
osQuery = OSCreds.select(OSCreds.name, OSCreds.id).where(OSCreds.uid == user.uid)
for creds in osQuery:
cred = {
"name": creds.name,
"id" : creds.id,
"type": "Openstack"
}
response.append(cred)
gcpQuery = GCPCreds.select(GCPCreds.name, GCPCreds.id).where(GCPCreds.uid == user.uid)
for creds in gcpQuery:
cred = {
"name": creds.name,
"id" : creds.id,
"type": "GCP"
}
response.append(cred)
res = {
"creds": response
}
return Response.make_json_response(res)
def updateUser():
data = request.json
# Verify data
if 'uid' in data:
uid = data["uid"]
else:
return Response.make_error_resp(msg="UID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
# Verify password
if pbkdf2_sha256.verify(password, user.password):
if data["newPassword"] is not None:
pass
if data["newUserName"] is not None:
user.userName = data["newUserName"]
user.save()
# Return data
res = {
'success': True,
'username': user.userName,
'email': user.email,
'uid': user.uid,
}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password Incorrect", code=400)
def login():
data = request.json
# Verify data
if 'email' in data:
email = data["email"]
else:
return Response.make_error_resp(msg="Email is required", code=400)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
try:
user = Users.get(Users.email == email)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
# Verify password
if pbkdf2_sha256.verify(password, user.password):
# Generate User tokens
access_token = create_access_token(identity=user.userName)
refresh_token = create_refresh_token(identity=user.userName)
# Return data
res = {
'success': True,
'username': user.userName,
'email': user.email,
'uid': user.uid,
'access_token': access_token,
'refresh_token': refresh_token
}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password Incorrect", code=400)
def getSpaces(uid):
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
response = []
awsQuery = SpaceAWS.select(SpaceAWS.name,
SpaceAWS.id).where(SpaceAWS.uid == user.uid)
for space in awsQuery:
awsSpace = {"name": space.name, "id": space.id, "type": "AWS"}
response.append(awsSpace)
osQuery = SpaceOS.select(SpaceOS.name,
SpaceOS.id).where(SpaceOS.uid == user.uid)
for space in osQuery:
osSpace = {"name": space.name, "id": space.id, "type": "Openstack"}
response.append(osSpace)
res = {"spaces": response}
return Response.make_json_response(res)
def getPlatforms(uid):
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
except:
return Response.make_error_resp(msg="Error reading database", code=500)
response = []
platformQuery = Platforms.select(
Platforms.name, Platforms.id, Platforms.cloudService,
Platforms.ipAddress).where(Platforms.uid == user.uid)
for platform in platformQuery:
plat = {
"name": platform.name,
"id": platform.id,
"ip": platform.ipAddress,
"cloudService": platform.cloudService
}
response.append(plat)
res = {"platforms": response}
return Response.make_json_response(res)
def refresh():
current_user = get_jwt_identity()
res = {
'access_token': create_access_token(identity=current_user)
}
return Response.make_json_response(res)
def createUser():
data = request.json
# Verify data
if 'userName' in data:
userName = data["userName"]
else:
return Response.make_error_resp(msg="Username is required", code=400)
if 'email' in data:
email = data["email"]
else:
return Response.make_error_resp(msg="Email is required", code=400)
if 'password' in data:
# Generate two random salts for the password and the key
passSalt = os.urandom(16)
keySalt = os.urandom(16)
# Hash the password and generate the encryption key
password = pbkdf2_sha256.hash(data["password"], salt=passSalt)
resKey = encryption.generateResKey(data["password"], keySalt)
else:
return Response.make_error_resp(msg="Password is required", code=400)
# Generate the user ssh key
privateKey, publicKey = encryption.generateSSHKey()
# Encrypt the user ssh key
privateKey = encryption.encryptString(password=data['password'], salt=keySalt, resKey=resKey, string=privateKey)
publicKey = encryption.encryptString(password=data['password'], salt=keySalt, resKey=resKey, string=publicKey)
# Create the user
try:
Users.create(userName=userName, email=email, password=password, passSalt=passSalt,
resKey=resKey, keySalt=keySalt, privateKey=privateKey, publicKey=publicKey, uid=str(uuid.uuid4()))
except IntegrityError as e:
print(e)
return Response.make_error_resp(msg="Email or Username already in use", code=400)
except OperationalError as e:
print(e)
return Response.make_error_resp(msg="Error creating user")
try:
user = Users.get(Users.email == email)
except Users.DoesNotExist:
return Response.make_error_resp("Error Finding user")
# Generate User tokens
access_token = create_access_token(identity=user.userName)
refresh_token = create_refresh_token(identity=user.userName)
res = {
'success': True,
'username': user.userName,
'email': user.email,
'uid': user.uid,
'access_token': access_token,
'refresh_token': refresh_token
}
return Response.make_json_response(res)
def createAWSCredentials():
data = request.json
# Check required fields
if 'name' in data:
name = data['name']
else:
return Response.make_error_resp("Name is required ", code=400)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp("User id is Required")
if 'accessKey' in data:
accessKey = data['accessKey']
else:
return Response.make_error_resp("Access Key is Required")
if 'secretKey' in data:
secretKey = data['secretKey']
else:
return Response.make_error_resp("Secret Key is Required")
# Get the user
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="User does not exist", code=404)
# Verify user password
if pbkdf2_sha256.verify(password, user.password):
# Encrypt the user data
accessKey = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=accessKey)
secretKey = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=secretKey)
# Create the credentials object
try:
newCreds = AWSCreds.create(name=name, accessKey=accessKey, secretKey=secretKey, uid=uid,
id=str(uuid.uuid4()))
except Exception as e:
print(e)
return Response.make_error_resp("Error Creating Creds")
# Check the creds are there
try:
creds = AWSCreds.get(AWSCreds.id == newCreds.id)
except AWSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds", code=400)
# Return the name and id of the creds
res = {
'name': creds.name,
'id': creds.id
}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is not correct", code=400)
def createOSCredentials():
data = request.json
# Check required fields
if 'name' in data:
name = data['name']
else:
return Response.make_error_resp("Name is required ", code=400)
if 'password' in data:
password = data["password"]
else:
return Response.make_error_resp(msg="Password is required", code=400)
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp("User id is Required")
if 'osUsername' in data:
osUsername = data["osUsername"]
else:
return Response.make_error_resp("Openstack Username is Required")
if 'osPassword' in data:
osPassword = data["osPassword"]
else:
return Response.make_error_resp("Openstack Password is Required")
if 'authUrl' in data:
authUrl = data["authUrl"]
else:
return Response.make_error_resp("authUrl is Required")
# Get the user
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="User does not exist", code=404)
# Verify user password
if pbkdf2_sha256.verify(password, user.password):
# Encrypt Data
osUsername = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=osUsername)
osPassword = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=osPassword)
authUrl = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=authUrl)
# Create the credentials object
try:
newCreds = OSCreds.create(name=name, username=osUsername, password=osPassword, authUrl=authUrl, uid=uid,
id=str(uuid.uuid4()))
except Exception as e:
print(e)
return Response.make_error_resp("Error Creating Creds")
# Check the creds are there
try:
creds = OSCreds.get(OSCreds.id == newCreds.id)
except OSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds", code=400)
# Return the name and id of the creds
res = {
'name': creds.name,
'id': creds.id
}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is not correct", code=400)
def createAWSSpace():
data = request.json
# Verify required fields
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User id is required", code=400)
if 'cid' in data:
cid = data['cid']
else:
return Response.make_error_resp(msg="Credential id is required",
code=400)
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
#if 'cloudService' in data:
# validPlatforms = ["aws", "openstack"]
# cloudService = data['cloudService']
# if cloudService not in validPlatforms:
# return Response.make_error_resp(msg="invalid cloudService", code=400)
#else:
# return Response.make_error_resp(msg="Cloud Service Choice is required", code=400)
if 'spaceName' in data:
spaceName = data['spaceName'] + tf.genComponentID()
else:
return Response.make_error_resp(msg="Name of space required", code=400)
if 'availability_zone' in data:
availability_zone = data["availability_zone"]
else:
return Response.make_error_resp(msg="Availability Zone is required",
code=400)
# Get rid of unsafe characters in the name
safeSpaceName = spaceName.replace('/', '_')
safeSpaceName = safeSpaceName.replace(' ', '_')
# Create a safe path
spacePath = os.path.join("spaces", safeSpaceName)
# Get the users data
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="User does not exist", code=404)
# Create a new directory for the space
try:
os.makedirs(spacePath)
except FileExistsError as e:
print(e)
return Response.make_error_resp(msg="Space Name already used",
code=400)
except Exception as e:
print(e)
return Response.make_error_resp(msg="Error Creating Space Directory",
code=400)
# Verify the users password
if pbkdf2_sha256.verify(password, user.password):
tfPath = "terraformScripts/createSpace/aws"
requiredFiles = ["deploy.tf", "provider.tf"]
# Get the files from the source code directory
for file in requiredFiles:
copyfile(tfPath + "/" + file, spacePath + "/" + file)
# Get the aws creds object
try:
creds = AWSCreds.get((AWSCreds.id == cid) & (AWSCreds.uid == uid))
except AWSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
# Decrypt the user data
secretKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.secretKey)
accessKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=creds.accessKey)
publicKey = encryption.decryptString(password=password,
salt=user.keySalt,
resKey=user.resKey,
string=user.publicKey)
# Generate the variables file
varPath = tf.generateAWSSpaceVars(secretKey, accessKey, publicKey,
availability_zone, safeSpaceName,
spacePath)
# Init the terraform directory
initResultCode = tf.init(spacePath)
print(initResultCode)
# Run the terrafom script
output, createResultCode = tf.create(spacePath)
# Check the result code for errors
if createResultCode != 0:
# Add destroy function here
print("Removing Inf")
tf.destroy(spacePath)
shutil.rmtree(spacePath)
return Response.make_error_resp(
msg="Error Creating Infrastructure", code=400)
# Remove the vars file
os.remove(varPath)
# Get data from the terraform outputs
keyPairId = output["key_pair"]["value"]
securityGroupId = output["security_group"]["value"]
subnetId = output["subnet"]["value"]
# Create the space object
newSpace = SpaceAWS.create(dir=spacePath,
keyPairId=keyPairId,
securityGroupId=securityGroupId,
name=safeSpaceName,
subnetId=subnetId,
uid=uid,
availabilityZone=availability_zone,
cid=cid,
id=str(uuid.uuid4()))
# Get the new space object
try:
newSpace = SpaceAWS.get(SpaceAWS.id == newSpace.id)
except AWSCreds.DoesNotExist as e:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
# Return the space data
res = {"id": newSpace.id, "name": newSpace.name}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is incorrect")
def createOSSpace():
data = request.json
if 'uid' in data:
uid = data['uid']
else:
return Response.make_error_resp(msg="User ID is required", code=400)
try:
user = Users.get(Users.uid == uid)
except Users.DoesNotExist:
return Response.make_error_resp(msg="No User Found")
if 'password' in data:
password = data['password']
else:
return Response.make_error_resp(msg="Password is required", code=400)
if "cid" in data:
cid = data["cid"]
else:
return Response.make_error_resp(msg="Creds id is required", code=400)
if "tenantName" in data:
tenantName = data["tenantName"]
else:
return Response.make_error_resp(msg="Tenant Name is required",
code=400)
if "availabilityZone" in data:
availabilityZone = data["availabilityZone"]
else:
return Response.make_error_resp(msg="Availability Zone is required",
code=400)
if "ipPool" in data:
ipPool = data["ipPool"]
else:
return Response.make_error_resp(msg="Ip Pool is required", code=400)
if "securityGroup" in data:
securityGroup = data["securityGroup"]
else:
return Response.make_error_resp(msg="Security Group is required",
code=400)
if "intNetwork" in data:
intNetwork = data["intNetwork"]
else:
return Response.make_error_resp(msg="intNetwork is required", code=400)
if "name" in data:
name = data["name"]
else:
return Response.make_error_resp(msg="Name is required", code=400)
if pbkdf2_sha256.verify(password, user.password):
# Get the aws creds object
try:
creds = OSCreds.get((OSCreds.id == cid) & (OSCreds.uid == uid))
except OSCreds.DoesNotExist:
return Response.make_error_resp(msg="Error Finding Creds",
code=404)
newSpace = SpaceOS.create(name=name,
tenantName=tenantName,
availabilityZone=availabilityZone,
ipPool=ipPool,
securityGroup=securityGroup,
intNetwork=intNetwork,
uid=uid,
cid=cid,
id=str(uuid.uuid4()))
# Get the new space object
try:
newSpace = SpaceOS.get(SpaceOS.id == newSpace.id)
except AWSCreds.DoesNotExist as e:
return Response.make_error_resp(msg="Error Finding new Space",
code=404)
# Return the space data
res = {"id": newSpace.id, "name": newSpace.name}
return Response.make_json_response(res)
else:
return Response.make_error_resp(msg="Password is incorrect")