def verify_cloud_credentials(cloud):
"""
Verify IBM cloud credentials and save the credentials to database
"""
try:
hmac = True
resource_group_names = []
ibm_manager = IBMManager(cloud)
cloud.credentials = IBMCredentials(
ibm_manager.iam_ops.authenticate_cloud_account())
if cloud.service_credentials:
ibm_manager.cos_ops.fetch_ops.get_buckets()
resource_groups = ibm_manager.resource_ops.raw_fetch_ops.get_resource_groups(
)
resource_group_names = [
resource_group["name"] for resource_group in resource_groups
]
if cloud.service_credentials.access_key_id and cloud.service_credentials.secret_access_key:
hmac = validate_hmac(
decrypt_api_key(cloud.service_credentials.access_key_id),
decrypt_api_key(cloud.service_credentials.secret_access_key))
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
cloud.status = INVALID
doosradb.session.commit()
else:
if len(resource_group_names) != len(set(resource_group_names)):
cloud.status = IBMCloud.STATUS_ERROR_DUPLICATE_RESOURCE_GROUPS
else:
cloud.status = VALID
if not hmac:
cloud.status = INVALID
doosradb.session.commit()
def execute(self, request, data=None):
request_url = request[1].format(base_url=self.base_url,
version=VERSION,
generation=GENERATION)
if not self.cloud.credentials:
raise IBMAuthError(self.cloud.id)
try:
if self.cloud.credentials.is_token_expired():
self.cloud.credentials.update_token(
IBMCredentials(self.iam_ops.authenticate_cloud_account()))
headers = {"Authorization": self.cloud.credentials.access_token}
current_app.logger.debug("{0} : {1}".format(
request[0], request_url))
response = self.session.request(request[0],
request_url,
data=data,
timeout=50,
headers=headers)
except (ConnectionError, ReadTimeout, RequestException, MaxRetryError,
ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(self.cloud.id, request_url)
else:
if response.status_code in [401]:
raise IBMAuthError(self.cloud.id)
elif response.status_code in [400, 404, 408, 500]:
raise IBMExecuteError(response)
elif response.status_code == 409:
raise IBMInvalidRequestError(response)
elif response.status_code not in [200, 201, 204]:
raise IBMExecuteError(response)
return response.json()
def execute_(self, obj, request, data=None, required_status=None):
"""
The following method executes the request on IBM Cloud and then polls for the resource creation or
deletion operation and do so while it is completed/deleted.
:return:
"""
request_url = request[1].format(k8s_base_url=self.k8s_base_url)
if not self.cloud.credentials:
raise IBMAuthError(self.cloud.id)
try:
if self.cloud.credentials.is_token_expired():
self.cloud.credentials.update_token(
IBMCredentials(self.iam_ops.authenticate_cloud_account()))
headers = {"Authorization": self.cloud.credentials.access_token}
current_app.logger.info("{0}: {1} {2}".format(
request[0], request_url, data if data else ""))
if headers:
if hasattr(obj, 'disk_encryption'):
headers.update({
"Auth-Refresh-Token":
self.cloud.credentials.refresh_token,
"Auth-Resource-Group":
obj.kubernetes_clusters.ibm_resource_group.name
})
else:
headers.update({
"Auth-Refresh-Token":
self.cloud.credentials.refresh_token,
"Auth-Resource-Group":
obj.ibm_resource_group.name
})
response = self.session_k8s.request(request[0],
request_url,
json=data,
timeout=50,
headers=headers)
except (ConnectionError, ReadTimeout, RequestException, MaxRetryError,
ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(self.cloud.id, request_url)
else:
if response.status_code == 401:
raise IBMAuthError(self.cloud.id)
elif response.status_code not in [200, 201, 202, 204, 404]:
raise IBMExecuteError(response.json())
time.sleep(60)
status = self.wait_for_operation(
obj, obj.resource_id or response.json().get("clusterID")
or response.json().get("workerPoolID"), required_status)
if not status:
raise IBMInvalidRequestError(
"The requested operation could not be performed:\n{0} : {1}"
.format(request[0], request_url))
return response.json() if response.text else ""
def execute_(self, request, data=None):
request_url = request[1].format(
k8s_base_url=self.k8s_base_url
)
if not self.cloud.credentials:
raise IBMAuthError(self.cloud.id)
try:
if self.cloud.credentials.is_token_expired():
self.cloud.credentials.update_token(
IBMCredentials(self.iam_ops.authenticate_cloud_account())
)
headers = {"Authorization": self.cloud.credentials.access_token}
current_app.logger.debug("{0} : {1}".format(request[0], request_url))
response = self.session_k8s.request(
request[0], request_url, data=data, timeout=50, headers=headers
)
except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(self.cloud.id, request_url)
else:
if response.status_code in [401, 403]:
raise IBMAuthError(self.cloud.id)
elif response.status_code in [400, 408, 500]:
raise IBMExecuteError(response)
elif response.status_code == 409:
raise IBMInvalidRequestError(response)
elif response.status_code not in [200, 201, 204, 404]:
raise IBMExecuteError(response)
resp = response.json()
if not (request[0] == "GET" and "next" in resp):
return resp
list_key = None
for key, val in resp.items():
if isinstance(val, list):
list_key = key
if not list_key:
return resp
temp_resp = resp.copy()
while "next" in temp_resp:
req = [
"GET",
temp_resp["next"]["href"] + "&version={version}&generation={generation}".format(
version=VERSION, generation=GENERATION)
]
temp_resp = self.execute(req)
resp[list_key].extend(temp_resp[list_key][:])
return resp
def __execute(self, obj, request, data=None, required_status=None):
if not self.cloud.credentials:
raise IBMAuthError(self.cloud.id)
try:
request_url = request[1].format(base_url=self.base_url,
version=VERSION)
if self.cloud.credentials.is_token_expired():
self.cloud.credentials.update_token(
IBMCredentials(self.iam_ops.authenticate_cloud_account()))
headers = {"Authorization": self.cloud.credentials.access_token}
current_app.logger.debug("{0} : {1}".format(
request[0], request_url))
response = self.session.request(request[0],
request_url,
json=data,
timeout=30,
headers=headers)
except (
ConnectionError,
ReadTimeout,
RequestException,
MaxRetryError,
ReadTimeoutError,
) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(self.cloud.id)
else:
if response.status_code == 401:
raise IBMAuthError(self.cloud.id)
elif response.status_code in [400, 408, 500]:
raise IBMExecuteError(response)
elif response.status_code not in [200, 201, 204, 404]:
raise IBMExecuteError(response)
if not request[0] == "PATCH":
status = self.wait_for_operation(
obj, obj.resource_id or response.json().get("id"),
required_status)
if not status:
raise IBMInvalidRequestError(
"The requested operation could not be performed:\n{0} : {1}"
.format(request[0], request_url))
return response.json() if response.text else ""
def execute(self, obj, request, data=None, required_status=None):
"""
The following method executes the request on IBM Cloud and then polls for the resource creation or
deletion operation and do so while it is completed/deleted.
:return:
"""
request_url = request[1].format(base_url=self.base_url,
version=VERSION,
generation=GENERATION)
if not self.cloud.credentials:
raise IBMAuthError(self.cloud.id)
try:
if self.cloud.credentials.is_token_expired():
self.cloud.credentials.update_token(
IBMCredentials(self.iam_ops.authenticate_cloud_account()))
headers = {"Authorization": self.cloud.credentials.access_token}
current_app.logger.info("{0}: {1} {2}".format(
request[0], request_url, data if data else ""))
response = self.session.request(request[0],
request_url,
json=data,
timeout=50,
headers=headers)
except (ConnectionError, ReadTimeout, RequestException, MaxRetryError,
ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(self.cloud.id, request_url)
else:
if response.status_code == 401:
raise IBMAuthError(self.cloud.id)
elif response.status_code not in [200, 201, 202, 204, 404]:
raise IBMExecuteError(response)
status = self.wait_for_operation(
obj, obj.resource_id or response.json().get("id"),
required_status)
if not status:
raise IBMInvalidRequestError(
"The requested operation could not be performed:\n{0} : {1}"
.format(request[0], request_url))
return response.json() if response.text else ""
def execute(self,
request,
cluster=None,
worker_pools=None,
data=None,
required_status=None):
"""
The following method executes the request on IBM Cloud and then polls for the resource creation or
deletion operation and do so while it is completed/deleted.
:return:
"""
request_url = request[1].format(
kubernetes_base_url=self.kubernetes_base_url)
cloud = doosradb.session.query(IBMCloud).filter_by(
id=self.cloud_id).first()
if not cloud:
raise IBMInvalidRequestError("Cloud not found")
if not cloud.credentials:
raise IBMAuthError(cloud.id)
iam_ops = IAMOperations(cloud)
try:
if cloud.credentials.is_token_expired():
cloud.credentials.update_token(
IBMCredentials(iam_ops.authenticate_cloud_account()))
headers = {"Authorization": cloud.credentials.access_token}
current_app.logger.info("{0}: {1} {2}".format(
request[0], request_url, data if data else ""))
if headers and cluster:
headers.update({
"Auth-Refresh-Token":
cloud.credentials.refresh_token,
"Auth-Resource-Group":
cluster.ibm_resource_group.resource_id
})
else:
headers.update(
{"Auth-Refresh-Token": cloud.credentials.refresh_token})
response = self.session.request(request[0],
request_url,
json=data,
timeout=50,
headers=headers)
except (ConnectionError, ReadTimeout, RequestException, MaxRetryError,
ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(cloud.id, request_url)
else:
if response.status_code == 401:
raise IBMAuthError(cloud.id)
elif response.status_code not in [200, 201, 202, 404]:
raise IBMExecuteError(response)
elif response.status_code == 201:
if worker_pools:
for worker_pool in worker_pools:
worker_pool['cluster'] = response.json().get(
"clusterID")
try:
resp = self.session.request(
"POST",
KUBERNETES_CLUSTER_URL_TEMPLATE.format(
path=CREATE_VPC_KUBERNETES_WORKERPOOL_PATH
),
json=worker_pool,
timeout=50,
headers=headers)
except (ConnectionError, ReadTimeout, RequestException,
MaxRetryError, ReadTimeoutError) as ex:
current_app.logger.debug(ex)
raise IBMConnectError(cloud.id, request_url)
else:
if resp.status_code == 401:
raise IBMAuthError(cloud.id)
elif resp.status_code not in [200, 201]:
raise IBMExecuteError(resp)
time.sleep(60)
if response.json().get("clusterID"):
status = self.wait_for_operation(
response.json().get("clusterID"), required_status)
if not status:
raise IBMInvalidRequestError(
"The requested operation could not be performed:\n{0} : {1}"
.format(request[0], request_url))
return response.json().get("clusterID") if response.json().get(
"clusterID") else response.json()