def delete_address_prefix(address_prefix):
"""
This request deletes a address prefix from IBM cloud
:return:
"""
current_app.logger.info(
"Deleting IBM address prefix '{name}' on IBM Cloud".format(
name=address_prefix.name))
try:
ibm_manager = IBMManager(address_prefix.ibm_vpc_network.ibm_cloud)
existing_address_prefix = ibm_manager.rias_ops.fetch_ops.get_all_vpc_address_prefixes(
vpc_id=address_prefix.ibm_vpc_network, name=address_prefix.name)
if existing_address_prefix:
ibm_manager.rias_ops.delete_address_prefix(
existing_address_prefix[0])
address_prefix.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
address_prefix.ibm_cloud.status = INVALID
if address_prefix:
address_prefix.status = ERROR_DELETING
doosradb.session.commit()
else:
address_prefix.status = DELETED
doosradb.session.delete(address_prefix)
doosradb.session.commit()
return True
def configure_public_gateway(name, vpc_id, data):
"""
This request creates a new public gateway from a public gateway template.
"""
ibm_public_gateway = None
ibm_vpc = IBMVpcNetwork.query.get(vpc_id)
if not ibm_vpc:
current_app.logger.debug("IBM VPC Network with ID '{id}' not found".format(id=vpc_id))
return
current_app.logger.info("Deploying Public Gateway '{name}' on IBM Cloud".format(name=name))
try:
ibm_manager = IBMManager(ibm_vpc.ibm_cloud, ibm_vpc.region)
existing_public_gateway = ibm_manager.rias_ops.fetch_ops.get_all_public_gateways(
zone=data['zone'], vpc_name=ibm_vpc.name)
if existing_public_gateway:
raise IBMInvalidRequestError(
"Public Gateway with name '{}' already configured in zone '{}' for VPC '{}'".format(
name, data['zone'], ibm_vpc.name))
existing_public_gateway = ibm_manager.rias_ops.fetch_ops.get_all_public_gateways(name)
if existing_public_gateway:
raise IBMInvalidRequestError(
"Public Gateway with name '{}' already configured in zone'{}'".format(name, data['zone']))
ibm_public_gateway = IBMPublicGateway(name=name, zone=data['zone'], region=ibm_vpc.region)
ibm_public_gateway.ibm_cloud = ibm_vpc.ibm_cloud
ibm_public_gateway.ibm_vpc_network = ibm_vpc
ibm_resource_group = IBMResourceGroup(name=data["resource_group"], cloud_id=ibm_vpc.ibm_cloud.id)
ibm_resource_group = ibm_resource_group.get_existing_from_db() or ibm_resource_group
ibm_public_gateway.ibm_resource_group = ibm_resource_group
doosradb.session.add(ibm_public_gateway)
doosradb.session.commit()
ibm_manager.rias_ops.create_public_gateway(ibm_public_gateway)
configured_public_gateway = ibm_manager.rias_ops.fetch_ops.get_all_public_gateways(
name=ibm_public_gateway.name, zone=ibm_public_gateway.zone, vpc_name=ibm_vpc.name)
if configured_public_gateway:
configured_public_gateway = configured_public_gateway[0]
ibm_public_gateway.resource_id = configured_public_gateway.resource_id
floating_ip_copy = configured_public_gateway.floating_ip.make_copy()
floating_ip_copy.ibm_cloud = ibm_public_gateway.ibm_cloud
ibm_public_gateway.floating_ip = floating_ip_copy
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_vpc.ibm_cloud.status = INVALID
if ibm_public_gateway:
ibm_public_gateway.status = ERROR_CREATING
doosradb.session.commit()
else:
ibm_public_gateway.status = CREATED
doosradb.session.commit()
return ibm_public_gateway
def delete_ibm_subnet(subnet):
"""
Delete subnet on IBM cloud.
:return:
"""
current_app.logger.info(
"Deleting subnet '{name}' on IBM Cloud".format(name=subnet.name))
try:
ibm_manager = IBMManager(subnet.ibm_vpc_network.ibm_cloud,
subnet.ibm_vpc_network.region)
existing_subnet = ibm_manager.rias_ops.fetch_ops.get_all_subnets(
subnet.name, subnet.zone, subnet.ibm_vpc_network.name)
if existing_subnet:
subnet.status = DELETING
doosradb.session.commit()
ibm_manager.rias_ops.delete_subnet(existing_subnet[0])
subnet.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
subnet.ibm_vpc_network.cloud.status = INVALID
subnet.status = ERROR_DELETING
doosradb.session.commit()
else:
subnet.status = DELETED
doosradb.session.delete(subnet)
doosradb.session.commit()
return True
def delete_ibm_security_group_rule(ibm_security_group_rule):
"""
This request deletes a security group rule. This operation cannot be reversed.
Removing a security group rule will not end existing connections allowed by that rule.
:return:
"""
current_app.logger.info(
"Deleting Security Group Rule '{id}' on IBM Cloud '{cloud}'".format(
id=ibm_security_group_rule.id,
cloud=ibm_security_group_rule.security_group.ibm_cloud.name))
try:
ibm_manager = IBMManager(
ibm_security_group_rule.security_group.ibm_cloud,
ibm_security_group_rule.security_group.ibm_vpc_network.region)
existing_security_group_rule = ibm_manager.rias_ops.fetch_ops.get_all_security_group_rules(
ibm_security_group_rule.security_group.resource_id,
security_group_rule_id=ibm_security_group_rule.resource_id)
if existing_security_group_rule:
ibm_manager.rias_ops.delete_security_group_rule(
ibm_security_group_rule)
ibm_security_group_rule.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_security_group_rule.security_group.ibm_cloud.status = INVALID
if ibm_security_group_rule:
ibm_security_group_rule.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_security_group_rule.status = DELETED
doosradb.session.delete(ibm_security_group_rule)
doosradb.session.commit()
return True
def sync_floating_ips(self, region):
"""
Discover Floating IPs within a region on IBM Cloud
:return:
"""
floating_ips_list = list()
current_app.logger.info(
"Starting discovery of Floating IPs for IBM Cloud with ID '{id}' in region '{region}'"
.format(id=self.cloud.id, region=region))
ibm_manager = IBMManager(self.cloud, region)
floating_ips_list.extend(
ibm_manager.rias_ops.fetch_ops.get_all_floating_ips())
for floating_ip in self.cloud.floating_ips.filter_by(
region=region).all():
found = False
for floating_ip_ in floating_ips_list:
if floating_ip.name == floating_ip_.name:
found = True
break
if not found:
doosradb.session.delete(floating_ip)
doosradb.session.commit()
for floating_ip in floating_ips_list:
floating_ip.add_update_db()
def delete_ibm_vpc_route(ibm_vpc_route):
"""
Delete VPC Route on IBM cloud.
:return:
"""
current_app.logger.info(
"Deleting VPC '{name}' on IBM Cloud".format(name=ibm_vpc_route.name))
try:
ibm_manager = IBMManager(ibm_vpc_route.ibm_cloud, ibm_vpc_route.region)
existing_vpc_route = ibm_manager.rias_ops.fetch_ops.get_all_ibm_vpc_routes(
vpc_resource_id=ibm_vpc_route.ibm_vpc_network.resource_id,
name=ibm_vpc_route.name,
zone=ibm_vpc_route.zone)
if existing_vpc_route:
ibm_vpc_route.status = DELETING
doosradb.session.commit()
ibm_manager.rias_ops.push_obj_confs(existing_vpc_route[0],
delete=True)
existing_vpc_route[0].lifecycle_state = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_vpc_route.ibm_vpc_network.cloud.status = INVALID
ibm_vpc_route.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_vpc_route.status = DELETED
doosradb.session.delete(ibm_vpc_route)
doosradb.session.commit()
return True
def sync_custom_images(self, region):
"""
Discover custom images within a region on IBM Cloud
:return:
"""
images_list = list()
current_app.logger.info(
"Starting discovery of images for IBM Cloud with ID '{id}' in region '{region}'"
.format(id=self.cloud.id, region=region))
ibm_manager = IBMManager(self.cloud, region)
images_list.extend(ibm_manager.rias_ops.fetch_ops.get_all_images())
for image in self.cloud.images.filter_by(region=region).all():
found = False
for image in images_list:
if image.name == image.name:
found = True
break
if not found:
doosradb.session.delete(image)
doosradb.session.commit()
for image in images_list:
image.add_update_db()
def sync_vpcs(self, region):
"""
Discover Network VPCs within a region on IBM Cloud
:return:
"""
vpc_list = list()
current_app.logger.info(
"Starting discovery of VPC Networks for IBM Cloud with ID '{id}' in region '{region}'"
.format(id=self.cloud.id, region=region))
ibm_manager = IBMManager(self.cloud, region)
vpc_list.extend(
ibm_manager.rias_ops.fetch_ops.get_all_vpcs(fetch_instances=True,
fetch_lbs=True,
fetch_vpns=True))
for vpc in self.cloud.vpc_networks.filter_by(region=region).all():
found = False
for vpc_ in vpc_list:
if vpc.name == vpc_.name:
found = True
break
if not found:
doosradb.session.delete(vpc)
doosradb.session.commit()
for vpc in vpc_list:
vpc.add_update_db()
def delete_floating_ip(ibm_floating_ip):
"""
This request deletes a floating ip from IBM cloud
:return:
"""
current_app.logger.info(
"Deleting IBM floating ip '{name}' on IBM Cloud".format(
name=ibm_floating_ip.name))
try:
ibm_manager = IBMManager(ibm_floating_ip.ibm_cloud,
ibm_floating_ip.region)
existing_floating_ip = ibm_manager.rias_ops.fetch_ops.get_all_floating_ips(
name=ibm_floating_ip.name)
if existing_floating_ip:
ibm_manager.rias_ops.delete_floating_ip(existing_floating_ip[0])
existing_floating_ip.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_floating_ip.ibm_cloud.status = INVALID
if ibm_floating_ip:
ibm_floating_ip.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_floating_ip.status = DELETED
doosradb.session.delete(ibm_floating_ip)
doosradb.session.commit()
return True
def delete_network_acl(ibm_network_acl):
"""
This request deletes a network ACL. This operation cannot be reversed. For this request to succeed,
the network ACL must not be the default network ACL for any VPCs, and the network ACL must not be
attached to any subnets.
:return:
"""
current_app.logger.info("Deleting Network ACL '{name}' on IBM Cloud '{cloud}'".format(
name=ibm_network_acl.name, cloud=ibm_network_acl.ibm_cloud.name))
try:
ibm_manager = IBMManager(ibm_network_acl.ibm_cloud, ibm_network_acl.region)
existing_network_acl = ibm_manager.rias_ops.fetch_ops.get_all_networks_acls(ibm_network_acl.name)
if existing_network_acl:
existing_network_acl = existing_network_acl[0]
if existing_network_acl.vpc_id:
raise IBMInvalidRequestError(
"IBM Network ACL '{name}' has VPC network tied".format(name=ibm_network_acl.name))
if existing_network_acl.subnets.all():
raise IBMInvalidRequestError(
"IBM Network ACL '{name}' has subnets tied".format(name=ibm_network_acl.name))
ibm_manager.rias_ops.delete_network_acl(existing_network_acl)
ibm_network_acl.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_network_acl.ibm_cloud.status = INVALID
if ibm_network_acl:
ibm_network_acl.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_network_acl.status = DELETED
doosradb.session.delete(ibm_network_acl)
doosradb.session.commit()
return True
def delete_network_acl_rule(ibm_network_acl_rule):
"""
This request deletes a network ACL Rule.
:return:
"""
current_app.logger.info("Deleting Network ACL Rule '{name}' on IBM Cloud '{cloud}'".format(
name=ibm_network_acl_rule.name, cloud=ibm_network_acl_rule.ibm_network_acl.ibm_cloud.name))
try:
ibm_manager = IBMManager(ibm_network_acl_rule.ibm_network_acl.ibm_cloud,
ibm_network_acl_rule.ibm_network_acl.region)
existing_network_acl_rule = ibm_manager.rias_ops.fetch_ops.get_all_networks_acls(ibm_network_acl_rule.name)
if existing_network_acl_rule:
ibm_manager.rias_ops.delete_network_acl_rule(existing_network_acl_rule[0])
ibm_network_acl_rule.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_network_acl_rule.cloud.status = INVALID
if ibm_network_acl_rule:
ibm_network_acl_rule.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_network_acl_rule.status = DELETED
doosradb.session.delete(ibm_network_acl_rule)
doosradb.session.commit()
return True
def configure_floating_ip(data):
"""
Configuring IBM floating-ip on IBM cloud
:return:
"""
floating_ip = None
ibm_cloud = IBMCloud.query.get(data["cloud_id"])
if not ibm_cloud:
current_app.logger.debug("IBM cloud with ID {} not found".format(
data["cloud_id"]))
return
current_app.logger.info(
"Reserving IBM flaoting ip in zone '{name}' on IBM Cloud".format(
name=data["zone"]))
try:
ibm_manager = IBMManager(ibm_cloud, data['region'])
existing_resource_group = ibm_manager.resource_ops.fetch_ops.get_resource_groups(
data['resource_group'])
if not existing_resource_group:
raise IBMInvalidRequestError(
"Resource Group with name '{}' not configured".format(
data['resource_group']))
existing_resource_group = existing_resource_group[
0].get_existing_from_db() or existing_resource_group[0]
floating_ip_name = ibm_manager.rias_ops.fetch_ops.get_available_floating_ip_name(
)
floating_ip = IBMFloatingIP(floating_ip_name, data['region'],
data['zone'])
floating_ip.ibm_resource_group = existing_resource_group
floating_ip.ibm_cloud = ibm_cloud
doosradb.session.add(floating_ip)
doosradb.session.commit()
ibm_manager.rias_ops.create_floating_ip(floating_ip)
existing_floating_ip = ibm_manager.rias_ops.fetch_ops.get_all_floating_ips(
name=floating_ip.name)
if existing_floating_ip:
existing_floating_ip = existing_floating_ip[0]
floating_ip.resource_id = existing_floating_ip.resource_id
floating_ip.finger_print = existing_floating_ip.finger_print
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
floating_ip.ibm_cloud.status = INVALID
if floating_ip:
floating_ip.status = ERROR_CREATING
doosradb.session.commit()
else:
floating_ip.status = CREATED
doosradb.session.commit()
return floating_ip
def detach_public_gateway(subnet):
"""
This request detaches the public gateway from the subnet specified by the subnet identifier in the URL.
:return:
"""
current_app.logger.info(
"Detaching Public Gateway for Subnet '{name}' on IBM Cloud".format(
name=subnet.name))
try:
ibm_manager = IBMManager(subnet.ibm_vpc_network.ibm_cloud,
subnet.ibm_vpc_network.region)
existing_public_gateway = ibm_manager.rias_ops.fetch_ops.get_all_public_gateways(
name=subnet.ibm_public_gateway.name,
zone=subnet.zone,
vpc_name=subnet.ibm_vpc_network.name)
if existing_public_gateway:
existing_subnet = ibm_manager.rias_ops.fetch_ops.get_all_subnets(
subnet.name, subnet.zone, subnet.ibm_vpc_network.name)
if existing_subnet:
ibm_manager.rias_ops.detach_public_gateway_to_subnet(
existing_subnet[0])
subnet.ibm_public_gateway = None
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
subnet.ibm_vpc_network.cloud.status = INVALID
doosradb.session.commit()
else:
return True
def verify_cloud_credentials(cloud):
"""
Verify IBM cloud credentials and save the credentials to database
"""
try:
hmac = True
resource_group_names = []
ibm_manager = IBMManager(cloud)
cloud.credentials = IBMCredentials(
ibm_manager.iam_ops.authenticate_cloud_account())
if cloud.service_credentials:
ibm_manager.cos_ops.fetch_ops.get_buckets()
resource_groups = ibm_manager.resource_ops.raw_fetch_ops.get_resource_groups(
)
resource_group_names = [
resource_group["name"] for resource_group in resource_groups
]
if cloud.service_credentials.access_key_id and cloud.service_credentials.secret_access_key:
hmac = validate_hmac(
decrypt_api_key(cloud.service_credentials.access_key_id),
decrypt_api_key(cloud.service_credentials.secret_access_key))
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
cloud.status = INVALID
doosradb.session.commit()
else:
if len(resource_group_names) != len(set(resource_group_names)):
cloud.status = IBMCloud.STATUS_ERROR_DUPLICATE_RESOURCE_GROUPS
else:
cloud.status = VALID
if not hmac:
cloud.status = INVALID
doosradb.session.commit()
def delete_ibm_vpn_gateway(vpn_gateway):
"""
This request deletes a VPN Gateway. This operation cannot be reversed.
:return:
"""
current_app.logger.info(
"Deleting VPN Gateway '{name}' on IBM Cloud".format(
name=vpn_gateway.name))
try:
ibm_manager = IBMManager(vpn_gateway.ibm_cloud, vpn_gateway.region)
existing_vpn_gateway = ibm_manager.rias_ops.fetch_ops.get_all_vpn_gateways(
name=vpn_gateway.name)
if existing_vpn_gateway:
ibm_manager.rias_ops.push_obj_confs(existing_vpn_gateway[0],
delete=True)
vpn_gateway.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
vpn_gateway.cloud.status = INVALID
vpn_gateway.status = ERROR_DELETING
doosradb.session.commit()
else:
vpn_gateway.status = DELETED
doosradb.session.delete(vpn_gateway)
doosradb.session.commit()
return True
def delete_ibm_ike_policy(ike_policy):
"""
This request deletes an IKE Policy. This operation cannot be reversed.
:return:
"""
current_app.logger.info("Deleting IKE Policy '{name}' on IBM Cloud".format(
name=ike_policy.name))
try:
ibm_manager = IBMManager(ike_policy.ibm_cloud, ike_policy.region)
existing_ike_policy = ibm_manager.rias_ops.fetch_ops.get_all_ike_policies(
name=ike_policy.name)
if existing_ike_policy:
ibm_manager.rias_ops.delete_ike_policy(ike_policy_obj=ike_policy)
ike_policy.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ike_policy.cloud.status = INVALID
ike_policy.status = ERROR_DELETING
doosradb.session.commit()
else:
ike_policy.status = DELETED
doosradb.session.delete(ike_policy)
doosradb.session.commit()
return True
def delete_ssh_key(ibm_ssh_key):
"""
This request deletes a ssh key from IBM cloud
:return:
"""
current_app.logger.info("Deleting IBM ssh key '{name}' on IBM Cloud".format(name=ibm_ssh_key.name))
try:
ibm_manager = IBMManager(ibm_ssh_key.ibm_cloud, region=ibm_ssh_key.region)
existing_ssh_key = ibm_manager.rias_ops.fetch_ops.get_all_ssh_keys(name=ibm_ssh_key.name)
if existing_ssh_key:
ibm_manager.rias_ops.delete_ssh_key(existing_ssh_key[0])
ibm_ssh_key.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_ssh_key.ibm_cloud.status = INVALID
if ibm_ssh_key:
ibm_ssh_key.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_ssh_key.status = DELETED
doosradb.session.delete(ibm_ssh_key)
doosradb.session.commit()
return True
def delete_ibm_vpn_connection(vpn_connection, vpn_gateway_id):
"""
This request deletes an Connection for VPN Gateway. This operation cannot be reversed.
:return:
"""
current_app.logger.info("Deleting Connection '{name}' on IBM Cloud".format(
name=vpn_connection.name))
ibm_vpn_gateway = IBMVpnGateway.query.get(vpn_gateway_id)
try:
ibm_manager = IBMManager(
ibm_vpn_gateway.ibm_cloud,
ibm_vpn_gateway.ibm_cloud.vpc_networks[0].region)
existing_vpn_connection = ibm_manager.rias_ops.fetch_ops.get_all_vpn_connections(
name=vpn_connection.name,
vpn_gateway_id=ibm_vpn_gateway.resource_id)
if existing_vpn_connection:
ibm_manager.rias_ops.delete_vpn_connection(
vpn_connection_obj=vpn_connection,
vpn_gateway_id=ibm_vpn_gateway.resource_id)
vpn_connection.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
vpn_connection.cloud.status = INVALID
vpn_connection.status = ERROR_DELETING
doosradb.session.commit()
else:
vpn_connection.status = DELETED
doosradb.session.delete(vpn_connection)
doosradb.session.commit()
return True
def get_cos_buckets(ibm_cloud, region, get_objects, primary_objects=True):
"""
This request lists all COS buckets available in the region
:return:
"""
try:
if not ibm_cloud.service_credentials:
raise IBMInvalidRequestError(
"IBM Service Credential for COS is required")
ibm_manager = IBMManager(ibm_cloud, region)
buckets = ibm_manager.cos_ops.fetch_ops.get_buckets(
get_objects=get_objects, primary_objects=primary_objects)
except (
IBMAuthError,
IBMConnectError,
IBMExecuteError,
IBMInvalidRequestError,
) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_cloud.status = INVALID
doosradb.session.commit()
return None, False
else:
return buckets, True
def delete_public_gateway(public_gateway):
"""
This request deletes a public gateway. This operation cannot be reversed.
For this request to succeed, the public gateway must not be attached to any subnets.
:return:
"""
current_app.logger.info("Deleting Public Gateway '{name}' on IBM Cloud".format(name=public_gateway.name))
try:
ibm_manager = IBMManager(public_gateway.ibm_cloud, public_gateway.ibm_vpc_network.region)
existing_public_gateway = ibm_manager.rias_ops.fetch_ops.get_all_public_gateways(
public_gateway.name, public_gateway.zone, public_gateway.ibm_vpc_network.name)
if existing_public_gateway:
public_gateway.status = DELETING
doosradb.session.commit()
ibm_manager.rias_ops.delete_public_gateway(existing_public_gateway[0])
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
public_gateway.cloud.status = INVALID
public_gateway.status = ERROR_DELETING
doosradb.session.commit()
else:
public_gateway.status = DELETED
doosradb.session.delete(public_gateway)
doosradb.session.commit()
return True
def configure_ssh_key(data):
"""
Configuring IBM ssh-key on IBM cloud
:return:
"""
ssh_key = None
ibm_cloud = IBMCloud.query.get(data["cloud_id"])
if not ibm_cloud:
current_app.logger.debug("IBM cloud with ID {} not found".format(data["cloud_id"]))
return
current_app.logger.info("Deploying IBM ssh key '{name}' on IBM Cloud".format(name=data["name"]))
try:
ibm_manager = IBMManager(ibm_cloud, data['region'])
existing_resource_group = ibm_manager.resource_ops.fetch_ops.get_resource_groups(data['resource_group'])
if not existing_resource_group:
raise IBMInvalidRequestError("Resource Group with name '{}' not configured".format(data['resource_group']))
existing_resource_group = existing_resource_group[0].get_existing_from_db() or existing_resource_group[0]
existing_ssh_key_name = ibm_manager.rias_ops.fetch_ops.get_all_ssh_keys(name=data["name"])
if existing_ssh_key_name:
raise IBMInvalidRequestError("IBM ssh key with name '{}' already configured".format(data["name"]))
existing_ssh_key = ibm_manager.rias_ops.fetch_ops.get_all_ssh_keys(public_key=data["public_key"])
if existing_ssh_key:
raise IBMInvalidRequestError("IBM ssh key with public key '{}' already configured".format(data["name"]))
ssh_key = IBMSshKey(data['name'], data.get('type'), data['public_key'], data['region'])
ssh_key.ibm_resource_group = existing_resource_group
ssh_key.ibm_cloud = ibm_cloud
doosradb.session.add(ssh_key)
doosradb.session.commit()
ibm_manager.rias_ops.create_ssh_key(ssh_key)
existing_ssh_key = ibm_manager.rias_ops.fetch_ops.get_all_ssh_keys(name=ssh_key.name)
if existing_ssh_key:
existing_ssh_key = existing_ssh_key[0]
ssh_key.resource_id = existing_ssh_key.resource_id
ssh_key.finger_print = existing_ssh_key.finger_print
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ssh_key.ibm_cloud.status = INVALID
if ssh_key:
ssh_key.status = ERROR_CREATING
doosradb.session.commit()
else:
ssh_key.status = CREATED
doosradb.session.commit()
return ssh_key
def configure_ibm_security_group_rule(security_group_id, data):
"""
This request creates a new security group rule from a security group rule template
:return:
"""
ibm_security_group_rule = None
ibm_security_group = IBMSecurityGroup.query.get(security_group_id)
if not ibm_security_group:
current_app.logger.debug(
"IBM Security Group {} not found".format(security_group_id))
return
try:
ibm_manager = IBMManager(ibm_security_group.ibm_cloud,
ibm_security_group.ibm_vpc_network.region)
existing_rule = ibm_manager.rias_ops.fetch_ops.get_all_security_group_rules(
ibm_security_group.resource_id, data['direction'],
data.get('protocol'), data.get('code'), data.get('type'),
data.get('port_min'), data.get('port_max'), data.get('address'),
data.get('cidr_block'))
if existing_rule:
raise IBMInvalidRequestError(
"IBM Security Group Rule with params already configured in IBM Security Group"
)
ibm_security_group_rule = IBMSecurityGroupRule(data['direction'],
data['protocol'],
data.get('code'),
data.get('type'),
data.get('port_min'),
data.get('port_max'),
data.get('address'),
data.get('cidr_block'))
if data.get('security_group'):
ibm_security_group_rule.rule_type = "security_group"
ibm_security_group.rules.append(ibm_security_group_rule)
doosradb.session.commit()
response = ibm_manager.rias_ops.create_security_group_rule(
ibm_security_group_rule)
if response:
ibm_security_group_rule.resource_id = response["id"]
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_security_group.ibm_cloud.status = INVALID
if ibm_security_group_rule:
ibm_security_group_rule.status = ERROR_CREATING
doosradb.session.commit()
else:
ibm_security_group_rule.status = CREATED
doosradb.session.commit()
return ibm_security_group_rule
def configure_network_acl_rule(acl_id, rule_name, data):
"""
This request creates a new network ACL from a network ACL template. The network ACL template
object is structured in the same way as a retrieved network ACL, and contains the information
necessary to create the new network ACL
:return:
"""
ibm_network_acl_rule = None
network_acl = IBMNetworkAcl.query.get(acl_id)
if not network_acl:
current_app.logger.debug("IBM Network ACL {} not found".format(acl_id))
return
current_app.logger.info("Deploying IBM Network ACL Rule '{name}' on IBM Cloud".format(name=rule_name))
try:
ibm_manager = IBMManager(network_acl.ibm_cloud, network_acl.region)
existing_rule = ibm_manager.rias_ops.fetch_ops.get_all_network_acl_rules(
network_acl.resource_id, data['action'], data.get('destination'), data['direction'], data.get('source'),
data['protocol'], data.get('port_max'), data.get('port_min'), data.get('source_port_max'),
data.get('source_port_min'), data.get('code'), data.get('type'))
if existing_rule:
raise IBMInvalidRequestError("IBM Network ACL Rule with params already configured in IBM ACL")
existing_rule = ibm_manager.rias_ops.fetch_ops.get_all_network_acl_rules(network_acl.resource_id, rule_name)
if existing_rule:
raise IBMInvalidRequestError(
"IBM Network ACL Rule with name '{name}' already exists".format(name=rule_name))
ibm_network_acl_rule = IBMNetworkAclRule(rule_name, data['action'], data.get('destination'), data['direction'],
data.get('source'), data['protocol'], data.get('port_max'),
data.get('port_min'), data.get('source_port_max'),
data.get('source_port_min'), data.get('code'), data.get('type'))
network_acl.rules.append(ibm_network_acl_rule)
doosradb.session.commit()
ibm_manager.rias_ops.create_network_acl_rule(ibm_network_acl_rule)
configured_acl_rule = ibm_manager.rias_ops.fetch_ops.get_all_network_acl_rules(network_acl.resource_id,
ibm_network_acl_rule.name)
if configured_acl_rule:
configured_acl_rule = configured_acl_rule[0]
ibm_network_acl_rule.resource_id = configured_acl_rule.resource_id
except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
network_acl.ibm_cloud.status = INVALID
if ibm_network_acl_rule:
ibm_network_acl_rule.status = ERROR_CREATING
doosradb.session.commit()
else:
ibm_network_acl_rule.status = CREATED
doosradb.session.commit()
return ibm_network_acl_rule
def configure_address_prefix(data, vpc_id):
"""
Configuring IBM VPC address prefix on IBM cloud
:return:
"""
vpc = (doosradb.session.query(IBMVpcNetwork).filter_by(id=vpc_id).first())
address_prefix = None
ibm_cloud = IBMCloud.query.filter_by(id=vpc.cloud_id).first()
if not ibm_cloud:
current_app.logger.debug("IBM cloud with ID {} not found".format(
vpc.cloud_id))
return
current_app.logger.info(
"Creating address prefix in VPC '{name}' on IBM Cloud".format(
name=vpc.name))
try:
ibm_manager = IBMManager(ibm_cloud, vpc.region)
address_prefix = IBMAddressPrefix(name=data.get('name'),
zone=data.get('zone'),
address=data.get('address'))
address_prefix.ibm_vpc_network = vpc
doosradb.session.add(address_prefix)
doosradb.session.commit()
ibm_manager.rias_ops.create_address_prefix(address_prefix)
existing_address_prefix = ibm_manager.rias_ops.fetch_ops.get_all_vpc_address_prefixes(
vpc.resource_id, name=address_prefix.name)
if existing_address_prefix:
existing_address_prefix = existing_address_prefix[0]
existing_address_prefix.resource_id = existing_address_prefix.resource_id
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
vpc.ibm_cloud.status = INVALID
if address_prefix:
address_prefix.status = ERROR_CREATING
doosradb.session.commit()
else:
address_prefix.status = CREATED
doosradb.session.commit()
return address_prefix
def attach_network_acl(subnet, acl_id):
"""
This request attaches the network ACL, specified in the request body, to the subnet specified by the
subnet identifier in the URL. This replaces the existing network ACL on the subnet.
:return:
"""
network_acl = IBMNetworkAcl.query.get(acl_id)
if not network_acl:
return
current_app.logger.info(
"Attaching Network ACL for Subnet '{name}' on IBM Cloud".format(
name=subnet.name))
try:
ibm_manager = IBMManager(subnet.ibm_vpc_network.ibm_cloud,
subnet.ibm_vpc_network.region)
existing_acl = ibm_manager.rias_ops.fetch_ops.get_all_networks_acls(
name=network_acl.name)
if not existing_acl:
raise IBMInvalidRequestError(
"Network ACL with name '{name}' doesn't exist".format(
name=network_acl.name))
existing_subnet = ibm_manager.rias_ops.fetch_ops.get_all_subnets(
name=subnet.name,
zone=subnet.zone,
vpc=subnet.ibm_vpc_network.name)
if not existing_subnet:
raise IBMInvalidRequestError(
"Subnet with name '{name}' doesn't exist".format(
name=subnet.name))
subnet.network_acl = network_acl
doosradb.session.commit()
ibm_manager.rias_ops.attach_acl_to_subnet(subnet)
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
subnet.ibm_vpc_network.cloud.status = INVALID
doosradb.session.commit()
else:
return True
def delete_ibm_security_group(ibm_security_group):
"""
This request deletes a security group. A security group cannot be deleted if it is referenced by any
network interfaces or other security group rules. Additionally, a VPC's default security group cannot be
deleted. This operation cannot be reversed.
:param ibm_security_group:
:return:
"""
current_app.logger.info(
"Deleting Security Group '{name}' on IBM Cloud '{cloud}'".format(
name=ibm_security_group.name,
cloud=ibm_security_group.ibm_cloud.name))
try:
ibm_manager = IBMManager(ibm_security_group.ibm_cloud,
ibm_security_group.ibm_vpc_network.region)
existing_security_group = ibm_manager.rias_ops.fetch_ops.get_all_security_groups(
ibm_security_group.name)
if existing_security_group:
default_security_group = ibm_manager.rias_ops.fetch_ops.get_vpc_default_security_group(
ibm_security_group.ibm_vpc_network.resource_id)
if default_security_group and default_security_group.name == ibm_security_group.name:
raise IBMInvalidRequestError(
"IBM Security Group '{name}' is default for VPC network '{vpc}'"
.format(name=ibm_security_group.name,
vpc=ibm_security_group.ibm_vpc_network.name))
ibm_manager.rias_ops.delete_security_group(
existing_security_group[0])
ibm_security_group.status = DELETED
doosradb.session.commit()
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_security_group.ibm_cloud.cloud.status = INVALID
if ibm_security_group:
ibm_security_group.status = ERROR_DELETING
doosradb.session.commit()
else:
ibm_security_group.status = DELETED
doosradb.session.delete(ibm_security_group)
doosradb.session.commit()
return True
def get_ibm_zones(ibm_cloud, region):
"""
Get a list of available IBM zones against an IBM region
:return:
"""
try:
ibm_manager = IBMManager(ibm_cloud, region)
zones_list = ibm_manager.rias_ops.fetch_ops.get_zones()
except (
IBMAuthError,
IBMConnectError,
IBMExecuteError,
IBMInvalidRequestError,
) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_cloud.status = INVALID
doosradb.session.commit()
else:
return zones_list
def run_discovery(self):
try:
regions = self.ibm_manager.rias_ops.fetch_ops.get_regions()
for region in regions:
self.ibm_manager = IBMManager(self.cloud, region)
self.sync_floating_ips(region)
self.sync_ssh_keys(region)
self.sync_vpcs(region)
self.sync_ike_policies(region)
self.sync_ipsec_policies(region)
self.sync_custom_images(region)
except (IBMAuthError, IBMConnectError, IBMExecuteError,
IBMInvalidRequestError) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
self.cloud.status = INVALID
doosradb.session.commit()
else:
return True
def get_ibm_volume_profiles(ibm_cloud, region):
"""
This request lists all volume profiles available in the region
:return:
"""
try:
ibm_manager = IBMManager(ibm_cloud, region)
volume_profiles_list = ibm_manager.rias_ops.fetch_ops.get_all_volume_profiles(
)
except (
IBMAuthError,
IBMConnectError,
IBMExecuteError,
IBMInvalidRequestError,
) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_cloud.status = INVALID
doosradb.session.commit()
else:
return volume_profiles_list
def get_ibm_resource_groups(ibm_cloud):
"""
Get a list of available IBM resource groups for an IBM cloud account
:return:
"""
try:
ibm_manager = IBMManager(ibm_cloud)
resource_groups = ibm_manager.resource_ops.fetch_ops.get_resource_groups(
)
except (
IBMAuthError,
IBMConnectError,
IBMExecuteError,
IBMInvalidRequestError,
) as ex:
current_app.logger.info(ex)
if isinstance(ex, IBMAuthError):
ibm_cloud.status = INVALID
doosradb.session.commit()
else:
return resource_groups