def createGCPCredentials(): data = dict(request.form) # Check required fields if 'account' in request.files: account = request.files['account'].read().decode("utf-8") else: return Response.make_error_resp("Account is required", code=400) if 'platform' in data: platform = data['platform'] else: return Response.make_error_resp("Platform is required", code=400) if 'name' in data: name = data['name'] else: return Response.make_error_resp("Name is required", code=400) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) if 'uid' in data: uid = data['uid'] else: return Response.make_error_resp("User id is Required") try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except Exception as e: return Response.make_error_resp(msg="Error reading database", code=500) if pbkdf2_sha256.verify(password, user.password): account = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=account) try: newCreds = GCPCreds.create(name=name, platform=platform, account=account,uid=uid,id=str(uuid.uuid4())) except Exception as e: print(e) return Response.make_error_resp(msg="Error Creating Credentials", code=400) # Check the creds are there try: creds = GCPCreds.get(GCPCreds.id == newCreds.id) except GCPCreds.DoesNotExist: return Response.make_error_resp(msg="Error Finding Creds", code=400) # Return the name and id of the creds res = { 'name': creds.name, 'id': creds.id } return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password is not correct", code=400)
def getSshKey(uid): data = request.json try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) # Verify password if not pbkdf2_sha256.verify(password, user.password): return Response.make_error_resp(msg="Password is not correct", code=400) # Encrypt the user ssh key privateKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=user.privateKey) publicKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=user.publicKey) res = { "publicKey": publicKey, "privateKey": privateKey } return Response.make_json_response(res)
def getAllCreds(uid): try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) response = [] awsQuery = AWSCreds.select(AWSCreds.name, AWSCreds.id).where(AWSCreds.uid == user.uid) for creds in awsQuery: cred = { "name": creds.name, "id" : creds.id, "type": "AWS" } response.append(cred) osQuery = OSCreds.select(OSCreds.name, OSCreds.id).where(OSCreds.uid == user.uid) for creds in osQuery: cred = { "name": creds.name, "id" : creds.id, "type": "Openstack" } response.append(cred) gcpQuery = GCPCreds.select(GCPCreds.name, GCPCreds.id).where(GCPCreds.uid == user.uid) for creds in gcpQuery: cred = { "name": creds.name, "id" : creds.id, "type": "GCP" } response.append(cred) res = { "creds": response } return Response.make_json_response(res)
def updateUser(): data = request.json # Verify data if 'uid' in data: uid = data["uid"] else: return Response.make_error_resp(msg="UID is required", code=400) try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) # Verify password if pbkdf2_sha256.verify(password, user.password): if data["newPassword"] is not None: pass if data["newUserName"] is not None: user.userName = data["newUserName"] user.save() # Return data res = { 'success': True, 'username': user.userName, 'email': user.email, 'uid': user.uid, } return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password Incorrect", code=400)
def login(): data = request.json # Verify data if 'email' in data: email = data["email"] else: return Response.make_error_resp(msg="Email is required", code=400) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) try: user = Users.get(Users.email == email) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) # Verify password if pbkdf2_sha256.verify(password, user.password): # Generate User tokens access_token = create_access_token(identity=user.userName) refresh_token = create_refresh_token(identity=user.userName) # Return data res = { 'success': True, 'username': user.userName, 'email': user.email, 'uid': user.uid, 'access_token': access_token, 'refresh_token': refresh_token } return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password Incorrect", code=400)
def getSpaces(uid): try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) response = [] awsQuery = SpaceAWS.select(SpaceAWS.name, SpaceAWS.id).where(SpaceAWS.uid == user.uid) for space in awsQuery: awsSpace = {"name": space.name, "id": space.id, "type": "AWS"} response.append(awsSpace) osQuery = SpaceOS.select(SpaceOS.name, SpaceOS.id).where(SpaceOS.uid == user.uid) for space in osQuery: osSpace = {"name": space.name, "id": space.id, "type": "Openstack"} response.append(osSpace) res = {"spaces": response} return Response.make_json_response(res)
def getPlatforms(uid): try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") except: return Response.make_error_resp(msg="Error reading database", code=500) response = [] platformQuery = Platforms.select( Platforms.name, Platforms.id, Platforms.cloudService, Platforms.ipAddress).where(Platforms.uid == user.uid) for platform in platformQuery: plat = { "name": platform.name, "id": platform.id, "ip": platform.ipAddress, "cloudService": platform.cloudService } response.append(plat) res = {"platforms": response} return Response.make_json_response(res)
def refresh(): current_user = get_jwt_identity() res = { 'access_token': create_access_token(identity=current_user) } return Response.make_json_response(res)
def createUser(): data = request.json # Verify data if 'userName' in data: userName = data["userName"] else: return Response.make_error_resp(msg="Username is required", code=400) if 'email' in data: email = data["email"] else: return Response.make_error_resp(msg="Email is required", code=400) if 'password' in data: # Generate two random salts for the password and the key passSalt = os.urandom(16) keySalt = os.urandom(16) # Hash the password and generate the encryption key password = pbkdf2_sha256.hash(data["password"], salt=passSalt) resKey = encryption.generateResKey(data["password"], keySalt) else: return Response.make_error_resp(msg="Password is required", code=400) # Generate the user ssh key privateKey, publicKey = encryption.generateSSHKey() # Encrypt the user ssh key privateKey = encryption.encryptString(password=data['password'], salt=keySalt, resKey=resKey, string=privateKey) publicKey = encryption.encryptString(password=data['password'], salt=keySalt, resKey=resKey, string=publicKey) # Create the user try: Users.create(userName=userName, email=email, password=password, passSalt=passSalt, resKey=resKey, keySalt=keySalt, privateKey=privateKey, publicKey=publicKey, uid=str(uuid.uuid4())) except IntegrityError as e: print(e) return Response.make_error_resp(msg="Email or Username already in use", code=400) except OperationalError as e: print(e) return Response.make_error_resp(msg="Error creating user") try: user = Users.get(Users.email == email) except Users.DoesNotExist: return Response.make_error_resp("Error Finding user") # Generate User tokens access_token = create_access_token(identity=user.userName) refresh_token = create_refresh_token(identity=user.userName) res = { 'success': True, 'username': user.userName, 'email': user.email, 'uid': user.uid, 'access_token': access_token, 'refresh_token': refresh_token } return Response.make_json_response(res)
def createAWSCredentials(): data = request.json # Check required fields if 'name' in data: name = data['name'] else: return Response.make_error_resp("Name is required ", code=400) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) if 'uid' in data: uid = data['uid'] else: return Response.make_error_resp("User id is Required") if 'accessKey' in data: accessKey = data['accessKey'] else: return Response.make_error_resp("Access Key is Required") if 'secretKey' in data: secretKey = data['secretKey'] else: return Response.make_error_resp("Secret Key is Required") # Get the user try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="User does not exist", code=404) # Verify user password if pbkdf2_sha256.verify(password, user.password): # Encrypt the user data accessKey = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=accessKey) secretKey = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=secretKey) # Create the credentials object try: newCreds = AWSCreds.create(name=name, accessKey=accessKey, secretKey=secretKey, uid=uid, id=str(uuid.uuid4())) except Exception as e: print(e) return Response.make_error_resp("Error Creating Creds") # Check the creds are there try: creds = AWSCreds.get(AWSCreds.id == newCreds.id) except AWSCreds.DoesNotExist: return Response.make_error_resp(msg="Error Finding Creds", code=400) # Return the name and id of the creds res = { 'name': creds.name, 'id': creds.id } return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password is not correct", code=400)
def createOSCredentials(): data = request.json # Check required fields if 'name' in data: name = data['name'] else: return Response.make_error_resp("Name is required ", code=400) if 'password' in data: password = data["password"] else: return Response.make_error_resp(msg="Password is required", code=400) if 'uid' in data: uid = data['uid'] else: return Response.make_error_resp("User id is Required") if 'osUsername' in data: osUsername = data["osUsername"] else: return Response.make_error_resp("Openstack Username is Required") if 'osPassword' in data: osPassword = data["osPassword"] else: return Response.make_error_resp("Openstack Password is Required") if 'authUrl' in data: authUrl = data["authUrl"] else: return Response.make_error_resp("authUrl is Required") # Get the user try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="User does not exist", code=404) # Verify user password if pbkdf2_sha256.verify(password, user.password): # Encrypt Data osUsername = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=osUsername) osPassword = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=osPassword) authUrl = encryption.encryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=authUrl) # Create the credentials object try: newCreds = OSCreds.create(name=name, username=osUsername, password=osPassword, authUrl=authUrl, uid=uid, id=str(uuid.uuid4())) except Exception as e: print(e) return Response.make_error_resp("Error Creating Creds") # Check the creds are there try: creds = OSCreds.get(OSCreds.id == newCreds.id) except OSCreds.DoesNotExist: return Response.make_error_resp(msg="Error Finding Creds", code=400) # Return the name and id of the creds res = { 'name': creds.name, 'id': creds.id } return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password is not correct", code=400)
def createAWSSpace(): data = request.json # Verify required fields if 'uid' in data: uid = data['uid'] else: return Response.make_error_resp(msg="User id is required", code=400) if 'cid' in data: cid = data['cid'] else: return Response.make_error_resp(msg="Credential id is required", code=400) if 'password' in data: password = data['password'] else: return Response.make_error_resp(msg="Password is required", code=400) #if 'cloudService' in data: # validPlatforms = ["aws", "openstack"] # cloudService = data['cloudService'] # if cloudService not in validPlatforms: # return Response.make_error_resp(msg="invalid cloudService", code=400) #else: # return Response.make_error_resp(msg="Cloud Service Choice is required", code=400) if 'spaceName' in data: spaceName = data['spaceName'] + tf.genComponentID() else: return Response.make_error_resp(msg="Name of space required", code=400) if 'availability_zone' in data: availability_zone = data["availability_zone"] else: return Response.make_error_resp(msg="Availability Zone is required", code=400) # Get rid of unsafe characters in the name safeSpaceName = spaceName.replace('/', '_') safeSpaceName = safeSpaceName.replace(' ', '_') # Create a safe path spacePath = os.path.join("spaces", safeSpaceName) # Get the users data try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="User does not exist", code=404) # Create a new directory for the space try: os.makedirs(spacePath) except FileExistsError as e: print(e) return Response.make_error_resp(msg="Space Name already used", code=400) except Exception as e: print(e) return Response.make_error_resp(msg="Error Creating Space Directory", code=400) # Verify the users password if pbkdf2_sha256.verify(password, user.password): tfPath = "terraformScripts/createSpace/aws" requiredFiles = ["deploy.tf", "provider.tf"] # Get the files from the source code directory for file in requiredFiles: copyfile(tfPath + "/" + file, spacePath + "/" + file) # Get the aws creds object try: creds = AWSCreds.get((AWSCreds.id == cid) & (AWSCreds.uid == uid)) except AWSCreds.DoesNotExist: return Response.make_error_resp(msg="Error Finding Creds", code=404) # Decrypt the user data secretKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=creds.secretKey) accessKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=creds.accessKey) publicKey = encryption.decryptString(password=password, salt=user.keySalt, resKey=user.resKey, string=user.publicKey) # Generate the variables file varPath = tf.generateAWSSpaceVars(secretKey, accessKey, publicKey, availability_zone, safeSpaceName, spacePath) # Init the terraform directory initResultCode = tf.init(spacePath) print(initResultCode) # Run the terrafom script output, createResultCode = tf.create(spacePath) # Check the result code for errors if createResultCode != 0: # Add destroy function here print("Removing Inf") tf.destroy(spacePath) shutil.rmtree(spacePath) return Response.make_error_resp( msg="Error Creating Infrastructure", code=400) # Remove the vars file os.remove(varPath) # Get data from the terraform outputs keyPairId = output["key_pair"]["value"] securityGroupId = output["security_group"]["value"] subnetId = output["subnet"]["value"] # Create the space object newSpace = SpaceAWS.create(dir=spacePath, keyPairId=keyPairId, securityGroupId=securityGroupId, name=safeSpaceName, subnetId=subnetId, uid=uid, availabilityZone=availability_zone, cid=cid, id=str(uuid.uuid4())) # Get the new space object try: newSpace = SpaceAWS.get(SpaceAWS.id == newSpace.id) except AWSCreds.DoesNotExist as e: return Response.make_error_resp(msg="Error Finding Creds", code=404) # Return the space data res = {"id": newSpace.id, "name": newSpace.name} return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password is incorrect")
def createOSSpace(): data = request.json if 'uid' in data: uid = data['uid'] else: return Response.make_error_resp(msg="User ID is required", code=400) try: user = Users.get(Users.uid == uid) except Users.DoesNotExist: return Response.make_error_resp(msg="No User Found") if 'password' in data: password = data['password'] else: return Response.make_error_resp(msg="Password is required", code=400) if "cid" in data: cid = data["cid"] else: return Response.make_error_resp(msg="Creds id is required", code=400) if "tenantName" in data: tenantName = data["tenantName"] else: return Response.make_error_resp(msg="Tenant Name is required", code=400) if "availabilityZone" in data: availabilityZone = data["availabilityZone"] else: return Response.make_error_resp(msg="Availability Zone is required", code=400) if "ipPool" in data: ipPool = data["ipPool"] else: return Response.make_error_resp(msg="Ip Pool is required", code=400) if "securityGroup" in data: securityGroup = data["securityGroup"] else: return Response.make_error_resp(msg="Security Group is required", code=400) if "intNetwork" in data: intNetwork = data["intNetwork"] else: return Response.make_error_resp(msg="intNetwork is required", code=400) if "name" in data: name = data["name"] else: return Response.make_error_resp(msg="Name is required", code=400) if pbkdf2_sha256.verify(password, user.password): # Get the aws creds object try: creds = OSCreds.get((OSCreds.id == cid) & (OSCreds.uid == uid)) except OSCreds.DoesNotExist: return Response.make_error_resp(msg="Error Finding Creds", code=404) newSpace = SpaceOS.create(name=name, tenantName=tenantName, availabilityZone=availabilityZone, ipPool=ipPool, securityGroup=securityGroup, intNetwork=intNetwork, uid=uid, cid=cid, id=str(uuid.uuid4())) # Get the new space object try: newSpace = SpaceOS.get(SpaceOS.id == newSpace.id) except AWSCreds.DoesNotExist as e: return Response.make_error_resp(msg="Error Finding new Space", code=404) # Return the space data res = {"id": newSpace.id, "name": newSpace.name} return Response.make_json_response(res) else: return Response.make_error_resp(msg="Password is incorrect")