def verify_cloud_credentials(cloud): """ Verify IBM cloud credentials and save the credentials to database """ try: hmac = True resource_group_names = [] ibm_manager = IBMManager(cloud) cloud.credentials = IBMCredentials( ibm_manager.iam_ops.authenticate_cloud_account()) if cloud.service_credentials: ibm_manager.cos_ops.fetch_ops.get_buckets() resource_groups = ibm_manager.resource_ops.raw_fetch_ops.get_resource_groups( ) resource_group_names = [ resource_group["name"] for resource_group in resource_groups ] if cloud.service_credentials.access_key_id and cloud.service_credentials.secret_access_key: hmac = validate_hmac( decrypt_api_key(cloud.service_credentials.access_key_id), decrypt_api_key(cloud.service_credentials.secret_access_key)) doosradb.session.commit() except (IBMAuthError, IBMConnectError, IBMExecuteError, IBMInvalidRequestError) as ex: current_app.logger.info(ex) cloud.status = INVALID doosradb.session.commit() else: if len(resource_group_names) != len(set(resource_group_names)): cloud.status = IBMCloud.STATUS_ERROR_DUPLICATE_RESOURCE_GROUPS else: cloud.status = VALID if not hmac: cloud.status = INVALID doosradb.session.commit()
def execute(self, request, data=None): request_url = request[1].format(base_url=self.base_url, version=VERSION, generation=GENERATION) if not self.cloud.credentials: raise IBMAuthError(self.cloud.id) try: if self.cloud.credentials.is_token_expired(): self.cloud.credentials.update_token( IBMCredentials(self.iam_ops.authenticate_cloud_account())) headers = {"Authorization": self.cloud.credentials.access_token} current_app.logger.debug("{0} : {1}".format( request[0], request_url)) response = self.session.request(request[0], request_url, data=data, timeout=50, headers=headers) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(self.cloud.id, request_url) else: if response.status_code in [401]: raise IBMAuthError(self.cloud.id) elif response.status_code in [400, 404, 408, 500]: raise IBMExecuteError(response) elif response.status_code == 409: raise IBMInvalidRequestError(response) elif response.status_code not in [200, 201, 204]: raise IBMExecuteError(response) return response.json()
def execute_(self, obj, request, data=None, required_status=None): """ The following method executes the request on IBM Cloud and then polls for the resource creation or deletion operation and do so while it is completed/deleted. :return: """ request_url = request[1].format(k8s_base_url=self.k8s_base_url) if not self.cloud.credentials: raise IBMAuthError(self.cloud.id) try: if self.cloud.credentials.is_token_expired(): self.cloud.credentials.update_token( IBMCredentials(self.iam_ops.authenticate_cloud_account())) headers = {"Authorization": self.cloud.credentials.access_token} current_app.logger.info("{0}: {1} {2}".format( request[0], request_url, data if data else "")) if headers: if hasattr(obj, 'disk_encryption'): headers.update({ "Auth-Refresh-Token": self.cloud.credentials.refresh_token, "Auth-Resource-Group": obj.kubernetes_clusters.ibm_resource_group.name }) else: headers.update({ "Auth-Refresh-Token": self.cloud.credentials.refresh_token, "Auth-Resource-Group": obj.ibm_resource_group.name }) response = self.session_k8s.request(request[0], request_url, json=data, timeout=50, headers=headers) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(self.cloud.id, request_url) else: if response.status_code == 401: raise IBMAuthError(self.cloud.id) elif response.status_code not in [200, 201, 202, 204, 404]: raise IBMExecuteError(response.json()) time.sleep(60) status = self.wait_for_operation( obj, obj.resource_id or response.json().get("clusterID") or response.json().get("workerPoolID"), required_status) if not status: raise IBMInvalidRequestError( "The requested operation could not be performed:\n{0} : {1}" .format(request[0], request_url)) return response.json() if response.text else ""
def execute_(self, request, data=None): request_url = request[1].format( k8s_base_url=self.k8s_base_url ) if not self.cloud.credentials: raise IBMAuthError(self.cloud.id) try: if self.cloud.credentials.is_token_expired(): self.cloud.credentials.update_token( IBMCredentials(self.iam_ops.authenticate_cloud_account()) ) headers = {"Authorization": self.cloud.credentials.access_token} current_app.logger.debug("{0} : {1}".format(request[0], request_url)) response = self.session_k8s.request( request[0], request_url, data=data, timeout=50, headers=headers ) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(self.cloud.id, request_url) else: if response.status_code in [401, 403]: raise IBMAuthError(self.cloud.id) elif response.status_code in [400, 408, 500]: raise IBMExecuteError(response) elif response.status_code == 409: raise IBMInvalidRequestError(response) elif response.status_code not in [200, 201, 204, 404]: raise IBMExecuteError(response) resp = response.json() if not (request[0] == "GET" and "next" in resp): return resp list_key = None for key, val in resp.items(): if isinstance(val, list): list_key = key if not list_key: return resp temp_resp = resp.copy() while "next" in temp_resp: req = [ "GET", temp_resp["next"]["href"] + "&version={version}&generation={generation}".format( version=VERSION, generation=GENERATION) ] temp_resp = self.execute(req) resp[list_key].extend(temp_resp[list_key][:]) return resp
def __execute(self, obj, request, data=None, required_status=None): if not self.cloud.credentials: raise IBMAuthError(self.cloud.id) try: request_url = request[1].format(base_url=self.base_url, version=VERSION) if self.cloud.credentials.is_token_expired(): self.cloud.credentials.update_token( IBMCredentials(self.iam_ops.authenticate_cloud_account())) headers = {"Authorization": self.cloud.credentials.access_token} current_app.logger.debug("{0} : {1}".format( request[0], request_url)) response = self.session.request(request[0], request_url, json=data, timeout=30, headers=headers) except ( ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError, ) as ex: current_app.logger.debug(ex) raise IBMConnectError(self.cloud.id) else: if response.status_code == 401: raise IBMAuthError(self.cloud.id) elif response.status_code in [400, 408, 500]: raise IBMExecuteError(response) elif response.status_code not in [200, 201, 204, 404]: raise IBMExecuteError(response) if not request[0] == "PATCH": status = self.wait_for_operation( obj, obj.resource_id or response.json().get("id"), required_status) if not status: raise IBMInvalidRequestError( "The requested operation could not be performed:\n{0} : {1}" .format(request[0], request_url)) return response.json() if response.text else ""
def execute(self, obj, request, data=None, required_status=None): """ The following method executes the request on IBM Cloud and then polls for the resource creation or deletion operation and do so while it is completed/deleted. :return: """ request_url = request[1].format(base_url=self.base_url, version=VERSION, generation=GENERATION) if not self.cloud.credentials: raise IBMAuthError(self.cloud.id) try: if self.cloud.credentials.is_token_expired(): self.cloud.credentials.update_token( IBMCredentials(self.iam_ops.authenticate_cloud_account())) headers = {"Authorization": self.cloud.credentials.access_token} current_app.logger.info("{0}: {1} {2}".format( request[0], request_url, data if data else "")) response = self.session.request(request[0], request_url, json=data, timeout=50, headers=headers) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(self.cloud.id, request_url) else: if response.status_code == 401: raise IBMAuthError(self.cloud.id) elif response.status_code not in [200, 201, 202, 204, 404]: raise IBMExecuteError(response) status = self.wait_for_operation( obj, obj.resource_id or response.json().get("id"), required_status) if not status: raise IBMInvalidRequestError( "The requested operation could not be performed:\n{0} : {1}" .format(request[0], request_url)) return response.json() if response.text else ""
def execute(self, request, cluster=None, worker_pools=None, data=None, required_status=None): """ The following method executes the request on IBM Cloud and then polls for the resource creation or deletion operation and do so while it is completed/deleted. :return: """ request_url = request[1].format( kubernetes_base_url=self.kubernetes_base_url) cloud = doosradb.session.query(IBMCloud).filter_by( id=self.cloud_id).first() if not cloud: raise IBMInvalidRequestError("Cloud not found") if not cloud.credentials: raise IBMAuthError(cloud.id) iam_ops = IAMOperations(cloud) try: if cloud.credentials.is_token_expired(): cloud.credentials.update_token( IBMCredentials(iam_ops.authenticate_cloud_account())) headers = {"Authorization": cloud.credentials.access_token} current_app.logger.info("{0}: {1} {2}".format( request[0], request_url, data if data else "")) if headers and cluster: headers.update({ "Auth-Refresh-Token": cloud.credentials.refresh_token, "Auth-Resource-Group": cluster.ibm_resource_group.resource_id }) else: headers.update( {"Auth-Refresh-Token": cloud.credentials.refresh_token}) response = self.session.request(request[0], request_url, json=data, timeout=50, headers=headers) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(cloud.id, request_url) else: if response.status_code == 401: raise IBMAuthError(cloud.id) elif response.status_code not in [200, 201, 202, 404]: raise IBMExecuteError(response) elif response.status_code == 201: if worker_pools: for worker_pool in worker_pools: worker_pool['cluster'] = response.json().get( "clusterID") try: resp = self.session.request( "POST", KUBERNETES_CLUSTER_URL_TEMPLATE.format( path=CREATE_VPC_KUBERNETES_WORKERPOOL_PATH ), json=worker_pool, timeout=50, headers=headers) except (ConnectionError, ReadTimeout, RequestException, MaxRetryError, ReadTimeoutError) as ex: current_app.logger.debug(ex) raise IBMConnectError(cloud.id, request_url) else: if resp.status_code == 401: raise IBMAuthError(cloud.id) elif resp.status_code not in [200, 201]: raise IBMExecuteError(resp) time.sleep(60) if response.json().get("clusterID"): status = self.wait_for_operation( response.json().get("clusterID"), required_status) if not status: raise IBMInvalidRequestError( "The requested operation could not be performed:\n{0} : {1}" .format(request[0], request_url)) return response.json().get("clusterID") if response.json().get( "clusterID") else response.json()