Skip to content

Commit

Permalink
Merge 8b84b3c into b4844f7
Browse files Browse the repository at this point in the history
  • Loading branch information
@akuljos
akuljos committed Aug 13, 2021
2 parents b4844f7 + 8b84b3c commit 3656dc2
Show file tree
Hide file tree
Showing 6 changed files with 189 additions and 106 deletions.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ Thumbs.db

######################
*.env
!test_var.env
*.egg

__pycache__/
Expand Down
8 changes: 8 additions & 0 deletions src/common/test_var.env
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
CRN="test_crn"
ZONE_ID="test_zone_id"
API_ENDPOINT="www.test_api_endpoint.com"
CIS_SERVICES_APIKEY="test_api_key"
CIS_NAME="test_instance_name"
RESOURCE_GROUP="test-resource-group"
APP_DOMAIN="test_app_url.com"
CIS_DOMAIN="gcat-interns-test.com"
169 changes: 91 additions & 78 deletions src/iks/iks.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@ def print_help():


def handle_args(args):

if args.help:
print_help()
sys.exit(1)

UserInfo = IntegrationInfo()
UserInfo.terraforming = False
if args.terraform:
Expand All @@ -84,15 +84,14 @@ def handle_args(args):

if args.delete:
UserInfo.delete = True

# determining API key
UserInfo.cis_api_key = getpass.getpass(
prompt="Enter CIS Services API Key: ")
os.environ["CIS_SERVICES_APIKEY"] = UserInfo.cis_api_key

# common arguments
UserInfo.request_token()


UserInfo.iks_cluster_id = args.iks_cluster_id
if UserInfo.iks_cluster_id is None:
Expand All @@ -104,14 +103,14 @@ def handle_args(args):
print("You did not specify a resource group.")
sys.exit(1)
UserInfo.get_resource_id()

iks_info = UserInfo.get_iks_info()

UserInfo.cis_domain = args.cis_domain
if UserInfo.cis_domain is None:
print("You did not specify a CIS Domain.")
sys.exit(1)

# terraforming vs. not terraforming
if UserInfo.terraforming and not UserInfo.delete:
UserInfo.cis_name = args.name
Expand All @@ -120,49 +119,52 @@ def handle_args(args):
sys.exit(1)

if not UserInfo.get_crn_and_zone():
print("Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
print(
"Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
sys.exit(1)

UserInfo.namespace = args.namespace
if UserInfo.namespace is None:
if UserInfo.namespace is None:
print("You did not specify a namespace for IKS cluster.")
sys.exit(1)

UserInfo.service_name = args.service_name
if UserInfo.service_name is None:
if UserInfo.service_name is None:
print("You did not specify a service name from the IKS cluster.")
sys.exit(1)

UserInfo.service_port = args.service_port
if UserInfo.service_port is None:
print("You did not specify the target port of the service from the IKS cluster.")
if UserInfo.service_port is None:
print(
"You did not specify the target port of the service from the IKS cluster.")
sys.exit(1)

UserInfo.vpc_name = args.vpc_name
if UserInfo.vpc_name is None:
print("You did not specify a VPC instance name.")
sys.exit(1)

elif not UserInfo.delete:
#vpc name
# vpc name
UserInfo.vpc_name = args.vpc_name
if UserInfo.vpc_name is None:
print("You did not specify a VPC instance name.")
sys.exit(1)

UserInfo.namespace = args.namespace
if UserInfo.namespace is None:
if UserInfo.namespace is None:
print("You did not specify a namespace for IKS cluster.")
sys.exit(1)

UserInfo.service_name = args.service_name
if UserInfo.service_name is None:
if UserInfo.service_name is None:
print("You did not specify a service name from the IKS cluster.")
sys.exit(1)

UserInfo.service_port = args.service_port
if UserInfo.service_port is None:
print("You did not specify the target port of the service from the IKS cluster.")
if UserInfo.service_port is None:
print(
"You did not specify the target port of the service from the IKS cluster.")
sys.exit(1)

UserInfo.get_resource_id()
Expand All @@ -173,13 +175,15 @@ def handle_args(args):
UserInfo.cis_name = args.name

if UserInfo.cis_name is None:
print("Please specify the name of your CIS instance or both the CIS CRN and CIS Zone ID")
print(
"Please specify the name of your CIS instance or both the CIS CRN and CIS Zone ID")
sys.exit(1)

if not UserInfo.get_crn_and_zone():
print("Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
print(
"Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
sys.exit(1)

elif UserInfo.delete:
UserInfo.resource_group = args.resource_group
if UserInfo.resource_group is None:
Expand All @@ -194,87 +198,97 @@ def handle_args(args):
UserInfo.cis_name = args.name

if UserInfo.cis_name is None:
print("Please specify the name of your CIS instance or both the CIS CRN and CIS Zone ID")
print(
"Please specify the name of your CIS instance or both the CIS CRN and CIS Zone ID")
sys.exit(1)

if not UserInfo.get_crn_and_zone():
print("Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
print(
"Failed to retrieve CRN and Zone ID. Check the name of your CIS instance and try again")
sys.exit(1)

return UserInfo


def iks(args):
delete_dns = None
delete_workspaces = None
work_creator = None
delete_workspaces = None
work_creator = None
user_ingress = None

UserInfo = handle_args(args)
if UserInfo.delete and not UserInfo.terraforming:

delete_dns = DeleteDNS(UserInfo.crn, UserInfo.zone_id, UserInfo.api_endpoint, UserInfo.cis_domain)

delete_dns = DeleteDNS(
UserInfo.crn, UserInfo.zone_id, UserInfo.api_endpoint, UserInfo.cis_domain)
delete_dns.delete_dns()


UserInfo.get_id_token()
delete_ingress = DeleteIngress(UserInfo.namespace,UserInfo.id_token,UserInfo.iks_master_url)
delete_ingress = DeleteIngress(
UserInfo.namespace, UserInfo.id_token, UserInfo.iks_master_url)
delete_ingress.delete_ingress()

delete_certs = DeleteCerts(
UserInfo.crn, UserInfo.zone_id, UserInfo.api_endpoint, UserInfo.cis_domain)
delete_certs.delete_certs()

print("If you created a certificate in the certificate manager and imported it as a secret to your IKS cluster, you may delete them now.")
secret = input("Delete certificate and secret? Input 'y' or 'yes' to execute:").lower()
secret = input(
"Delete certificate and secret? Input 'y' or 'yes' to execute:").lower()
if secret == 'y' or secret == 'yes':
UserInfo.cert_name="cis-cert"
UserInfo.cert_name = "cis-cert"

cms_id = UserInfo.get_cms()

delete_secret = DeleteSecretCMS(UserInfo.iks_cluster_id, UserInfo.cis_domain, cms_id, UserInfo.cert_name, UserInfo.token['access_token'])
delete_secret = DeleteSecretCMS(
UserInfo.iks_cluster_id, UserInfo.cis_domain, cms_id, UserInfo.cert_name, UserInfo.token['access_token'])
delete_secret.delete_cms_cert()
delete_secret.delete_secret()
elif UserInfo.delete and UserInfo.terraforming:
print("If you created a certificate in the certificate manager and imported it as a secret to your IKS cluster, you may delete them now.")
secret = input("Delete certificate and secret? Input 'y' or 'yes' to execute:").lower()
secret = input(
"Delete certificate and secret? Input 'y' or 'yes' to execute:").lower()
if secret == 'y' or secret == 'yes':
UserInfo.cert_name="cis-cert"
UserInfo.cert_name = "cis-cert"

cms_id = UserInfo.get_cms()

delete_secret = DeleteSecretCMS(UserInfo.iks_cluster_id, UserInfo.cis_domain, cms_id, UserInfo.cert_name, UserInfo.token['access_token'])

delete_secret = DeleteSecretCMS(
UserInfo.iks_cluster_id, UserInfo.cis_domain, cms_id, UserInfo.cert_name, UserInfo.token['access_token'])
delete_secret.delete_secret()

delete_workspaces = DeleteWorkspace(UserInfo.crn, UserInfo.zone_id,
UserInfo.cis_domain, UserInfo.api_endpoint,
UserInfo.schematics_url, UserInfo.cis_api_key, UserInfo.token, ce=False, iks=True)
UserInfo.cis_domain, UserInfo.api_endpoint,
UserInfo.schematics_url, UserInfo.cis_api_key, UserInfo.token, ce=False, iks=True)
delete_workspaces.delete_workspace()
elif UserInfo.terraforming: # handle the case of using terraform
elif UserInfo.terraforming: # handle the case of using terraform
print("Currently using the default secret in IKS, but a new TLS certificate can be ordered and imported as a secret if you wish.")
execute = input("Would you like to create a new secret? Input 'y' or 'yes' to execute:").lower()
execute = input(
"Would you like to create a new secret? Input 'y' or 'yes' to execute:").lower()
if execute == 'y' or execute == 'yes':
UserInfo.cert_name = 'cis-cert'
else:
secret = UserInfo.app_url.split('.')
UserInfo.cert_name = secret[0]

resource_group_id = UserInfo.get_resource_id()
user_ACL = AclRuleCreator(resource_group_id, UserInfo.vpc_name, UserInfo.cis_api_key)
user_ACL = AclRuleCreator(
resource_group_id, UserInfo.vpc_name, UserInfo.cis_api_key)
user_ACL.check_network_acl()
UserInfo.secret_name=UserInfo.cert_name

UserInfo.secret_name = UserInfo.cert_name
user_ingress = IngressCreator(
clusterNameOrID=UserInfo.iks_cluster_id,
resourceGroupID=UserInfo.resource_id,
namespace=UserInfo.namespace,
secretName=UserInfo.secret_name,
serviceName=UserInfo.service_name,
servicePort=UserInfo.service_port,
accessToken=UserInfo.token["access_token"],
resourceGroupID=UserInfo.resource_id,
namespace=UserInfo.namespace,
secretName=UserInfo.secret_name,
serviceName=UserInfo.service_name,
servicePort=UserInfo.service_port,
accessToken=UserInfo.token["access_token"],
refreshToken=UserInfo.token["refresh_token"],
ingressSubdomain=UserInfo.app_url,
iks_master_url=UserInfo.iks_master_url
iks_master_url=UserInfo.iks_master_url,
idToken=UserInfo.id_token
)
user_ingress.create_ingress()

Expand All @@ -286,30 +300,33 @@ def iks(args):
UserInfo.verbose, UserInfo.token)
work_creator.create_terraform_workspace()
else:

# handle the case of using python
# 1. Domain Name and DNS

user_DNS = DNSCreator(UserInfo.crn, UserInfo.zone_id,
UserInfo.api_endpoint, UserInfo.app_url, token=UserInfo.token["access_token"])

user_DNS.create_records()

# 2. Order Edge Certificate from CIS
user_edge_cert = CertificateCreator(UserInfo.crn, UserInfo.zone_id, UserInfo.api_endpoint, UserInfo.cis_domain)
user_edge_cert = CertificateCreator(
UserInfo.crn, UserInfo.zone_id, UserInfo.api_endpoint, UserInfo.cis_domain)
user_edge_cert.create_certificate()

# 3. Check ACL Rules
resource_group_id = UserInfo.get_resource_id()
user_ACL = AclRuleCreator(resource_group_id, UserInfo.vpc_name, UserInfo.cis_api_key)
user_ACL = AclRuleCreator(
resource_group_id, UserInfo.vpc_name, UserInfo.cis_api_key)
user_ACL.check_network_acl()

# 4. Generate certificate in manager if necessary
print("Currently using the default secret in IKS, but a new TLS certificate can be ordered and imported as a secret if you wish.")
execute = input("Would you like to create a new secret? Input 'y' or 'yes' to execute:").lower()
execute = input(
"Would you like to create a new secret? Input 'y' or 'yes' to execute:").lower()
if execute == 'y' or execute == 'yes':
UserInfo.cert_name="cis-cert"
UserInfo.cert_name = "cis-cert"

cms_id = UserInfo.get_cms()
# print("\n"+cms_id)
user_cert = SecretCertificateCreator(
Expand All @@ -320,36 +337,32 @@ def iks(args):

token=UserInfo.token["access_token"],
cert_name=UserInfo.cert_name
)
)
user_cert.create_secret()
else:
secret = UserInfo.app_url.split('.')
UserInfo.cert_name = secret[0]

# 5. generate ingress

UserInfo.get_id_token()
UserInfo.secret_name=UserInfo.cert_name
UserInfo.secret_name = UserInfo.cert_name
user_ingress = IngressCreator(
clusterNameOrID=UserInfo.iks_cluster_id,
resourceGroupID=UserInfo.resource_id,
namespace=UserInfo.namespace,
secretName=UserInfo.secret_name,
serviceName=UserInfo.service_name,
servicePort=UserInfo.service_port,
accessToken=UserInfo.token["access_token"],
resourceGroupID=UserInfo.resource_id,
namespace=UserInfo.namespace,
secretName=UserInfo.secret_name,
serviceName=UserInfo.service_name,
servicePort=UserInfo.service_port,
accessToken=UserInfo.token["access_token"],
refreshToken=UserInfo.token["refresh_token"],
ingressSubdomain=UserInfo.app_url,
iks_master_url=UserInfo.iks_master_url,
idToken=UserInfo.id_token
)

user_ingress.create_ingress()





if not UserInfo.delete:
hostUrl = "https://"+UserInfo.cis_domain

Expand Down
7 changes: 3 additions & 4 deletions tests/test_functions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,10 @@
# functions.healthCheck("www.cloud.ibm.com")
# assert fake_out.getvalue() == expected_out


def test_read_envfile():
test_integration = IntegrationInfo()
test_integration.read_envfile("test_var.env")
test_integration.read_envfile("./test_var.env")

assert test_integration.app_url == "test_app_url.com"
assert test_integration.cis_domain == "gcat-interns-test.com"
Expand All @@ -27,13 +28,11 @@ def test_read_envfile():
def test_terraform_read_envfile():
test_integration = IntegrationInfo()
test_integration.terraforming = True
test_integration.read_envfile("test_var.env")
test_integration.read_envfile("./test_var.env")

assert test_integration.app_url == "test_app_url.com"
assert test_integration.cis_domain == "gcat-interns-test.com"
assert test_integration.cis_api_key == "test_api_key"
assert test_integration.api_endpoint == "www.test_api_endpoint.com"
assert test_integration.resource_group == "test-resource-group"
assert test_integration.cis_name == "test_instance_name"


0 comments on commit 3656dc2

Please sign in to comment.