fixed conflicts

.travis.yml

@@ -6,5 +6,13 @@ python:
 install:
   - pip3 install -r requirements.txt
   - pip3 install -e .
+  - pip3 install pytest
+  - pip3 install pytest-cov
+  - pip3 install coveralls
+  - pip3 install kubernetes
+  - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+  - sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
 script:
-  - pytest
+  - pytest --cov=./
+after_success:
+  - coveralls

README.md

@@ -5,7 +5,11 @@
 ## Overview
 The goal of this project is to automate CIS integration for IBM Cloud application platforms. We will produce a command line tool that customers can use to simplify this process.
 
-This command line tool currently supports [Code Engine](https://www.ibm.com/cloud/code-engine) applications and has been configured for MacOS. In order to connect a Code Engine app to a CIS instance, numerous resources must be set up within CIS, namely: DNS records, a TLS certificate, a Global Load Balancer, Origin Pool, and Health Check Monitor, and an Edge Function.
+This command line tool currently supports [Code Engine](https://www.ibm.com/cloud/code-engine) applications and [IBM Cloud Kubernetes Service](https://www.ibm.com/cloud/kubernetes-service) clusters, and has been configured for MacOS. 
+
+In order to connect a Code Engine app to a CIS instance, numerous resources must be set up within CIS, namely: DNS records, a TLS certificate, a Global Load Balancer, Origin Pool, and Health Check Monitor, and an Edge Function.
+
+To connect a Kubernetes cluster to a CIS instance, DNS records must be created in the CIS instance, a TLS Edge Certificate must be created in CIS, a TLS certificate can be ordered by the Kubernetes Certificate Manager and imported to your IKS cluster as a secret (optional), and ACL rules must be configured and an Ingress must be created in your IKS cluster.
 
 **IMPORTANT:** Due to plan restrictions, if you select any plan lower than the Enterprise Plan for your CIS instance, we will be unable to automatically create the Edge Function for you. If you use the `--standard` flag when using our CLI tool, we can create everything except the Edge Function, and you can follow our [Manual Steps document](https://github.com/IBM/cis-integration/blob/master/cis_manual_steps.md) to create the Edge Function yourself.
 
@@ -54,7 +58,7 @@ or
 ci -u
 ```
 
-## Usage
+## Code Engine Usage
 For general information on how to use the tool, run the following command in the terminal on your computer: 
 ```
 $ cis-integration code-engine --help
@@ -137,11 +141,61 @@ or
 ```
 cis-integration code-engine --delete -c [CIS CRN] -z [CIS ZONE ID] -d [CIS DOMAIN]
 ```
-You will prompted at each stage to confirm the deletion of the selected resource(s). Input 'y' or 'yes' to confirm (NOT case sensitive). 
+**Note:** If you do not use the `--terraform` option, you will prompted at each stage to confirm the deletion of the selected resource(s). Input 'y' or 'yes' to confirm (NOT case sensitive). 
+
+If you created your resources using the `--terraform` global option, then a Schematics workspace was created on your IBM Cloud account to execute the terraform scripts that built your resources. By adding the `--terraform` option to the `--delete` command, the resources will be deleted using the workspace's internal `destroy` action. The workspace will then be deleted along with the rest of the resources.
+
+## IBM Kubernetes Service Usage
+For general information on how to use the tool, run the following command in the terminal on your computer: 
+```
+$ cis-integration iks --help
+```
+
+This tool offers two options to connect the CIS instance to the cluster. You may choose to build the resources needed for your CIS instance using either Python or [Terraform](https://www.terraform.io/) scripts. If you choose to use Terraform, this tool will build an [IBM Schematics](https://cloud.ibm.com/docs/schematics?topic=schematics-about-schematics) workspace to run the Terraform code. 
+
+Regardless of the option you choose, the tool will require you to input some information about your CIS instance and IKS cluster. You can find this information by going to https://cloud.ibm.com and logging into your IBM Cloud account. Navigate to the "Resource list" tab and locate your CIS instance and IKS cluster.
 
-If you created your resources using the `--terraform` global option, then a Schematics workspace was created on your IBM Cloud account to execute the terraform scripts that built your resources. By adding the `--terraform` option to the `--delete` command, you can delete this workspace along with the rest of the resources.
+### To deploy resources using Python scripts:
+1. Install the tool using the [installation](#installation) instructions listed above
+2. Access the command terminal on your computer 
+3. If you're using Docker, build and run your Docker image with the above commands
+4. Input the following generic command:
+```
+cis-integration iks -n [CIS NAME] -r [RESOURCE GROUP] -d [CIS DOMAIN] -p [VPC NAME] -i [IKS CLUSTER ID] --namespace [IKS NAMESPACE] --service_name [IKS SERVICE NAME] --service_port [IKS TARGET PORT]
+```
+### Arguments:
+* **RESOURCE GROUP:** the resource group connected to the CIS instance. Found by navigating to your CIS resource page and clicking on "Details".
+* **CIS NAME:** the name of your CIS instance.
+* **CIS DOMAIN:** the domain name connected to your CIS instance. Found near the top of your CIS resource page. 
+    Example: `example.com`
+* **VPC NAME:** the name of the VPC instance which your IKS cluster is running on.
+* **IKS CLUSTER ID:** the ID associated with your IKS cluster. Found in the "Details" section in the "Overview" tab of your IKS cluster.
+    Example: `g3jk284d008l7s14gcsg` 
+* **IKS NAMESPACE:** the name of the virtual cluster using your physical IKS cluster resources. Found by opening your kubernetes dashboard and clicking the "Namespaces" tab in the "Cluster" section.
+* **IKS SERVICE NAME:** the name of the Service exposing your application by rerouting incoming traffic to pods. Found by opening your kubernetes dashboard and clicking on the "Services" tab in the "Service" section.
+* **IKS TARGET PORT:** the target port of your Service that every incoming port is mapped to. Found be opening your kubernetes dashboard, clicking the "Services" tab in the "Service" section, and clicking the "edit" button in the top-right corner.
 
-## Network ACL Rule Requirement
+### To deploy resources using Terraform scripts:
+1. Install the tool using the [installation](#installation) instructions listed above
+2. Access the command terminal on your computer 
+3. If you're using Docker, build and run your Docker image with the above commands
+4. Input the following generic command:
+```
+cis-integration iks --terraform -n [CIS NAME] -r [RESOURCE GROUP] -d [CIS DOMAIN] -p [VPC NAME] -i [IKS CLUSTER ID] --namespace [IKS NAMESPACE] --service_name [IKS SERVICE NAME] --service_port [IKS TARGET PORT]
+```
+### Arguments:
+* **RESOURCE GROUP:** the resource group connected to the CIS instance. Found by navigating to your CIS resource page and clicking on "Details".
+* **CIS NAME:** the name of your CIS instance.
+* **CIS DOMAIN:** the domain name connected to your CIS instance. Found near the top of your CIS resource page. 
+    Example: `example.com`
+* **VPC NAME:** the name of the VPC instance which your IKS cluster is running on.
+* **IKS CLUSTER ID:** the ID associated with your IKS cluster. Found in the "Details" section in the "Overview" tab of your IKS cluster.
+    Example: `g3jk284d008l7s14gcsg` 
+* **IKS NAMESPACE:** the name of the virtual cluster using your physical IKS cluster resources. Found by opening your kubernetes dashboard and clicking the "Namespaces" tab in the "Cluster" section.
+* **IKS SERVICE NAME:** the name of the Service exposing your application by rerouting incoming traffic to pods. Found by opening your kubernetes dashboard and clicking on the "Services" tab in the "Service" section.
+* **IKS TARGET PORT:** the target port of your Service that every incoming port is mapped to. Found be opening your kubernetes dashboard, clicking the "Services" tab in the "Service" section, and clicking the "edit" button in the top-right corner.
+
+### Network ACL Rule Requirement
 For integration between Cloud Internet Services (CIS) and IBM Kubernetes Service (IKS) some network ACL rules will need to be present. These rules are present in the [VPC Infrastructure - Access Control List](https://cloud.ibm.com/vpc-ext/network/acl) section in IBM Cloud. These rules are used to secure incoming traffic for the VPC. Below are the required rules.
 
 #### General Rules
@@ -175,7 +229,8 @@ Cloudflare IP 12                      | 172.64.0.0/13           | Any
 Cloudflare IP 13                      | 131.0.72.0/22           | Any              | 443  | Allow  | Inbound
 Cloudflare IP 14                      | 198.41.128.0/17         | Any              | 443  | Allow  | Inbound
 
-For more information about ACL rules please refer to this [documentation](https://cloud.ibm.com/docs/containers?topic=containers-vpc-network-policy#acls). For more information on these specific ACL rules see this VPC ACL section in [this](https://github.com/Cloud-Schematics/multizone-secure-iks-with-cis#vpc-acls) GitHub repo. 
+For more information about ACL rules please refer to this [documentation](https://cloud.ibm.com/docs/containers?topic=containers-vpc-network-policy#acls). For more information on these specific ACL rules see this VPC ACL section in [this](https://github.com/Cloud-Schematics/multizone-secure-iks-with-cis#vpc-acls) GitHub repo.
+
 ## Resources
 - [Deploy CIS instance](https://cloud.ibm.com/docs/cis?topic=cis-getting-started)
 - [Deploy Code Engine application](https://cloud.ibm.com/docs/codeengine?topic=codeengine-deploy-app-tutorial)

iks_manual_steps.md

@@ -16,7 +16,7 @@ From IBM Kubernetes Service navigate to the Kubernetes dashboard to deploy a ser
 
 ![Internal IKS Service](./images/iks-service.png)
 
-## 4. Importing CIS DNS Certificate into IKS Cluster
+## 4. (Optional) Importing CIS DNS Certificate into IKS Cluster
 Now we import the CIS DNS certificate into our IKS Cluster using the command below. If you have this certificate in a certificate manager already then simply populate the fields as needed and run the below curl command. If you need to still obtain this certificate then navigate to to the certificate manager which is automatically created when an IKS Cluster is created.
 
 ![IKS Certificate Manager](./images/iks-cert-manager.png)
@@ -97,4 +97,4 @@ spec:
           serviceName: <app1_service>  
           servicePort: 80
 ```
-Here you will need to fill in the missing information. For each `hosts:` section provide the ingress subdomain. For the `secretName:` provide the name of the secret created when importing the CIS DNS Certificate. For `serviceName:` and `servicePort:` provide your service name and port which you created in step three.
+Here you will need to fill in the missing information. For each `hosts:` section provide the ingress subdomain. For the `secretName:` provide the name of the secret created when importing the CIS DNS Certificate or provide the default IKS Certificate secret if you choose to skip step four. For `serviceName:` and `servicePort:` provide your service name and port which you created in step three.

src/ce/codeEngine.py

@@ -188,7 +188,7 @@ def CodeEngine(args):
     else:  # handle the case of using python
         # 1. Domain Name and DNS
         user_DNS = DNSCreator(UserInfo.crn, UserInfo.zone_id,
-                              UserInfo.api_endpoint, UserInfo.app_url)
+                              UserInfo.api_endpoint, UserInfo.app_url, token=UserInfo.token["access_token"])
         user_DNS.create_records()
 
         # 2. Global Load Balancer

src/ce/delete_edge.py

@@ -2,6 +2,9 @@
 import requests
 from src.common.functions import Color
 
+def get_input(text):
+    return input(text)
+
 class DeleteEdge:
     def __init__(self, crn: str, zone_id: str, cis_domain: str, apikey: str, token: str) -> None:
         self.crn = crn
@@ -11,7 +14,7 @@ def __init__(self, crn: str, zone_id: str, cis_domain: str, apikey: str, token:
         self.token = token
 
     def delete_edge(self):
-        execute = input("Delete edge function? Input 'y' or 'yes' to execute: ").lower()
+        execute = get_input("Delete edge function? Input 'y' or 'yes' to execute: ").lower()
         if execute == 'y' or execute == 'yes':
             action_name = self.cis_domain.replace('.','-')
             #token = self.request_token(self.apikey)

src/ce/delete_glb.py

@@ -4,16 +4,19 @@
 from ibm_cloud_sdk_core.api_exception import ApiException
 from src.common.functions import Color
 
+def get_input(text):
+    return input(text)
+
 class DeleteGLB:
     def __init__(self, crn: str, zone_id: str, endpoint: str, cis_domain: str) -> None:
         self.crn = crn
         self.zone_id = zone_id
         self.endpoint = endpoint
-        self.cis_domain = cis_domain
+        self.cis_domain = cis_domain    
 
     def delete_glb(self):
         # delete the glb
-        execute_glb = input("Delete global load balancer? Input 'y' or 'yes' to execute: ").lower()
+        execute_glb = get_input("Delete global load balancer? Input 'y' or 'yes' to execute: ").lower()
         if execute_glb == 'y' or execute_glb == 'yes':
             globalLoadBalancer = GlobalLoadBalancerV1.new_instance(
                 crn=self.crn, zone_identifier=self.zone_id, service_name="cis_services")
@@ -40,7 +43,7 @@ def delete_glb(self):
 
             if keepgoing:
                 # delete the origin pool
-                execute_origin = input("Delete origin pool? Input 'y' or 'yes' to execute: ").lower()
+                execute_origin = get_input("Delete origin pool? Input 'y' or 'yes' to execute: ").lower()
                 if execute_origin == 'y' or execute_origin == 'yes':
                     globalLoadBalancerPools = GlobalLoadBalancerPoolsV0.new_instance(
                         crn=self.crn, service_name="cis_services")
@@ -64,7 +67,7 @@ def delete_glb(self):
 
                     if keepgoing:
                         # delete the linked health check
-                        execute_monitor = input("Delete health check monitor? Input 'y' or 'yes' to execute: ").lower()
+                        execute_monitor = get_input("Delete health check monitor? Input 'y' or 'yes' to execute: ").lower()
                         if execute_monitor == 'y' or execute_monitor == 'yes':
 
                             cert = GlobalLoadBalancerMonitorV1.new_instance(

src/common/delete_dns.py

@@ -4,6 +4,9 @@
 from ibm_cloud_sdk_core.api_exception import ApiException
 from src.common.functions import Color
 
+def get_input(text):
+    return input(text)
+
 class DeleteDNS:
     def __init__(self, crn: str, zone_id: str, endpoint: str, cis_domain: str) -> None:
         self.crn = crn
@@ -12,7 +15,7 @@ def __init__(self, crn: str, zone_id: str, endpoint: str, cis_domain: str) -> No
         self.cis_domain = cis_domain
 
     def delete_dns(self):
-        execute = input("Delete DNS Records? Input 'y' or 'yes' to execute: ").lower()
+        execute = get_input("Delete DNS Records? Input 'y' or 'yes' to execute: ").lower()
         if execute == 'y' or execute == 'yes':
             # create instance
             record = DnsRecordsV1.new_instance(