Merge pull request #20 from mkumatag/service-cred

Auto generate the service credential

Author: ltccci

cmd/image/import/import.go

@@ -1,14 +1,23 @@
 package _import
 
 import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/IBM/go-sdk-core/v4/core"
+	rcv2 "github.com/IBM/platform-services-go-sdk/resourcecontrollerv2"
+	"github.com/spf13/cobra"
+	"k8s.io/klog/v2"
+
 	"github.com/ppc64le-cloud/pvsadm/pkg"
 	"github.com/ppc64le-cloud/pvsadm/pkg/client"
 	"github.com/ppc64le-cloud/pvsadm/pkg/utils"
-	"github.com/spf13/cobra"
-	"k8s.io/klog/v2"
+)
 
-	"os"
-	"strings"
+const (
+	ServiceCredName = "pvsadm-service-cred"
 )
 
 var Cmd = &cobra.Command{
@@ -22,17 +31,21 @@ export IBMCLOUD_API_KEY=<IBM_CLOUD_API_KEY>
 
 Examples:
 
-# importing image from default region and using default storage type
+# importing image from default region and using default storage type (service credential will be autogenerated)
+pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --object-name rhel-83-10032020.ova.gz --image-name test-image
+
+# importing image from default region and using default storage type with specifying the accesskey and secretkey explicitly
 pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --accesskey <ACCESSKEY> --secretkey <SECRETKEY> --object-name rhel-83-10032020.ova.gz --image-name test-image
 
 # with user provided storage type and region
-pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --accesskey <ACCESSKEY> --secretkey <SECRETKEY> -r <REGION> --storagetype <STORAGETYPE> --object-name rhel-83-10032020.ova.gz --image-name test-image
+pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> -r <REGION> --storagetype <STORAGETYPE> --object-name rhel-83-10032020.ova.gz --image-name test-image
 
 # If user wants to specify the type of OS
-pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --accesskey <ACCESSKEY> --secretkey <SECRETKEY> --object-name rhel-83-10032020.ova.gz --image-name test-image --ostype <OSTYPE>
+pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --object-name rhel-83-10032020.ova.gz --image-name test-image --ostype <OSTYPE>
 `,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		opt := pkg.ImageCMDOptions
+		apikey := pkg.Options.APIKey
 		//validate inputs
 		validOsType := []string{"aix", "ibmi", "redhat", "sles"}
 		validStorageType := []string{"tier3", "tier1"}
@@ -47,7 +60,89 @@ pvsadm image import -n upstream-core-lon04 -b <BUCKETNAME> --accesskey <ACCESSKE
 			os.Exit(1)
 		}
 
-		c, err := client.NewClient(pkg.Options.APIKey)
+		if opt.AccessKey == "" || opt.SecretKey == "" {
+			klog.Info("Auto Generating the COS Service credential for importing the image")
+			auth, err := core.NewIamAuthenticator(apikey, "", "", "", false, nil)
+			if err != nil {
+				return err
+			}
+
+			bxCli, err := client.NewClient(apikey)
+			if err != nil {
+				return err
+			}
+
+			resourceController, err := client.NewResourceControllerV2(&rcv2.ResourceControllerV2Options{
+				Authenticator: auth,
+			})
+			if err != nil {
+				return err
+			}
+
+			instances, _, err := resourceController.ResourceControllerV2.ListResourceInstances(resourceController.ResourceControllerV2.NewListResourceInstancesOptions().SetType("service_instance"))
+			if err != nil {
+				return err
+			}
+
+			// Step 1: Find where COS for the bucket
+			cosOfBucket := func(resources []rcv2.ResourceInstance) *rcv2.ResourceInstance {
+				for _, resource := range resources {
+					if strings.Contains(*resource.Crn, "cloud-object-storage") {
+						s3client, err := client.NewS3Client(bxCli, *resource.Name, opt.Region)
+						if err != nil {
+							continue
+						}
+						buckets, err := s3client.S3Session.ListBuckets(nil)
+						if err != nil {
+							continue
+						}
+						for _, bucket := range buckets.Buckets {
+							if *bucket.Name == opt.BucketName {
+								return &resource
+							}
+						}
+					}
+				}
+				return nil
+			}(instances.Resources)
+
+			if cosOfBucket == nil {
+				return fmt.Errorf("failed to find the COS instance for the bucket mentioned: %s", opt.BucketName)
+			}
+			klog.Infof("%s bucket found in the %s[ID:%s] COS instance", opt.BucketName, *cosOfBucket.Name, *cosOfBucket.ID)
+
+			// Step 2: Create the Service Credential in the found COS instance
+			createResourceKeyOptions := &client.CreateResourceKeyOptions{
+				CreateResourceKeyOptions: resourceController.ResourceControllerV2.NewCreateResourceKeyOptions(ServiceCredName, *cosOfBucket.ID),
+				Parameters:               map[string]interface{}{"HMAC": true},
+			}
+
+			key, _, err := resourceController.CreateResourceKey(createResourceKeyOptions)
+			if err != nil {
+				return err
+			}
+			defer resourceController.ResourceControllerV2.DeleteResourceKey(&rcv2.DeleteResourceKeyOptions{ID: key.ID})
+
+			jsonString, err := json.Marshal(key.Credentials.GetProperty("cos_hmac_keys"))
+			if err != nil {
+				return err
+			}
+			h := struct {
+				AccessKeyID string `json:"access_key_id"`
+				SecretKeyID string `json:"secret_access_key"`
+			}{}
+			err = json.Unmarshal(jsonString, &h)
+			if err != nil {
+				klog.Errorf("failed to unmarshal the access credentials from the auto generated service credential")
+				return err
+			}
+
+			// Step 3: Assign the Access Key and Secret Key for further operation
+			opt.AccessKey = h.AccessKeyID
+			opt.SecretKey = h.SecretKeyID
+		}
+
+		c, err := client.NewClient(apikey)
 		if err != nil {
 			return err
 		}
@@ -73,15 +168,13 @@ func init() {
 	Cmd.Flags().StringVarP(&pkg.ImageCMDOptions.InstanceID, "instance-id", "i", "", "Instance ID of the PowerVS instance")
 	Cmd.Flags().StringVarP(&pkg.ImageCMDOptions.BucketName, "bucket", "b", "", "Cloud Storage bucket name")
 	Cmd.Flags().StringVarP(&pkg.ImageCMDOptions.Region, "region", "r", "", "Cloud Storage Region")
-	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.AccessKey, "accesskey", "", "Cloud Storage access key; required for import image")
-	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.SecretKey, "secretkey", "", "Cloud Storage secret key; required for import image")
+	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.AccessKey, "accesskey", "", "Cloud Storage access key")
+	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.SecretKey, "secretkey", "", "Cloud Storage secret key")
 	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.ImageName, "image-name", "", "Name to give imported image")
 	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.ImageFilename, "object-name", "", "Cloud Storage image filename")
-	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.OsType, "ostype", "", "Image OS Type, accepted values are[aix, ibmi, redhat, sles]")
+	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.OsType, "ostype", "redhat", "Image OS Type, accepted values are[aix, ibmi, redhat, sles]")
 	Cmd.Flags().StringVar(&pkg.ImageCMDOptions.StorageType, "storagetype", "tier3", "Storage type, accepted values are [tier1, tier3]")
 	_ = Cmd.MarkFlagRequired("bucket")
-	_ = Cmd.MarkFlagRequired("accesskey")
-	_ = Cmd.MarkFlagRequired("secretkey")
 	_ = Cmd.MarkFlagRequired("image-name")
 	_ = Cmd.MarkFlagRequired("object-name")
 	_ = Cmd.MarkFlagRequired("region")

cmd/root.go

@@ -20,6 +20,15 @@ Integrated with the IBM Cloud platform for on-demand provisioning.
 
 This is a tool built for the Power Systems Virtual Server helps managing and maintaining the resources easily`,
 	SilenceUsage: true,
+	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+		if pkg.Options.APIKey == "" {
+			if key := os.Getenv("IBMCLOUD_API_KEY"); key != "" {
+				klog.Infof("Using an API key from IBMCLOUD_API_KEY environment variable")
+				pkg.Options.APIKey = key
+			}
+		}
+		return nil
+	},
 }
 
 func init() {

go.mod

@@ -5,15 +5,15 @@ go 1.15
 require (
 	github.com/IBM-Cloud/bluemix-go v0.0.0-20200921095234-26d1d0148c62
 	github.com/IBM-Cloud/power-go-client v1.0.51
+	github.com/IBM/go-sdk-core/v4 v4.8.2
 	github.com/IBM/ibm-cos-sdk-go v1.5.0
+	github.com/IBM/platform-services-go-sdk v0.14.4
 	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/go-openapi/strfmt v0.19.4
+	github.com/go-openapi/strfmt v0.19.10
 	github.com/klauspost/compress v1.11.1 // indirect
 	github.com/klauspost/pgzip v1.2.5
 	github.com/manifoldco/promptui v0.7.0
 	github.com/olekukonko/tablewriter v0.0.4
-	github.com/onsi/ginkgo v1.14.1 // indirect
-	github.com/onsi/gomega v1.10.2 // indirect
 	github.com/spf13/cobra v1.0.0
 	k8s.io/klog/v2 v2.3.0
 )