islcli groundwork

Author: allmightyspiff

SoftLayer/API.py

@@ -27,6 +27,7 @@
 
 __all__ = [
     'create_client_from_env',
+    'employee_client',
     'Client',
     'BaseClient',
     'API_PUBLIC_ENDPOINT',
@@ -142,6 +143,88 @@ def create_client_from_env(username=None,
     return BaseClient(auth=auth, transport=transport, config_file=config_file)
 
 
+def employee_client(username=None,
+                    api_key=None,
+                    endpoint_url=None,
+                    timeout=None,
+                    auth=None,
+                    config_file=None,
+                    proxy=None,
+                    user_agent=None,
+                    transport=None,
+                    verify=True):
+    """Creates an INTERNAL SoftLayer API client using your environment.
+
+    Settings are loaded via keyword arguments, environemtal variables and
+    config file.
+
+    :param username: your user ID
+    :param api_key: hash from SoftLayer_User_Employee::performExternalAuthentication(username, password, 2fa_string)
+    :param endpoint_url: the API endpoint base URL you wish to connect to.
+        Set this to API_PRIVATE_ENDPOINT to connect via SoftLayer's private
+        network.
+    :param proxy: proxy to be used to make API calls
+    :param integer timeout: timeout for API requests
+    :param auth: an object which responds to get_headers() to be inserted into
+        the xml-rpc headers. Example: `BasicAuthentication`
+    :param config_file: A path to a configuration file used to load settings
+    :param user_agent: an optional User Agent to report when making API
+        calls if you wish to bypass the packages built in User Agent string
+    :param transport: An object that's callable with this signature:
+                      transport(SoftLayer.transports.Request)
+    :param bool verify: decide to verify the server's SSL/TLS cert. DO NOT SET
+                        TO FALSE WITHOUT UNDERSTANDING THE IMPLICATIONS.
+
+    Usage:
+
+        >>> import SoftLayer
+        >>> client = SoftLayer.create_client_from_env()
+        >>> resp = client.call('Account', 'getObject')
+        >>> resp['companyName']
+        'Your Company'
+
+    """
+    settings = config.get_client_settings(username=username,
+                                          api_key=api_key,
+                                          endpoint_url=endpoint_url,
+                                          timeout=timeout,
+                                          proxy=proxy,
+                                          verify=verify,
+                                          config_file=config_file)
+
+    if transport is None:
+        url = settings.get('endpoint_url')
+        if url is not None and '/rest' in url:
+            # If this looks like a rest endpoint, use the rest transport
+            transport = transports.RestTransport(
+                endpoint_url=settings.get('endpoint_url'),
+                proxy=settings.get('proxy'),
+                timeout=settings.get('timeout'),
+                user_agent=user_agent,
+                verify=verify,
+            )
+        else:
+            # Default the transport to use XMLRPC
+            transport = transports.XmlRpcTransport(
+                endpoint_url=settings.get('endpoint_url'),
+                proxy=settings.get('proxy'),
+                timeout=settings.get('timeout'),
+                user_agent=user_agent,
+                verify=verify,
+            )
+
+
+    if auth is None and settings.get('username') and settings.get('api_key'):
+        real_transport = getattr(transport, 'transport', transport)
+        if isinstance(real_transport, transports.XmlRpcTransport):
+            auth = slauth.EmployeeAuthentication(
+                settings.get('username'),
+                settings.get('api_key'),
+            )
+
+    return BaseClient(auth=auth, transport=transport)
+
+
 def Client(**kwargs):
     """Get a SoftLayer API Client using environmental settings.
 
@@ -545,6 +628,77 @@ def __repr__(self):
         return "IAMClient(transport=%r, auth=%r)" % (self.transport, self.auth)
 
 
+class EmployeeClient(BaseClient):
+    """Internal SoftLayer Client
+
+    :param auth: auth driver that looks like SoftLayer.auth.AuthenticationBase
+    :param transport: An object that's callable with this signature: transport(SoftLayer.transports.Request)
+    """
+
+    def authenticate_with_password(self, username, password, security_token=None):
+        """Performs IBM IAM Username/Password Authentication
+
+        :param string username: your softlayer username
+        :param string password: your softlayer password
+        :param int security_token: your 2FA token, prompt if None
+        """
+
+        self.auth = None
+        if security_token is None:
+            security_token = input("Enter your 2FA Token now: ")
+            if len(security_token) != 6:
+                raise Exception("Invalid security token: {}".format(security_token))
+
+        auth_result = self.call('SoftLayer_User_Employee', 'performExternalAuthentication',
+                                username, password, security_token)
+
+
+        self.settings['softlayer']['access_token'] = auth_result['hash']
+        self.settings['softlayer']['userId'] = auth_result['userId']
+        # self.settings['softlayer']['refresh_token'] = tokens['refresh_token']
+
+        config.write_config(self.settings, self.config_file)
+        self.auth = slauth.EmployeeAuthentication(auth_result['userId'], auth_result['hash'])
+
+        return auth_result
+
+
+
+    def authenticate_with_hash(self, userId, access_token):
+        """Authenticates to the Internal SL API with an employee userid + token
+
+        :param string userId: Employee UserId
+        :param string access_token: Employee Hash Token
+        """
+        self.auth = slauth.EmployeeAuthentication(userId, access_token)
+
+    def refresh_token(self, userId, auth_token):
+        """Refreshes the login token"""
+
+        self.auth = None
+        auth_result = self.call('SoftLayer_User_Employee', 'refreshEncryptedToken', auth_token, id=userId)
+        print(auth_result)
+        self.settings['softlayer']['access_token'] = auth_result[0]
+
+        config.write_config(self.settings, self.config_file)
+        self.auth = slauth.EmployeeAuthentication(userId, auth_result[0])
+        return auth_result
+
+    def call(self, service, method, *args, **kwargs):
+        """Handles refreshing IAM tokens in case of a HTTP 401 error"""
+        try:
+            return super().call(service, method, *args, **kwargs)
+        except exceptions.SoftLayerAPIError as ex:
+
+            if ex.faultCode == 401:
+                LOGGER.warning("Token has expired, trying to refresh. %s", ex.faultString)
+                return ex
+            else:
+                raise ex
+
+    def __repr__(self):
+        return "IAMClient(transport=%r, auth=%r)" % (self.transport, self.auth)
+
 class Service(object):
     """A SoftLayer Service.
 

SoftLayer/CLI/login.py

@@ -0,0 +1,19 @@
+"""Login with your employee username, password, 2fa token"""
+# :license: MIT, see LICENSE for more details.
+
+import click
+
+from SoftLayer.CLI.command import SLCommand as SLCommand
+from SoftLayer.CLI import config
+from SoftLayer.CLI import environment
+
+
+@click.command(cls=SLCommand)
+@environment.pass_env
+def cli(env):
+    """Logs you into the internal SoftLayer Network.
+
+    username and password can be set in SL_USER and SL_PASSWORD env variables. You will be prompted for them otherwise.
+    """
+
+    print("OK")

SoftLayer/CLI/routes.py

@@ -8,6 +8,7 @@
 
 ALL_ROUTES = [
     ('shell', 'SoftLayer.shell.core:cli'),
+    ('login', 'SoftLayer.CLI.login:cli'),
 
     ('call-api', 'SoftLayer.CLI.call_api:cli'),
 

SoftLayer/auth.py

@@ -12,6 +12,7 @@
     'TokenAuthentication',
     'BasicHTTPAuthentication',
     'AuthenticationBase',
+    'EmployeeAuthentication'
 ]
 
 
@@ -137,3 +138,24 @@ def get_request(self, request):
 
     def __repr__(self):
         return "BearerAuthentication(username={}, token={})".format(self.username, self.api_key)
+
+class EmployeeAuthentication(AuthenticationBase):
+    """Token-based authentication class.
+
+        :param username str: a user's username
+        :param api_key str: a user's API key
+    """
+    def __init__(self, user_id, user_hash):
+        self.user_id = user_id
+        self.hash = user_hash
+
+    def get_request(self, request):
+        """Sets token-based auth headers."""
+        request.headers['employeesession'] = {
+            'userId': self.user_id,
+            'authToken': self.hash,
+        }
+        return request
+
+    def __repr__(self):
+        return "EmployeeAuthentication(userId=%r,hash=%s)" % (self.user_id, self.hash)