Fujitsu K5 IaaS API Example

Here’s a very quick example of how to consume the K5 IaaS platform through it’s APIs. This is a simple demo that details how to create a security group using API calls with python 2.7.

First of all we need to get a project scoped token to authenticate the user which is achieved with the following function :

# get a project scoped auth token
def get_scoped_token(uname,upassword,uproject,udomain):
    identityURL = 'https://identity.uk-1.cloud.global.fujitsu.com/v3/auth/tokens'
    response = requests.post(identityURL, 
                             headers={'Content-Type': 'application/json','Accept':'application/json'}, 
                             json={"auth":
                                    {"identity":
                                      {"methods":["password"],"password":
                                        {"user":
                                           {"domain":
                                              {"name":udomain}, "name":uname, "password": upassword}}}, 
                                              "scope": { "project": {"id":uproject}}}})
    return response.headers['X-Subject-Token']

 

The token returned in the header of the previous API call is used in all subsequent API calls – k5token.

We can see below that currently we only have the default security group in this project :

sgbefore

The next function invokes the security group creation API call:

# create security group
def create_security_group(k5token,sgname,sgdescription):
    sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-groups'
    response = requests.post(sgURL,
                            headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'},
                            json={"security_group":
                                   {"name": sgname,
                                    "description": sgdescription
                                   }
                                 })
    return response.json()

 

Which when called with the appropriate parameters results in the creation of a security group…surprise, surprise…

sgafter

But there’s no inbound (ingress) rules…

rules_before

Now all that’s needed is the rules that are to be applied to the security group. In this example I allow ssh access inbound with the following function :

def create_security_group_rule(k5token,direction,pmin,pmax,protocol,sgid):
    sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-group-rules'
    response = requests.post(sgURL,
                            headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'},
                            json={"security_group_rule": 
                                   {"direction": direction,
                                    "port_range_min": pmin,
                                    "ethertype": "IPv4",
                                    "port_range_max": pmax,
                                    "protocol": protocol,
                                    "security_group_id": sgid
                                    }
                                  })
    return response.json()

 

Which when called with the correct parameters will result in:

rules_after

Finally we can list all the security group details with this function:

def list_security_groups(k5token):
    sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-groups'
    response = requests.get(sgURL,
                            headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'})
    return response.json()

 

Putting it all together we get this script :


# Author : Graham Land
# Date: 03/10/2016
#
# Purpose: Simple python 2.7 script to demonstrate how to use the Fujitsu K5 IaaS API
# The script creates a security group in a project
#
# blog: https://allthingscloud.eu
# twitter: @allthingsclowd
import requests
# get a project scoped auth token
def get_scoped_token(uname,upassword,uproject,udomain):
identityURL = 'https://identity.uk-1.cloud.global.fujitsu.com/v3/auth/tokens'
response = requests.post(identityURL,
headers={'Content-Type': 'application/json','Accept':'application/json'},
json={"auth":
{"identity":
{"methods":["password"],"password":
{"user":
{"domain":
{"name":udomain}, "name":uname, "password": upassword}}},
"scope": { "project": {"id":uproject}}}})
return response.headers['X-Subject-Token']
# create security group
def create_security_group(k5token,sgname,sgdescription):
sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-groups'
response = requests.post(sgURL,
headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'},
json={"security_group":
{"name": sgname,
"description": sgdescription
}
})
return response.json()
def list_security_groups(k5token):
sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-groups'
response = requests.get(sgURL,
headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'})
return response.json()
def create_security_group_rule(k5token,direction,pmin,pmax,protocol,sgid):
sgURL = 'https://networking.uk-1.cloud.global.fujitsu.com/v2.0/security-group-rules'
response = requests.post(sgURL,
headers={'X-Auth-Token':k5token,'Content-Type': 'application/json','Accept':'application/json'},
json={"security_group_rule":
{"direction": direction,
"port_range_min": pmin,
"ethertype": "IPv4",
"port_range_max": pmax,
"protocol": protocol,
"security_group_id": sgid
}
})
return response.json()
# Define contract parameters
adminUser = 'username'
adminPassword = 'password'
contract = 'contractname'
contractid = 'contractid'
myproject = 'myprojectid'
# Get a project scoped token
k5token = get_scoped_token(adminUser,adminPassword,myproject,contract)
# Display scoped token
print "\n\nToken : " + k5token
# Create a security group
result = create_security_group(k5token,"Demo_SG","This SG will permit SSH")
# Display the result
print "\n\nResponse from Security Group Creation : \n" + str(result) + "\n"
# Capture security id from above result
security_group_id = result['security_group'].get('id')
# Create a security group rule and assign to security group
result = create_security_group_rule(k5token,'ingress','22','22','tcp',security_group_id)
# Display the result
print "\n\nResponse from Security Group Rule Creation : \n" + str(result) + "\n"
# Get all security group details
result = list_security_groups(k5token)
# Display the result
print "\n\nList of All Security Group Details : \n" + str(result) + "\n\n"

This script produces the following output:

Token : 623310d961db4a30a8b8b3410277a951


Response from Security Group Creation : 
{u'security_group': {u'id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'description': u'This SG will permit SSH', u'security_group_rules': [{u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv6', u'port_range_max': None, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'951c64fb-3e91-4695-ad9c-8fa7d0159f83'}, {u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv4', u'port_range_max': None, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'da060f8e-9e75-457b-aa17-06ce76e4336f'}], u'name': u'Demo_SG'}}



Response from Security Group Rule Creation : 
{u'security_group_rule': {u'remote_group_id': None, u'direction': u'ingress', u'remote_ip_prefix': None, u'protocol': u'tcp', u'ethertype': u'IPv4', u'port_range_max': 22, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'port_range_min': 22, u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'id': u'a95a05ab-95e5-4e20-acc5-56b7b6a96915'}}



List of All Security Group Details : 
{u'security_groups': [{u'id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'description': u'default', u'security_group_rules': [{u'remote_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'direction': u'ingress', u'protocol': None, u'ethertype': u'IPv6', u'port_range_max': None, u'security_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'd09fac54-2110-46c1-8340-36f25d47ed53'}, {u'remote_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'direction': u'ingress', u'protocol': None, u'ethertype': u'IPv4', u'port_range_max': None, u'security_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'be4a06d0-5163-40a1-bb14-3db6ae317d8c'}, {u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv6', u'port_range_max': None, u'security_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'86b52434-d129-4237-a5ef-bf8f58cc8e47'}, {u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv4', u'port_range_max': None, u'security_group_id': u'7c885fa2-5221-4cb7-93e9-d137f51a730d', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'97e7890d-03f8-4b3f-8d77-e3b105ecc3e0'}], u'name': u'default'}, {u'id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'description': u'This SG will permit SSH', u'security_group_rules': [{u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv6', u'port_range_max': None, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'951c64fb-3e91-4695-ad9c-8fa7d0159f83'}, {u'remote_group_id': None, u'direction': u'egress', u'protocol': None, u'ethertype': u'IPv4', u'port_range_max': None, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': None, u'remote_ip_prefix': None, u'id': u'da060f8e-9e75-457b-aa17-06ce76e4336f'}, {u'remote_group_id': None, u'direction': u'ingress', u'protocol': u'tcp', u'ethertype': u'IPv4', u'port_range_max': 22, u'security_group_id': u'5dca0da5-e474-40fd-bc96-c084c52fad94', u'tenant_id': u'6e970849a2504abb921702b9ff973e83', u'port_range_min': 22, u'remote_ip_prefix': None, u'id': u'a95a05ab-95e5-4e20-acc5-56b7b6a96915'}], u'name': u'Demo_SG'}]}

 

Happy Stacking!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s