ibm-cloud / bluemix-go Goto Github PK

When a resource instance for hpvs is required to be created via terraform it need a sshkey to be passed in . The current client structure does not permit that
CreateServiceInstanceRequest struct {
Name string json:"name"
ServicePlanID string json:"resource_plan_id"
ResourceGroupID string json:"resource_group_id"
Crn string json:"crn,omitempty"
Tags []string json:"tags,omitempty"
Parameters map[string]interface{} json:"parameters,omitempty"
TargetCrn string json:"target_crn"
}
If we are to create the hpvs via terraform this structure needs to be update to add the SSHKey as well.

Some examples still use the old path [1]: github.com/IBM-Bluemix/bluemix-go.... Although this does not produce any error, will it be better to update the path to ``github.com/IBM-Cloud/...?

[1] https://github.com/IBM-Cloud/bluemix-go/blob/master/examples/container/download_config/main.go#L9-L13

Some services e.g., Watson discovery and conversation has to be deleted with the parameter async=true.
This parameter should be exposed in the method definition, e.g.,

Create(req ServiceInstanceCreateRequest, async bool) (*ServiceInstanceFields, error)
Delete(instanceGUID string, async bool) error

The API sometimes timeouts due to different network errors. On some occasions we can simply retry to see if things can work again. We had the implementation in the rest client. But we are re-using the code from the bluemix-cli-sdk now which doesn't have it.

We need to see the appropriate place to put the logic to be re-usable across the SDK.

Support interacting with cluster addons

Swagger docs: https://containers.cloud.ibm.com/global/swagger-global-api/#/clusters/ManageClusterAddons

As /v1/kube-versions is deprecated now, we need to support /v1/versions to get available k8s and openshift versions.
https://containers.cloud.ibm.com/global/swagger-global-api/#/util/GetKubeVersions

These should be added to make current functions variadic so as not to break existing APIs

https://github.com/IBM-Bluemix/bluemix-go/blob/master/api/mccp/mccpv2/spaces.go#L212

https://apidocs.cloudfoundry.org/272/spaces/creating_a_space.html - no mention of accepts_incomplete and async

Find all such instances.

Add support for resource services

• Resource group
• Resource service instance
• Resource service key
• Resource service bind

https://github.com/IBM-Cloud/bluemix-go/blob/master/api/cis/cisv1/dns.go#L110
The method used should be Put according to CIS documentation. This fails with 405 Method not allowed error.

Need to be able to list the vlans within a DC for provisioning a cluster.

https://us-south.containers.bluemix.net/swagger-api/#!/properties/GetDatacenterVLANs

I have the code working for the support of this, please let me know how to contribute

Request failed with status code: 400, BXNIM0106E: Validation of property 'response_type' with value '[uaa, cloud_iam]' failed. Valid values: 'cloud_iam'

Thoughts?

Based upon the bluemix container doc, container cluster does not belong to a particular space.
The latest bluemix-go failed to download a container configuration file with empty space string.

There are many important packages, like mccp, account. Refresh the godoc does not help solve the issue.

[1] https://godoc.org/github.com/IBM-Bluemix/bluemix-go

Have a customer who reports that he cannot find this option in bluemix console:
"Login to Bluemix to create one if you don't already have one. Follow Manage -> Account -> Users. Click on Bluemix API Keys"

https://github.com/IBM-Cloud/bluemix-go

The correct way to create an API key for your user identity in the Bluemix UI is as follows:
Go to Manage > Security > Platform API keys.
Click Create API key.
Enter a name and description for your API key.
Click Create API key.

https://console.bluemix.net/docs/iam/userid_keys.html#userapikey

The sdk for kubernete cluster seems out of date. Can it be updated with the latest API spec?

This appears to be orphaned code as after 2 years this is still at v0.1.

Is this library going to be replaced with a production lib anytime soon?

My config looks like

	config := &bluemixgo.Config{
		IBMID: "[email protected]",
		IBMIDPassword: "XXXXXXX",
		Region: "us-south",
	}

        sess, err := session.New(config)
	if err != nil {
		return nil, fmt.Errorf("fail to create bx session %v", err)
	}

I got the following error

REQUEST: [2017-07-07T15:58:40Z]
POST /UAALoginServerWAR/oauth/token HTTP/1.1
Host: login.ng.bluemix.net
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Content-Type: application/x-www-form-urlencoded
User-Agent: Blumix-go SDK 0.1 / linux

grant_type=password&password=[PRIVATE DATA HIDDEN]&scope=&username=kangh%40us.ibm.com

RESPONSE: [2017-07-07T15:58:40Z] Elapsed: 614ms
HTTP/1.1 403 Forbidden
Connection: close
Content-Length: 146
Cache-Control: max-age=0, no-cache, no-store
Content-Language: en-US
Content-Security-Policy: default-src 'self' www.ibm.com 'unsafe-inline';
Content-Type: application/json;charset=UTF-8
Date: Fri, 07 Jul 2017 15:58:40 GMT
Expires: Fri, 07 Jul 2017 15:58:40 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=2592000 ; includeSubDomains
X-Backside-Transport: FAIL FAIL
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Global-Transaction-Id: 817351727
X-Powered-By: Servlet/3.1
X-Xss-Protection: 1

{"error_description":"BMXLS0202E: You are using a federated user ID, please use one time code to login with option --sso.","error":"unauthorized"}
FATA[2017-17-07 15:58:40] fail to create bx mccpv2 session: Request failed with status code: 403, unauthorized: BMXLS0202E: You are using a federated user ID, please use one time code to login with option --sso.

My question is what is the correct configuration I can use to connect to my bluemix account. Thanks.

I noticed that the bluemix-go has been moved from IBM-Bluemix namespace to IBM-Cloud. Will this affect the godoc reference page [1]? I think several packages are missing such as mccpv2, containers, etc; the refresh link does not help either.

[1] https://godoc.org/github.com/IBM-Cloud/bluemix-go

Need to fetch the user type - Self, Owner

Implement the CRUD listed here:
https://apidocs.cloudfoundry.org/235/#service-bindings

The method CreateKey(CreateServiceKeyRequest) has the ability to create multiple service credential with the same name for a cloud instance.
This is not allowed in the IBM Cloud console UI as it gives a warning "Service Credential with the same name already exists".
Can we have the same functionality in the SDK as well?

serviceKey, err = resourceSession.CreateKey(controller.CreateServiceKeyRequest{
			Name:      "ift-cloud-object-202002121943",
			SourceCRN: parseInstanceCRN,
			Parameters: map[string]interface{}{
				"HMAC": true,
			},
		})

When executed n times, the cloud instance has n "ift-cloud-object-202002121943" service credential.

It seems that the v2container all resolves to /v2/vpc path for get, list, create, delete clusters. Is there any plan to support the classic type?

Or people should just use v1container for those type of clusters?

Thanks.

When uploading or downloading large streams of data, the tracing facility imposes a large tax. Perhaps the default should allow it to be disabled.

Work around is to define a cluster HTTPClient in the config without the trace wrapper.

func NewHTTPClient(config *ibmcloud.Config) *http.Client {
	return &http.Client{
		Transport: makeTransport(config),
		Timeout:   config.HTTPTimeout,
	}
}

func makeTransport(config *ibmcloud.Config) http.RoundTripper {
	return &http.Transport{
		Proxy: http.ProxyFromEnvironment,
		Dial: (&net.Dialer{
			Timeout:   50 * time.Second,
			KeepAlive: 30 * time.Second,
		}).Dial,
		TLSHandshakeTimeout: 20 * time.Second,
		DisableCompression:  true,
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: config.SSLDisable,
		},
	}
}
...
c.HTTPConfig = NewHTTPClient(c)

When I follow the sample code to provision a discovery service and then update the servicekey. The update call returns the following error:

ServerErrorResponse: {
		  "description": "An operation for service instance test-1-discovery is in progress.",
		  "error_code": "CF-AsyncServiceInstanceOperationInProgress",
		  "code": 60016
		}

My code looks like

myService, err := serviceInstanceAPI.Create(mccpv2.ServiceInstanceCreateRequest
updatedInstance, err := serviceInstanceAPI.Update(myService.Metadata.GUID, mccpv2.ServiceInstanceUpdateRequest{
		Name: helpers.String(service.InstanceName),
	})

My question is is there anyway to check the status of the service instance by the GUID and then call the update. Thanks.

Problem
Cloud Internet Services has the concept of a Monitor. This model represents a health check. Along with things like URL and method, their REST API allows for users to specify a port for the monitor (see API Docs). The Go SDK does not currently have the port field available.

Solution
Add the Port field to both cisv1.Monitor and cisv1.MonitorBody types.

CF configuration will be changed, so the CloudController's /v2/info endpoint will return

{
...
"authorization_endpoint": "https://iam.cloud.ibm.com/cloudfoundry/login/us-south",
"token_endpoint": "https://uaa.us-south.cf.cloud.ibm.com",
...
}

Hi, I saw the following error when deleting a discovery instance. However, I could not find any field in the bluemix client config. Could anyone help? Thanks.

{
  "description": "The following error occurred in the region 'US South': Service instance test-discovery: Service broker error: {\"error\"=>\"AsyncRequired\", \"description\"=>\"This service plan requires client support for asynchronous service operations.\"}",
  "error_code": "CF-ServiceBrokerBadResponse",
  "code": 10001,
  "http": {
    "uri": "https://provision-broker.ng.bluemix.net/bmx/provisioning/brokers/1867973154-7bc1c9a9-9fd7-462f-930e-96f5557c2f5a/v2/service_instances/bdfd19ba-f8ad-4a97-979a-aff3e3a59329",
    "method": "DELETE",
    "status": 422
  },

Should return all results (or at least provide a way to do so).

It looks like keyprotect is not yet supported by this API. Will it be or is work on this being done?

Work around is to remove uaa from the response_type list in iam.go:

https://github.com/IBM-Cloud/bluemix-go/blob/master/authentication/iam.go#L107

I checked the example folder and saw examples creating container cluster. However, I could not find any document about creating other blue mix services, e.g., watson conversation. Will this go sdk support such operation? Thanks.

Hello Bluemix go team,

We are using the RegistryServiceAPI to inspect some images. The RegistryServiceAPI works just fine for any image (at any region) expect for images in the global icr.io registry.

We tried solving this by unsetting the region or setting the region to "GLOBAL" but it still doesn't work.

We still get an error when we inspect an image in the icr.io or private.icr.io registry.

The error received is something like :

 {
    "code": "CRI0106E",
    "message": "The registry in the supplied image name doesn't match the registry that the request was sent to. Correct the image name, and try again.",
    "request-id": "61373bca-f318-4066-9fb7-eba642dcd3b3"
}

We know for sure that the image name is correct and the image is already in the registry and is accessible to the given API key - as we run the ibmcloud cr image-inspect to inspect the exact same image and it doesn't throw any error.

$ ibmcloud cr  image-inspect icr.io/obs/team-name/image:1.11.1

The output is something like :

Inspecting image 'icr.io/obs/team-name/image:1.11.1'...

{
	"Id": "sha256:6a03a21e44f68xxxxxxxxxxxxxxxxxxxxxxx",
	"Parent": "",
	"Comment": "",
	"Created": "2021-11-17T09:06:33.94142403Z",
	"Container": "",
	"ContainerConfig": {
		"Hostname": "",
		"Domainname": "",
		"User": "",
		"AttachStdin": false,
		"AttachStdout": false,
		"AttachStderr": false,
		"Tty": false,
		"OpenStdin": false,
		"StdinOnce": false,
		"Env": null,
		"Cmd": null,
		"Image": "",
		"Volumes": {},
		"WorkingDir": "",
		"Entrypoint": null,
		"OnBuild": null,
		"Labels": null
	},
	"DockerVersion": "",
	"Author": "",
	"Config": {
		"Hostname": "",
		"Domainname": "",
		"User": "1337:1337",
		"AttachStdin": false,
		"AttachStdout": false,
		"AttachStderr": false,
		"Tty": false,
		"OpenStdin": false,
		"StdinOnce": false,
		"Env": [
			"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
			"container=oci"
		],
		"Cmd": null,
		"ArgsEscaped": true,
		"Image": "",
		"Volumes": {},
		"WorkingDir": "",
		"Entrypoint": [
			"/usr/local/bin/pilot-discovery"
		],
		"OnBuild": null,
	"ManifestType": "application/vnd.docker.distribution.manifest.v2+json"
}

OK

How to reproduce this bug ?

1. Create an image in the global icr.io registry

2. Login to ibmcloud and Inspect the image with ibmcloud cr image-inspect .. it will work just fine.

3. Try to inspect the exact same image with the bluemix-go api - you will get an error similar to the one in the description.

Thanks in advance for your support.

I see there is an example of creating a kubernetes cluster by bluemix-go/api/container/containerv1.

Is there any way to create cloudant or watson conversation instances? Could you provide some example? Thanks.

I tried to curl cloud.ibm.com -v in ipv6 environment, cloud.ibm.com cannot be resolved. so my question is does cloud.ibm.com support ipv6? I am calling this API to provision managed kubernetes or ocp cluster. Thanks.

Getting the following error when invoking iamauth.AuthenticateAPIKey(apikey):

Request failed with status code: 400, BXNIM0106E:
Validation of property 'response_type' with value '[uaa, cloud_iam]' failed.
Valid values: 'cloud_iam'

Which points to the following line in authentication/iam.go:

Field("response_type", "cloud_iam,uaa").

If I set the response_type to just cloud_iam, as the error message above suggests, the API returns successfully.

One of our application uses the SDK for talking to the CIS API.
The SDK handles the case where the access token expires but does not handle the case where the refresh token itself expires. We get the following error:

Authentication failed, Unable to refresh auth token: Request failed with status code: 400, BXNIM0408E: Provided refresh token is expired. Try again later

The only way to fix the issue is to restart the application where we get a new refresh token. Can this be handled within the IAM GO API ?

The data source ibm_container_cluster_config downloads the kubectl config yaml and the CA certificate. If the cluster name contains the string "kube", the CA file is subsequently deleted here:
https://github.com/IBM-Bluemix/bluemix-go/blob/b49bb614b336a07449499e79bc04c806d02d65d6/api/container/containerv1/clusters.go#L225

This leaves the downloaded cluster configuration in an unusable state:

error: unable to read certificate-authority .../631d734bca9ca12d1960a58aea06b21af4485745_kubepoc-be1a169f_k8sconfig/ca-ams03-kubepoc-be1a169f.pem for kubepoc-be1a169f due to open .../631d734bca9ca12d1960a58aea06b21af4485745_kubepoc-be1a169f_k8sconfig/ca-ams03-kubepoc-be1a169f.pem: no such file or directory

I looked through the code but not sure if I'm just missing it somewhere. How can I manage DNS zones and entries with the library?

What is the right protocol to deal with the IAM token for CLI tools? The 1h TTL would indicate that you want to reuse the token, but there is no logic in the SDK to serialize the state of the IAMAuthRepository.

Is that something folks manage themselves or is this something that will be implemented in a future release of the SDK?