poc-mc-net-tf

README

Proof of concepts related to multi-cloud networks

We will explore the functions and necessary properties such as creation, diary, update, and deletion of resources/services for configuring a multi-cloud network.

Prerequisites

Install OpenTofu

See Installing OpenTofu

Install by the installer

# Download the installer script:
curl --proto '=https' --tlsv1.2 -fsSL https://get.opentofu.org/install-opentofu.sh -o install-opentofu.sh
# Alternatively: wget --secure-protocol=TLSv1_2 --https-only https://get.opentofu.org/install-opentofu.sh -O install-opentofu.sh

# Give it execution permissions:
chmod +x install-opentofu.sh

# Please inspect the downloaded script

# Run the installer:
./install-opentofu.sh --install-method deb

# Remove the installer:
rm install-opentofu.sh

Get source code

In this readme, ~/poc-mc-net-tf is used as the default directory.

git clone https://github.com/cloud-barista/poc-mc-net-tf.git ~/poc-mc-net-tf

Install swag

If you got an error because of missing swag, install swag:

go install github.com/swaggo/swag/cmd/swag@latest

Setup credentials

Note - There may be an issue regarding Credential settings. Contributions are welcome.

AWS

1. Install AWS CLI (It should be checked.)

2. Prepare your AWS credential

See Set and view configuration settings using commands

Click to see sample

```
[default]
AWS_ACCESS_KEY_ID=A2KXXXXXXXXXXX4XXXSD
AWS_SECRET_ACCESS_KEY=AB2YjR92sdflkj4D34XXXXXXXXXXXXXXXXXXXXXX
```

1. Store your AWS credential ~/.aws/credentials

MS Azure

1. Install MS Azure CLI (It should be checked.)

See How to install the Azure CLI

1. Prepare your MS Azure credential (i.e., a service principal)

See Create a service principal for use with Microsoft Purview See Create an Azure service principal with Azure CLI

1. Store MS Azure credential secrets/credential-azure.env

Click to see sample

```
ARM_CLIENT_ID=asd9f234-1fs2-xxxx-xxxx-xxxxxxxxxxxx
ARM_CLIENT_SECRET=a23i11G~nxxxxXxxXXxx-xxxXXXX3XxxxXXXXxxx
ARM_TENANT_ID=asdf231d-8s7s-11xx-x111-111111xxx111
ARM_SUBSCRIPTION_ID=e14fhg99-11xx-1111-11x1-111xx11x1x11
```

1. Run

source secrets/credential-azure.env
az login --service-principal -u "$ARM_CLIENT_ID" -p "$ARM_CLIENT_SECRET" --tenant "$ARM_TENANT_ID"

GCP

1. Prepare your GCP credential

See Service account credentials

1. Store your GCP credential secrets/credential-gcp.json

Click to see sample

```json
{
    "type": "service_account",
    "project_id": "YOUR_PROJECT_ID",
    "private_key_id": "xx0x0x0x0x0xx0xxxxx0xx0xx0x0x0xx0x0xxxx0",
    "private_key": "-----BEGIN PRIVATE KEY-----\YOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEYYOURPRIVATEKEY==\n-----END PRIVATE KEY-----\n",
    "client_email": "YOUR_SERVICE_ACCOUNT@YOUR_PROJECT_ID.iam.gserviceaccount.com",
    "client_id": "000000000000000000000",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/YOUR_SERVICE_ACCOUNT%40YOUR_PROJECT_ID.iam.gserviceaccount.com"
}
```

Getting started

Source code based installation and exeuction

Build

cd ~/poc-mc-net-tf
make

Run API server binary

cd ~/poc-mc-net-tf
make run

Container based execution

Check a tag of poc-mc-net-tf container image in cloudbaristaorg/poc-mc-net-tf

Run poc-mc-net-tf container

Note - Credentials for AWS, Azure, and GCP must be prepared and injected when running a container.

Note - Modify source="${PWD}"/secrets/ to the appropriate path.

Note - About credential injection:

• Set AWS credenttal as environment variable: --env-file "${PWD}"/secrets/credentials
• Set Azure credential as environment variable: --env-file "${PWD}"/secrets/credentials
• Mount GCP credential file: --mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/

docker run \
--env-file "${PWD}"/secrets/credentials \
--env-file "${PWD}"/secrets/credential-azure.env \
--mount type=bind,source="${PWD}"/secrets/,target=/app/secrets/ \
-p 8888:8888 \
--name poc-mc-net-tf \
cloudbaristaorg/poc-mc-net-tf:latest

Access Swagger UI

You can find the default username and password to access to API dashboard when the API server runs.

URL: http://localhost:8888/mc-net/swagger/index.html

Note - You can find API documentation on Swagger UI.

---

Appendix

The example of API call sequence

1. POST /rg/{resourceGroupId}/vpn/gcp-azure/init
2. POST /rg/{resourceGroupId}/vpn/gcp-azure/blueprint
3. POST /rg/{resourceGroupId}/vpn/gcp-azure/plan
4. POST /rg/{resourceGroupId}/vpn/gcp-azure (Time-consuming API, return a request ID and be processed asynchronously)
5. GET /rg/{resourceGroupId}/vpn/gcp-azure/request/{requestId}/status (Check the above API status)
6. GET /rg/{resourceGroupId}/vpn/gcp-azure/state (Check the resource status on CSPs)
7. DELETE /rg/{resourceGroupId}/vpn/gcp-azure (Time-consuming API, return a request ID and be processed asynchronously)
8. DELETE /rg/{resourceGroupId}/vpn/gcp-azure/clear