smart_proxy_ipam 0.0.19 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 557b60d8a66e595502b01b96675bcfd85c1c6e40df80fd824d1aa57e7a11d29f
-  data.tar.gz: e1488f94cfa129ccbd3da7006c535bc4632b4206511a25cd7c81778c27bf7dcc
+  metadata.gz: 0754301cca6caabaf785d9c4a7753d8543289fa9754339c12f706d23610577d2
+  data.tar.gz: ad1c8b77662f0ff667ff1c2127bfb9af6221dfe67cd7877968c6425e20fc4074
 SHA512:
-  metadata.gz: 4f9b9a41c0367c7aaa4abd902a2db04faf8026a9c61d28b001b5b57ef94169a6b219ea799fb2819a7209a081d304f393098b452e72fbcefb67c98a3aa845e779
-  data.tar.gz: ca812b143249eb666d02c2af202576024e0b2993332b7563b897950b40b7ef4ba0944b844b7eea9aa83c3c7074c55a3baa392aa59835c5b40c0ed3e7d7a56180
+  metadata.gz: 74ba390d81e5be049f0ab15c1586babb91feddbde52c513cf65c35cc140a7471d3f531d578da899b406c09bdebbf8f6039a15e8105bf8ee7bafd67bb5ec3e4a9
+  data.tar.gz: a6fe51e572df5e809546fea30864b5bdf153e7eb297bc0a6ae909eda79c181fc028f6b7c2421c1745f62ef20e94bbf55f2cfcd1f5a86270c1ed372db22c3722d

data/README.md

@@ -2,11 +2,9 @@
 
 Foreman Smart Proxy plugin for IPAM integration with various IPAM providers.
 
-Currently supported Providers: 
-1. [phpIPAM](https://phpipam.net/). 
-
-Provides a basic Dashboard for viewing phpIPAM sections, subnets. Also supports obtaining of the next available IPv4 address for a given subnet(via [IPAM Smart Proxy Plugin](https://github.com/grizzthedj/smart_proxy_ipam)).
-
+Currently supported Providers:
+1. [phpIPAM](https://phpipam.net/).
+2. [NetBox](https://github.com/netbox-community/netbox).
 
 ## Installation
 
@@ -15,14 +13,23 @@ for how to install Foreman plugins
 
 ## Usage
 
-Once plugin is installed, you can use phpIPAM to get the next available IP address for a subnet:
+Once plugin is installed, you can use an External IPAM to get the next available IP address in subnets.
+
+1. Create a subnet in Foreman of IPAM type "External IPAM". Click on the `Proxy` tab and associate the subnet with a Smart Proxy that has the `externalipam` feature enabled. _NOTE: This subnet must actually exist in External IPAM. There is no integration with subnet creation at this time._
+2. Create a host in Foreman. When adding/editing interfaces, select the above created subnet, and the next available IP in the selected subnet will be pulled from phpIPAM, and displayed in the IPv4/IPv6 address field.
+
+### phpIPAM
+1. Create a User and API Key in phpIPAM, and ensure they are both named exactly the same. 
+2. The "App Security" setting for your API key should be "User token"
+3. Add the url and User name and password to the configuration at `/etc/foreman-proxy/settings.d/externalipam_phpipam.yml`
 
-1. Create a subnet in Foreman of IPAM type "External IPAM". Click on the `Proxy` tab and associate the subnet with a Smart Proxy that has the `External IPAM` feature enabled. _NOTE: This subnet must actually exist in phpIPAM. There is no integration with subnet creation at this time._
-2. Create a host in Foreman. When adding/editing interfaces, select the above created subnet, and the next available IP in the selected subnet will be pulled from phpIPAM, and displayed in the IPv4 address field. _NOTE: This is not supported for IPv6._
+### NetBox
+1. Obtain an API token via a user profile in Netbox.
+2. Add the token and the url to your NetBox instance to the configuration in `/etc/foreman-proxy/settings.d/externalipam_netbox.yml`
 
 ## Local development
 
-1. Clone the Foreman repo 
+1. Clone the Foreman repo
 ```
 git clone https://github.com/theforeman/foreman.git
 ```
@@ -30,48 +37,46 @@ git clone https://github.com/theforeman/foreman.git
 ```
 git clone https://github.com/theforeman/smart-proxy
 ```
-3. Fork both the foreman plugin and smart proxy plugin repos, then clone
+3. Fork the Smart Proxy IPAM plugin repo, then clone
 
-foreman_ipam repo: https://github.com/grizzthedj/foreman_ipam  
 smart_proxy_ipam repo: https://github.com/grizzthedj/smart_proxy_ipam
 
 ```
-git clone https://github.com/<GITHUB_USER>/foreman_ipam
 git clone https://github.com/<GITHUB_USER>/smart_proxy_ipam
 ```
-4. Add the foreman_ipam plugin to `Gemfile.local.rb` in the Foreman bundler.d directory
-```
-gem 'foreman_ipam', :path => '/path/to/foreman_ipam'
-```
-5. From Foreman root directory run 
+4. From Foreman root directory run
 ```
 bundle install
 bundle exec rails db:migrate
 bundle exec rails db:seed    # This adds 'External IPAM' feature to Features table
 bundle exec foreman start
 ```
-6. Add the smart_proxy_ipam plugin to `Gemfile.local.rb` in Smart Proxy bundler.d directory
+5. Add the smart_proxy_ipam plugin to `Gemfile.local.rb` in Smart Proxy bundler.d directory
 ```
 gem 'smart_proxy_ipam', :path => '/path/to/smart_proxy_ipam'
 ```
-7. Copy `config/settings.d/externalipam.yml.example` to `config/settings.d/externalipam.yml` and replace values with your phpIPAM URL and credentials.
-8. From Smart Proxy root directory run ... 
+6. Copy `config/settings.d/externalipam.yml.example` to `config/settings.d/externalipam.yml`, and set `enabled` to true, and `use_provider` to `externalipam_phpipam` or `externalipam_netbox`.
+7. Copy `config/settings.d/externalipam_phpipam.yml.example` to `config/settings.d/externalipam_phpipam.yml` and replace values with your phpIPAM URL and credentials.
+8. Copy `config/settings.d/externalipam_netbox.yml.example` to `config/settings.d/externalipam_netbox.yml` and replace values with your Netbox URL and API token.
+9. From Smart Proxy root directory run ...
 ```
 bundle install
 bundle exec smart-proxy start
 ```
-9. Navigate to Foreman UI at http://localhost:5000
-10. Add a Local Smart Proxy in the Foreman UI(Infrastructure => Smart Proxies)
-11. Ensure that the `External IPAM` feature is present on the proxy(http://localhost:8000/features)
-12. Create a Subnet, and associate the subnet to the `External IPAM` proxy
- 
+10. Navigate to Foreman UI at http://localhost:5000
+11. Add a Local Smart Proxy in the Foreman UI(Infrastructure => Smart Proxies)
+12. Ensure that the `External IPAM` feature is present on the proxy(http://localhost:8000/features)
+13. Create a Subnet(IPv4 or IPv6), and associate the subnet with the `External IPAM` proxy. Subnet must exist in phpIPAM.
+14. Create a Host, and select an External IPAM Subnet to obtain the next available IP from phpIPAM
+NOTE: For IPv6 subnets only, if the subnet has no addresses reserved(i.e. empty), the first address returned is actually the network address(e.g. `fd13:6d20:29dc:cf27::`), which is not a valid IP. This is a bug within phpIPAM itself
+
 ## Contributing
 
 Fork and send a Pull Request. Thanks!
 
 ## Copyright
 
-Copyright (c) *2019* *Christopher Smith*
+Copyright (c) *2020* *Christopher Smith*
 
 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by

data/bundler.d/ipam.rb

@@ -1,2 +1 @@
-
 gem 'smart_proxy_ipam'

data/lib/smart_proxy_ipam.rb

@@ -1,2 +1,4 @@
 require 'smart_proxy_ipam/version'
 require 'smart_proxy_ipam/ipam'
+require 'smart_proxy_ipam/phpipam/phpipam_plugin'
+require 'smart_proxy_ipam/netbox/netbox_plugin'

data/lib/smart_proxy_ipam/api_resource.rb

@@ -0,0 +1,54 @@
+require 'yaml'
+require 'json'
+require 'net/http'
+require 'uri'
+require 'smart_proxy_ipam/ipam_helper'
+
+module Proxy::Ipam
+  # Class to handle authentication and HTTP transactions with External IPAM providers
+  class ApiResource
+    include ::Proxy::Log
+    include Proxy::Ipam::IpamHelper
+
+    def initialize(params = {})
+      @api_base = params[:api_base]
+      @token = params[:token]
+      @auth_header = params[:auth_header] || 'Authorization'
+    end
+
+    def get(path)
+      uri = URI(@api_base + path)
+      request = Net::HTTP::Get.new(uri)
+      request[@auth_header] = @token
+      request['Accept'] = 'application/json'
+
+      Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        http.request(request)
+      end
+    end
+
+    def delete(path)
+      uri = URI(@api_base + path)
+      request = Net::HTTP::Delete.new(uri)
+      request[@auth_header] = @token
+      request['Accept'] = 'application/json'
+
+      Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        http.request(request)
+      end
+    end
+
+    def post(path, body = nil)
+      uri = URI(@api_base + path)
+      request = Net::HTTP::Post.new(uri)
+      request.body = body
+      request[@auth_header] = @token
+      request['Accept'] = 'application/json'
+      request['Content-Type'] = 'application/json'
+
+      Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == 'https') do |http|
+        http.request(request)
+      end
+    end
+  end
+end

data/lib/smart_proxy_ipam/dependency_injection.rb

@@ -0,0 +1,9 @@
+module Proxy::Ipam
+  module DependencyInjection
+    include Proxy::DependencyInjection::Accessors
+
+    def container_instance
+      @container_instance ||= ::Proxy::Plugins.instance.find { |p| p[:name] == :externalipam }[:di_container]
+    end
+  end
+end

data/lib/smart_proxy_ipam/ip_cache.rb

@@ -0,0 +1,137 @@
+require 'yaml'
+require 'json'
+require 'monitor'
+require 'concurrent'
+require 'time'
+require 'smart_proxy_ipam/ipam_helper'
+require 'singleton'
+
+module Proxy::Ipam
+  # Class for managing temp in-memory cache to prevent same IP's being suggested in race conditions
+  class IpCache
+    include Singleton
+    include Proxy::Log
+    include Proxy::Ipam::IpamHelper
+
+    DEFAULT_CLEANUP_INTERVAL = 60
+
+    def initialize
+      @m = Monitor.new
+      init_cache
+      start_cleanup_task
+    end
+
+    def set_provider(provider)
+      @provider = provider
+    end
+
+    def get_provider
+      @provider
+    end
+
+    def set_group(group, value)
+      @ip_cache[group.to_sym] = value
+    end
+
+    def get_group(group)
+      @ip_cache[group.to_sym]
+    end
+
+    def get_cidr(group, cidr)
+      @ip_cache[group.to_sym][cidr.to_sym]
+    end
+
+    def get_ip(group_name, cidr, mac)
+      @ip_cache[group_name.to_sym][cidr.to_sym][mac.to_sym][:ip]
+    end
+
+    def get_cleanup_interval
+      DEFAULT_CLEANUP_INTERVAL
+    end
+
+    def ip_exists(ip, cidr, group_name)
+      cidr_key = @ip_cache[group_name.to_sym][cidr.to_sym]&.to_s
+      cidr_key.include?(ip.to_s)
+    end
+
+    def add(ip, mac, cidr, group_name)
+      logger.debug("Adding IP '#{ip}' to cache for subnet '#{cidr}' in group '#{group_name}' for IPAM provider #{@provider.to_s}")
+      @m.synchronize do
+        mac_addr = mac.nil? || mac.empty? ? SecureRandom.uuid : mac
+        group_hash = @ip_cache[group_name.to_sym]
+
+        group_hash.each do |key, values|
+          if values.keys.include? mac_addr.to_sym
+            @ip_cache[group_name.to_sym][key].delete(mac_addr.to_sym)
+          end
+          @ip_cache[group_name.to_sym].delete(key) if @ip_cache[group_name.to_sym][key].nil? || @ip_cache[group_name.to_sym][key].empty?
+        end
+
+        if group_hash.key?(cidr.to_sym)
+          @ip_cache[group_name.to_sym][cidr.to_sym][mac_addr.to_sym] = {ip: ip.to_s, timestamp: Time.now.to_s}
+        else
+          @ip_cache = @ip_cache.merge({group_name.to_sym => {cidr.to_sym => {mac_addr.to_sym => {ip: ip.to_s, timestamp: Time.now.to_s}}}})
+        end
+      end
+    end
+
+    private
+
+    def start_cleanup_task
+      logger.info("Starting ip cache maintenance for IPAM provider #{@provider.to_s}, used by /next_ip.")
+      @timer_task = Concurrent::TimerTask.new(execution_interval: DEFAULT_CLEANUP_INTERVAL) { init_cache }
+      @timer_task.execute
+    end
+
+    # @ip_cache structure
+    #
+    # Groups of subnets are cached under the External IPAM Group name. For example,
+    # "IPAM Group Name" would be the section name in phpIPAM. All IP's cached for subnets
+    # that do not have an External IPAM group specified, they are cached under the "" key. IP's
+    # are cached using one of two possible keys:
+    #    1). Mac Address
+    #    2). UUID (Used when Mac Address not specified)
+    #
+    # {
+    #   "": {
+    #     "100.55.55.0/24":{
+    #       "00:0a:95:9d:68:10": {"ip": "100.55.55.1", "timestamp": "2019-09-17 12:03:43 -D400"},
+    #       "906d8bdc-dcc0-4b59-92cb-665935e21662": {"ip": "100.55.55.2", "timestamp": "2019-09-17 11:43:22 -D400"}
+    #     },
+    #   },
+    #   "IPAM Group Name": {
+    #     "123.11.33.0/24":{
+    #       "00:0a:95:9d:68:33": {"ip": "123.11.33.1", "timestamp": "2019-09-17 12:04:43 -0400"},
+    #       "00:0a:95:9d:68:34": {"ip": "123.11.33.2", "timestamp": "2019-09-17 12:05:48 -0400"},
+    #       "00:0a:95:9d:68:35": {"ip": "123.11.33.3", "timestamp:: "2019-09-17 12:06:50 -0400"}
+    #     }
+    #   },
+    #   "Another IPAM Group": {
+    #     "185.45.39.0/24":{
+    #       "00:0a:95:9d:68:55": {"ip": "185.45.39.1", "timestamp": "2019-09-17 12:04:43 -0400"},
+    #       "00:0a:95:9d:68:56": {"ip": "185.45.39.2", "timestamp": "2019-09-17 12:05:48 -0400"}
+    #     }
+    #   }
+    # }
+    def init_cache
+      @m.synchronize do
+        if @ip_cache && !@ip_cache.empty?
+          logger.debug("Processing ip cache for IPAM provider #{@provider.to_s}")
+          @ip_cache.each do |group, subnets|
+            subnets.each do |cidr, macs|
+              macs.each do |mac, ip|
+                if Time.now - Time.parse(ip[:timestamp]) > DEFAULT_CLEANUP_INTERVAL
+                  @ip_cache[group][cidr].delete(mac)
+                end
+              end
+              @ip_cache[group].delete(cidr) if @ip_cache[group][cidr].nil? || @ip_cache[group][cidr].empty?
+            end
+          end
+        else
+          logger.debug("Clearing ip cache for IPAM provider #{@provider.to_s}")
+          @ip_cache = {'': {}}
+        end
+      end
+    end
+  end
+end

data/lib/smart_proxy_ipam/ipam.rb

@@ -1,11 +1,16 @@
-
 module Proxy::Ipam
-  class NotFound < RuntimeError; end
-
   class Plugin < ::Proxy::Plugin
-    plugin 'externalipam', Proxy::Ipam::VERSION
+    plugin :externalipam, Proxy::Ipam::VERSION
+
+    uses_provider
+    default_settings use_provider: 'externalipam_phpipam'
+
+    load_classes(proc do
+      require 'smart_proxy_ipam/dependency_injection'
+      require 'smart_proxy_ipam/ipam_api'
+    end)
 
-    http_rackup_path File.expand_path('ipam_http_config.ru', File.expand_path('../', __FILE__))
-    https_rackup_path File.expand_path('ipam_http_config.ru', File.expand_path('../', __FILE__))
+    http_rackup_path File.expand_path('ipam_http_config.ru', __dir__)
+    https_rackup_path File.expand_path('ipam_http_config.ru', __dir__)
   end
 end

data/lib/smart_proxy_ipam/ipam_api.rb

@@ -0,0 +1,390 @@
+require 'proxy/validations'
+require 'smart_proxy_ipam/ipam'
+require 'smart_proxy_ipam/ipam_helper'
+require 'smart_proxy_ipam/ipam_validator'
+require 'smart_proxy_ipam/dependency_injection'
+
+module Proxy::Ipam
+  # Generic API for External IPAM interactions
+  class Api < ::Sinatra::Base
+    extend Proxy::Ipam::DependencyInjection
+
+    include ::Proxy::Log
+    helpers ::Proxy::Helpers
+    include Proxy::Ipam::IpamHelper
+    include Proxy::Ipam::IpamValidator
+
+    inject_attr :externalipam_client, :client
+
+    # Gets the next available IP address based on a given External IPAM subnet
+    #
+    # Inputs:   1. address:          Network address of the subnet(e.g. 100.55.55.0)
+    #           2. prefix:           Network prefix(e.g. 24)
+    #           3. group(optional):  The External IPAM group
+    #
+    # Returns:
+    #   Response if success:
+    #   ======================
+    #     Http Code:     200
+    #     JSON Response:
+    #       "100.55.55.3"
+    #
+    #   Response if missing parameter(e.g. 'mac')
+    #   ======================
+    #     Http Code:     400
+    #     JSON Response:
+    #       {"error": ["A 'mac' address must be provided(e.g. 00:0a:95:9d:68:10)"]}
+    #
+    #   Response if no free ip's available
+    #   ======================
+    #     Http Code:     404
+    #     JSON Response:
+    #       {"error": "There are no free IP's in subnet 100.55.55.0/24"}
+    get '/subnet/:address/:prefix/next_ip' do
+      content_type :json
+
+      begin
+        validate_required_params!([:address, :prefix, :mac], params)
+
+        mac = validate_mac!(params[:mac])
+        cidr = validate_cidr!(params[:address], params[:prefix])
+        group_name = get_request_group(params)
+
+        next_ip = provider.get_next_ip(mac, cidr, group_name)
+        halt 404, { error: ERRORS[:no_free_ips] }.to_json if next_ip.nil?
+        next_ip.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Gets the subnet from External IPAM
+    #
+    # Inputs:   1. address:          Network address of the subnet
+    #           2. prefix:           Network prefix(e.g. 24)
+    #           3. group(optional):  The name of the External IPAM group
+    #
+    # Returns:
+    #   Response if subnet exists:
+    #   ===========================
+    #     Http Code:     200
+    #     JSON Response:
+    #       {"data": {
+    #         "id": "33",
+    #         "subnet": "10.20.30.0",
+    #         "description": "Subnet description",
+    #         "mask": "29"}
+    #       }
+    #
+    #   Response if subnet does not exist:
+    #   ===========================
+    #     Http Code:     404
+    #     JSON Response:
+    #       {"error": "No subnets found"}
+    get '/subnet/:address/:prefix' do
+      content_type :json
+
+      begin
+        validate_required_params!([:address, :prefix], params)
+
+        cidr = validate_cidr!(params[:address], params[:prefix])
+        group_name = get_request_group(params)
+        subnet = provider.get_ipam_subnet(cidr, group_name)
+
+        halt 404, { error: ERRORS[:no_subnet] }.to_json if subnet.nil?
+        subnet.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Get a list of groups from External IPAM
+    #
+    # Returns:
+    #   Response if success:
+    #   ===========================
+    #     Http Code:     200
+    #     JSON Response:
+    #       {"data": [
+    #         {"id": "1", "name": "Group 1", "description": "This is group 1"},
+    #         {"id": "2", "name": "Group 2", "description": "This is group 2"}
+    #       ]}
+    #
+    #   Response if no groups exist:
+    #   ===========================
+    #     Http Code:     404
+    #     JSON Response:
+    #       {"error": "Groups are not supported"}
+    #
+    #   Response if groups are not supported:
+    #   ===========================
+    #     Http Code:     500
+    #     JSON Response:
+    #       {"error": "Groups are not supported"}
+    get '/groups' do
+      content_type :json
+
+      begin
+        halt 500, { error: ERRORS[:groups_not_supported] }.to_json unless provider.groups_supported?
+        groups = provider.get_ipam_groups
+        groups.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Get a group from External IPAM
+    #
+    # Inputs:   1. group:       The name of the External IPAM group
+    #
+    # Returns:
+    #   Response if success:
+    #   ===========================
+    #     Http Code:     200
+    #     JSON Response:
+    #       {"data": {"id": "1", "name": "Group 1", "description": "This is group 1"}}
+    #
+    #   Response if group not found:
+    #   ===========================
+    #     Http Code:     404
+    #     JSON Response:
+    #       {"error": "Group not Found"}
+    #
+    #   Response if groups are not supported:
+    #   ===========================
+    #     Http Code:     500
+    #     JSON Response:
+    #       {"error": "Groups are not supported"}
+    get '/groups/:group' do
+      content_type :json
+
+      begin
+        validate_required_params!([:group], params)
+
+        group_name = get_request_group(params)
+        group = provider.get_ipam_group(group_name)
+
+        halt 404, { error: ERRORS[:no_group] }.to_json if group.nil?
+        group.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Get a list of subnets for a given External IPAM group
+    #
+    # Input:   1. group:         The name of the External IPAM group
+    #
+    # Returns:
+    #   Response if success:
+    #   ===========================
+    #     Http Code:     200
+    #     JSON Response:
+    #       {"data":[
+    #         {"subnet":"10.20.30.0","mask":"29","description":"This is a subnet"},
+    #         {"subnet":"40.50.60.0","mask":"29","description":"This is another subnet"}
+    #       ]}
+    #
+    #   Response if no subnets exist in group:
+    #   ===========================
+    #     Http Code:     404
+    #     JSON Response:
+    #       {"error": "No subnets found in External IPAM group"}
+    #
+    #   Response if groups are not supported:
+    #   ===========================
+    #     Http Code:     500
+    #     JSON Response:
+    #       {"error": "Groups are not supported"}
+    get '/groups/:group/subnets' do
+      content_type :json
+
+      begin
+        validate_required_params!([:group], params)
+
+        group_name = get_request_group(params)
+        subnets = provider.get_ipam_subnets(group_name)
+
+        halt 404, { error: ERRORS[:no_subnets_in_group] }.to_json if subnets.nil?
+        subnets.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Checks whether an IP address has already been taken in External IPAM
+    #
+    # Inputs: 1. address:         The network address of the IPv4 or IPv6 subnet.
+    #         2. prefix:          The subnet prefix(e.g. 24)
+    #         3. ip:              IP address to be queried
+    #         4. group(optional): The name of the External IPAM Group, containing the subnet to check
+    #
+    # Returns:
+    #   Response if exists:
+    #   ===========================
+    #     Http Code:  200
+    #     Response:   true
+    #
+    #   Response if not exists:
+    #   ===========================
+    #     Http Code:      200
+    #     JSON Response:  false
+    get '/subnet/:address/:prefix/:ip' do
+      content_type :json
+
+      begin
+        validate_required_params!([:address, :prefix, :ip], params)
+
+        ip = validate_ip!(params[:ip])
+        cidr = validate_cidr!(params[:address], params[:prefix])
+        group_name = get_request_group(params)
+        subnet = provider.get_ipam_subnet(cidr, group_name)
+
+        halt 404, { error: ERRORS[:no_subnet] }.to_json if subnet.nil?
+        validate_ip_in_cidr!(ip, cidr)
+        ip_exists = provider.ip_exists?(ip, subnet[:id], group_name)
+        halt 200, ip_exists.to_json
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Adds an IP address to the specified subnet for the specified IPAM provider
+    #
+    # Params: 1. address:         The network address of the IPv4 or IPv6 subnet
+    #         2. prefix:          The subnet prefix(e.g. 24)
+    #         3. ip:              IP address to be added
+    #         4. group(optional): The name of the External IPAM Group, containing the subnet to add ip to
+    #
+    # Returns:
+    #   Response if added successfully:
+    #   ===========================
+    #     Http Code:  201
+    #     Response:   Empty
+    #
+    #   Response if not added successfully:
+    #   ===========================
+    #     Http Code:  500
+    #     JSON Response:
+    #       {"error": "Unable to add IP to External IPAM"}
+    post '/subnet/:address/:prefix/:ip' do
+      content_type :json
+
+      begin
+        validate_required_params!([:address, :ip, :prefix], params)
+
+        ip = validate_ip!(params[:ip])
+        cidr = validate_cidr!(params[:address], params[:prefix])
+        group_name = get_request_group(params)
+        subnet = provider.get_ipam_subnet(cidr, group_name)
+
+        halt 404, { error: ERRORS[:no_subnet] }.to_json if subnet.nil?
+        add_ip_params = { cidr: cidr, subnet_id: subnet[:id], group_name: group_name }
+        validate_ip_in_cidr!(ip, cidr)
+
+        ip_added = provider.add_ip_to_subnet(ip, add_ip_params) # Returns nil on success
+        halt 500, ip_added.to_json unless ip_added.nil?
+        status 201
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+
+    # Deletes IP address from a given subnet
+    #
+    # Params: 1. address:         The network address of the IPv4 or IPv6 subnet
+    #         2. prefix:          The subnet prefix(e.g. 24)
+    #         3. ip:              IP address to be deleted
+    #         4. group(optional): The name of the External IPAM Group, containing the subnet to delete ip from
+    #
+    # Returns:
+    #   Response if deleted successfully:
+    #   ===========================
+    #     Http Code:  200
+    #     Response:   Empty
+    #
+    #   Response if not added successfully:
+    #   ===========================
+    #     Http Code:  500
+    #     JSON Response:
+    #       {"error": "Unable to delete IP from External IPAM"}
+    delete '/subnet/:address/:prefix/:ip' do
+      content_type :json
+
+      begin
+        validate_required_params!([:address, :ip, :prefix], params)
+
+        ip = validate_ip!(params[:ip])
+        cidr = validate_cidr!(params[:address], params[:prefix])
+        group_name = get_request_group(params)
+        subnet = provider.get_ipam_subnet(cidr, group_name)
+
+        halt 404, { error: ERRORS[:no_subnet] }.to_json if subnet.nil?
+        del_ip_params = { cidr: cidr, subnet_id: subnet[:id], group_name: group_name }
+        validate_ip_in_cidr!(ip, cidr)
+
+        ip_deleted = provider.delete_ip_from_subnet(ip, del_ip_params) # Returns nil on success
+        halt 500, ip_deleted.to_json unless ip_deleted.nil?
+        halt 204
+      rescue Proxy::Validations::Error => e
+        logger.warn(e.message)
+        halt 400, { error: e.to_s }.to_json
+      rescue RuntimeError => e
+        logger.warn(e.message)
+        halt 500, { error: e.message }.to_json
+      rescue Errno::ECONNREFUSED, Errno::ECONNRESET
+        logger.warn(ERRORS[:no_connection])
+        halt 500, { error: ERRORS[:no_connection] }.to_json
+      end
+    end
+  end
+end