smart_proxy_ipam 0.0.19 → 0.1.1

data/lib/smart_proxy_ipam/ipam_helper.rb

@@ -0,0 +1,110 @@
+# Module containing helper methods for use by all External IPAM provider implementations
+module Proxy::Ipam::IpamHelper
+  include ::Proxy::Validations
+
+  MAX_IP_RETRIES = 5
+  ERRORS = {
+    cidr: "A 'cidr' parameter for the subnet must be provided(e.g. IPv4: 100.10.10.0/24, IPv6: 2001:db8:abcd:12::/124)",
+    mac: "A 'mac' address must be provided(e.g. 00:0a:95:9d:68:10)",
+    ip: "Missing 'ip' parameter. An IPv4 or IPv6 address must be provided(e.g. IPv4: 100.10.10.22, IPv6: 2001:db8:abcd:12::3)",
+    group_name: "A 'group_name' must be provided",
+    no_ip: 'IP address not found',
+    no_free_ips: 'No free addresses found',
+    no_connection: 'Unable to connect to External IPAM server',
+    no_group: 'Group not found in External IPAM',
+    no_groups: 'No groups found in External IPAM',
+    no_subnet: 'Subnet not found in External IPAM',
+    no_subnets_in_group: 'No subnets found in External IPAM group',
+    provider: "The IPAM provider must be specified(e.g. 'phpipam' or 'netbox')",
+    groups_not_supported: 'Groups are not supported',
+    add_ip: 'Error adding IP to External IPAM',
+    bad_mac: 'Mac address is invalid',
+    bad_ip: 'IP address is invalid',
+    bad_cidr: 'The network cidr is invalid'
+  }.freeze
+
+  def provider
+    @provider ||=
+      begin
+        unless client.authenticated?
+          halt 500, { error: 'Invalid credentials for External IPAM' }.to_json
+        end
+        client
+      end
+  end
+
+  # Called when next available IP from External IPAM has been cached by another user/host, but
+  # not actually persisted in External IPAM yet. This method will increment the IP, up to
+  # MAX_IP_RETRIES times, and check if it is available in External IPAM each iteration. It
+  # will return the original IP(the 'ip' param) if no new IP's are found after MAX_IP_RETRIES
+  # iterations.
+  def find_new_ip(ip_cache, subnet_id, ip, mac, cidr, group_name)
+    found_ip = nil
+    temp_ip = ip
+    retry_count = 0
+
+    loop do
+      new_ip = increment_ip(temp_ip)
+      ipam_ip = ip_exists?(new_ip, subnet_id, group_name)
+
+      # If new IP doesn't exist in IPAM and not in the cache
+      if !ipam_ip && !ip_cache.ip_exists(new_ip, cidr, group_name)
+        found_ip = new_ip.to_s
+        ip_cache.add(found_ip, mac, cidr, group_name)
+        break
+      end
+
+      temp_ip = new_ip
+      retry_count += 1
+      break if retry_count >= MAX_IP_RETRIES
+    end
+
+    return ip if found_ip.nil?
+
+    found_ip
+  end
+
+  # Checks the cache for existing ip, and returns it if it exists. If not exists, it will
+  # find a new ip (using find_new_ip), and it is added to the cache.
+  def cache_next_ip(ip_cache, ip, mac, cidr, subnet_id, group_name)
+    group = group_name.nil? ? '' : group_name
+    ip_cache.set_group(group, {}) if ip_cache.get_group(group).nil?
+    subnet_hash = ip_cache.get_cidr(group, cidr)
+    next_ip = nil
+
+    if subnet_hash&.key?(mac.to_sym)
+      next_ip = ip_cache.get_ip(group, cidr, mac)
+    else
+      new_ip = ip
+      ip_not_in_cache = subnet_hash.nil? ? true : !subnet_hash.to_s.include?(new_ip.to_s)
+
+      if ip_not_in_cache
+        next_ip = new_ip.to_s
+        ip_cache.add(new_ip, mac, cidr, group)
+      else
+        next_ip = find_new_ip(ip_cache, subnet_id, new_ip, mac, cidr, group)
+      end
+
+      unless usable_ip(next_ip, cidr)
+        return { error: "No free addresses found in subnet #{cidr}. Some available ip's may be cached. Try again in #{@ip_cache.get_cleanup_interval} seconds after cache is cleared." }
+      end
+    end
+
+    {data: next_ip}
+  end
+
+  def increment_ip(ip)
+    IPAddr.new(ip.to_s).succ.to_s
+  end
+
+  def usable_ip(ip, cidr)
+    network = IPAddr.new(cidr)
+    network.include?(IPAddr.new(ip)) && network.to_range.last != ip
+  end
+
+  def get_request_group(params)
+    group = params[:group] ? URI.escape(params[:group]) : nil
+    halt 500, { error: errors[:groups_not_supported] }.to_json if group && !provider.groups_supported?
+    group
+  end
+end

data/lib/smart_proxy_ipam/ipam_http_config.ru

@@ -1,6 +1,5 @@
-
-require 'smart_proxy_ipam/phpipam/phpipam_api'
+require 'smart_proxy_ipam/ipam_api'
 
 map '/ipam' do
-  run Proxy::Phpipam::Api
+  run Proxy::Ipam::Api
 end

data/lib/smart_proxy_ipam/ipam_validator.rb

@@ -0,0 +1,48 @@
+require 'resolv'
+
+# Module containing validation methods for use by all External IPAM provider implementations
+module Proxy::Ipam::IpamValidator
+  include ::Proxy::Validations
+  include Proxy::Ipam::IpamHelper
+
+  def validate_required_params!(required_params, params)
+    err = []
+    required_params.each do |param|
+      unless params[param.to_sym]
+        err.push errors[param.to_sym]
+      end
+    end
+    raise Proxy::Validations::Error, err unless err.empty?
+  end
+
+  def validate_ip!(ip)
+    good_ip = ip =~ Regexp.union([Resolv::IPv4::Regex, Resolv::IPv6::Regex])
+    raise Proxy::Validations::Error, ERRORS[:bad_ip] if good_ip.nil?
+    ip
+  end
+
+  def validate_cidr!(address, prefix)
+    cidr = "#{address}/#{prefix}"
+    network = IPAddr.new(cidr).to_s
+    if IPAddr.new(cidr).to_s != IPAddr.new(address).to_s
+      raise Proxy::Validations::Error, "Network address #{address} should be #{network} with prefix #{prefix}"
+    end
+    cidr
+  rescue IPAddr::Error => e
+    raise Proxy::Validations::Error, e.to_s
+  end
+
+  def validate_ip_in_cidr!(ip, cidr)
+    unless IPAddr.new(cidr).include?(IPAddr.new(ip))
+      raise Proxy::Validations::Error.new, "IP #{ip} is not in #{cidr}"
+    end
+  end
+
+  def validate_mac!(mac)
+    raise Proxy::Validations::Error.new, ERRORS[:mac] if mac.nil? || mac.empty?
+    unless mac.match(/^([0-9a-fA-F]{2}[:]){5}[0-9a-fA-F]{2}$/i)
+      raise Proxy::Validations::Error.new, ERRORS[:bad_mac]
+    end
+    mac
+  end
+end

data/lib/smart_proxy_ipam/netbox/netbox_client.rb

@@ -0,0 +1,198 @@
+require 'yaml'
+require 'json'
+require 'net/http'
+require 'uri'
+require 'sinatra'
+require 'smart_proxy_ipam/ipam'
+require 'smart_proxy_ipam/ipam_helper'
+require 'smart_proxy_ipam/ipam_validator'
+require 'smart_proxy_ipam/api_resource'
+require 'smart_proxy_ipam/ip_cache'
+
+module Proxy::Netbox
+  # Implementation class for External IPAM provider Netbox
+  class NetboxClient
+    include Proxy::Log
+    include Proxy::Ipam::IpamHelper
+    include Proxy::Ipam::IpamValidator
+
+    def initialize(conf)
+      @api_base = "#{conf[:url]}/api/"
+      @token = conf[:token]
+      @api_resource = Proxy::Ipam::ApiResource.new(api_base: @api_base, token: "Token #{@token}")
+      @ip_cache = Proxy::Ipam::IpCache.instance
+      @ip_cache.set_provider('netbox')
+    end
+
+    def get_ipam_subnet(cidr, group_name = nil)
+      if group_name.nil? || group_name.empty?
+        get_ipam_subnet_by_cidr(cidr)
+      else
+        group_id = get_group_id(group_name)
+        get_ipam_subnet_by_group(cidr, group_id)
+      end
+    end
+
+    def get_ipam_subnet_by_group(cidr, group_id)
+      params = URI.encode_www_form({ status: 'active', prefix: cidr, vrf_id: group_id })
+      response = @api_resource.get("ipam/prefixes/?#{params}")
+      json_body = JSON.parse(response.body)
+      return nil if json_body['count'].zero?
+      subnet = subnet_from_result(json_body['results'][0])
+      return subnet if json_body['results']
+    end
+
+    def get_ipam_subnet_by_cidr(cidr)
+      params = URI.encode_www_form({ status: 'active', prefix: cidr })
+      response = @api_resource.get("ipam/prefixes/?#{params}")
+      json_body = JSON.parse(response.body)
+      return nil if json_body['count'].zero?
+      subnet = subnet_from_result(json_body['results'][0])
+      return subnet if json_body['results']
+    end
+
+    def get_ipam_groups
+      response = @api_resource.get('ipam/vrfs/')
+      json_body = JSON.parse(response.body)
+      groups = []
+
+      return groups if json_body['count'].zero?
+
+      json_body['results'].each do |group|
+        groups.push({
+          name: group['name'],
+          description: group['description']
+        })
+      end
+
+      groups
+    end
+
+    def get_ipam_group(group_name)
+      raise ERRORS[:groups_not_supported] unless groups_supported?
+      params = URI.encode_www_form({ name: group_name })
+      response = @api_resource.get("ipam/vrfs/?#{params}")
+      json_body = JSON.parse(response.body)
+      return nil if json_body['count'].zero?
+
+      group = {
+        id: json_body['results'][0]['id'],
+        name: json_body['results'][0]['name'],
+        description: json_body['results'][0]['description']
+      }
+
+      return group if json_body['results']
+    end
+
+    def get_group_id(group_name)
+      return nil if group_name.nil? || group_name.empty?
+      group = get_ipam_group(group_name)
+      raise ERRORS[:no_group] if group.nil?
+      group[:id]
+    end
+
+    def get_ipam_subnets(group_name)
+      if group_name.nil?
+        params = URI.encode_www_form({ status: 'active' })
+      else
+        group_id = get_group_id(group_name)
+        params = URI.encode_www_form({ status: 'active', vrf_id: group_id })
+      end
+
+      response = @api_resource.get("ipam/prefixes/?#{params}")
+      json_body = JSON.parse(response.body)
+      return nil if json_body['count'].zero?
+      subnets = []
+
+      json_body['results'].each do |subnet|
+        subnets.push({
+          subnet: subnet['prefix'].split('/').first,
+          mask: subnet['prefix'].split('/').last,
+          description: subnet['description'],
+          id: subnet['id']
+        })
+      end
+
+      return subnets if json_body['results']
+    end
+
+    def ip_exists?(ip, subnet_id, group_name)
+      group_id = get_group_id(group_name)
+      url = "ipam/ip-addresses/?#{URI.encode_www_form({ address: ip })}"
+      url += "&#{URI.encode_www_form({ prefix_id: subnet_id })}" unless subnet_id.nil?
+      url += "&#{URI.encode_www_form({ vrf_id: group_id })}" unless group_id.nil?
+      response = @api_resource.get(url)
+      json_body = JSON.parse(response.body)
+      return false if json_body['count'].zero?
+      true
+    end
+
+    def add_ip_to_subnet(ip, params)
+      desc = 'Address auto added by Foreman'
+      address = "#{ip}/#{params[:cidr].split('/').last}"
+      group_name = params[:group_name]
+
+      if group_name.nil? || group_name.empty?
+        data = { address: address, nat_outside: 0, description: desc }
+      else
+        group_id = get_group_id(group_name)
+        data = { vrf: group_id, address: address, nat_outside: 0, description: desc }
+      end
+
+      response = @api_resource.post('ipam/ip-addresses/', data.to_json)
+      return nil if response.code == '201'
+      { error: "Unable to add #{address} in External IPAM server" }
+    end
+
+    def delete_ip_from_subnet(ip, params)
+      group_name = params[:group_name]
+
+      if group_name.nil? || group_name.empty?
+        params = URI.encode_www_form({ address: ip })
+      else
+        group_id = get_group_id(group_name)
+        params = URI.encode_www_form({ address: ip, vrf_id: group_id })
+      end
+
+      response = @api_resource.get("ipam/ip-addresses/?#{params}")
+      json_body = JSON.parse(response.body)
+
+      return { error: ERRORS[:no_ip] } if json_body['count'].zero?
+
+      address_id = json_body['results'][0]['id']
+      response = @api_resource.delete("ipam/ip-addresses/#{address_id}/")
+      return nil if response.code == '204'
+      { error: "Unable to delete #{ip} in External IPAM server" }
+    end
+
+    def get_next_ip(mac, cidr, group_name)
+      subnet = get_ipam_subnet(cidr, group_name)
+      raise ERRORS[:no_subnet] if subnet.nil?
+      response = @api_resource.get("ipam/prefixes/#{subnet[:id]}/available-ips/?limit=1")
+      json_body = JSON.parse(response.body)
+      return nil if json_body.empty?
+      ip = json_body[0]['address'].split('/').first
+      next_ip = cache_next_ip(@ip_cache, ip, mac, cidr, subnet[:id], group_name)
+      { data: next_ip }
+    end
+
+    def groups_supported?
+      true
+    end
+
+    def authenticated?
+      !@token.nil?
+    end
+
+    private
+
+    def subnet_from_result(result)
+      {
+        subnet: result['prefix'].split('/').first,
+        mask: result['prefix'].split('/').last,
+        description: result['description'],
+        id: result['id']
+      }
+    end
+  end
+end

data/lib/smart_proxy_ipam/netbox/netbox_plugin.rb

@@ -0,0 +1,17 @@
+module Proxy::Netbox
+  class Plugin < ::Proxy::Provider
+    plugin :externalipam_netbox, Proxy::Ipam::VERSION
+
+    requires :externalipam, Proxy::Ipam::VERSION
+    validate :url, url: true
+    validate_presence :token
+
+    load_classes(proc do
+      require 'smart_proxy_ipam/netbox/netbox_client'
+    end)
+
+    load_dependency_injection_wirings(proc do |container_instance, settings|
+      container_instance.dependency :externalipam_client, -> { ::Proxy::Netbox::NetboxClient.new(settings) }
+    end)
+  end
+end

data/lib/smart_proxy_ipam/phpipam/phpipam_client.rb

@@ -1,341 +1,184 @@
 require 'yaml'
-require 'json' 
+require 'json'
 require 'net/http'
-require 'monitor'
-require 'concurrent'
-require 'time'
 require 'uri'
+require 'sinatra'
 require 'smart_proxy_ipam/ipam'
-require 'smart_proxy_ipam/ipam_main'
-require 'smart_proxy_ipam/phpipam/phpipam_helper'
+require 'smart_proxy_ipam/ipam_helper'
+require 'smart_proxy_ipam/ipam_validator'
+require 'smart_proxy_ipam/api_resource'
+require 'smart_proxy_ipam/ip_cache'
 
 module Proxy::Phpipam
+  # Implementation class for External IPAM provider phpIPAM
   class PhpipamClient
     include Proxy::Log
-    include PhpipamHelper
+    include Proxy::Ipam::IpamHelper
+    include Proxy::Ipam::IpamValidator
 
-    MAX_RETRIES = 5
-    DEFAULT_CLEANUP_INTERVAL = 60  # 2 mins
-    @@ip_cache = nil
-    @@timer_task = nil
-
-    def initialize 
-      @conf = Proxy::Ipam.get_config[:phpipam]
+    def initialize(conf)
+      @conf = conf
       @api_base = "#{@conf[:url]}/api/#{@conf[:user]}/"
-      @token = nil
-      @@m = Monitor.new
-      init_cache if @@ip_cache.nil?
-      start_cleanup_task if @@timer_task.nil?
+      @token = authenticate
+      @api_resource = Proxy::Ipam::ApiResource.new(api_base: @api_base, token: @token, auth_header: 'Token')
+      @ip_cache = Proxy::Ipam::IpCache.instance
+      @ip_cache.set_provider('phpipam')
     end
 
-    def get_subnet(cidr, section_name = nil)
-      if section_name.nil? || section_name.empty?
-        get_subnet_by_cidr(cidr)
+    def get_ipam_subnet(cidr, group_name = nil)
+      if group_name.nil? || group_name.empty?
+        get_ipam_subnet_by_cidr(cidr)
       else
-        get_subnet_by_section(cidr, section_name)
+        group = get_ipam_group(group_name)
+        get_ipam_subnet_by_group(cidr, group[:id])
       end
     end
 
-    def get_subnet_by_section(cidr, section_name, include_id = true)
-      section = JSON.parse(get_section(section_name))
-      subnets = JSON.parse(get_subnets(section['data']['id'], include_id))
+    def get_ipam_subnet_by_group(cidr, group_id)
+      subnets = get_ipam_subnets(group_id)
+      return nil if subnets.nil?
       subnet_id = nil
 
-      subnets['data'].each do |subnet|
-        subnet_cidr = subnet['subnet'] + '/' + subnet['mask']
-        subnet_id = subnet['id'] if subnet_cidr == cidr
+      subnets.each do |subnet|
+        subnet_cidr = "#{subnet[:subnet]}/#{subnet[:mask]}"
+        subnet_id = subnet[:id] if subnet_cidr == cidr
       end
-      
-      return {:code => 404, :error => "No subnet #{cidr} found in section #{URI.unescape(section_name)}"}.to_json if subnet_id.nil?
-      
-      response = get("subnets/#{subnet_id.to_s}/")
-      json_body = JSON.parse(response.body)
-      json_body['data'] = filter_hash(json_body['data'], [:id, :subnet, :mask, :description]) if json_body['data']
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
 
-    def get_subnet_by_cidr(cidr)
-      response = get("subnets/cidr/#{cidr.to_s}")
+      return nil if subnet_id.nil?
+      response = @api_resource.get("subnets/#{subnet_id}/")
       json_body = JSON.parse(response.body)
-      json_body['data'] = filter_fields(json_body, [:id, :subnet, :description, :mask])[0]
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
-
-    def get_section(section_name)
-      response = get("sections/#{section_name}/")
-      json_body = JSON.parse(response.body)
-      json_body['data'] = filter_hash(json_body['data'], [:id, :name, :description]) if json_body['data']
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
 
-    def get_sections
-      response = get('sections/')
-      json_body = JSON.parse(response.body)
-      json_body['data'] = filter_fields(json_body, [:id, :name, :description]) if json_body['data']
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
+      data = {
+        id: json_body['data']['id'],
+        subnet: json_body['data']['subnet'],
+        mask: json_body['data']['mask'],
+        description: json_body['data']['description']
+      }
 
-    def get_subnets(section_id, include_id = true)
-      response = get("sections/#{section_id}/subnets/")
-      fields = [:subnet, :mask, :description]
-      fields.push(:id) if include_id
-      json_body = JSON.parse(response.body)
-      json_body['data'] = filter_fields(json_body, fields) if json_body['data']
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
+      return data if json_body['data']
     end
 
-    def ip_exists(ip, subnet_id)
-      response = get("subnets/#{subnet_id.to_s}/addresses/#{ip}/")
-      json_body = JSON.parse(response.body)
-      json_body['data'] = filter_fields(json_body, [:ip]) if json_body['data']
-      json_body = filter_hash(json_body, [:code, :data, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
+    def get_ipam_subnet_by_cidr(cidr)
+      subnet = @api_resource.get("subnets/cidr/#{cidr}")
+      json_body = JSON.parse(subnet.body)
+      return nil if json_body['data'].nil?
 
-    def add_ip_to_subnet(ip, subnet_id, desc)
-      data = {:subnetId => subnet_id, :ip => ip, :description => desc}
-      response = post('addresses/', data)
-      json_body = JSON.parse(response.body)
-      json_body = filter_hash(json_body, [:code, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
+      data = {
+        id: json_body['data'][0]['id'],
+        subnet: json_body['data'][0]['subnet'],
+        mask: json_body['data'][0]['mask'],
+        description: json_body['data'][0]['description']
+      }
 
-    def delete_ip_from_subnet(ip, subnet_id)
-      response = delete("addresses/#{ip}/#{subnet_id.to_s}/") 
-      json_body = JSON.parse(response.body)
-      json_body = filter_hash(json_body, [:code, :error, :message])
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
+      return data if json_body['data']
     end
 
-    def get_next_ip(subnet_id, mac, cidr, section_name)
-      response = get("subnets/#{subnet_id.to_s}/first_free/")
-      json_body = JSON.parse(response.body)
-      section = section_name.nil? ? "" : section_name
-      @@ip_cache[section.to_sym] = {} if @@ip_cache[section.to_sym].nil?
-      subnet_hash = @@ip_cache[section.to_sym][cidr.to_sym]
-
-      return {:code => json_body['code'], :error => json_body['message']}.to_json if json_body['message']
-
-      if subnet_hash && subnet_hash.key?(mac.to_sym)
-        json_body['data'] = @@ip_cache[section_name.to_sym][cidr.to_sym][mac.to_sym][:ip]
-      else
-        next_ip = nil
-        new_ip = json_body['data']
-        ip_not_in_cache = subnet_hash.nil? ? true : !subnet_hash.to_s.include?(new_ip.to_s)
-
-        if ip_not_in_cache
-          next_ip = new_ip.to_s
-          add_ip_to_cache(new_ip, mac, cidr, section)
-        else
-          next_ip = find_new_ip(subnet_id, new_ip, mac, cidr, section)
-        end
-
-        return {:code => 404, :error => "Unable to find another available IP address in subnet #{cidr}"}.to_json if next_ip.nil?
-        return {:code => 404, :error => "It is possible that there are no more free addresses in subnet #{cidr}. Available IP's may be cached, and could become available after in-memory IP cache is cleared(up to #{DEFAULT_CLEANUP_INTERVAL} seconds)."}.to_json unless usable_ip(next_ip, cidr)
-
-        json_body['data'] = next_ip
-      end
-
-      json_body = {:code => json_body['code'], :data => json_body['data']}
+    def get_ipam_group(group_name)
+      return nil if group_name.nil?
+      group = @api_resource.get("sections/#{group_name}/")
+      json_body = JSON.parse(group.body)
+      raise ERRORS[:no_group] if json_body['data'].nil?
 
-      response.body = json_body.to_json
-      response.header['Content-Length'] = json_body.to_s.length
-      response.body
-    end
+      data = {
+        id: json_body['data']['id'],
+        name: json_body['data']['name'],
+        description: json_body['data']['description']
+      }
 
-    def start_cleanup_task
-      logger.info("Starting allocated ip address maintenance (used by get_next_ip call).")
-      @@timer_task = Concurrent::TimerTask.new(:execution_interval => DEFAULT_CLEANUP_INTERVAL) { init_cache }
-      @@timer_task.execute
+      return data if json_body['data']
     end
 
-    private
+    def get_ipam_groups
+      groups = @api_resource.get('sections/')
+      json_body = JSON.parse(groups.body)
+      return [] if json_body['data'].nil?
 
-    # @@ip_cache structure
-    # 
-    # Groups of subnets are cached under the External IPAM Group name. For example,
-    # "IPAM Group Name" would be the section name in phpIPAM. All IP's cached for subnets
-    # that do not have an External IPAM group specified, they are cached under the "" key. IP's 
-    # are cached using one of two possible keys: 
-    #    1). Mac Address
-    #    2). UUID (Used when Mac Address not specified)
-    #
-    # {  
-    #   "": {
-    #     "100.55.55.0/24":{  
-    #       "00:0a:95:9d:68:10": {"ip": "100.55.55.1", "timestamp": "2019-09-17 12:03:43 -D400"},
-    #       "906d8bdc-dcc0-4b59-92cb-665935e21662": {"ip": "100.55.55.2", "timestamp": "2019-09-17 11:43:22 -D400"}
-    #     },
-    #   },
-    #   "IPAM Group Name": {
-    #     "123.11.33.0/24":{  
-    #       "00:0a:95:9d:68:33": {"ip": "123.11.33.1", "timestamp": "2019-09-17 12:04:43 -0400"},
-    #       "00:0a:95:9d:68:34": {"ip": "123.11.33.2", "timestamp": "2019-09-17 12:05:48 -0400"},
-    #       "00:0a:95:9d:68:35": {"ip": "123.11.33.3", "timestamp:: "2019-09-17 12:06:50 -0400"}
-    #     }
-    #   },
-    #   "Another IPAM Group": {
-    #     "185.45.39.0/24":{  
-    #       "00:0a:95:9d:68:55": {"ip": "185.45.39.1", "timestamp": "2019-09-17 12:04:43 -0400"},
-    #       "00:0a:95:9d:68:56": {"ip": "185.45.39.2", "timestamp": "2019-09-17 12:05:48 -0400"}
-    #     }
-    #   }
-    # }
-    def init_cache
-      @@m.synchronize do
-        if @@ip_cache and not @@ip_cache.empty?
-          logger.debug("Processing ip cache.")
-          @@ip_cache.each do |section, subnets|
-            subnets.each do |cidr, macs|
-              macs.each do |mac, ip|
-                if Time.now - Time.parse(ip[:timestamp]) > DEFAULT_CLEANUP_INTERVAL
-                  @@ip_cache[section][cidr].delete(mac)
-                end
-              end
-              @@ip_cache[section].delete(cidr) if @@ip_cache[section][cidr].nil? or @@ip_cache[section][cidr].empty?
-            end
-          end
-        else
-          logger.debug("Clearing ip cache.")
-          @@ip_cache = {:"" => {}}
-        end
+      data = []
+      json_body['data'].each do |group|
+        data.push({
+          id: group['id'],
+          name: group['name'],
+          description: group['description']
+        })
       end
-    end
 
-    def add_ip_to_cache(ip, mac, cidr, section_name)
-      logger.debug("Adding IP #{ip} to cache for subnet #{cidr} in section #{section_name}")
-      @@m.synchronize do
-        # Clear cache data which has the same mac and ip with the new one 
-
-        mac_addr = (mac.nil? || mac.empty?) ? SecureRandom.uuid : mac
-        section_hash = @@ip_cache[section_name.to_sym]
-
-        section_hash.each do |key, values|
-          if values.keys.include? mac_addr.to_sym
-            @@ip_cache[section_name.to_sym][key].delete(mac_addr.to_sym)
-          end
-          @@ip_cache[section_name.to_sym].delete(key) if @@ip_cache[section_name.to_sym][key].nil? or @@ip_cache[section_name.to_sym][key].empty?
-        end   
-      
-        if section_hash.key?(cidr.to_sym)
-          @@ip_cache[section_name.to_sym][cidr.to_sym][mac_addr.to_sym] = {:ip => ip.to_s, :timestamp => Time.now.to_s}
-        else
-          @@ip_cache = @@ip_cache.merge({section_name.to_sym => {cidr.to_sym => {mac_addr.to_sym => {:ip => ip.to_s, :timestamp => Time.now.to_s}}}})
-        end
-      end
+      return data if json_body['data']
     end
 
-    # Called when next available IP from external IPAM has been cached by another user/host, but 
-    # not actually persisted in external IPAM. Will increment the IP(MAX_RETRIES times), and 
-    # see if it is available in external IPAM.
-    def find_new_ip(subnet_id, ip, mac, cidr, section_name)
-      found_ip = nil
-      temp_ip = ip
-      retry_count = 0
+    def get_ipam_subnets(group_name)
+      group = get_ipam_group(group_name)
+      raise ERRORS[:no_group] if group.nil?
+      subnets = @api_resource.get("sections/#{group[:id]}/subnets/")
+      json_body = JSON.parse(subnets.body)
+      return nil if json_body['data'].nil?
 
-      loop do
-        new_ip = increment_ip(temp_ip)
-        verify_ip = JSON.parse(ip_exists(new_ip, subnet_id))
-
-        # If new IP doesn't exist in IPAM and not in the cache
-        if ip_not_found_in_ipam?(verify_ip) && !ip_exists_in_cache(new_ip, cidr, mac, section_name)
-          found_ip = new_ip.to_s
-          add_ip_to_cache(found_ip, mac, cidr, section_name)
-          break
-        end
-
-        temp_ip = new_ip
-        retry_count += 1
-        break if retry_count >= MAX_RETRIES
+      data = []
+      json_body['data'].each do |subnet|
+        data.push({
+          id: subnet['id'],
+          subnet: subnet['subnet'],
+          mask: subnet['mask'],
+          description: subnet['description']
+        })
       end
 
-      # Return the original IP found in external ipam if no new ones found after MAX_RETRIES
-      return ip if found_ip.nil?
-
-      found_ip
+      return data if json_body['data']
     end
 
-    def increment_ip(ip)
-      IPAddr.new(ip.to_s).succ.to_s
+    def ip_exists?(ip, subnet_id, _group_name)
+      ip = @api_resource.get("subnets/#{subnet_id}/addresses/#{ip}/")
+      json_body = JSON.parse(ip.body)
+      json_body['success']
     end
 
-    def ip_exists_in_cache(ip, cidr, mac, section_name)
-      @@ip_cache[section_name.to_sym][cidr.to_sym] && @@ip_cache[section_name.to_sym][cidr.to_sym].to_s.include?(ip.to_s)      
+    def add_ip_to_subnet(ip, params)
+      data = { subnetId: params[:subnet_id], ip: ip, description: 'Address auto added by Foreman' }
+      subnet = @api_resource.post('addresses/', data.to_json)
+      json_body = JSON.parse(subnet.body)
+      return nil if json_body['code'] == 201
+      { error: 'Unable to add IP to External IPAM' }
     end
 
-    # Checks if given IP is within a subnet. Broadcast address is considered unusable
-    def usable_ip(ip, cidr)
-      network = IPAddr.new(cidr)
-      network.include?(IPAddr.new(ip)) && network.to_range.last != ip
+    def delete_ip_from_subnet(ip, params)
+      subnet = @api_resource.delete("addresses/#{ip}/#{params[:subnet_id]}/")
+      json_body = JSON.parse(subnet.body)
+      return nil if json_body['success']
+      { error: 'Unable to delete IP from External IPAM' }
     end
 
-    def get(path)
-      authenticate
-      uri = URI(@api_base + path)
-      request = Net::HTTP::Get.new(uri)
-      request['token'] = @token
-
-      Net::HTTP.start(uri.hostname, uri.port) {|http|
-        http.request(request)
-      }
+    def get_next_ip(mac, cidr, group_name)
+      subnet = get_ipam_subnet(cidr, group_name)
+      raise ERRORS[:no_subnet] if subnet.nil?
+      response = @api_resource.get("subnets/#{subnet[:id]}/first_free/")
+      json_body = JSON.parse(response.body)
+      return { error: json_body['message'] } if json_body['message']
+      ip = json_body['data']
+      next_ip = cache_next_ip(@ip_cache, ip, mac, cidr, subnet[:id], group_name)
+      { data: next_ip }
     end
 
-    def delete(path, body=nil)
-      authenticate
-      uri = URI(@api_base + path)
-      uri.query = URI.encode_www_form(body) if body
-      request = Net::HTTP::Delete.new(uri)
-      request['token'] = @token
-
-      Net::HTTP.start(uri.hostname, uri.port) {|http|
-        http.request(request)
-      }
+    def groups_supported?
+      true
     end
 
-    def post(path, body=nil)
-      authenticate
-      uri = URI(@api_base + path)
-      uri.query = URI.encode_www_form(body) if body
-      request = Net::HTTP::Post.new(uri)
-      request['token'] = @token
-
-      Net::HTTP.start(uri.hostname, uri.port) {|http|
-        http.request(request)
-      }
+    def authenticated?
+      !@token.nil?
     end
 
+    private
+
     def authenticate
-      auth_uri = URI(@api_base + '/user/')
+      auth_uri = URI("#{@api_base}/user/")
       request = Net::HTTP::Post.new(auth_uri)
       request.basic_auth @conf[:user], @conf[:password]
 
-      response = Net::HTTP.start(auth_uri.hostname, auth_uri.port) {|http|
+      response = Net::HTTP.start(auth_uri.hostname, auth_uri.port, use_ssl: auth_uri.scheme == 'https') do |http|
         http.request(request)
-      }
+      end
 
       response = JSON.parse(response.body)
-      @token = response['data']['token']
-    end    
+      logger.warn(response['message']) if response['message']
+      response.dig('data', 'token')
+    end
   end
 end