/**
* Creates token from the response
*
* @param ClientResponseInterface $response The response instance
* @param OpenStackConfig $config The openstack config
*
* @return \Scalr\Service\OpenStack\Client\AuthToken
*
* @throws NotSupportedException
*/
public static function makeToken(ClientResponseInterface $response, OpenStackConfig $config = null)
{
$version = $config === null ? 2 : $config->getIdentityVersion();
switch ($version) {
case 2:
return LoaderV2::loadJson($response);
case 3:
return LoaderV3::loadJson($response);
default:
throw new NotSupportedException("OpenStack API v{$version} is not supported!");
}
}
/**
* {@inheritdoc}
* @see RequestInterface::makeRequest()
*/
public function makeRequest(OpenStackConfig $config)
{
if (!empty($config->getApiKey())) {
$requestBody = ['auth' => ["RAX-KSKEY:apiKeyCredentials" => ['username' => $config->getUsername(), 'apiKey' => $config->getApiKey()]]];
} else {
if (!empty($config->getPassword())) {
$requestBody = ['auth' => ["passwordCredentials" => ['username' => $config->getUsername(), 'password' => $config->getPassword()]]];
} else {
throw new OpenStackException('Neither api key nor password was provided for the OpenStack config.');
}
}
if ($config->getTenantName() !== null) {
$requestBody['auth']['tenantName'] = $config->getTenantName();
}
return $requestBody;
}
/**
* List tenants action
*
* @param Marker $marker Marker Data.
* @return array Return tenants list
*/
public function listTenants(Marker $marker = null)
{
$result = null;
if ($marker !== null) {
$options = $marker->getQueryData();
} else {
$options = array();
}
$response = $this->getClient()->call($this->config->getIdentityEndpoint(), '/tenants', $options);
if ($response->hasError() === false) {
$result = json_decode($response->getContent());
$result = $result->tenants;
}
return $result;
}
public function _keystoneUrl($from, $to, $action)
{
switch ($action) {
case static::ACT_CONVERT_TO_OBJECT:
/* @var $from Entity\CloudCredentials */
$to->keystoneUrl = $from->properties[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL];
break;
case static::ACT_CONVERT_TO_ENTITY:
/* @var $to Entity\CloudCredentials */
$to->properties[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL] = $from->keystoneUrl;
$to->properties[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION] = OpenStackConfig::parseIdentityVersion($from->keystoneUrl);
break;
case static::ACT_GET_FILTER_CRITERIA:
return [[]];
}
}
/**
* {@inheritdoc}
* @see LoaderInterface::loadJson()
*/
public static function loadJson(ClientResponseInterface $response)
{
$token = $response->getHeader('X-Subject-Token');
$jsonString = $response->getContent();
$obj = json_decode($jsonString);
if (empty($token)) {
$invalid = true;
}
if (isset($invalid) || !isset($obj->token->expires_at)) {
throw new InvalidArgumentException("Malformed JSON document " . (string) $jsonString);
}
$regions = $services = [];
if (!empty($obj->token->catalog)) {
foreach ($obj->token->catalog as $srv) {
foreach ($srv->endpoints as $srvEndpoint) {
$url = $srvEndpoint->url;
$srvVersion = OpenStackConfig::parseIdentityVersion($url);
if (isset($srvEndpoint->region)) {
$regions[$srvEndpoint->region] = true;
$endpointRegion = $srvEndpoint->region;
} else {
$endpointRegion = '';
}
if (!isset($services[$srv->type][$endpointRegion][$srvVersion])) {
$services[$srv->type][$endpointRegion][$srvVersion] = [];
}
$srvEndpoint->publicURL = $url;
//Interface - can be public, internal or admin
$services[$srv->type][$endpointRegion][$srvVersion][$srvEndpoint->interface] = $srvEndpoint;
}
}
}
$regions = array_keys($regions);
$ret = new AuthToken();
$ret->setExpires(new DateTime($obj->token->expires_at))->setId($token)->setAuthDocument($obj)->setRegionEndpoints($services)->setZones($regions);
if (isset($obj->token->project->id)) {
$ret->setTenantId($obj->token->project->id);
}
if (isset($obj->token->project->name)) {
$ret->setTenantName($obj->token->project->name);
}
return $ret;
}
/**
* {@inheritdoc}
* @see RequestInterface::makeRequest()
*/
public function makeRequest(OpenStackConfig $config)
{
if ($config->getApiKey() !== null) {
$requestBody = ['auth' => ['identity' => ['methods' => ['token'], 'token' => ['id' => $config->getApiKey()]]]];
} else {
if ($config->getPassword() !== null) {
$requestBody = ['auth' => ['identity' => ['methods' => ['password'], 'password' => ['user' => ['password' => $config->getPassword()]]]]];
if ($config->getUserId()) {
$requestBody['auth']['identity']['password']['user']['id'] = $config->getUserId();
} else {
if ($config->getUsername()) {
$requestBody['auth']['identity']['password']['user']['name'] = $config->getUsername();
} else {
throw new OpenStackException('Neither user name nor user id was provided for the OpenStack config.');
}
}
} else {
throw new OpenStackException('Neither api key nor password was provided for the OpenStack config.');
}
}
if ($config->getProjectId() !== null) {
$requestBody['auth']['scope']['project']['id'] = $config->getProjectId();
} else {
if ($config->getTenantName() !== null) {
$requestBody['auth']['scope']['project']['name'] = $config->getTenantName();
}
}
return $requestBody;
}
private function saveOpenstack()
{
$pars = array();
$enabled = false;
$platform = $this->getParam('platform');
$currentCloudCredentials = $this->env->keychain($platform);
$bNew = !$currentCloudCredentials->isEnabled();
if (!$bNew) {
$oldUrl = $currentCloudCredentials->properties[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL];
}
if ($this->getParam("{$platform}_is_enabled")) {
$enabled = true;
$pars[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL] = trim($this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL, 'string', 'KeyStone URL required', $platform));
$pars[Entity\CloudCredentialsProperty::OPENSTACK_SSL_VERIFYPEER] = trim($this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_SSL_VERIFYPEER, 'bool', '', $platform));
$pars[Entity\CloudCredentialsProperty::OPENSTACK_USERNAME] = $this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_USERNAME, 'string', 'Username required', $platform);
$pars[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD] = $this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD, 'password', '', $platform, false);
$pars[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_API_KEY, 'string', '', $platform);
$pars[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION] = OpenStackConfig::parseIdentityVersion($pars[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL]);
$pars[Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME] = $this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME, 'string', '', $platform);
$pars[Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME] = $this->checkVar(Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME, 'string', '', $platform);
if (empty($this->checkVarError) && empty($pars[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD]) && empty($pars[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY])) {
$this->checkVarError['api_key'] = $this->checkVarError['password'] = '******';
}
}
/* @var $config Yaml */
$config = $this->env->getContainer()->config;
if (isset($platform) && $config->defined("scalr.{$platform}.use_proxy") && $config("scalr.{$platform}.use_proxy") && in_array($config('scalr.connections.proxy.use_on'), ['both', 'scalr'])) {
$proxySettings = $config('scalr.connections.proxy');
} else {
$proxySettings = null;
}
if (count($this->checkVarError)) {
$this->response->failure();
$this->response->data(array('errors' => $this->checkVarError));
} else {
if ($this->getParam($platform . "_is_enabled")) {
$os = new OpenStack(new OpenStackConfig($pars[Entity\CloudCredentialsProperty::OPENSTACK_USERNAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL], 'fake-region', $pars[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY], null, null, $pars[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD], $pars[Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION], $proxySettings));
//It throws an exception on failure
$zones = $os->listZones();
$zone = array_shift($zones);
$os = new OpenStack(new OpenStackConfig($pars[Entity\CloudCredentialsProperty::OPENSTACK_USERNAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL], $zone->name, $pars[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY], null, null, $pars[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD], $pars[Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME], $pars[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION], $proxySettings));
// Check SG Extension
$pars[Entity\CloudCredentialsProperty::OPENSTACK_EXT_SECURITYGROUPS_ENABLED] = (int) $os->servers->isExtensionSupported(ServersExtension::securityGroups());
// Check Floating Ips Extension
$pars[Entity\CloudCredentialsProperty::OPENSTACK_EXT_FLOATING_IPS_ENABLED] = (int) $os->servers->isExtensionSupported(ServersExtension::floatingIps());
// Check Cinder Extension
$pars[Entity\CloudCredentialsProperty::OPENSTACK_EXT_CINDER_ENABLED] = (int) $os->hasService('volume');
// Check Swift Extension
$pars[Entity\CloudCredentialsProperty::OPENSTACK_EXT_SWIFT_ENABLED] = (int) $os->hasService('object-store');
// Check LBaas Extension
$pars[Entity\CloudCredentialsProperty::OPENSTACK_EXT_LBAAS_ENABLED] = !in_array($platform, array(SERVER_PLATFORMS::RACKSPACENG_US, SERVER_PLATFORMS::RACKSPACENG_UK)) && $os->hasService('network') ? (int) $os->network->isExtensionSupported('lbaas') : 0;
}
$this->db->BeginTrans();
try {
$this->env->enablePlatform($platform, $enabled);
if ($enabled) {
$this->makeCloudCredentials($platform, $pars);
if ($this->getContainer()->analytics->enabled && ($bNew || $oldUrl !== $pars[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL])) {
$this->getContainer()->analytics->notifications->onCloudAdd($platform, $this->env, $this->user);
}
}
if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
$this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
}
$this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr'));
$this->response->data(array('enabled' => $enabled));
} catch (Exception $e) {
$this->db->RollbackTrans();
throw new Exception(_('Failed to save ' . ucfirst($platform) . ' settings'));
}
$this->db->CommitTrans();
}
}