public function xSetupAction()
{
if (!($this->user->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $this->user->isTeamOwnerInEnvironment($this->getEnvironmentId()))) {
throw new Scalr_Exception_InsufficientPermissions();
}
$env = $this->getEnvironment();
$acc = $this->user->getAccount();
$iam = $env->aws('us-east-1')->iam;
//Generates both master and user passwords
$masterEmail = \Scalr::config('scalr.cloudyn.master_email');
$userEmail = $acc->getOwner()->getEmail();
$masterPassword = $this->getCrypto()->sault(8);
$userPassword = $this->getCrypto()->sault(8);
//Gets an user name using naming conventions
$awsUsername = sprintf('scalr-cloudyn-%s-%s', $env->id, SCALR_ID);
$policyName = sprintf('cloudynpolicy-%s', $env->id);
$cyAccountName = sprintf('scalr-aws-account-%s', $env->id);
//Read-only AWS policy
$policyDocument = '{"Statement":[{"Effect":"Allow","Action":["autoscaling:Describe*","aws-portal:View*","cloudformation:DescribeStacks","cloudformation:DescribeStackEvents","cloudformation:DescribeStackResources","cloudformation:GetTemplate","cloudfront:Get*","cloudfront:List*","cloudwatch:Describe*","cloudwatch:Get*","cloudwatch:List*","dynamodb:DescribeTable","dynamodb:ListTables","ec2:Describe*","elasticache:Describe*","elasticbeanstalk:Check*","elasticbeanstalk:Describe*","elasticbeanstalk:List*","elasticbeanstalk:RequestEnvironmentInfo","elasticbeanstalk:RetrieveEnvironmentInfo","elasticloadbalancing:Describe*","elasticmapreduce:DescribeJobFlows","iam:List*","iam:Get*","route53:Get*","route53:List*","rds:Describe*","rds:List*","s3:List*","s3:GetBucketAcl","s3:GetBucketLocation","s3:GetBucketLogging","s3:GetBucketNotification","s3:GetBucketPolicy","s3:GetBucketRequestPayment","s3:GetBucketVersioning","s3:GetBucketWebsite","s3:GetLifecycleConfiguration","s3:GetObjectAcl","s3:GetObjectTorrent","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:GetObjectVersionTorrent","s3:GetBucketTagging","sdb:DomainMetadata","sdb:GetAttributes","sdb:ListDomains","ses:Get*","ses:List*","sns:Get*","sns:List*","sqs:Get*","sqs:List*","storagegateway:List*","storagegateway:Describe*"],"Resource":"*"}]}';
$isCloudynEnabled = $acc->getSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED);
$isCloudynEnvironmentEnabled = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CLOUDYN_ENABLED);
if ($isCloudynEnvironmentEnabled) {
throw new RuntimeException('Cloudyn account for this environment has already been enabled.');
}
//Creates a new AWS user using IAM
try {
$awsUser = $iam->user->create($awsUsername);
} catch (ClientException $e) {
$error = $e->getErrorData();
if ($error->getCode() === ErrorData::ERR_ENTITY_ALREADY_EXISTS) {
$awsUser = $iam->user->fetch($awsUsername);
try {
foreach ($awsUser->listAccessKeys() as $v) {
$iam->user->deleteAccessKey($v->accessKeyId, $awsUser->userName);
}
} catch (\Exception $se) {
}
try {
$awsUser->deletePolicy($policyName);
} catch (\Exception $se) {
}
} else {
throw $e;
}
}
//Adds polity to created user
$awsUser->putPolicy($policyName, $policyDocument);
//Generates new access key for the created user
$accessKeyData = $awsUser->createAccessKey();
//This need to avoid error when cloudyn can't access to amazon using generated access key.
//Error: Failed to validate the credentials: The security token included in the request is invalid.
sleep(8);
//Whether cloudyn is enabled for this scalr account.
//If not we must register new customer on Cloudyn.
if (!$isCloudynEnabled) {
//Initializes Cloudyn instance using generated user's credentials
$cy = new Cloudyn($userEmail, $userPassword, \Scalr::config('scalr.cloudyn.environment'));
$tokens = preg_split("/ +/", trim($this->user->fullname), 2);
$userFirstName = !empty($tokens[0]) ? $tokens[0] : 'Unknown';
$userLastName = isset($tokens[1]) ? $tokens[1] : 'Unknown';
//Register new Customer on Cloudyn
$cy->registerCustomer($userEmail, $userPassword, $userFirstName, $userLastName, $acc->name, $masterEmail, $masterPassword);
$acc->setSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED, 1)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_EMAIL, $masterEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_PASSWD, $masterPassword)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_EMAIL, $userEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_PASSWD, $userPassword);
} else {
//Initializes Cloudyn instance using existing user's credentials
$cy = $env->cloudyn;
//We doesn't need to register Customer as he has already registered.
}
//Login to cloudyn as a created user
$cy->login();
//Adds AWS account to cloudyn for the specified environment
$result = $cy->addAccount($cyAccountName, $accessKeyData->accessKeyId, $accessKeyData->secretAccessKey, 'AWS');
$cloudynAccountId = $result->accountid;
$env->setPlatformConfig(array(Scalr_Environment::SETTING_CLOUDYN_ENABLED => 1, Scalr_Environment::SETTING_CLOUDYN_AWS_ACCESSKEY => $accessKeyData->accessKeyId, Scalr_Environment::SETTING_CLOUDYN_ACCOUNTID => $cloudynAccountId));
//Logout Cloudyn
$cy->logout();
$this->response->success('Your account successfully connected to Cloudyn');
$this->response->data($this->getContent());
}
