public function xSaveEc2Action() { $pars = array(); $enabled = false; $ccProps = $this->env->cloudCredentials(SERVER_PLATFORMS::EC2)->properties; if ($this->getParam('ec2_is_enabled')) { $enabled = true; $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID, 'string', "AWS Account Number required", SERVER_PLATFORMS::EC2); if (!is_numeric($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) || strlen($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) != 12) { //$err[Ec2PlatformModule::ACCOUNT_ID] = _("AWS numeric account ID required (See <a href='/faq.html'>FAQ</a> for info on where to get it)."); $this->checkVarError[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = _("AWS Account Number should be numeric"); } else { $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = preg_replace("/[^0-9]+/", "", $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]); } $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCESS_KEY, 'string', "AWS Access Key required", SERVER_PLATFORMS::EC2); $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_SECRET_KEY, 'password', "AWS Access Key required", SERVER_PLATFORMS::EC2); $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY, 'file', "AWS x.509 Private Key required", SERVER_PLATFORMS::EC2)); $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_CERTIFICATE, 'file', "AWS x.509 Certificate required", SERVER_PLATFORMS::EC2)); // user can mull certificate and private key, check it if (strpos($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) { // swap it $key = $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]; $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]; $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $key; } if (!count($this->checkVarError)) { if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] or $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] != $ccProps[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) { try { $aws = $this->env->aws(\Scalr\Service\Aws::REGION_US_EAST_1, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]); $aws->validateCertificateAndPrivateKey(); } catch (Exception $e) { throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})")); } try { $buckets = $aws->s3->bucket->getList(); } catch (Exception $e) { throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage())); } } } else { $this->response->failure(); $this->response->data(array('errors' => $this->checkVarError)); return; } } $this->db->BeginTrans(); try { $this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled); if ($enabled) { $this->makeCloudCredentials(SERVER_PLATFORMS::EC2, $pars); } if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) { $this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time()); } if ($this->env->status == Scalr_Environment::STATUS_INACTIVE) { $this->env->status = Scalr_Environment::STATUS_ACTIVE; $this->env->save(); } $this->db->CommitTrans(); } catch (Exception $e) { $this->db->RollbackTrans(); throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}")); } $demoFarm = false; $this->response->success('Environment saved'); $this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm)); }
public function xSaveEc2Action() { $pars = array(); $enabled = false; if ($this->getParam('ec2_is_enabled')) { $enabled = true; $pars[Modules_Platforms_Ec2::ACCOUNT_ID] = $this->checkVar(Modules_Platforms_Ec2::ACCOUNT_ID, 'string', "AWS Account Number required"); if (!is_numeric($pars[Modules_Platforms_Ec2::ACCOUNT_ID]) || strlen($pars[Modules_Platforms_Ec2::ACCOUNT_ID]) != 12) { //$err[Modules_Platforms_Ec2::ACCOUNT_ID] = _("AWS numeric account ID required (See <a href='/faq.html'>FAQ</a> for info on where to get it)."); $this->checkVarError[Modules_Platforms_Ec2::ACCOUNT_ID] = _("AWS Account Number should be numeric"); } else { $pars[Modules_Platforms_Ec2::ACCOUNT_ID] = preg_replace("/[^0-9]+/", "", $pars[Modules_Platforms_Ec2::ACCOUNT_ID]); } $pars[Modules_Platforms_Ec2::ACCESS_KEY] = $this->checkVar(Modules_Platforms_Ec2::ACCESS_KEY, 'string', "AWS Access Key required"); $pars[Modules_Platforms_Ec2::SECRET_KEY] = $this->checkVar(Modules_Platforms_Ec2::SECRET_KEY, 'password', "AWS Access Key required"); $pars[Modules_Platforms_Ec2::PRIVATE_KEY] = trim($this->checkVar(Modules_Platforms_Ec2::PRIVATE_KEY, 'file', "AWS x.509 Private Key required")); $pars[Modules_Platforms_Ec2::CERTIFICATE] = trim($this->checkVar(Modules_Platforms_Ec2::CERTIFICATE, 'file', "AWS x.509 Certificate required")); // user can mull certificate and private key, check it if (strpos($pars[Modules_Platforms_Ec2::PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Modules_Platforms_Ec2::CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) { // swap it $key = $pars[Modules_Platforms_Ec2::PRIVATE_KEY]; $pars[Modules_Platforms_Ec2::PRIVATE_KEY] = $pars[Modules_Platforms_Ec2::CERTIFICATE]; $pars[Modules_Platforms_Ec2::CERTIFICATE] = $key; } if (!count($this->checkVarError)) { if ($pars[Modules_Platforms_Ec2::ACCOUNT_ID] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::ACCOUNT_ID) or $pars[Modules_Platforms_Ec2::ACCESS_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::ACCESS_KEY) or $pars[Modules_Platforms_Ec2::SECRET_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::SECRET_KEY) or $pars[Modules_Platforms_Ec2::PRIVATE_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::PRIVATE_KEY) or $pars[Modules_Platforms_Ec2::CERTIFICATE] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::CERTIFICATE)) { try { $aws = $this->env->aws(\Scalr\Service\Aws::REGION_US_EAST_1, $pars[Modules_Platforms_Ec2::ACCESS_KEY], $pars[Modules_Platforms_Ec2::SECRET_KEY], $pars[Modules_Platforms_Ec2::CERTIFICATE], $pars[Modules_Platforms_Ec2::PRIVATE_KEY]); $aws->validateCertificateAndPrivateKey(); } catch (Exception $e) { throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})")); } try { $buckets = $aws->s3->bucket->getList(); } catch (Exception $e) { throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage())); } } } else { $this->response->failure(); $this->response->data(array('errors' => $this->checkVarError)); return; } } $this->db->BeginTrans(); try { $this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled); if ($enabled) { $this->env->setPlatformConfig($pars); } if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) { $this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time()); } if ($this->env->status == Scalr_Environment::STATUS_INACTIVE) { $this->env->status = Scalr_Environment::STATUS_ACTIVE; $this->env->save(); } $this->db->CommitTrans(); } catch (Exception $e) { $this->db->RollbackTrans(); throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}")); } $demoFarm = false; try { if ($this->user->getAccount()->getSetting(Scalr_Account::SETTING_IS_TRIAL) == 1) { if ($this->db->GetOne("SELECT COUNT(*) FROM farms WHERE clientid = ?", array($this->user->getAccountId())) == 0) { //Create demo farm try { $dbFarm = DBFarm::LoadByID(9670); // LAMP-PROTOTYPE $dbFarm->cloneFarm('My First LAMP Farm', $this->user, $this->getEnvironmentId()); $demoFarm = true; } catch (Exception $e) { throw new Exception("Demo farm creation failed: {$e->getMessage()}"); } } } } catch (Exception $e) { } $this->response->success('Environment saved'); $this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm)); }
private function saveEc2() { $pars = []; $enabled = false; $envAutoEnabled = false; $bNew = !$this->env->isPlatformEnabled(SERVER_PLATFORMS::EC2); $currentCloudCredentials = $this->env->keychain(SERVER_PLATFORMS::EC2); $ccProps = $currentCloudCredentials->properties; if ($this->getParam('ec2_is_enabled')) { $enabled = true; $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE, 'string', "AWS Account Type required", SERVER_PLATFORMS::EC2)); $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCESS_KEY, 'string', "AWS Access Key required", SERVER_PLATFORMS::EC2)); $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_SECRET_KEY, 'password', "AWS Access Key required", SERVER_PLATFORMS::EC2)); $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY, 'file', '', SERVER_PLATFORMS::EC2); $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_CERTIFICATE, 'file', '', SERVER_PLATFORMS::EC2); if ($this->getContainer()->analytics->enabled) { $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED, 'bool', '', SERVER_PLATFORMS::EC2); if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED])) { $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET, 'string', "Detailed billing bucket name is required", SERVER_PLATFORMS::EC2); $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT, 'string', '', SERVER_PLATFORMS::EC2); $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION, 'string', "Aws region is required", SERVER_PLATFORMS::EC2); } else { $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = false; $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = false; $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = false; } } // user can mull certificate and private key, check it if (strpos($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) { // swap it $key = $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]; $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]; $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $key; } if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD) { $region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1; } else { if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD) { $region = \Scalr\Service\Aws::REGION_CN_NORTH_1; } else { $region = \Scalr\Service\Aws::REGION_US_EAST_1; } } if (!count($this->checkVarError)) { if ($pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] != $ccProps[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) { $aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null); //Validates private key and certificate if they are provided if (!empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) || !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY])) { try { //SOAP is not supported anymore //$aws->validateCertificateAndPrivateKey(); } catch (Exception $e) { throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})")); } } //Validates both access and secret keys try { $buckets = $aws->s3->bucket->getList(); } catch (Exception $e) { throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage())); } //Extract AWS Account ID $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $aws->getAccountNumber(); try { if ($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] != $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) { $this->db->Execute("DELETE FROM client_environment_properties WHERE name LIKE 'ec2.vpc.default%' AND env_id = ?", [$this->env->id]); } } catch (Exception $e) { } } else { $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]; } } else { $this->response->failure(); $this->response->data(['errors' => $this->checkVarError]); return; } } if ($enabled && $this->getContainer()->analytics->enabled && !empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET])) { try { $region = $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION]; $aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]); if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) && $aws->getAccountNumber() != $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) { $payerCredentials = $this->getUser()->getAccount()->cloudCredentialsList([SERVER_PLATFORMS::EC2], [], [Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID => [['value' => $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]]]]); if (count($payerCredentials) == 0) { throw new Exception("Payer account not found!"); } $payerCredentials = $payerCredentials->current(); $aws = $this->env->aws($region, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null); } try { $bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]); } catch (ClientException $e) { if ($e->getErrorData() && $e->getErrorData()->getCode() == ErrorData::ERR_AUTHORIZATION_HEADER_MALFORMED && preg_match("/expecting\\s+'(.+?)'/", $e->getMessage(), $matches) && in_array($matches[1], Aws::getCloudLocations())) { $expectingRegion = $matches[1]; if (isset($payerCredentials)) { $aws = $this->env->aws($expectingRegion, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null); } else { $aws = $this->env->aws($expectingRegion, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]); } $bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]); $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $expectingRegion; } else { throw $e; } } $objectName = (empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) ? '' : "{$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]}-") . 'aws-billing-detailed-line-items-with-resources-and-tags'; $objectExists = false; $bucketObjectName = null; foreach ($bucketObjects as $bucketObject) { /* @var $bucketObject Scalr\Service\Aws\S3\DataType\ObjectData */ if (strpos($bucketObject->objectName, $objectName) !== false) { $bucketObjectName = $bucketObject->objectName; $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = 1; $objectExists = true; break; } } if (!$objectExists) { $this->response->failure(); $this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT => "Object with name '{$objectName}' does not exist."]]); return; } $aws->s3->object->getMetadata($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $bucketObjectName); } catch (Exception $e) { $this->response->failure(); $this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET => sprintf("Cannot access billing bucket with name %s. Error: %s", $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $e->getMessage())]]); return; } } $this->db->BeginTrans(); try { $this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled); if ($enabled) { $this->makeCloudCredentials(SERVER_PLATFORMS::EC2, $pars); if ($this->getContainer()->analytics->enabled && $bNew) { $this->getContainer()->analytics->notifications->onCloudAdd('ec2', $this->env, $this->user); } } if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) { $this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time()); } //TODO: cloud suspension info must work with cloud credentials if ($enabled && $this->env->status == Scalr_Environment::STATUS_INACTIVE && $this->env->getPlatformConfigValue('system.auto-disable-reason')) { // env was inactive due invalid keys for amazon, activate it $this->env->status = Scalr_Environment::STATUS_ACTIVE; $this->env->save(); $this->env->setPlatformConfig(['system.auto-disable-reason' => NULL]); $envAutoEnabled = true; } $this->db->CommitTrans(); } catch (Exception $e) { $this->db->RollbackTrans(); throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}")); } $this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr')); $this->response->data(['enabled' => $enabled, 'demoFarm' => $demoFarm, 'envAutoEnabled' => $envAutoEnabled]); }
private function saveEc2() { $pars = array(); $enabled = false; $envAutoEnabled = false; $bNew = !$this->env->isPlatformEnabled(SERVER_PLATFORMS::EC2); if ($this->getParam('ec2_is_enabled')) { $enabled = true; $pars[Ec2PlatformModule::ACCOUNT_TYPE] = trim($this->checkVar(Ec2PlatformModule::ACCOUNT_TYPE, 'string', "AWS Account Type required")); $pars[Ec2PlatformModule::ACCESS_KEY] = trim($this->checkVar(Ec2PlatformModule::ACCESS_KEY, 'string', "AWS Access Key required")); $pars[Ec2PlatformModule::SECRET_KEY] = trim($this->checkVar(Ec2PlatformModule::SECRET_KEY, 'password', "AWS Access Key required")); $pars[Ec2PlatformModule::PRIVATE_KEY] = trim($this->checkVar(Ec2PlatformModule::PRIVATE_KEY, 'file')); $pars[Ec2PlatformModule::CERTIFICATE] = trim($this->checkVar(Ec2PlatformModule::CERTIFICATE, 'file')); if ($this->getContainer()->analytics->enabled) { $pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET] = $this->getParam(Ec2PlatformModule::DETAILED_BILLING_BUCKET) ?: null; $pars[Ec2PlatformModule::DETAILED_BILLING_ENABLED] = 0; } // user can mull certificate and private key, check it if (strpos($pars[Ec2PlatformModule::PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Ec2PlatformModule::CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) { // swap it $key = $pars[Ec2PlatformModule::PRIVATE_KEY]; $pars[Ec2PlatformModule::PRIVATE_KEY] = $pars[Ec2PlatformModule::CERTIFICATE]; $pars[Ec2PlatformModule::CERTIFICATE] = $key; } if ($pars[Ec2PlatformModule::ACCOUNT_TYPE] == Ec2PlatformModule::ACCOUNT_TYPE_GOV_CLOUD) { $region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1; } else { if ($pars[Ec2PlatformModule::ACCOUNT_TYPE] == Ec2PlatformModule::ACCOUNT_TYPE_CN_CLOUD) { $region = \Scalr\Service\Aws::REGION_CN_NORTH_1; } else { $region = \Scalr\Service\Aws::REGION_US_EAST_1; } } if (!count($this->checkVarError)) { if ($pars[Ec2PlatformModule::ACCESS_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::ACCESS_KEY) or $pars[Ec2PlatformModule::SECRET_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::SECRET_KEY) or $pars[Ec2PlatformModule::PRIVATE_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::PRIVATE_KEY) or $pars[Ec2PlatformModule::CERTIFICATE] != $this->env->getPlatformConfigValue(Ec2PlatformModule::CERTIFICATE)) { $aws = $this->env->aws($region, $pars[Ec2PlatformModule::ACCESS_KEY], $pars[Ec2PlatformModule::SECRET_KEY], !empty($pars[Ec2PlatformModule::CERTIFICATE]) ? $pars[Ec2PlatformModule::CERTIFICATE] : null, !empty($pars[Ec2PlatformModule::PRIVATE_KEY]) ? $pars[Ec2PlatformModule::PRIVATE_KEY] : null); //Validates private key and certificate if they are provided if (!empty($pars[Ec2PlatformModule::CERTIFICATE]) || !empty($pars[Ec2PlatformModule::PRIVATE_KEY])) { try { //SOAP is not supported anymore //$aws->validateCertificateAndPrivateKey(); } catch (Exception $e) { throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})")); } } //Validates both access and secret keys try { $buckets = $aws->s3->bucket->getList(); } catch (Exception $e) { throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage())); } //Extract AWS Account ID $pars[Ec2PlatformModule::ACCOUNT_ID] = $aws->getAccountNumber(); try { if ($this->env->getPlatformConfigValue(Ec2PlatformModule::ACCOUNT_ID) != $pars[Ec2PlatformModule::ACCOUNT_ID]) { $this->db->Execute("DELETE FROM client_environment_properties WHERE name LIKE 'ec2.vpc.default%' AND env_id = ?", array($this->env->id)); } } catch (Exception $e) { } } } else { $this->response->failure(); $this->response->data(array('errors' => $this->checkVarError)); return; } } if ($enabled && $this->getContainer()->analytics->enabled && !empty($pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET])) { try { $aws = $this->env->aws($region, $pars[Ec2PlatformModule::ACCESS_KEY], $pars[Ec2PlatformModule::SECRET_KEY]); $bucketObjects = $aws->s3->bucket->listObjects($pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET]); $objectName = 'aws-billing-detailed-line-items-with-resources-and-tags'; $objectExists = false; foreach ($bucketObjects as $bucketObject) { /* @var $bucketObject Scalr\Service\Aws\S3\DataType\ObjectData */ if (strpos($bucketObject->objectName, $objectName) !== false) { $pars[Ec2PlatformModule::DETAILED_BILLING_ENABLED] = 1; $objectExists = true; break; } } if (!$objectExists) { $this->response->failure(); $this->response->data(['errors' => [Ec2PlatformModule::DETAILED_BILLING_BUCKET => "Object with name 'aws-billing-detailed-line-items-with-resources-and-tags' does not exist."]]); return; } } catch (Exception $e) { $this->response->failure(); $this->response->data(['errors' => [Ec2PlatformModule::DETAILED_BILLING_BUCKET => sprintf("Cannot access billing bucket with name %s.", $pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET])]]); return; } } $this->db->BeginTrans(); try { $this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled); if ($enabled) { $this->env->setPlatformConfig($pars); if ($this->getContainer()->analytics->enabled && $bNew) { $this->getContainer()->analytics->notifications->onCloudAdd('ec2', $this->env, $this->user); } } if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) { $this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time()); } if ($enabled && $this->env->status == Scalr_Environment::STATUS_INACTIVE && $this->env->getPlatformConfigValue('system.auto-disable-reason')) { // env was inactive due invalid keys for amazon, activate it $this->env->status = Scalr_Environment::STATUS_ACTIVE; $this->env->save(); $this->env->setPlatformConfig(['system.auto-disable-reason' => NULL]); $envAutoEnabled = true; } $this->db->CommitTrans(); } catch (Exception $e) { $this->db->RollbackTrans(); throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}")); } $this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr')); $this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm, 'envAutoEnabled' => $envAutoEnabled)); }