public function xSaveEc2Action()
{
$pars = array();
$enabled = false;
$ccProps = $this->env->cloudCredentials(SERVER_PLATFORMS::EC2)->properties;
if ($this->getParam('ec2_is_enabled')) {
$enabled = true;
$pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID, 'string', "AWS Account Number required", SERVER_PLATFORMS::EC2);
if (!is_numeric($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) || strlen($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) != 12) {
//$err[Ec2PlatformModule::ACCOUNT_ID] = _("AWS numeric account ID required (See <a href='/faq.html'>FAQ</a> for info on where to get it).");
$this->checkVarError[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = _("AWS Account Number should be numeric");
} else {
$pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = preg_replace("/[^0-9]+/", "", $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]);
}
$pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCESS_KEY, 'string', "AWS Access Key required", SERVER_PLATFORMS::EC2);
$pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_SECRET_KEY, 'password', "AWS Access Key required", SERVER_PLATFORMS::EC2);
$pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY, 'file', "AWS x.509 Private Key required", SERVER_PLATFORMS::EC2));
$pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_CERTIFICATE, 'file', "AWS x.509 Certificate required", SERVER_PLATFORMS::EC2));
// user can mull certificate and private key, check it
if (strpos($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) {
// swap it
$key = $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY];
$pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE];
$pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $key;
}
if (!count($this->checkVarError)) {
if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] or $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] != $ccProps[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) {
try {
$aws = $this->env->aws(\Scalr\Service\Aws::REGION_US_EAST_1, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]);
$aws->validateCertificateAndPrivateKey();
} catch (Exception $e) {
throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})"));
}
try {
$buckets = $aws->s3->bucket->getList();
} catch (Exception $e) {
throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage()));
}
}
} else {
$this->response->failure();
$this->response->data(array('errors' => $this->checkVarError));
return;
}
}
$this->db->BeginTrans();
try {
$this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled);
if ($enabled) {
$this->makeCloudCredentials(SERVER_PLATFORMS::EC2, $pars);
}
if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
$this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
}
if ($this->env->status == Scalr_Environment::STATUS_INACTIVE) {
$this->env->status = Scalr_Environment::STATUS_ACTIVE;
$this->env->save();
}
$this->db->CommitTrans();
} catch (Exception $e) {
$this->db->RollbackTrans();
throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}"));
}
$demoFarm = false;
$this->response->success('Environment saved');
$this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm));
}
public function xSaveEc2Action()
{
$pars = array();
$enabled = false;
if ($this->getParam('ec2_is_enabled')) {
$enabled = true;
$pars[Modules_Platforms_Ec2::ACCOUNT_ID] = $this->checkVar(Modules_Platforms_Ec2::ACCOUNT_ID, 'string', "AWS Account Number required");
if (!is_numeric($pars[Modules_Platforms_Ec2::ACCOUNT_ID]) || strlen($pars[Modules_Platforms_Ec2::ACCOUNT_ID]) != 12) {
//$err[Modules_Platforms_Ec2::ACCOUNT_ID] = _("AWS numeric account ID required (See <a href='/faq.html'>FAQ</a> for info on where to get it).");
$this->checkVarError[Modules_Platforms_Ec2::ACCOUNT_ID] = _("AWS Account Number should be numeric");
} else {
$pars[Modules_Platforms_Ec2::ACCOUNT_ID] = preg_replace("/[^0-9]+/", "", $pars[Modules_Platforms_Ec2::ACCOUNT_ID]);
}
$pars[Modules_Platforms_Ec2::ACCESS_KEY] = $this->checkVar(Modules_Platforms_Ec2::ACCESS_KEY, 'string', "AWS Access Key required");
$pars[Modules_Platforms_Ec2::SECRET_KEY] = $this->checkVar(Modules_Platforms_Ec2::SECRET_KEY, 'password', "AWS Access Key required");
$pars[Modules_Platforms_Ec2::PRIVATE_KEY] = trim($this->checkVar(Modules_Platforms_Ec2::PRIVATE_KEY, 'file', "AWS x.509 Private Key required"));
$pars[Modules_Platforms_Ec2::CERTIFICATE] = trim($this->checkVar(Modules_Platforms_Ec2::CERTIFICATE, 'file', "AWS x.509 Certificate required"));
// user can mull certificate and private key, check it
if (strpos($pars[Modules_Platforms_Ec2::PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Modules_Platforms_Ec2::CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) {
// swap it
$key = $pars[Modules_Platforms_Ec2::PRIVATE_KEY];
$pars[Modules_Platforms_Ec2::PRIVATE_KEY] = $pars[Modules_Platforms_Ec2::CERTIFICATE];
$pars[Modules_Platforms_Ec2::CERTIFICATE] = $key;
}
if (!count($this->checkVarError)) {
if ($pars[Modules_Platforms_Ec2::ACCOUNT_ID] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::ACCOUNT_ID) or $pars[Modules_Platforms_Ec2::ACCESS_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::ACCESS_KEY) or $pars[Modules_Platforms_Ec2::SECRET_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::SECRET_KEY) or $pars[Modules_Platforms_Ec2::PRIVATE_KEY] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::PRIVATE_KEY) or $pars[Modules_Platforms_Ec2::CERTIFICATE] != $this->env->getPlatformConfigValue(Modules_Platforms_Ec2::CERTIFICATE)) {
try {
$aws = $this->env->aws(\Scalr\Service\Aws::REGION_US_EAST_1, $pars[Modules_Platforms_Ec2::ACCESS_KEY], $pars[Modules_Platforms_Ec2::SECRET_KEY], $pars[Modules_Platforms_Ec2::CERTIFICATE], $pars[Modules_Platforms_Ec2::PRIVATE_KEY]);
$aws->validateCertificateAndPrivateKey();
} catch (Exception $e) {
throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})"));
}
try {
$buckets = $aws->s3->bucket->getList();
} catch (Exception $e) {
throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage()));
}
}
} else {
$this->response->failure();
$this->response->data(array('errors' => $this->checkVarError));
return;
}
}
$this->db->BeginTrans();
try {
$this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled);
if ($enabled) {
$this->env->setPlatformConfig($pars);
}
if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
$this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
}
if ($this->env->status == Scalr_Environment::STATUS_INACTIVE) {
$this->env->status = Scalr_Environment::STATUS_ACTIVE;
$this->env->save();
}
$this->db->CommitTrans();
} catch (Exception $e) {
$this->db->RollbackTrans();
throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}"));
}
$demoFarm = false;
try {
if ($this->user->getAccount()->getSetting(Scalr_Account::SETTING_IS_TRIAL) == 1) {
if ($this->db->GetOne("SELECT COUNT(*) FROM farms WHERE clientid = ?", array($this->user->getAccountId())) == 0) {
//Create demo farm
try {
$dbFarm = DBFarm::LoadByID(9670);
// LAMP-PROTOTYPE
$dbFarm->cloneFarm('My First LAMP Farm', $this->user, $this->getEnvironmentId());
$demoFarm = true;
} catch (Exception $e) {
throw new Exception("Demo farm creation failed: {$e->getMessage()}");
}
}
}
} catch (Exception $e) {
}
$this->response->success('Environment saved');
$this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm));
}
private function saveEc2()
{
$pars = [];
$enabled = false;
$envAutoEnabled = false;
$bNew = !$this->env->isPlatformEnabled(SERVER_PLATFORMS::EC2);
$currentCloudCredentials = $this->env->keychain(SERVER_PLATFORMS::EC2);
$ccProps = $currentCloudCredentials->properties;
if ($this->getParam('ec2_is_enabled')) {
$enabled = true;
$pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE, 'string', "AWS Account Type required", SERVER_PLATFORMS::EC2));
$pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCESS_KEY, 'string', "AWS Access Key required", SERVER_PLATFORMS::EC2));
$pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_SECRET_KEY, 'password', "AWS Access Key required", SERVER_PLATFORMS::EC2));
$pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY, 'file', '', SERVER_PLATFORMS::EC2);
$pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_CERTIFICATE, 'file', '', SERVER_PLATFORMS::EC2);
if ($this->getContainer()->analytics->enabled) {
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED, 'bool', '', SERVER_PLATFORMS::EC2);
if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED])) {
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET, 'string', "Detailed billing bucket name is required", SERVER_PLATFORMS::EC2);
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT, 'string', '', SERVER_PLATFORMS::EC2);
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION, 'string', "Aws region is required", SERVER_PLATFORMS::EC2);
} else {
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = false;
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = false;
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = false;
}
}
// user can mull certificate and private key, check it
if (strpos($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) {
// swap it
$key = $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY];
$pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE];
$pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $key;
}
if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD) {
$region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1;
} else {
if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD) {
$region = \Scalr\Service\Aws::REGION_CN_NORTH_1;
} else {
$region = \Scalr\Service\Aws::REGION_US_EAST_1;
}
}
if (!count($this->checkVarError)) {
if ($pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] != $ccProps[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) {
$aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
//Validates private key and certificate if they are provided
if (!empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) || !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY])) {
try {
//SOAP is not supported anymore
//$aws->validateCertificateAndPrivateKey();
} catch (Exception $e) {
throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})"));
}
}
//Validates both access and secret keys
try {
$buckets = $aws->s3->bucket->getList();
} catch (Exception $e) {
throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage()));
}
//Extract AWS Account ID
$pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $aws->getAccountNumber();
try {
if ($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] != $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) {
$this->db->Execute("DELETE FROM client_environment_properties WHERE name LIKE 'ec2.vpc.default%' AND env_id = ?", [$this->env->id]);
}
} catch (Exception $e) {
}
} else {
$pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID];
}
} else {
$this->response->failure();
$this->response->data(['errors' => $this->checkVarError]);
return;
}
}
if ($enabled && $this->getContainer()->analytics->enabled && !empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET])) {
try {
$region = $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION];
$aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) && $aws->getAccountNumber() != $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) {
$payerCredentials = $this->getUser()->getAccount()->cloudCredentialsList([SERVER_PLATFORMS::EC2], [], [Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID => [['value' => $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]]]]);
if (count($payerCredentials) == 0) {
throw new Exception("Payer account not found!");
}
$payerCredentials = $payerCredentials->current();
$aws = $this->env->aws($region, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
}
try {
$bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]);
} catch (ClientException $e) {
if ($e->getErrorData() && $e->getErrorData()->getCode() == ErrorData::ERR_AUTHORIZATION_HEADER_MALFORMED && preg_match("/expecting\\s+'(.+?)'/", $e->getMessage(), $matches) && in_array($matches[1], Aws::getCloudLocations())) {
$expectingRegion = $matches[1];
if (isset($payerCredentials)) {
$aws = $this->env->aws($expectingRegion, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
} else {
$aws = $this->env->aws($expectingRegion, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
}
$bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]);
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $expectingRegion;
} else {
throw $e;
}
}
$objectName = (empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) ? '' : "{$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]}-") . 'aws-billing-detailed-line-items-with-resources-and-tags';
$objectExists = false;
$bucketObjectName = null;
foreach ($bucketObjects as $bucketObject) {
/* @var $bucketObject Scalr\Service\Aws\S3\DataType\ObjectData */
if (strpos($bucketObject->objectName, $objectName) !== false) {
$bucketObjectName = $bucketObject->objectName;
$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = 1;
$objectExists = true;
break;
}
}
if (!$objectExists) {
$this->response->failure();
$this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT => "Object with name '{$objectName}' does not exist."]]);
return;
}
$aws->s3->object->getMetadata($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $bucketObjectName);
} catch (Exception $e) {
$this->response->failure();
$this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET => sprintf("Cannot access billing bucket with name %s. Error: %s", $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $e->getMessage())]]);
return;
}
}
$this->db->BeginTrans();
try {
$this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled);
if ($enabled) {
$this->makeCloudCredentials(SERVER_PLATFORMS::EC2, $pars);
if ($this->getContainer()->analytics->enabled && $bNew) {
$this->getContainer()->analytics->notifications->onCloudAdd('ec2', $this->env, $this->user);
}
}
if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
$this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
}
//TODO: cloud suspension info must work with cloud credentials
if ($enabled && $this->env->status == Scalr_Environment::STATUS_INACTIVE && $this->env->getPlatformConfigValue('system.auto-disable-reason')) {
// env was inactive due invalid keys for amazon, activate it
$this->env->status = Scalr_Environment::STATUS_ACTIVE;
$this->env->save();
$this->env->setPlatformConfig(['system.auto-disable-reason' => NULL]);
$envAutoEnabled = true;
}
$this->db->CommitTrans();
} catch (Exception $e) {
$this->db->RollbackTrans();
throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}"));
}
$this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr'));
$this->response->data(['enabled' => $enabled, 'demoFarm' => $demoFarm, 'envAutoEnabled' => $envAutoEnabled]);
}
private function saveEc2()
{
$pars = array();
$enabled = false;
$envAutoEnabled = false;
$bNew = !$this->env->isPlatformEnabled(SERVER_PLATFORMS::EC2);
if ($this->getParam('ec2_is_enabled')) {
$enabled = true;
$pars[Ec2PlatformModule::ACCOUNT_TYPE] = trim($this->checkVar(Ec2PlatformModule::ACCOUNT_TYPE, 'string', "AWS Account Type required"));
$pars[Ec2PlatformModule::ACCESS_KEY] = trim($this->checkVar(Ec2PlatformModule::ACCESS_KEY, 'string', "AWS Access Key required"));
$pars[Ec2PlatformModule::SECRET_KEY] = trim($this->checkVar(Ec2PlatformModule::SECRET_KEY, 'password', "AWS Access Key required"));
$pars[Ec2PlatformModule::PRIVATE_KEY] = trim($this->checkVar(Ec2PlatformModule::PRIVATE_KEY, 'file'));
$pars[Ec2PlatformModule::CERTIFICATE] = trim($this->checkVar(Ec2PlatformModule::CERTIFICATE, 'file'));
if ($this->getContainer()->analytics->enabled) {
$pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET] = $this->getParam(Ec2PlatformModule::DETAILED_BILLING_BUCKET) ?: null;
$pars[Ec2PlatformModule::DETAILED_BILLING_ENABLED] = 0;
}
// user can mull certificate and private key, check it
if (strpos($pars[Ec2PlatformModule::PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Ec2PlatformModule::CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) {
// swap it
$key = $pars[Ec2PlatformModule::PRIVATE_KEY];
$pars[Ec2PlatformModule::PRIVATE_KEY] = $pars[Ec2PlatformModule::CERTIFICATE];
$pars[Ec2PlatformModule::CERTIFICATE] = $key;
}
if ($pars[Ec2PlatformModule::ACCOUNT_TYPE] == Ec2PlatformModule::ACCOUNT_TYPE_GOV_CLOUD) {
$region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1;
} else {
if ($pars[Ec2PlatformModule::ACCOUNT_TYPE] == Ec2PlatformModule::ACCOUNT_TYPE_CN_CLOUD) {
$region = \Scalr\Service\Aws::REGION_CN_NORTH_1;
} else {
$region = \Scalr\Service\Aws::REGION_US_EAST_1;
}
}
if (!count($this->checkVarError)) {
if ($pars[Ec2PlatformModule::ACCESS_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::ACCESS_KEY) or $pars[Ec2PlatformModule::SECRET_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::SECRET_KEY) or $pars[Ec2PlatformModule::PRIVATE_KEY] != $this->env->getPlatformConfigValue(Ec2PlatformModule::PRIVATE_KEY) or $pars[Ec2PlatformModule::CERTIFICATE] != $this->env->getPlatformConfigValue(Ec2PlatformModule::CERTIFICATE)) {
$aws = $this->env->aws($region, $pars[Ec2PlatformModule::ACCESS_KEY], $pars[Ec2PlatformModule::SECRET_KEY], !empty($pars[Ec2PlatformModule::CERTIFICATE]) ? $pars[Ec2PlatformModule::CERTIFICATE] : null, !empty($pars[Ec2PlatformModule::PRIVATE_KEY]) ? $pars[Ec2PlatformModule::PRIVATE_KEY] : null);
//Validates private key and certificate if they are provided
if (!empty($pars[Ec2PlatformModule::CERTIFICATE]) || !empty($pars[Ec2PlatformModule::PRIVATE_KEY])) {
try {
//SOAP is not supported anymore
//$aws->validateCertificateAndPrivateKey();
} catch (Exception $e) {
throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})"));
}
}
//Validates both access and secret keys
try {
$buckets = $aws->s3->bucket->getList();
} catch (Exception $e) {
throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage()));
}
//Extract AWS Account ID
$pars[Ec2PlatformModule::ACCOUNT_ID] = $aws->getAccountNumber();
try {
if ($this->env->getPlatformConfigValue(Ec2PlatformModule::ACCOUNT_ID) != $pars[Ec2PlatformModule::ACCOUNT_ID]) {
$this->db->Execute("DELETE FROM client_environment_properties WHERE name LIKE 'ec2.vpc.default%' AND env_id = ?", array($this->env->id));
}
} catch (Exception $e) {
}
}
} else {
$this->response->failure();
$this->response->data(array('errors' => $this->checkVarError));
return;
}
}
if ($enabled && $this->getContainer()->analytics->enabled && !empty($pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET])) {
try {
$aws = $this->env->aws($region, $pars[Ec2PlatformModule::ACCESS_KEY], $pars[Ec2PlatformModule::SECRET_KEY]);
$bucketObjects = $aws->s3->bucket->listObjects($pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET]);
$objectName = 'aws-billing-detailed-line-items-with-resources-and-tags';
$objectExists = false;
foreach ($bucketObjects as $bucketObject) {
/* @var $bucketObject Scalr\Service\Aws\S3\DataType\ObjectData */
if (strpos($bucketObject->objectName, $objectName) !== false) {
$pars[Ec2PlatformModule::DETAILED_BILLING_ENABLED] = 1;
$objectExists = true;
break;
}
}
if (!$objectExists) {
$this->response->failure();
$this->response->data(['errors' => [Ec2PlatformModule::DETAILED_BILLING_BUCKET => "Object with name 'aws-billing-detailed-line-items-with-resources-and-tags' does not exist."]]);
return;
}
} catch (Exception $e) {
$this->response->failure();
$this->response->data(['errors' => [Ec2PlatformModule::DETAILED_BILLING_BUCKET => sprintf("Cannot access billing bucket with name %s.", $pars[Ec2PlatformModule::DETAILED_BILLING_BUCKET])]]);
return;
}
}
$this->db->BeginTrans();
try {
$this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled);
if ($enabled) {
$this->env->setPlatformConfig($pars);
if ($this->getContainer()->analytics->enabled && $bNew) {
$this->getContainer()->analytics->notifications->onCloudAdd('ec2', $this->env, $this->user);
}
}
if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
$this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
}
if ($enabled && $this->env->status == Scalr_Environment::STATUS_INACTIVE && $this->env->getPlatformConfigValue('system.auto-disable-reason')) {
// env was inactive due invalid keys for amazon, activate it
$this->env->status = Scalr_Environment::STATUS_ACTIVE;
$this->env->save();
$this->env->setPlatformConfig(['system.auto-disable-reason' => NULL]);
$envAutoEnabled = true;
}
$this->db->CommitTrans();
} catch (Exception $e) {
$this->db->RollbackTrans();
throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}"));
}
$this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr'));
$this->response->data(array('enabled' => $enabled, 'demoFarm' => $demoFarm, 'envAutoEnabled' => $envAutoEnabled));
}
