/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*
* @throws ApiErrorException
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
$ccProps[Entity\CloudCredentialsProperty::GCE_ACCESS_TOKEN] = "";
try {
$client = new \Google_Client();
$client->setApplicationName("Scalr GCE");
$client->setScopes(['https://www.googleapis.com/auth/compute']);
$key = base64_decode($ccProps[Entity\CloudCredentialsProperty::GCE_KEY]);
// If it's not a json key we need to convert PKCS12 to PEM
if (!$ccProps[Entity\CloudCredentialsProperty::GCE_JSON_KEY]) {
@openssl_pkcs12_read($key, $certs, 'notasecret');
$key = $certs['pkey'];
}
$client->setAuthConfig(['type' => 'service_account', 'project_id' => $ccProps[Entity\CloudCredentialsProperty::GCE_PROJECT_ID], 'private_key' => $key, 'client_email' => $ccProps[Entity\CloudCredentialsProperty::GCE_SERVICE_ACCOUNT_NAME], 'client_id' => $ccProps[Entity\CloudCredentialsProperty::GCE_CLIENT_ID]]);
$client->setClientId($ccProps[Entity\CloudCredentialsProperty::GCE_CLIENT_ID]);
$gce = new \Google_Service_Compute($client);
$gce->zones->listZones($ccProps[Entity\CloudCredentialsProperty::GCE_PROJECT_ID]);
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Provided GCE credentials are incorrect: ({$e->getMessage()})");
}
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
}
}
/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*
* @throws ApiErrorException
* @throws Exception
* @throws Scalr\Service\Aws\Client\ClientException
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
if (empty($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, "Missed property accountType");
}
if (!in_array($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE], [Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_REGULAR, Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD, Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Unexpected account type {$ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE]}");
}
switch ($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE]) {
case Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD:
$region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1;
break;
case Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD:
$region = \Scalr\Service\Aws::REGION_CN_NORTH_1;
break;
default:
$region = \Scalr\Service\Aws::REGION_US_EAST_1;
break;
}
if (empty($ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, "Missed property secretKey");
}
//Validates both access and secret keys
try {
$aws = $this->controller->getContainer()->aws($region, $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
$aws->s3->bucket->getList();
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Failed to verify your AWS Cloud Credentials: {$e->getMessage()}");
}
//Extract AWS Account ID
$awsAccountId = $aws->getAccountNumber();
if (($prevAwsAccountId = $prevCcProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) && $awsAccountId != $prevAwsAccountId && $prevConfig->isUsed()) {
throw new ApiErrorException(400, ErrorMessage::ERR_OBJECT_IN_USE, "Change AWS Account ID aren't possible while this cloud credentials is in use");
}
$ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $awsAccountId;
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
if ($ccProps[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED]) {
$this->controller->adapter('awsDetailedBilling')->validateEntity($entity);
}
}
}
/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
if (empty($ccProps[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Missed property keystoneUrl");
}
/* @var $config Yaml */
$config = $this->controller->getContainer()->config;
if ($config->defined("scalr.{$entity->cloud}.use_proxy") && $config("scalr.{$entity->cloud}.use_proxy") && in_array($config('scalr.connections.proxy.use_on'), ['both', 'scalr'])) {
$proxySettings = $config('scalr.connections.proxy');
} else {
$proxySettings = null;
}
try {
$os = new OpenStack(new OpenStackConfig($ccProps[Entity\CloudCredentialsProperty::OPENSTACK_USERNAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL], 'fake-region', $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY], null, null, $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION], $proxySettings));
//It throws an exception on failure
$zones = $os->listZones();
$zone = array_shift($zones);
$os = new OpenStack(new OpenStackConfig($ccProps[Entity\CloudCredentialsProperty::OPENSTACK_USERNAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_KEYSTONE_URL], $zone->name, $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_API_KEY], null, null, $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_PASSWORD], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_TENANT_NAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_DOMAIN_NAME], $ccProps[Entity\CloudCredentialsProperty::OPENSTACK_IDENTITY_VERSION], $proxySettings));
// Check SG Extension
$ccProps[Entity\CloudCredentialsProperty::OPENSTACK_EXT_SECURITYGROUPS_ENABLED] = (int) $os->servers->isExtensionSupported(ServersExtension::securityGroups());
// Check Floating Ips Extension
$ccProps[Entity\CloudCredentialsProperty::OPENSTACK_EXT_FLOATING_IPS_ENABLED] = (int) $os->servers->isExtensionSupported(ServersExtension::floatingIps());
// Check Cinder Extension
$ccProps[Entity\CloudCredentialsProperty::OPENSTACK_EXT_CINDER_ENABLED] = (int) $os->hasService('volume');
// Check Swift Extension
$ccProps[Entity\CloudCredentialsProperty::OPENSTACK_EXT_SWIFT_ENABLED] = (int) $os->hasService('object-store');
// Check LBaas Extension
$ccProps[Entity\CloudCredentialsProperty::OPENSTACK_EXT_LBAAS_ENABLED] = !in_array($entity->cloud, array(SERVER_PLATFORMS::RACKSPACENG_US, SERVER_PLATFORMS::RACKSPACENG_UK)) && $os->hasService('network') ? (int) $os->network->isExtensionSupported('lbaas') : 0;
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Failed to verify your Openstack credentials: {$e->getMessage()}");
}
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
}
}
/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*
* @throws ApiErrorException
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
$ccProps[Entity\CloudCredentialsProperty::GCE_ACCESS_TOKEN] = "";
try {
$client = new \Google_Client();
$client->setApplicationName("Scalr GCE");
$client->setScopes(['https://www.googleapis.com/auth/compute']);
$key = base64_decode($ccProps[Entity\CloudCredentialsProperty::GCE_KEY]);
$client->setAssertionCredentials(new \Google_Auth_AssertionCredentials($ccProps[Entity\CloudCredentialsProperty::GCE_SERVICE_ACCOUNT_NAME], array('https://www.googleapis.com/auth/compute'), $key, $ccProps[Entity\CloudCredentialsProperty::GCE_JSON_KEY] ? null : 'notasecret'));
//$client->setUseObjects(true);
$client->setClientId($ccProps[Entity\CloudCredentialsProperty::GCE_CLIENT_ID]);
$gce = new \Google_Service_Compute($client);
$gce->zones->listZones($ccProps[Entity\CloudCredentialsProperty::GCE_PROJECT_ID]);
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Provided GCE credentials are incorrect: ({$e->getMessage()})");
}
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
}
}
/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*
* @throws ApiErrorException
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
try {
$cs = new CloudStack($ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_API_URL], $ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_API_KEY], $ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_SECRET_KEY], $entity->cloud);
$listAccountsData = new ListAccountsData();
$listAccountsData->listall = true;
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Failed to verify your Cloudstack credentials: {$e->getMessage()}");
}
if (!$this->searchCloudstackUser($cs->listAccounts($listAccountsData), $ccProps)) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Cannot determine account name for provided keys");
}
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
}
}
/**
* @param Entity\CloudCredentials $entity
* @param Entity\CloudCredentials $prevConfig
*
* @throws ApiErrorException
*/
public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
try {
$cs = new CloudStack($ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_API_URL], $ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_API_KEY], $ccProps[Entity\CloudCredentialsProperty::CLOUDSTACK_SECRET_KEY], $entity->cloud);
$listAccountsData = new ListAccountsData();
$listAccountsData->listall = true;
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Failed to verify your Cloudstack credentials: {$e->getMessage()}");
}
/* @var $config Yaml */
$config = $this->controller->getContainer()->config;
if ($config->defined("scalr.{$entity->cloud}.use_proxy") && $config("scalr.{$entity->cloud}.use_proxy") && in_array($config('scalr.connections.proxy.use_on'), ['both', 'scalr'])) {
$proxySettings = $config('scalr.connections.proxy');
$cs->setProxy($proxySettings['host'], $proxySettings['port'], $proxySettings['user'], $proxySettings['pass'], $proxySettings['type'], $proxySettings['authtype']);
}
if (!$this->searchCloudstackUser($cs->listAccounts($listAccountsData), $ccProps)) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Cannot determine account name for provided keys");
}
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
}
}
