/**
* @test
* @functional
*/
public function testFunctionalServiceActions()
{
$cy = new Cloudyn('', '', \Scalr::config('scalr.cloudyn.environment'));
$version = $cy->getVersion();
$this->assertNotEmpty($version);
$res = $cy->checkStatus();
$this->assertTrue($res);
$countries = $cy->countries();
$this->assertArrayHasKey('US', $countries);
}
public function xSetupAction()
{
if (!($this->user->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $this->user->isTeamOwnerInEnvironment($this->getEnvironmentId()))) {
throw new Scalr_Exception_InsufficientPermissions();
}
$env = $this->getEnvironment();
$acc = $this->user->getAccount();
$iam = $env->aws('us-east-1')->iam;
//Generates both master and user passwords
$masterEmail = \Scalr::config('scalr.cloudyn.master_email');
$userEmail = $acc->getOwner()->getEmail();
$masterPassword = $this->getCrypto()->sault(8);
$userPassword = $this->getCrypto()->sault(8);
//Gets an user name using naming conventions
$awsUsername = sprintf('scalr-cloudyn-%s-%s', $env->id, SCALR_ID);
$policyName = sprintf('cloudynpolicy-%s', $env->id);
$cyAccountName = sprintf('scalr-aws-account-%s', $env->id);
//Read-only AWS policy
$policyDocument = '{"Statement":[{"Effect":"Allow","Action":["autoscaling:Describe*","aws-portal:View*","cloudformation:DescribeStacks","cloudformation:DescribeStackEvents","cloudformation:DescribeStackResources","cloudformation:GetTemplate","cloudfront:Get*","cloudfront:List*","cloudwatch:Describe*","cloudwatch:Get*","cloudwatch:List*","dynamodb:DescribeTable","dynamodb:ListTables","ec2:Describe*","elasticache:Describe*","elasticbeanstalk:Check*","elasticbeanstalk:Describe*","elasticbeanstalk:List*","elasticbeanstalk:RequestEnvironmentInfo","elasticbeanstalk:RetrieveEnvironmentInfo","elasticloadbalancing:Describe*","elasticmapreduce:DescribeJobFlows","iam:List*","iam:Get*","route53:Get*","route53:List*","rds:Describe*","rds:List*","s3:List*","s3:GetBucketAcl","s3:GetBucketLocation","s3:GetBucketLogging","s3:GetBucketNotification","s3:GetBucketPolicy","s3:GetBucketRequestPayment","s3:GetBucketVersioning","s3:GetBucketWebsite","s3:GetLifecycleConfiguration","s3:GetObjectAcl","s3:GetObjectTorrent","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:GetObjectVersionTorrent","s3:GetBucketTagging","sdb:DomainMetadata","sdb:GetAttributes","sdb:ListDomains","ses:Get*","ses:List*","sns:Get*","sns:List*","sqs:Get*","sqs:List*","storagegateway:List*","storagegateway:Describe*"],"Resource":"*"}]}';
$isCloudynEnabled = $acc->getSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED);
$isCloudynEnvironmentEnabled = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CLOUDYN_ENABLED);
if ($isCloudynEnvironmentEnabled) {
throw new RuntimeException('Cloudyn account for this environment has already been enabled.');
}
//Creates a new AWS user using IAM
try {
$awsUser = $iam->user->create($awsUsername);
} catch (ClientException $e) {
$error = $e->getErrorData();
if ($error->getCode() === ErrorData::ERR_ENTITY_ALREADY_EXISTS) {
$awsUser = $iam->user->fetch($awsUsername);
try {
foreach ($awsUser->listAccessKeys() as $v) {
$iam->user->deleteAccessKey($v->accessKeyId, $awsUser->userName);
}
} catch (\Exception $se) {
}
try {
$awsUser->deletePolicy($policyName);
} catch (\Exception $se) {
}
} else {
throw $e;
}
}
//Adds polity to created user
$awsUser->putPolicy($policyName, $policyDocument);
//Generates new access key for the created user
$accessKeyData = $awsUser->createAccessKey();
//This need to avoid error when cloudyn can't access to amazon using generated access key.
//Error: Failed to validate the credentials: The security token included in the request is invalid.
sleep(8);
//Whether cloudyn is enabled for this scalr account.
//If not we must register new customer on Cloudyn.
if (!$isCloudynEnabled) {
//Initializes Cloudyn instance using generated user's credentials
$cy = new Cloudyn($userEmail, $userPassword, \Scalr::config('scalr.cloudyn.environment'));
$tokens = preg_split("/ +/", trim($this->user->fullname), 2);
$userFirstName = !empty($tokens[0]) ? $tokens[0] : 'Unknown';
$userLastName = isset($tokens[1]) ? $tokens[1] : 'Unknown';
//Register new Customer on Cloudyn
$cy->registerCustomer($userEmail, $userPassword, $userFirstName, $userLastName, $acc->name, $masterEmail, $masterPassword);
$acc->setSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED, 1)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_EMAIL, $masterEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_PASSWD, $masterPassword)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_EMAIL, $userEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_PASSWD, $userPassword);
} else {
//Initializes Cloudyn instance using existing user's credentials
$cy = $env->cloudyn;
//We doesn't need to register Customer as he has already registered.
}
//Login to cloudyn as a created user
$cy->login();
//Adds AWS account to cloudyn for the specified environment
$result = $cy->addAccount($cyAccountName, $accessKeyData->accessKeyId, $accessKeyData->secretAccessKey, 'AWS');
$cloudynAccountId = $result->accountid;
$env->setPlatformConfig(array(Scalr_Environment::SETTING_CLOUDYN_ENABLED => 1, Scalr_Environment::SETTING_CLOUDYN_AWS_ACCESSKEY => $accessKeyData->accessKeyId, Scalr_Environment::SETTING_CLOUDYN_ACCOUNTID => $cloudynAccountId));
//Logout Cloudyn
$cy->logout();
$this->response->success('Your account successfully connected to Cloudyn');
$this->response->data($this->getContent());
}
/**
* @test
*/
public function testFunctionalIam()
{
$this->markTestSkipped();
//This test is disabled because it causes error with different environments
return;
$policyDocument = '{"Statement":[{"Effect":"Allow","Action":["autoscaling:Describe*","aws-portal:View*","cloudformation:DescribeStacks","cloudformation:DescribeStackEvents","cloudformation:DescribeStackResources","cloudformation:GetTemplate","cloudfront:Get*","cloudfront:List*","cloudwatch:Describe*","cloudwatch:Get*","cloudwatch:List*","dynamodb:DescribeTable","dynamodb:ListTables","ec2:Describe*","elasticache:Describe*","elasticbeanstalk:Check*","elasticbeanstalk:Describe*","elasticbeanstalk:List*","elasticbeanstalk:RequestEnvironmentInfo","elasticbeanstalk:RetrieveEnvironmentInfo","elasticloadbalancing:Describe*","elasticmapreduce:DescribeJobFlows","iam:List*","iam:Get*","route53:Get*","route53:List*","rds:Describe*","rds:List*","s3:List*","s3:GetBucketAcl","s3:GetBucketLocation","s3:GetBucketLogging","s3:GetBucketNotification","s3:GetBucketPolicy","s3:GetBucketRequestPayment","s3:GetBucketVersioning","s3:GetBucketWebsite","s3:GetLifecycleConfiguration","s3:GetObjectAcl","s3:GetObjectTorrent","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:GetObjectVersionTorrent","s3:GetBucketTagging","sdb:DomainMetadata","sdb:GetAttributes","sdb:ListDomains","ses:Get*","ses:List*","sns:Get*","sns:List*","sqs:Get*","sqs:List*","storagegateway:List*","storagegateway:Describe*"],"Resource":"*"}]}';
$testusername = '******';
$userpassword = '';
//It sets $userpassword value
eval(gzinflate(base64_decode("DcvHcqMwAADQf8nJHh+MKILMnkIJYMBgig1cdigCUYIpiihfv/vuD9GsP9VHM1R9RtApzxYE+b8lKt4lOn3kqUoyyV" . "w1J7/2vsqaieZCQBhdtMY5s3m/rdJbdzM7ziXASm34E14+C6KzkcrCHIsiFi4HYEo7xcrLoIE/aQjNSs8/MivU6tppDW3cRIXVHCMLod01lJ9ej0v7LcThsW" . "ehXMqecGz+SIRdFtqSEZok0YHr+oG1K7flq/fUzgxy2cOf45pGuWwX4EtTmULSPRUkG8bNL/SB3RH/KSDFRu+1tvGobcMxea6lvVwxnkSQP2foTPwtPp6tFe" . "+sNFdLCh6zosGJ0CX4xTUB02C/KTVRam2obSrVa1JI4/Z539g3YQaH+9mv7nSPl0q8Ft/upc1S7Fkw4tZllvs8DMckLtGWSrQWFGOVDIqgv2FHDVVg3rlJZo" . "y8GvX/m03icOCqKF6DiJkX+nE+n//8Aw==")));
try {
$user = $this->iam->user->create($testusername);
} catch (ClientException $e) {
$error = $e->getErrorData();
if ($error->getCode() === ErrorData::ERR_ENTITY_ALREADY_EXISTS) {
$user = $this->iam->user->fetch($testusername);
} else {
throw $e;
}
}
$this->assertInstanceOf(self::CLASS_IAM_USER_DATA, $user);
$this->assertInstanceOf(self::CLASS_IAM, $user->getIam());
$this->assertNotEmpty($user->arn);
try {
$accessKey = $this->iam->user->createAccessKey($testusername);
$this->assertInstanceOf(self::CLASS_IAM_ACCESS_KEY_DATA, $accessKey);
$this->assertInstanceOf(self::CLASS_IAM, $accessKey->getIam());
$this->assertNotEmpty($accessKey->accessKeyId);
$res = $user->putPolicy('test-policy-name', $policyDocument);
$this->assertTrue($res);
$policy = $user->getPolicy('test-policy-name');
$this->assertEquals($policyDocument, $policy);
//This need to avoid error when cloudyn can't access to amazon using generated access key.
//Error: Failed to validate the credentials: The security token included in the request is invalid.
sleep(5);
//Start cloudyn integration test
// $cloudyn = new Cloudyn(null, null, \Scalr::config('scalr.cloudyn.environment'));
// $cyUser = $cloudyn->registerCustomer('*****@*****.**', $userpassword, 'test', 'phpunit', 'scalr', \Scalr::config('scalr.cloudyn.master_email'), $userpassword);
// $this->assertInstanceOf('stdClass', $cyUser);
// $this->assertNotEmpty($cyUser->customerid);
$cy = new Cloudyn('*****@*****.**', $userpassword, \Scalr::config('scalr.cloudyn.environment'));
//This is necessary for removing an existing aws account from another cloydyn user.
// $acc = \Scalr_Account::init()->loadById($this->getContainer()->environment->clientId);
// $cy = new Cloudyn(
// $acc->getSetting(\Scalr_Account::SETTING_CLOUDYN_USER_EMAIL),
// $acc->getSetting(\Scalr_Account::SETTING_CLOUDYN_USER_PASSWD),
// \Scalr::config('scalr.cloudyn.environment')
// );
$cy->login();
$this->assertNotEmpty($cy->getToken());
$cyAcc = $cy->addAccount('my-account', $accessKey->accessKeyId, $accessKey->secretAccessKey, 'AWS');
$this->assertInstanceOf('stdClass', $cyAcc);
$list = $cy->getAccounts();
$this->assertNotEmpty($list->accounts);
$cy->welcome();
foreach ($list->accounts as $cyAccount) {
$res = $cy->deleteAccount($cyAccount->accountid);
$this->assertInstanceOf('stdClass', $res);
}
$list = $cy->getAccounts();
$this->assertEmpty($list->accounts);
$cy->logout();
$this->assertNull($cy->getToken());
//end of cloudyn integration test
$res = $user->deletePolicy('test-policy-name');
$this->assertTrue($res);
$res = $accessKey->delete();
$this->assertTrue($res);
$res = $user->delete();
$this->assertTrue($res);
$this->assertNull($this->iam->user->get($testusername));
} catch (\Exception $e) {
try {
$listAccessKeys = $user->listAccessKeys();
foreach ($listAccessKeys as $accessKey) {
$this->iam->user->deleteAccessKey($accessKey->accessKeyId, $user->userName);
}
} catch (\Exception $se) {
}
try {
$user->deletePolicy('test-policy-name');
} catch (\Exception $se) {
}
$user->delete();
throw $e;
}
try {
//Verifies that user is removed.
$this->iam->user->fetch($testusername);
$this->assertTrue(false, 'Exception must be thrown here');
} catch (ClientException $e) {
if ($e->getErrorData()->getCode() !== ErrorData::ERR_NO_SUCH_ENTITY) {
throw $e;
}
}
}