public function xSetupAction() { if (!($this->user->getType() == Scalr_Account_User::TYPE_ACCOUNT_OWNER || $this->user->isTeamOwnerInEnvironment($this->getEnvironmentId()))) { throw new Scalr_Exception_InsufficientPermissions(); } $env = $this->getEnvironment(); $acc = $this->user->getAccount(); $iam = $env->aws('us-east-1')->iam; //Generates both master and user passwords $masterEmail = \Scalr::config('scalr.cloudyn.master_email'); $userEmail = $acc->getOwner()->getEmail(); $masterPassword = $this->getCrypto()->sault(8); $userPassword = $this->getCrypto()->sault(8); //Gets an user name using naming conventions $awsUsername = sprintf('scalr-cloudyn-%s-%s', $env->id, SCALR_ID); $policyName = sprintf('cloudynpolicy-%s', $env->id); $cyAccountName = sprintf('scalr-aws-account-%s', $env->id); //Read-only AWS policy $policyDocument = '{"Statement":[{"Effect":"Allow","Action":["autoscaling:Describe*","aws-portal:View*","cloudformation:DescribeStacks","cloudformation:DescribeStackEvents","cloudformation:DescribeStackResources","cloudformation:GetTemplate","cloudfront:Get*","cloudfront:List*","cloudwatch:Describe*","cloudwatch:Get*","cloudwatch:List*","dynamodb:DescribeTable","dynamodb:ListTables","ec2:Describe*","elasticache:Describe*","elasticbeanstalk:Check*","elasticbeanstalk:Describe*","elasticbeanstalk:List*","elasticbeanstalk:RequestEnvironmentInfo","elasticbeanstalk:RetrieveEnvironmentInfo","elasticloadbalancing:Describe*","elasticmapreduce:DescribeJobFlows","iam:List*","iam:Get*","route53:Get*","route53:List*","rds:Describe*","rds:List*","s3:List*","s3:GetBucketAcl","s3:GetBucketLocation","s3:GetBucketLogging","s3:GetBucketNotification","s3:GetBucketPolicy","s3:GetBucketRequestPayment","s3:GetBucketVersioning","s3:GetBucketWebsite","s3:GetLifecycleConfiguration","s3:GetObjectAcl","s3:GetObjectTorrent","s3:GetObjectVersion","s3:GetObjectVersionAcl","s3:GetObjectVersionTorrent","s3:GetBucketTagging","sdb:DomainMetadata","sdb:GetAttributes","sdb:ListDomains","ses:Get*","ses:List*","sns:Get*","sns:List*","sqs:Get*","sqs:List*","storagegateway:List*","storagegateway:Describe*"],"Resource":"*"}]}'; $isCloudynEnabled = $acc->getSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED); $isCloudynEnvironmentEnabled = $env->getPlatformConfigValue(Scalr_Environment::SETTING_CLOUDYN_ENABLED); if ($isCloudynEnvironmentEnabled) { throw new RuntimeException('Cloudyn account for this environment has already been enabled.'); } //Creates a new AWS user using IAM try { $awsUser = $iam->user->create($awsUsername); } catch (ClientException $e) { $error = $e->getErrorData(); if ($error->getCode() === ErrorData::ERR_ENTITY_ALREADY_EXISTS) { $awsUser = $iam->user->fetch($awsUsername); try { foreach ($awsUser->listAccessKeys() as $v) { $iam->user->deleteAccessKey($v->accessKeyId, $awsUser->userName); } } catch (\Exception $se) { } try { $awsUser->deletePolicy($policyName); } catch (\Exception $se) { } } else { throw $e; } } //Adds polity to created user $awsUser->putPolicy($policyName, $policyDocument); //Generates new access key for the created user $accessKeyData = $awsUser->createAccessKey(); //This need to avoid error when cloudyn can't access to amazon using generated access key. //Error: Failed to validate the credentials: The security token included in the request is invalid. sleep(8); //Whether cloudyn is enabled for this scalr account. //If not we must register new customer on Cloudyn. if (!$isCloudynEnabled) { //Initializes Cloudyn instance using generated user's credentials $cy = new Cloudyn($userEmail, $userPassword, \Scalr::config('scalr.cloudyn.environment')); $tokens = preg_split("/ +/", trim($this->user->fullname), 2); $userFirstName = !empty($tokens[0]) ? $tokens[0] : 'Unknown'; $userLastName = isset($tokens[1]) ? $tokens[1] : 'Unknown'; //Register new Customer on Cloudyn $cy->registerCustomer($userEmail, $userPassword, $userFirstName, $userLastName, $acc->name, $masterEmail, $masterPassword); $acc->setSetting(Scalr_Account::SETTING_CLOUDYN_ENABLED, 1)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_EMAIL, $masterEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_MASTER_PASSWD, $masterPassword)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_EMAIL, $userEmail)->setSetting(Scalr_Account::SETTING_CLOUDYN_USER_PASSWD, $userPassword); } else { //Initializes Cloudyn instance using existing user's credentials $cy = $env->cloudyn; //We doesn't need to register Customer as he has already registered. } //Login to cloudyn as a created user $cy->login(); //Adds AWS account to cloudyn for the specified environment $result = $cy->addAccount($cyAccountName, $accessKeyData->accessKeyId, $accessKeyData->secretAccessKey, 'AWS'); $cloudynAccountId = $result->accountid; $env->setPlatformConfig(array(Scalr_Environment::SETTING_CLOUDYN_ENABLED => 1, Scalr_Environment::SETTING_CLOUDYN_AWS_ACCESSKEY => $accessKeyData->accessKeyId, Scalr_Environment::SETTING_CLOUDYN_ACCOUNTID => $cloudynAccountId)); //Logout Cloudyn $cy->logout(); $this->response->success('Your account successfully connected to Cloudyn'); $this->response->data($this->getContent()); }