Scalr_Environment::aws PHP Method

Scalr_Environment Class Documentation Usage Examples Of Scalr_Environment::aws Show file Open project: scalr/scalr

aws() public method

This method ensures that aws instance is always from the current environment scope.
public aws ( string | DBServer | DBFarmRole | DBEBSVolume $awsRegion = null, string $awsAccessKeyId = null, string $awsSecretAccessKey = null, string $certificate = null, string $privateKey = null ) : Aws
$awsRegion string | DBServer | DBFarmRole | DBEBSVolume optional The region or object which has both Scalr_Environment instance and cloud location itself
$awsAccessKeyId string optional The AccessKeyId
$awsSecretAccessKey string optional The SecretAccessKey
$certificate string optional Contains x.509 certificate
$privateKey string optional The private key for the certificate
return Scalr\Service\Aws Returns Aws instance 
    public function aws($awsRegion = null, $awsAccessKeyId = null, $awsSecretAccessKey = null, $certificate = null, $privateKey = null)
    {
        $arguments = func_get_args();
        if (count($arguments) <= 1) {
            $arguments[0] = isset($arguments[0]) ? $arguments[0] : null;
            //Adds Scalr_Environment as second parameter
            $arguments[1] = $this;
        }
        //Retrieves an instance from the DI container
        return $this->__call('aws', $arguments);
    }

Usage Example

Example #1
0
 private function saveEc2()
 {
     $pars = [];
     $enabled = false;
     $envAutoEnabled = false;
     $bNew = !$this->env->isPlatformEnabled(SERVER_PLATFORMS::EC2);
     $currentCloudCredentials = $this->env->keychain(SERVER_PLATFORMS::EC2);
     $ccProps = $currentCloudCredentials->properties;
     if ($this->getParam('ec2_is_enabled')) {
         $enabled = true;
         $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE, 'string', "AWS Account Type required", SERVER_PLATFORMS::EC2));
         $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_ACCESS_KEY, 'string', "AWS Access Key required", SERVER_PLATFORMS::EC2));
         $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] = trim($this->checkVar(Entity\CloudCredentialsProperty::AWS_SECRET_KEY, 'password', "AWS Access Key required", SERVER_PLATFORMS::EC2));
         $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY, 'file', '', SERVER_PLATFORMS::EC2);
         $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_CERTIFICATE, 'file', '', SERVER_PLATFORMS::EC2);
         if ($this->getContainer()->analytics->enabled) {
             $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED, 'bool', '', SERVER_PLATFORMS::EC2);
             if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED])) {
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET, 'string', "Detailed billing bucket name is required", SERVER_PLATFORMS::EC2);
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = $this->checkVar2(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT, 'string', '', SERVER_PLATFORMS::EC2);
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $this->checkVar(Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION, 'string', "Aws region is required", SERVER_PLATFORMS::EC2);
             } else {
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET] = false;
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT] = false;
                 $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = false;
             }
         }
         // user can mull certificate and private key, check it
         if (strpos($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY], 'BEGIN CERTIFICATE') !== FALSE && strpos($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE], 'BEGIN PRIVATE KEY') !== FALSE) {
             // swap it
             $key = $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY];
             $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] = $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE];
             $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] = $key;
         }
         if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD) {
             $region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1;
         } else {
             if ($pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE] == Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD) {
                 $region = \Scalr\Service\Aws::REGION_CN_NORTH_1;
             } else {
                 $region = \Scalr\Service\Aws::REGION_US_EAST_1;
             }
         }
         if (!count($this->checkVarError)) {
             if ($pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] != $ccProps[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] or $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] != $ccProps[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) {
                 $aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
                 //Validates private key and certificate if they are provided
                 if (!empty($pars[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) || !empty($pars[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY])) {
                     try {
                         //SOAP is not supported anymore
                         //$aws->validateCertificateAndPrivateKey();
                     } catch (Exception $e) {
                         throw new Exception(_("Incorrect format of X.509 certificate or private key. Make sure that you are using files downloaded from AWS profile. ({$e->getMessage()})"));
                     }
                 }
                 //Validates both access and secret keys
                 try {
                     $buckets = $aws->s3->bucket->getList();
                 } catch (Exception $e) {
                     throw new Exception(sprintf(_("Failed to verify your EC2 access key and secret key: %s"), $e->getMessage()));
                 }
                 //Extract AWS Account ID
                 $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $aws->getAccountNumber();
                 try {
                     if ($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] != $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) {
                         $this->db->Execute("DELETE FROM client_environment_properties WHERE name LIKE 'ec2.vpc.default%' AND env_id = ?", [$this->env->id]);
                     }
                 } catch (Exception $e) {
                 }
             } else {
                 $pars[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID];
             }
         } else {
             $this->response->failure();
             $this->response->data(['errors' => $this->checkVarError]);
             return;
         }
     }
     if ($enabled && $this->getContainer()->analytics->enabled && !empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET])) {
         try {
             $region = $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION];
             $aws = $this->env->aws($region, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
             if (!empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) && $aws->getAccountNumber() != $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) {
                 $payerCredentials = $this->getUser()->getAccount()->cloudCredentialsList([SERVER_PLATFORMS::EC2], [], [Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID => [['value' => $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]]]]);
                 if (count($payerCredentials) == 0) {
                     throw new Exception("Payer account not found!");
                 }
                 $payerCredentials = $payerCredentials->current();
                 $aws = $this->env->aws($region, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
             }
             try {
                 $bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]);
             } catch (ClientException $e) {
                 if ($e->getErrorData() && $e->getErrorData()->getCode() == ErrorData::ERR_AUTHORIZATION_HEADER_MALFORMED && preg_match("/expecting\\s+'(.+?)'/", $e->getMessage(), $matches) && in_array($matches[1], Aws::getCloudLocations())) {
                     $expectingRegion = $matches[1];
                     if (isset($payerCredentials)) {
                         $aws = $this->env->aws($expectingRegion, $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_SECRET_KEY], !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_CERTIFICATE] : null, !empty($payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY]) ? $payerCredentials->properties[Entity\CloudCredentialsProperty::AWS_PRIVATE_KEY] : null);
                     } else {
                         $aws = $this->env->aws($expectingRegion, $pars[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $pars[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
                     }
                     $bucketObjects = $aws->s3->bucket->listObjects($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET]);
                     $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_REGION] = $expectingRegion;
                 } else {
                     throw $e;
                 }
             }
             $objectName = (empty($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]) ? '' : "{$pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT]}-") . 'aws-billing-detailed-line-items-with-resources-and-tags';
             $objectExists = false;
             $bucketObjectName = null;
             foreach ($bucketObjects as $bucketObject) {
                 /* @var $bucketObject Scalr\Service\Aws\S3\DataType\ObjectData */
                 if (strpos($bucketObject->objectName, $objectName) !== false) {
                     $bucketObjectName = $bucketObject->objectName;
                     $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED] = 1;
                     $objectExists = true;
                     break;
                 }
             }
             if (!$objectExists) {
                 $this->response->failure();
                 $this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_PAYER_ACCOUNT => "Object with name '{$objectName}' does not exist."]]);
                 return;
             }
             $aws->s3->object->getMetadata($pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $bucketObjectName);
         } catch (Exception $e) {
             $this->response->failure();
             $this->response->data(['errors' => [Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET => sprintf("Cannot access billing bucket with name %s. Error: %s", $pars[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_BUCKET], $e->getMessage())]]);
             return;
         }
     }
     $this->db->BeginTrans();
     try {
         $this->env->enablePlatform(SERVER_PLATFORMS::EC2, $enabled);
         if ($enabled) {
             $this->makeCloudCredentials(SERVER_PLATFORMS::EC2, $pars);
             if ($this->getContainer()->analytics->enabled && $bNew) {
                 $this->getContainer()->analytics->notifications->onCloudAdd('ec2', $this->env, $this->user);
             }
         }
         if (!$this->user->getAccount()->getSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED)) {
             $this->user->getAccount()->setSetting(Scalr_Account::SETTING_DATE_ENV_CONFIGURED, time());
         }
         //TODO: cloud suspension info must work with cloud credentials
         if ($enabled && $this->env->status == Scalr_Environment::STATUS_INACTIVE && $this->env->getPlatformConfigValue('system.auto-disable-reason')) {
             // env was inactive due invalid keys for amazon, activate it
             $this->env->status = Scalr_Environment::STATUS_ACTIVE;
             $this->env->save();
             $this->env->setPlatformConfig(['system.auto-disable-reason' => NULL]);
             $envAutoEnabled = true;
         }
         $this->db->CommitTrans();
     } catch (Exception $e) {
         $this->db->RollbackTrans();
         throw new Exception(_("Failed to save AWS settings: {$e->getMessage()}"));
     }
     $this->response->success('Cloud credentials have been ' . ($enabled ? 'saved' : 'removed from Scalr'));
     $this->response->data(['enabled' => $enabled, 'demoFarm' => $demoFarm, 'envAutoEnabled' => $envAutoEnabled]);
 }
All Usage Examples Of Scalr_Environment::aws
Scalr_Environment
__call
__get
addTeam
applyGlobalVarsToValue
aws
azure
clearTeams
cloudCredentialsList
cloudstack
create
decryptValue
delete
enablePlatform
encryptValue
get
getAccountId
getAwsTags
getEnabledPlatforms
getEncryptedVariables
getFarmsCount
getFullConfiguration
getLinkedVariables
getLocations
getPlatformConfigValue
getRunningServersCount
getTeams
init
isPlatformEnabled
keychain
loadDefault
openstack
removeTeam
save
setPlatformConfig