public function validateEntity($entity, $prevConfig = null)
{
parent::validateEntity($entity, $prevConfig);
$ccProps = $entity->properties;
$prevCcProps = isset($prevConfig) ? $prevConfig->properties : null;
if ($this->needValidation($ccProps, $prevCcProps)) {
if (empty($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, "Missed property accountType");
}
if (!in_array($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE], [Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_REGULAR, Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD, Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Unexpected account type {$ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE]}");
}
switch ($ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE]) {
case Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_GOV_CLOUD:
$region = \Scalr\Service\Aws::REGION_US_GOV_WEST_1;
break;
case Entity\CloudCredentialsProperty::AWS_ACCOUNT_TYPE_CN_CLOUD:
$region = \Scalr\Service\Aws::REGION_CN_NORTH_1;
break;
default:
$region = \Scalr\Service\Aws::REGION_US_EAST_1;
break;
}
if (empty($ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY])) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_STRUCTURE, "Missed property secretKey");
}
//Validates both access and secret keys
try {
$aws = $this->controller->getContainer()->aws($region, $ccProps[Entity\CloudCredentialsProperty::AWS_ACCESS_KEY], $ccProps[Entity\CloudCredentialsProperty::AWS_SECRET_KEY]);
$aws->s3->bucket->getList();
} catch (Exception $e) {
throw new ApiErrorException(400, ErrorMessage::ERR_INVALID_VALUE, "Failed to verify your AWS Cloud Credentials: {$e->getMessage()}");
}
//Extract AWS Account ID
$awsAccountId = $aws->getAccountNumber();
if (($prevAwsAccountId = $prevCcProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID]) && $awsAccountId != $prevAwsAccountId && $prevConfig->isUsed()) {
throw new ApiErrorException(400, ErrorMessage::ERR_OBJECT_IN_USE, "Change AWS Account ID aren't possible while this cloud credentials is in use");
}
$ccProps[Entity\CloudCredentialsProperty::AWS_ACCOUNT_ID] = $awsAccountId;
$entity->status = Entity\CloudCredentials::STATUS_ENABLED;
if ($ccProps[Entity\CloudCredentialsProperty::AWS_DETAILED_BILLING_ENABLED]) {
$this->controller->adapter('awsDetailedBilling')->validateEntity($entity);
}
}
}