github.com/altoros/juju-vmware@v0.0.0-20150312064031-f19ae857ccca/provider/ec2/config.go (about) 1 // Copyright 2011, 2012, 2013 Canonical Ltd. 2 // Licensed under the AGPLv3, see LICENCE file for details. 3 4 package ec2 5 6 import ( 7 "fmt" 8 9 "github.com/juju/schema" 10 "gopkg.in/amz.v2/aws" 11 12 "github.com/juju/juju/environs/config" 13 ) 14 15 const boilerplateConfig = ` 16 # https://juju.ubuntu.com/docs/config-aws.html 17 amazon: 18 type: ec2 19 20 # region specifies the EC2 region. It defaults to us-east-1. 21 # 22 # region: us-east-1 23 24 # access-key holds the EC2 access key. It defaults to the 25 # environment variable AWS_ACCESS_KEY_ID. 26 # 27 # access-key: <secret> 28 29 # secret-key holds the EC2 secret key. It defaults to the 30 # environment variable AWS_SECRET_ACCESS_KEY. 31 # 32 # secret-key: <secret> 33 34 # image-stream chooses a simplestreams stream from which to select 35 # OS images, for example daily or released images (or any other stream 36 # available on simplestreams). 37 # 38 # image-stream: "released" 39 40 # agent-stream chooses a simplestreams stream from which to select tools, 41 # for example released or proposed tools (or any other stream available 42 # on simplestreams). 43 # 44 # agent-stream: "released" 45 46 # Whether or not to refresh the list of available updates for an 47 # OS. The default option of true is recommended for use in 48 # production systems, but disabling this can speed up local 49 # deployments for development or testing. 50 # 51 # enable-os-refresh-update: true 52 53 # Whether or not to perform OS upgrades when machines are 54 # provisioned. The default option of true is recommended for use 55 # in production systems, but disabling this can speed up local 56 # deployments for development or testing. 57 # 58 # enable-os-upgrade: true 59 60 ` 61 62 var configFields = schema.Fields{ 63 "access-key": schema.String(), 64 "secret-key": schema.String(), 65 "region": schema.String(), 66 "control-bucket": schema.String(), 67 } 68 69 var configDefaults = schema.Defaults{ 70 "access-key": "", 71 "secret-key": "", 72 "region": "us-east-1", 73 } 74 75 type environConfig struct { 76 *config.Config 77 attrs map[string]interface{} 78 } 79 80 func (c *environConfig) region() string { 81 return c.attrs["region"].(string) 82 } 83 84 func (c *environConfig) controlBucket() string { 85 return c.attrs["control-bucket"].(string) 86 } 87 88 func (c *environConfig) accessKey() string { 89 return c.attrs["access-key"].(string) 90 } 91 92 func (c *environConfig) secretKey() string { 93 return c.attrs["secret-key"].(string) 94 } 95 96 func (p environProvider) newConfig(cfg *config.Config) (*environConfig, error) { 97 valid, err := p.Validate(cfg, nil) 98 if err != nil { 99 return nil, err 100 } 101 return &environConfig{valid, valid.UnknownAttrs()}, nil 102 } 103 104 func validateConfig(cfg, old *config.Config) (*environConfig, error) { 105 // Check for valid changes for the base config values. 106 if err := config.Validate(cfg, old); err != nil { 107 return nil, err 108 } 109 validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults) 110 if err != nil { 111 return nil, err 112 } 113 ecfg := &environConfig{cfg, validated} 114 115 if ecfg.accessKey() == "" || ecfg.secretKey() == "" { 116 auth, err := aws.EnvAuth() 117 if err != nil || ecfg.accessKey() != "" || ecfg.secretKey() != "" { 118 return nil, fmt.Errorf("environment has no access-key or secret-key") 119 } 120 ecfg.attrs["access-key"] = auth.AccessKey 121 ecfg.attrs["secret-key"] = auth.SecretKey 122 } 123 if _, ok := aws.Regions[ecfg.region()]; !ok { 124 return nil, fmt.Errorf("invalid region name %q", ecfg.region()) 125 } 126 127 if old != nil { 128 attrs := old.UnknownAttrs() 129 if region, _ := attrs["region"].(string); ecfg.region() != region { 130 return nil, fmt.Errorf("cannot change region from %q to %q", region, ecfg.region()) 131 } 132 if bucket, _ := attrs["control-bucket"].(string); ecfg.controlBucket() != bucket { 133 return nil, fmt.Errorf("cannot change control-bucket from %q to %q", bucket, ecfg.controlBucket()) 134 } 135 } 136 137 // ssl-hostname-verification cannot be disabled 138 if !ecfg.SSLHostnameVerification() { 139 return nil, fmt.Errorf("disabling ssh-hostname-verification is not supported") 140 } 141 return ecfg, nil 142 }