-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig.go
142 lines (117 loc) · 3.94 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
// Copyright 2011, 2012, 2013 Canonical Ltd.
// Licensed under the AGPLv3, see LICENCE file for details.
package ec2
import (
"fmt"
"github.com/juju/schema"
"gopkg.in/amz.v2/aws"
"github.com/juju/juju/environs/config"
)
const boilerplateConfig = `
# https://juju.ubuntu.com/docs/config-aws.html
amazon:
type: ec2
# region specifies the EC2 region. It defaults to us-east-1.
#
# region: us-east-1
# access-key holds the EC2 access key. It defaults to the
# environment variable AWS_ACCESS_KEY_ID.
#
# access-key: <secret>
# secret-key holds the EC2 secret key. It defaults to the
# environment variable AWS_SECRET_ACCESS_KEY.
#
# secret-key: <secret>
# image-stream chooses a simplestreams stream from which to select
# OS images, for example daily or released images (or any other stream
# available on simplestreams).
#
# image-stream: "released"
# agent-stream chooses a simplestreams stream from which to select tools,
# for example released or proposed tools (or any other stream available
# on simplestreams).
#
# agent-stream: "released"
# Whether or not to refresh the list of available updates for an
# OS. The default option of true is recommended for use in
# production systems, but disabling this can speed up local
# deployments for development or testing.
#
# enable-os-refresh-update: true
# Whether or not to perform OS upgrades when machines are
# provisioned. The default option of true is recommended for use
# in production systems, but disabling this can speed up local
# deployments for development or testing.
#
# enable-os-upgrade: true
`
var configFields = schema.Fields{
"access-key": schema.String(),
"secret-key": schema.String(),
"region": schema.String(),
"control-bucket": schema.String(),
}
var configDefaults = schema.Defaults{
"access-key": "",
"secret-key": "",
"region": "us-east-1",
}
type environConfig struct {
*config.Config
attrs map[string]interface{}
}
func (c *environConfig) region() string {
return c.attrs["region"].(string)
}
func (c *environConfig) controlBucket() string {
return c.attrs["control-bucket"].(string)
}
func (c *environConfig) accessKey() string {
return c.attrs["access-key"].(string)
}
func (c *environConfig) secretKey() string {
return c.attrs["secret-key"].(string)
}
func (p environProvider) newConfig(cfg *config.Config) (*environConfig, error) {
valid, err := p.Validate(cfg, nil)
if err != nil {
return nil, err
}
return &environConfig{valid, valid.UnknownAttrs()}, nil
}
func validateConfig(cfg, old *config.Config) (*environConfig, error) {
// Check for valid changes for the base config values.
if err := config.Validate(cfg, old); err != nil {
return nil, err
}
validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults)
if err != nil {
return nil, err
}
ecfg := &environConfig{cfg, validated}
if ecfg.accessKey() == "" || ecfg.secretKey() == "" {
auth, err := aws.EnvAuth()
if err != nil || ecfg.accessKey() != "" || ecfg.secretKey() != "" {
return nil, fmt.Errorf("environment has no access-key or secret-key")
}
ecfg.attrs["access-key"] = auth.AccessKey
ecfg.attrs["secret-key"] = auth.SecretKey
}
if _, ok := aws.Regions[ecfg.region()]; !ok {
return nil, fmt.Errorf("invalid region name %q", ecfg.region())
}
if old != nil {
attrs := old.UnknownAttrs()
if region, _ := attrs["region"].(string); ecfg.region() != region {
return nil, fmt.Errorf("cannot change region from %q to %q", region, ecfg.region())
}
if bucket, _ := attrs["control-bucket"].(string); ecfg.controlBucket() != bucket {
return nil, fmt.Errorf("cannot change control-bucket from %q to %q", bucket, ecfg.controlBucket())
}
}
// ssl-hostname-verification cannot be disabled
if !ecfg.SSLHostnameVerification() {
return nil, fmt.Errorf("disabling ssh-hostname-verification is not supported")
}
return ecfg, nil
}