func (s *S) TestGetAuthEnv(c *C) {
os.Clearenv()
os.Setenv("AWS_SECRET_ACCESS_KEY", "secret")
os.Setenv("AWS_ACCESS_KEY_ID", "access")
auth, err := aws.GetAuth("", "")
c.Assert(err, IsNil)
c.Assert(auth, Equals, aws.Auth{SecretKey: "secret", AccessKey: "access"})
}
func (m *AwsVpcBackend) Init(extIface *net.Interface, extIaddr net.IP, extEaddr net.IP) (*backend.SubnetDef, error) {
// Parse our configuration
if len(m.config.Backend) > 0 {
if err := json.Unmarshal(m.config.Backend, &m.cfg); err != nil {
return nil, fmt.Errorf("error decoding VPC backend config: %v", err)
}
}
// Acquire the lease form subnet manager
attrs := subnet.LeaseAttrs{
PublicIP: ip.FromIP(extEaddr),
}
l, err := m.sm.AcquireLease(m.ctx, m.network, &attrs)
switch err {
case nil:
m.lease = l
case context.Canceled, context.DeadlineExceeded:
return nil, err
default:
return nil, fmt.Errorf("failed to acquire lease: %v", err)
}
// Figure out this machine's EC2 instance ID and region
identity, err := getInstanceIdentity()
if err != nil {
return nil, fmt.Errorf("error getting EC2 instance identity: %v", err)
}
instanceID, ok := identity["instanceId"].(string)
if !ok {
return nil, fmt.Errorf("invalid EC2 instance ID: %v", identity["instanceId"])
}
regionVal, _ := identity["region"].(string)
region, ok := aws.Regions[regionVal]
if !ok {
return nil, fmt.Errorf("invalid AWS region: %v", identity["region"])
}
// Setup the EC2 client
auth, err := aws.GetAuth("", "")
if err != nil {
return nil, fmt.Errorf("error getting AWS credentials from environment: %v", err)
}
ec2c := ec2.New(auth, region)
if _, err = m.disableSrcDestCheck(instanceID, ec2c); err != nil {
log.Infof("Warning- disabling source destination check failed: %v", err)
}
if m.cfg.RouteTableID == "" {
log.Infof("RouteTableID not passed as config parameter, detecting ...")
if err := m.detectRouteTableID(instanceID, ec2c); err != nil {
return nil, err
}
}
log.Info("RouteRouteTableID: ", m.cfg.RouteTableID)
matchingRouteFound, err := m.checkMatchingRoutes(instanceID, l.Subnet.String(), ec2c)
if err != nil {
log.Errorf("Error describing route tables: %v", err)
if ec2Err, ok := err.(*ec2.Error); ok {
if ec2Err.Code == "UnauthorizedOperation" {
log.Errorf("Note: DescribeRouteTables permission cannot be bound to any resource")
}
}
}
if !matchingRouteFound {
if _, err := ec2c.DeleteRoute(m.cfg.RouteTableID, l.Subnet.String()); err != nil {
if ec2err, ok := err.(*ec2.Error); !ok || ec2err.Code != "InvalidRoute.NotFound" {
// an error other than the route not already existing occurred
return nil, fmt.Errorf("error deleting existing route for %s: %v", l.Subnet.String(), err)
}
}
// Add the route for this machine's subnet
if _, err := m.createRoute(instanceID, l.Subnet.String(), ec2c); err != nil {
return nil, fmt.Errorf("unable to add route %s: %v", l.Subnet.String(), err)
}
}
return &backend.SubnetDef{
Net: l.Subnet,
MTU: extIface.MTU,
}, nil
}
func (s *S) TestGetAuthStatic(c *C) {
auth, err := aws.GetAuth("access", "secret")
c.Assert(err, IsNil)
c.Assert(auth, Equals, aws.Auth{SecretKey: "secret", AccessKey: "access"})
}
func (m *AwsVpcBackend) Init(extIface *net.Interface, extIP net.IP) (*backend.SubnetDef, error) {
// Parse our configuration
if len(m.config.Backend) > 0 {
if err := json.Unmarshal(m.config.Backend, &m.cfg); err != nil {
return nil, fmt.Errorf("error decoding VPC backend config: %v", err)
}
}
// Acquire the lease form subnet manager
attrs := subnet.LeaseAttrs{
PublicIP: ip.FromIP(extIP),
}
l, err := m.sm.AcquireLease(m.ctx, m.network, &attrs)
switch err {
case nil:
m.lease = l
case context.Canceled, context.DeadlineExceeded:
return nil, err
default:
return nil, fmt.Errorf("failed to acquire lease: %v", err)
}
// Figure out this machine's EC2 instance ID and region
identity, err := getInstanceIdentity()
if err != nil {
return nil, fmt.Errorf("error getting EC2 instance identity: %v", err)
}
instanceID, ok := identity["instanceId"].(string)
if !ok {
return nil, fmt.Errorf("invalid EC2 instance ID: %v", identity["instanceId"])
}
regionVal, _ := identity["region"].(string)
region, ok := aws.Regions[regionVal]
if !ok {
return nil, fmt.Errorf("invalid AWS region: %v", identity["region"])
}
// Setup the EC2 client
auth, err := aws.GetAuth("", "")
if err != nil {
return nil, fmt.Errorf("error getting AWS credentials from environment: %v", err)
}
ec2c := ec2.New(auth, region)
if m.cfg.RouteTableID == "" {
log.Infof("RouteTableID not passed as config parameter, attempting to detect")
routeTableID, err := m.DetectRouteTableID(instanceID, ec2c)
if err != nil {
return nil, err
}
log.Info("Detected routeRouteTableID: ", routeTableID)
m.cfg.RouteTableID = routeTableID
}
filter := ec2.NewFilter()
filter.Add("route.destination-cidr-block", l.Subnet.String())
filter.Add("route.state", "active")
resp, err := ec2c.DescribeRouteTables([]string{m.cfg.RouteTableID}, filter)
if err != nil {
log.Errorf("Error describing route tables: %v", err)
if ec2Err, ok := err.(*ec2.Error); ok {
if ec2Err.Code == "UnauthorizedOperation" {
log.Errorf("Note: describeRouteTables permission cannot be bound to any resource")
}
}
} else {
for _, routeTable := range resp.RouteTables {
for _, route := range routeTable.Routes {
if l.Subnet.String() == route.DestinationCidrBlock && route.State == "active" {
log.Errorf("Matching *active* entry to: %s that will be deleted: %s, %s \n", l.Subnet.String(), route.DestinationCidrBlock, route.GatewayId)
}
}
}
}
// Delete route for this machine's subnet if it already exists
if _, err := ec2c.DeleteRoute(m.cfg.RouteTableID, l.Subnet.String()); err != nil {
if ec2err, ok := err.(*ec2.Error); !ok || ec2err.Code != "InvalidRoute.NotFound" {
// an error other than the route not already existing occurred
return nil, fmt.Errorf("error deleting existing route for %s: %v", l.Subnet.String(), err)
}
}
// Add the route for this machine's subnet
route := &ec2.CreateRoute{
RouteTableId: m.cfg.RouteTableID,
InstanceId: instanceID,
DestinationCidrBlock: l.Subnet.String(),
}
if _, err := ec2c.CreateRoute(route); err != nil {
return nil, fmt.Errorf("unable to add route %+v: %v", route, err)
}
return &backend.SubnetDef{
Net: l.Subnet,
MTU: extIface.MTU,
}, nil
}