func base64yaml(m *config.Config) string {
data, err := goyaml.Marshal(m.AllAttrs())
if err != nil {
// can't happen, these values have been validated a number of times
panic(err)
}
return base64.StdEncoding.EncodeToString(data)
}
// Prepare is specified in the EnvironProvider interface.
func (prov azureEnvironProvider) Prepare(ctx environs.BootstrapContext, cfg *config.Config) (environs.Environ, error) {
// Set availability-sets-enabled to true
// by default, unless the user set a value.
if _, ok := cfg.AllAttrs()["availability-sets-enabled"]; !ok {
var err error
cfg, err = cfg.Apply(map[string]interface{}{"availability-sets-enabled": true})
if err != nil {
return nil, err
}
}
return prov.Open(cfg)
}
// BootstrapConfig returns a copy of the supplied configuration with the
// admin-secret and ca-private-key attributes removed. If the resulting
// config is not suitable for bootstrapping an environment, an error is
// returned.
func BootstrapConfig(cfg *config.Config) (*config.Config, error) {
m := cfg.AllAttrs()
// We never want to push admin-secret or the root CA private key to the cloud.
delete(m, "admin-secret")
delete(m, "ca-private-key")
cfg, err := config.New(config.NoDefaults, m)
if err != nil {
return nil, err
}
if _, ok := cfg.AgentVersion(); !ok {
return nil, fmt.Errorf("environment configuration has no agent-version")
}
return cfg, nil
}
// Initialize sets up an initial empty state and returns it.
// This needs to be performed only once for a given environment.
// It returns unauthorizedError if access is unauthorized.
func Initialize(info *Info, cfg *config.Config, opts DialOpts, policy Policy) (rst *State, err error) {
st, err := Open(info, opts, policy)
if err != nil {
return nil, err
}
defer func() {
if err != nil {
st.Close()
}
}()
// A valid environment is used as a signal that the
// state has already been initalized. If this is the case
// do nothing.
if _, err := st.Environment(); err == nil {
return st, nil
} else if !errors.IsNotFound(err) {
return nil, err
}
logger.Infof("initializing environment")
if err := checkEnvironConfig(cfg); err != nil {
return nil, err
}
uuid, err := utils.NewUUID()
if err != nil {
return nil, fmt.Errorf("environment UUID cannot be created: %v", err)
}
ops := []txn.Op{
createConstraintsOp(st, environGlobalKey, constraints.Value{}),
createSettingsOp(st, environGlobalKey, cfg.AllAttrs()),
createEnvironmentOp(st, cfg.Name(), uuid.String()),
{
C: st.stateServers.Name,
Id: environGlobalKey,
Insert: &stateServersDoc{},
}, {
C: st.stateServers.Name,
Id: apiHostPortsKey,
Insert: &apiHostPortsDoc{},
},
}
if err := st.runTransaction(ops); err == txn.ErrAborted {
// The config was created in the meantime.
return st, nil
} else if err != nil {
return nil, err
}
return st, nil
}
// check that any --env-config $base64 is valid and matches t.cfg.Config
func checkEnvConfig(c *gc.C, cfg *config.Config, x map[interface{}]interface{}, scripts []string) {
re := regexp.MustCompile(`--env-config '([^']+)'`)
found := false
for _, s := range scripts {
m := re.FindStringSubmatch(s)
if m == nil {
continue
}
found = true
buf, err := base64.StdEncoding.DecodeString(m[1])
c.Assert(err, gc.IsNil)
var actual map[string]interface{}
err = goyaml.Unmarshal(buf, &actual)
c.Assert(err, gc.IsNil)
c.Assert(cfg.AllAttrs(), jc.DeepEquals, actual)
}
c.Assert(found, gc.Equals, true)
}
// Validate ensures that config is a valid configuration for this
// provider like specified in the EnvironProvider interface.
func (prov azureEnvironProvider) Validate(cfg, oldCfg *config.Config) (*config.Config, error) {
// Validate base configuration change before validating Azure specifics.
err := config.Validate(cfg, oldCfg)
if err != nil {
return nil, err
}
// User cannot change availability-sets-enabled after environment is prepared.
if oldCfg != nil {
if oldCfg.AllAttrs()["availability-sets-enabled"] != cfg.AllAttrs()["availability-sets-enabled"] {
return nil, fmt.Errorf("cannot change availability-sets-enabled")
}
}
validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults)
if err != nil {
return nil, err
}
envCfg := new(azureEnvironConfig)
envCfg.Config = cfg
envCfg.attrs = validated
cert := envCfg.managementCertificate()
if cert == "" {
certPath := envCfg.attrs["management-certificate-path"].(string)
pemData, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, fmt.Errorf("invalid management-certificate-path: %s", err)
}
envCfg.attrs["management-certificate"] = string(pemData)
}
delete(envCfg.attrs, "management-certificate-path")
if envCfg.location() == "" {
return nil, fmt.Errorf("environment has no location; you need to set one. E.g. 'West US'")
}
return cfg.Apply(envCfg.attrs)
}
func (p environProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
// Check for valid changes for the base config values.
if err := config.Validate(cfg, old); err != nil {
return nil, err
}
validated, err := cfg.ValidateUnknownAttrs(configFields, configDefaults)
if err != nil {
return nil, err
}
ecfg := &environConfig{cfg, validated}
authMode := AuthMode(ecfg.authMode())
switch authMode {
case AuthKeyPair:
case AuthLegacy:
case AuthUserPass:
default:
return nil, fmt.Errorf("invalid authorization mode: %q", authMode)
}
if ecfg.authURL() != "" {
parts, err := url.Parse(ecfg.authURL())
if err != nil || parts.Host == "" || parts.Scheme == "" {
return nil, fmt.Errorf("invalid auth-url value %q", ecfg.authURL())
}
}
cred := identity.CredentialsFromEnv()
format := "required environment variable not set for credentials attribute: %s"
if authMode == AuthUserPass || authMode == AuthLegacy {
if ecfg.username() == "" {
if cred.User == "" {
return nil, fmt.Errorf(format, "User")
}
ecfg.attrs["username"] = cred.User
}
if ecfg.password() == "" {
if cred.Secrets == "" {
return nil, fmt.Errorf(format, "Secrets")
}
ecfg.attrs["password"] = cred.Secrets
}
} else if authMode == AuthKeyPair {
if ecfg.accessKey() == "" {
if cred.User == "" {
return nil, fmt.Errorf(format, "User")
}
ecfg.attrs["access-key"] = cred.User
}
if ecfg.secretKey() == "" {
if cred.Secrets == "" {
return nil, fmt.Errorf(format, "Secrets")
}
ecfg.attrs["secret-key"] = cred.Secrets
}
}
if ecfg.authURL() == "" {
if cred.URL == "" {
return nil, fmt.Errorf(format, "URL")
}
ecfg.attrs["auth-url"] = cred.URL
}
if ecfg.tenantName() == "" {
if cred.TenantName == "" {
return nil, fmt.Errorf(format, "TenantName")
}
ecfg.attrs["tenant-name"] = cred.TenantName
}
if ecfg.region() == "" {
if cred.Region == "" {
return nil, fmt.Errorf(format, "Region")
}
ecfg.attrs["region"] = cred.Region
}
if old != nil {
attrs := old.UnknownAttrs()
if region, _ := attrs["region"].(string); ecfg.region() != region {
return nil, fmt.Errorf("cannot change region from %q to %q", region, ecfg.region())
}
if controlBucket, _ := attrs["control-bucket"].(string); ecfg.controlBucket() != controlBucket {
return nil, fmt.Errorf("cannot change control-bucket from %q to %q", controlBucket, ecfg.controlBucket())
}
}
// Check for deprecated fields and log a warning. We also print to stderr to ensure the user sees the message
// even if they are not running with --debug.
cfgAttrs := cfg.AllAttrs()
if defaultImageId := cfgAttrs["default-image-id"]; defaultImageId != nil && defaultImageId.(string) != "" {
msg := fmt.Sprintf(
"Config attribute %q (%v) is deprecated and ignored.\n"+
"Your cloud provider should have set up image metadata to provide the correct image id\n"+
"for your chosen series and archietcure. If this is a private Openstack deployment without\n"+
"existing image metadata, please run 'juju-metadata help' to see how suitable image"+
"metadata can be generated.",
"default-image-id", defaultImageId)
logger.Warningf(msg)
}
if defaultInstanceType := cfgAttrs["default-instance-type"]; defaultInstanceType != nil && defaultInstanceType.(string) != "" {
msg := fmt.Sprintf(
"Config attribute %q (%v) is deprecated and ignored.\n"+
"The correct instance flavor is determined using constraints, globally specified\n"+
"when an environment is bootstrapped, or individually when a charm is deployed.\n"+
"See 'juju help bootstrap' or 'juju help deploy'.",
"default-instance-type", defaultInstanceType)
logger.Warningf(msg)
}
// Construct a new config with the deprecated attributes removed.
for _, attr := range []string{"default-image-id", "default-instance-type"} {
delete(cfgAttrs, attr)
delete(ecfg.attrs, attr)
}
for k, v := range ecfg.attrs {
cfgAttrs[k] = v
}
return config.New(config.NoDefaults, cfgAttrs)
}
