func (p *environProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
v, err := checker.Coerce(cfg.UnknownAttrs(), nil)
if err != nil {
return nil, err
}
attrs := v.(map[string]interface{})
switch cfg.FirewallMode() {
case config.FwDefault:
attrs["firewall-mode"] = config.FwInstance
case config.FwInstance, config.FwGlobal:
default:
return nil, fmt.Errorf("unsupported firewall mode: %q", cfg.FirewallMode())
}
return cfg.Apply(attrs)
}
func (p environProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
v, err := configChecker.Coerce(cfg.UnknownAttrs(), nil)
if err != nil {
return nil, err
}
ecfg := &environConfig{cfg, v.(map[string]interface{})}
if ecfg.accessKey() == "" || ecfg.secretKey() == "" {
auth, err := aws.EnvAuth()
if err != nil || ecfg.accessKey() != "" || ecfg.secretKey() != "" {
return nil, fmt.Errorf("environment has no access-key or secret-key")
}
ecfg.attrs["access-key"] = auth.AccessKey
ecfg.attrs["secret-key"] = auth.SecretKey
}
if _, ok := aws.Regions[ecfg.region()]; !ok {
return nil, fmt.Errorf("invalid region name %q", ecfg.region())
}
if _, ok := aws.Regions[ecfg.publicBucketRegion()]; !ok {
return nil, fmt.Errorf("invalid public-bucket-region name %q", ecfg.publicBucketRegion())
}
if old != nil {
attrs := old.UnknownAttrs()
if region, _ := attrs["region"].(string); ecfg.region() != region {
return nil, fmt.Errorf("cannot change region from %q to %q", region, ecfg.region())
}
if bucket, _ := attrs["control-bucket"].(string); ecfg.controlBucket() != bucket {
return nil, fmt.Errorf("cannot change control-bucket from %q to %q", bucket, ecfg.controlBucket())
}
}
switch cfg.FirewallMode() {
case config.FwDefault:
ecfg.attrs["firewall-mode"] = config.FwInstance
case config.FwInstance, config.FwGlobal:
default:
return nil, fmt.Errorf("unsupported firewall mode: %q", cfg.FirewallMode())
}
// ssl-hostname-verification cannot be disabled
if !ecfg.SSLHostnameVerification() {
return nil, fmt.Errorf("disabling ssh-hostname-verification is not supported")
}
return cfg.Apply(ecfg.attrs)
}
func (p environProvider) Validate(cfg, old *config.Config) (valid *config.Config, err error) {
v, err := configChecker.Coerce(cfg.UnknownAttrs(), nil)
if err != nil {
return nil, err
}
ecfg := &environConfig{cfg, v.(map[string]interface{})}
authMethod := ecfg.authMethod()
switch AuthMethod(authMethod) {
case AuthLegacy:
case AuthUserPass:
default:
return nil, fmt.Errorf("invalid authorization method: %q", authMethod)
}
if ecfg.authURL() != "" {
parts, err := url.Parse(ecfg.authURL())
if err != nil || parts.Host == "" || parts.Scheme == "" {
return nil, fmt.Errorf("invalid auth-url value %q", ecfg.authURL())
}
}
cred := identity.CredentialsFromEnv()
format := "required environment variable not set for credentials attribute: %s"
if ecfg.username() == "" {
if cred.User == "" {
return nil, fmt.Errorf(format, "User")
}
ecfg.attrs["username"] = cred.User
}
if ecfg.password() == "" {
if cred.Secrets == "" {
return nil, fmt.Errorf(format, "Secrets")
}
ecfg.attrs["password"] = cred.Secrets
}
if ecfg.authURL() == "" {
if cred.URL == "" {
return nil, fmt.Errorf(format, "URL")
}
ecfg.attrs["auth-url"] = cred.URL
}
if ecfg.tenantName() == "" {
if cred.TenantName == "" {
return nil, fmt.Errorf(format, "TenantName")
}
ecfg.attrs["tenant-name"] = cred.TenantName
}
if ecfg.region() == "" {
if cred.Region == "" {
return nil, fmt.Errorf(format, "Region")
}
ecfg.attrs["region"] = cred.Region
}
if old != nil {
attrs := old.UnknownAttrs()
if region, _ := attrs["region"].(string); ecfg.region() != region {
return nil, fmt.Errorf("cannot change region from %q to %q", region, ecfg.region())
}
if controlBucket, _ := attrs["control-bucket"].(string); ecfg.controlBucket() != controlBucket {
return nil, fmt.Errorf("cannot change control-bucket from %q to %q", controlBucket, ecfg.controlBucket())
}
}
switch cfg.FirewallMode() {
case config.FwDefault:
ecfg.attrs["firewall-mode"] = config.FwInstance
case config.FwInstance, config.FwGlobal:
default:
return nil, fmt.Errorf("unsupported firewall mode: %q", cfg.FirewallMode())
}
return cfg.Apply(ecfg.attrs)
}