func validateConfig(newCfg, oldCfg *config.Config) (*azureModelConfig, error) { err := config.Validate(newCfg, oldCfg) if err != nil { return nil, err } validated, err := newCfg.ValidateUnknownAttrs(configFields, configDefaults) if err != nil { return nil, err } // Ensure required configuration is provided. for _, key := range requiredConfigAttributes { if value, ok := validated[key].(string); !ok || value == "" { return nil, errors.Errorf("%q config not specified", key) } } if oldCfg != nil { // Ensure immutable configuration isn't changed. oldUnknownAttrs := oldCfg.UnknownAttrs() for _, key := range immutableConfigAttributes { oldValue, hadValue := oldUnknownAttrs[key].(string) if hadValue { newValue, haveValue := validated[key].(string) if !haveValue { return nil, errors.Errorf( "cannot remove immutable %q config", key, ) } if newValue != oldValue { return nil, errors.Errorf( "cannot change immutable %q config (%v -> %v)", key, oldValue, newValue, ) } } // It's valid to go from not having to having. } // TODO(axw) figure out how we intend to handle changing // secrets, such as application key } // Resource group names must not exceed 80 characters. Resource group // names are based on the model UUID and model name, the latter of // which the model creator controls. modelTag := names.NewModelTag(newCfg.UUID()) resourceGroup := resourceGroupName(modelTag, newCfg.Name()) if n := len(resourceGroup); n > resourceNameLengthMax { smallestResourceGroup := resourceGroupName(modelTag, "") return nil, errors.Errorf(`resource group name %q is too long Please choose a model name of no more than %d characters.`, resourceGroup, resourceNameLengthMax-len(smallestResourceGroup), ) } location := canonicalLocation(validated[configAttrLocation].(string)) endpoint := validated[configAttrEndpoint].(string) storageEndpoint := validated[configAttrStorageEndpoint].(string) appId := validated[configAttrAppId].(string) subscriptionId := validated[configAttrSubscriptionId].(string) tenantId := validated[configAttrTenantId].(string) appPassword := validated[configAttrAppPassword].(string) storageAccount, _ := validated[configAttrStorageAccount].(string) storageAccountKey, _ := validated[configAttrStorageAccountKey].(string) storageAccountType := validated[configAttrStorageAccountType].(string) controllerResourceGroup := validated[configAttrControllerResourceGroup].(string) if newCfg.FirewallMode() == config.FwGlobal { // We do not currently support the "global" firewall mode. return nil, errNoFwGlobal } if !isKnownStorageAccountType(storageAccountType) { return nil, errors.Errorf( "invalid storage account type %q, expected one of: %q", storageAccountType, knownStorageAccountTypes, ) } // The Azure storage code wants the endpoint host only, not the URL. storageEndpointURL, err := url.Parse(storageEndpoint) if err != nil { return nil, errors.Annotate(err, "parsing storage endpoint URL") } token, err := azure.NewServicePrincipalToken( appId, appPassword, tenantId, azure.AzureResourceManagerScope, ) if err != nil { return nil, errors.Annotate(err, "constructing service principal token") } azureConfig := &azureModelConfig{ newCfg, token, subscriptionId, location, endpoint, storageEndpointURL.Host, storageAccount, storageAccountKey, storage.AccountType(storageAccountType), controllerResourceGroup, } return azureConfig, nil }
func validateConfig(newCfg, oldCfg *config.Config) (*azureModelConfig, error) { err := config.Validate(newCfg, oldCfg) if err != nil { return nil, err } validated, err := newCfg.ValidateUnknownAttrs(configFields, configDefaults) if err != nil { return nil, err } // Ensure required configuration is provided. for _, key := range requiredConfigAttributes { if value, ok := validated[key].(string); !ok || value == "" { return nil, errors.Errorf("%q config not specified", key) } } if oldCfg != nil { // Ensure immutable configuration isn't changed. oldUnknownAttrs := oldCfg.UnknownAttrs() for _, key := range immutableConfigAttributes { oldValue, hadValue := oldUnknownAttrs[key].(string) if hadValue { newValue, haveValue := validated[key].(string) if !haveValue { return nil, errors.Errorf( "cannot remove immutable %q config", key, ) } if newValue != oldValue { return nil, errors.Errorf( "cannot change immutable %q config (%v -> %v)", key, oldValue, newValue, ) } } // It's valid to go from not having to having. } // TODO(axw) figure out how we intend to handle changing // secrets, such as application key } location := canonicalLocation(validated[configAttrLocation].(string)) appId := validated[configAttrAppId].(string) subscriptionId := validated[configAttrSubscriptionId].(string) tenantId := validated[configAttrTenantId].(string) appPassword := validated[configAttrAppPassword].(string) storageAccount, _ := validated[configAttrStorageAccount].(string) storageAccountKey, _ := validated[configAttrStorageAccountKey].(string) storageAccountType := validated[configAttrStorageAccountType].(string) controllerResourceGroup := validated[configAttrControllerResourceGroup].(string) if newCfg.FirewallMode() == config.FwGlobal { // We do not currently support the "global" firewall mode. return nil, errNoFwGlobal } if !isKnownStorageAccountType(storageAccountType) { return nil, errors.Errorf( "invalid storage account type %q, expected one of: %q", storageAccountType, knownStorageAccountTypes, ) } token, err := azure.NewServicePrincipalToken( appId, appPassword, tenantId, azure.AzureResourceManagerScope, ) if err != nil { return nil, errors.Annotate(err, "constructing service principal token") } azureConfig := &azureModelConfig{ newCfg, token, subscriptionId, location, storageAccount, storageAccountKey, storage.AccountType(storageAccountType), controllerResourceGroup, } return azureConfig, nil }
func validateConfig(newCfg, oldCfg *config.Config) (*azureModelConfig, error) { err := config.Validate(newCfg, oldCfg) if err != nil { return nil, err } validated, err := newCfg.ValidateUnknownAttrs(configFields, configDefaults) if err != nil { return nil, err } if oldCfg != nil { // Ensure immutable configuration isn't changed. oldUnknownAttrs := oldCfg.UnknownAttrs() for _, key := range immutableConfigAttributes { oldValue, hadValue := oldUnknownAttrs[key].(string) if hadValue { newValue, haveValue := validated[key].(string) if !haveValue { return nil, errors.Errorf( "cannot remove immutable %q config", key, ) } if newValue != oldValue { return nil, errors.Errorf( "cannot change immutable %q config (%v -> %v)", key, oldValue, newValue, ) } } // It's valid to go from not having to having. } } // Resource group names must not exceed 80 characters. Resource group // names are based on the model UUID and model name, the latter of // which the model creator controls. modelTag := names.NewModelTag(newCfg.UUID()) resourceGroup := resourceGroupName(modelTag, newCfg.Name()) if n := len(resourceGroup); n > resourceNameLengthMax { smallestResourceGroup := resourceGroupName(modelTag, "") return nil, errors.Errorf(`resource group name %q is too long Please choose a model name of no more than %d characters.`, resourceGroup, resourceNameLengthMax-len(smallestResourceGroup), ) } if newCfg.FirewallMode() == config.FwGlobal { // We do not currently support the "global" firewall mode. return nil, errNoFwGlobal } storageAccountType := validated[configAttrStorageAccountType].(string) if !isKnownStorageAccountType(storageAccountType) { return nil, errors.Errorf( "invalid storage account type %q, expected one of: %q", storageAccountType, knownStorageAccountTypes, ) } azureConfig := &azureModelConfig{ newCfg, storageAccountType, } return azureConfig, nil }