//go:generate struct-markdown package triton import ( "errors" "fmt" "io/ioutil" "os" "github.com/hashicorp/errwrap" "github.com/hashicorp/packer/packer-plugin-sdk/communicator" "github.com/hashicorp/packer/packer-plugin-sdk/template/interpolate" tgo "github.com/joyent/triton-go" "github.com/joyent/triton-go/authentication" "github.com/joyent/triton-go/compute" "github.com/joyent/triton-go/network" ) // AccessConfig is for common configuration related to Triton access type AccessConfig struct { // The URL of the Triton cloud API to use. If omitted // it will default to the us-sw-1 region of the Joyent Public cloud. If you // are using your own private Triton installation you will have to supply the // URL of the cloud API of your own Triton installation. Endpoint string `mapstructure:"triton_url" required:"false"` // The username of the Triton account to use when // using the Triton Cloud API. Account string `mapstructure:"triton_account" required:"true"` // The username of a user who has access to your // Triton account. Username string `mapstructure:"triton_user" required:"false"` // The fingerprint of the public key of the SSH key // pair to use for authentication with the Triton Cloud API. If // triton_key_material is not set, it is assumed that the SSH agent has the // private key corresponding to this key ID loaded. KeyID string `mapstructure:"triton_key_id" required:"true"` // Path to the file in which the private key // of triton_key_id is stored. For example /home/soandso/.ssh/id_rsa. If // this is not specified, the SSH agent is used to sign requests with the // triton_key_id specified. KeyMaterial string `mapstructure:"triton_key_material" required:"false"` //secure_skip_tls_verify - (bool) This allows skipping TLS verification // of the Triton endpoint. It is useful when connecting to a temporary Triton // installation such as Cloud-On-A-Laptop which does not generally use a // certificate signed by a trusted root CA. The default is false. InsecureSkipTLSVerify bool `mapstructure:"insecure_skip_tls_verify" required:"false"` signer authentication.Signer } // Prepare performs basic validation on the AccessConfig and ensures we can sign // a request. func (c *AccessConfig) Prepare(ctx *interpolate.Context) []error { var errs []error if c.Endpoint == "" { // Use Joyent public cloud as the default endpoint if none is specified c.Endpoint = "https://us-sw-1.api.joyent.com" } if c.Account == "" { errs = append(errs, errors.New("triton_account is required to use the triton builder")) } if c.KeyID == "" { errs = append(errs, errors.New("triton_key_id is required to use the triton builder")) } if c.KeyMaterial == "" { signer, err := c.createSSHAgentSigner() if err != nil { errs = append(errs, err) } c.signer = signer } else { signer, err := c.createPrivateKeySigner() if err != nil { errs = append(errs, err) } c.signer = signer } if len(errs) > 0 { return errs } return nil } func (c *AccessConfig) createSSHAgentSigner() (authentication.Signer, error) { input := authentication.SSHAgentSignerInput{ KeyID: c.KeyID, AccountName: c.Account, Username: c.Username, } signer, err := authentication.NewSSHAgentSigner(input) if err != nil { return nil, fmt.Errorf("Error creating Triton request signer: %s", err) } // Ensure we can sign a request _, err = signer.Sign("Wed, 26 Apr 2017 16:01:11 UTC", false) if err != nil { return nil, fmt.Errorf("Error signing test request: %s", err) } return signer, nil } func (c *AccessConfig) createPrivateKeySigner() (authentication.Signer, error) { var privateKeyMaterial []byte var err error // Check for keyMaterial being a file path if _, err = os.Stat(c.KeyMaterial); err != nil { privateKeyMaterial = []byte(c.KeyMaterial) } else { privateKeyMaterial, err = ioutil.ReadFile(c.KeyMaterial) if err != nil { return nil, fmt.Errorf("Error reading key material from path '%s': %s", c.KeyMaterial, err) } } input := authentication.PrivateKeySignerInput{ KeyID: c.KeyID, AccountName: c.Account, Username: c.Username, PrivateKeyMaterial: privateKeyMaterial, } signer, err := authentication.NewPrivateKeySigner(input) if err != nil { return nil, fmt.Errorf("Error creating Triton request signer: %s", err) } // Ensure we can sign a request _, err = signer.Sign("Wed, 26 Apr 2017 16:01:11 UTC", false) if err != nil { return nil, fmt.Errorf("Error signing test request: %s", err) } return signer, nil } func (c *AccessConfig) CreateTritonClient() (*Client, error) { config := &tgo.ClientConfig{ AccountName: c.Account, TritonURL: c.Endpoint, Username: c.Username, Signers: []authentication.Signer{c.signer}, } return &Client{ config: config, insecureSkipTLSVerify: c.InsecureSkipTLSVerify, }, nil } type Client struct { config *tgo.ClientConfig insecureSkipTLSVerify bool } func (c *Client) Compute() (*compute.ComputeClient, error) { computeClient, err := compute.NewClient(c.config) if err != nil { return nil, errwrap.Wrapf("Error Creating Triton Compute Client: {{err}}", err) } if c.insecureSkipTLSVerify { computeClient.Client.InsecureSkipTLSVerify() } return computeClient, nil } func (c *Client) Network() (*network.NetworkClient, error) { networkClient, err := network.NewClient(c.config) if err != nil { return nil, errwrap.Wrapf("Error Creating Triton Network Client: {{err}}", err) } if c.insecureSkipTLSVerify { networkClient.Client.InsecureSkipTLSVerify() } return networkClient, nil } func (c *AccessConfig) Comm() communicator.Config { return communicator.Config{} }