Merge pull request #2641 from ClusterHQ/cloudformation-s3-access-FLOC…

…-4086-2 [FLOC-4086] Warn users about needing access to S3 buckets during CloudFormation
ClusterHQ · Feb 14, 2016 · cda9511 · cda9511
2 parents eb246f4 + fcdf56b
commit cda9511
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 9 deletions.
diff --git a/admin/installer/cloudformation.py b/admin/installer/cloudformation.py
@@ -141,7 +141,7 @@ def _validate_cluster_size(size):
 # Keys corresponding to CloudFormation user Inputs.
 access_key_id_param = template.add_parameter(Parameter(
     "AmazonAccessKeyID",
-    Description="Your Amazon AWS access key ID (mandatory)",
+    Description="Required: Your Amazon AWS access key ID",
     Type="String",
     NoEcho=True,
     AllowedPattern="[\w]+",
@@ -150,25 +150,32 @@ def _validate_cluster_size(size):
 ))
 secret_access_key_param = template.add_parameter(Parameter(
     "AmazonSecretAccessKey",
-    Description="Your Amazon AWS secret access key (mandatory)",
+    Description="Required: Your Amazon AWS secret access key",
     Type="String",
     NoEcho=True,
     MinLength="1",
 ))
 keyname_param = template.add_parameter(Parameter(
     "EC2KeyPair",
-    Description="Name of an existing EC2 KeyPair to enable SSH "
-                "access to the instance (mandatory)",
+    Description="Required: Name of an existing EC2 KeyPair to enable SSH "
+                "access to the instance",
+    Type="AWS::EC2::KeyPair::KeyName",
+))
+template.add_parameter(Parameter(
+    "S3AccessPolicy",
+    Description="Required: Is current IAM user allowed to access S3? "
+                "S3 access is required to distribute Flocker and Docker "
+                "configuration amongst stack nodes. Reference: "
+                "http://docs.aws.amazon.com/IAM/latest/UserGuide/"
+                "access_permissions.html Stack creation will fail if user "
+                "cannot access S3",
     Type="String",
-    MinLength="1",
-    AllowedPattern="[\x20-\x7E]*",
-    MaxLength="255",
-    ConstraintDescription="can contain only ASCII characters.",
+    AllowedValues=["Yes"],
 ))
 volumehub_token = template.add_parameter(Parameter(
     "VolumeHubToken",
     Description=(
-        "Your Volume Hub token (optional). "
+        "Optional: Your Volume Hub token. "
         "You'll find the token at https://volumehub.clusterhq.com/v1/token."
     ),
     Type="String",

diff --git a/flocker/acceptance/endtoend/test_installer.py b/flocker/acceptance/endtoend/test_installer.py
@@ -268,6 +268,10 @@ def _new_stack(self):
             {
                 'ParameterKey': 'VolumeHubToken',
                 'ParameterValue': os.environ['VOLUMEHUB_TOKEN']
+            },
+            {
+                'ParameterKey': 'S3AccessPolicy',
+                'ParameterValue': 'Yes'
             }
         ]