Skip to content

Commit

Permalink
digitalOcean: Don't ignore authToken when available. Fixes #925
Browse files Browse the repository at this point in the history
  • Loading branch information
@nh2
nh2 committed Apr 15, 2018
1 parent d4b2fc5 commit 047cbe7
Showing 1 changed file with 20 additions and 5 deletions.
25 changes: 20 additions & 5 deletions nixops/backends/digital_ocean.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,15 +111,27 @@ def create_after(self, resources, defn):
isinstance(r, nixops.resources.ssh_keypair.SSHKeyPairState)
}

def get_auth_token(self):
return os.environ.get('DIGITAL_OCEAN_AUTH_TOKEN', self.auth_token)
# Note: Getting the auth token from the machine definition is always
# better (more up-to-date) than getting it from the state, but not
# all functions have access to the definition.
# See https://github.com/NixOS/nixops/issues/627.
def get_auth_token_from_env_or_defn(self, defn):
return os.environ.get('DIGITAL_OCEAN_AUTH_TOKEN', defn.auth_token)

def get_auth_token_from_env_or_state(self):
token = os.environ.get('DIGITAL_OCEAN_AUTH_TOKEN', self.auth_token)
assert token, "auth_token not found in state, set it with the DIGITAL_OCEAN_AUTH_TOKEN env var or set ‘deployment.digitalOcean.authToken’ and redeploy"
return token

def destroy(self, wipe=False):
self.log("destroying droplet {}".format(self.droplet_id))
try:
droplet = digitalocean.Droplet(id=self.droplet_id, token=self.get_auth_token())
droplet = digitalocean.Droplet(id=self.droplet_id, token=self.get_auth_token_from_env_or_state())
droplet.destroy()
except digitalocean.baseapi.NotFoundError:
# Note: Unfortunately this can also trigger when the droplet is still creating,
# and there doesn't seem to be a way to distinguish the two cases.
# In that case, we leak the droplet.
self.log("droplet not found - assuming it's been destroyed already")
self.public_ipv4 = None
self.droplet_id = None
Expand All @@ -134,9 +146,12 @@ def create(self, defn, check, allow_reboot, allow_recreate):
if self.droplet_id is not None:
return

self.manager = digitalocean.Manager(token=self.get_auth_token())
token = self.get_auth_token_from_env_or_defn(defn)
self.auth_token = token

self.manager = digitalocean.Manager(token=token)
droplet = digitalocean.Droplet(
token=self.get_auth_token(),
token=token,
name=self.name,
region=defn.region,
ipv6=defn.enable_ipv6,
Expand Down

0 comments on commit 047cbe7

Please sign in to comment.