o .&a6@sLddlZddlZddlZddlZddlmZddlmZddlm Z ddlm Z ddlm Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddlmZddlmZddlmZddlmZeeZddZ ddZ!d!ddZ"ddZ#ddZ$Gdd d e Z%dS)"N) xform_name)get_policy_arn_suffix) configutils)emrutils) exceptions)Command)EC2) EC2_ROLE_NAME)ROLE_ARN_PATTERN)EMR) EMR_ROLE_NAME)EMR_AUTOSCALING_ROLE_NAME)APPLICATION_AUTOSCALING)EC2_ROLE_POLICY_NAME)EMR_ROLE_POLICY_NAME) EMR_AUTOSCALING_ROLE_POLICY_NAME)EMR_AUTOSCALING_SERVICE_NAME)!EMR_AUTOSCALING_SERVICE_PRINCIPAL)ResolveServicePrincipalErrorcCsdddd|iddgdS)Nz 2008-10-17AllowServicezsts:AssumeRole)SidEffect PrincipalAction)Version Statement)serviceprincipalrrN/usr/lib/python3/dist-packages/awscli/customizations/emr/createdefaultroles.pyassume_role_policy-sr!cCs$t|}td|}|d|}|S)Nz{{region_suffix}}z{{policy_name}})rr replace)region policy_name region_suffixrole_arnrrr get_role_policy_arn;s  r'cCsFt|\}}|durtj}|tkr||ddvrtS|d|S)Nemrzaws-cn.))_get_suffix_and_region_from_endpoint_hostbotocoresessionSessionrget_available_regionsr)service endpoint_hostr,suffixr#rrr get_service_principalBs   r2cCs:t|}|dur|jdkr|d}|d}||fSt)N)#_get_regex_match_from_endpoint_host lastindexgroupr)r0 suffix_matchr1r#rrr r*Ns   r*cCs0|durdStd|}|durtd|}|S)Nz+(https?://)([^.]+).elasticmapreduce.([^/]*)z+(https?://elasticmapreduce).([^.]+).([^/]*))rematch)r0 regex_matchrrr r5Zsr5c@seZdZdZdededZddddgZd d Zd d Z d dZ ddZ ddZ ddZ ddZddZddZddZddZdS) CreateDefaultRoleszcreate-default-roleszCreates the default IAM role z and a which can be used when creating the cluster using the create-cluster command. The default roles for EMR use managed policies, which are updated automatically to support future EMR functionality. If you do not have a Service Role and Instance Profile variable set for your create-cluster command in the AWS CLI config file, create-default-roles will automatically set the values for these variables with these default roles. If you have already set a value for Service Role or Instance Profile, create-default-roles will not automatically set the defaults for these variables in the AWS CLI config file. You can view settings for variables in the config file using the "aws configure get" command. z iam-endpointTz

The IAM endpoint to call for creating the roles. This is optional and should only be specified when a custom endpoint should be called for IAM operations.

)name no_paramfile help_textc Cs|j|_||j|j|jjd|j|j|jdjj|_ t d|j | |t ttg\}}t }|||rAt d|dnt d|d|||||| |tttg\}}| |ttttg\}} t|jt|jd||||||| |dS) Nr( region_name endpoint_urlverifyz@elasticmapreduce endpoint used for resolving service principal: zInstance Profile  exists.z2does not exist. Creating default Instance Profile create_roler) iam_endpointiam_endpoint_url_check_for_iam_endpointr#_session create_clientrB verify_sslmetaemr_endpoint_urlLOGdebug_create_role_if_not_existsr rr check_if_instance_profile_exists"_create_instance_profile_with_roler rr r rrr update_rolesrdisplay_response_construct_result) self parsed_argsparsed_globals ec2_result ec2_policyinstance_profile_name emr_result emr_policyemr_autoscaling_resultemr_autoscaling_policyrrr _run_main_commands`  z$CreateDefaultRoles._run_main_commandcCstd}d}|||rtd|d||fStd|d|t|j|}|||||}|||}||fS)NzRole rDz( does not exist. Creating default role: )check_if_role_existsrNrOr'r#_create_role_with_role_policy_get_role_policy)rVrX role_namer$ service_namesresultpolicyr&rrr rPs   z-CreateDefaultRoles._create_role_if_not_existscCsBz |jd|WdStjjy |durtj|dYdSw)Nr()r#)rIrJr+rUnknownEndpointErrorUnknownIamEndpointError)rVr#rFrrr rHs z*CreateDefaultRoles._check_for_iam_endpointcCs2g}|||||||||||||SN))_construct_role_and_role_policy_structure)rV ec2_responserZ emr_responser]emr_autoscaling_responser_rfrrr rUsz$CreateDefaultRoles._construct_resultcCs4|dur|ddur||d|d|SdSdS)NRole)ro RolePolicy)append)rVlistresponsergrrr rkszs<