o .&aH%@srddlZddlmZmZmZmZmZmZddlm Z ddl m Z m Z m Z ddlmZeeZGddde ZdS)N)&DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME'DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME%DATAPIPELINE_DEFAULT_SERVICE_ROLE_ARN&DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ARN/DATAPIPELINE_DEFAULT_SERVICE_ROLE_ASSUME_POLICY0DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ASSUME_POLICY) BasicCommand)display_responsedict_to_string get_region) ClientErrorcseZdZdZdededZdfdd Zdd Zd d Z d d Z ddZ ddZ ddZ ddZddZddZddZZS)CreateDefaultRoleszcreate-default-roleszCreates the default IAM role z and z which are used while creating an EMR cluster. If the roles do not exist, create-default-roles will automatically create them and set their policies. If these roles are already created create-default-roles will not update their policies. Ncstt||dSN)superr __init__)selfsession formatter __class__W/usr/lib/python3/dist-packages/awscli/customizations/datapipeline/createdefaultroles.pyr.szCreateDefaultRoles.__init__cKs>t|j||_|j|_|jjd|j|j|jd|_|||S)zCall to run the commandsiam) region_name endpoint_urlverify) r _session_regionr _endpoint_url create_client verify_ssl _iam_client_create_default_roles)r parsed_argsparsed_globalskwargsrrr _run_main1s zCreateDefaultRoles._run_maincCsbd}d}||rtd|d||fStd|d|||||}||}||fS)z[Method to create a role for a given role name and arn if it does not exist NzRole  exists.z0 does not exist. Creating default role for EC2: )_check_if_role_existsLOGdebug_create_role_with_role_policy_get_role_policy)r role_namerole_arn role_policy role_resultrole_policy_resultrrr _create_role=s   zCreateDefaultRoles._create_rolecCs$g}|||||||||S)znMethod to create a resultant list of responses for create roles for service and resource role ))_construct_role_and_role_policy_structure)rdpl_default_resultdpl_default_policydpl_default_res_resultdpl_default_res_policyresultrrr_construct_resultRsz$CreateDefaultRoles._construct_resultc Cs|ttt\}}|ttt\}}t}||r#t d|dnt d|d|| ||| ||||}t |j d||dS)NzInstance Profile r'z2does not exist. Creating default Instance Profile create_roler)r2rrrrrr!_check_if_instance_profile_existsr)r*"_create_instance_profile_with_roler9r r) rr#r$datapipline_default_resultdatapipline_default_policy#datapipline_default_resource_result#datapipline_default_resource_policyinstance_profile_namer8rrrr"cs@  z(CreateDefaultRoles._create_default_rolescCs2|jj|d}|jj||ddd}|ddS)zvMethod to get the Policy for a particular ARN This is used to display the policy contents to the user ) PolicyArnPolicyDefaultVersionId)rB VersionId PolicyVersionDocument)r! get_policyget_policy_version)rarnpol_detpolicy_version_detailsrrrr,s   z#CreateDefaultRoles._get_role_policycCs(|jj|t|d}|jj||d|S)z]Method to create role with a given rolename, assume_role_policy and role_arn )RoleNameAssumeRolePolicyDocument)rBrM)r!r:r attach_role_policy)rr-assume_role_policyr.create_role_responserrrr+sz0CreateDefaultRoles._create_role_with_role_policycCs4|dur|ddur||d|d|SdSdS)z;Method to construct the message to be displayed to the userNRole)rR RolePolicy)append)rlist_valresponsepolicyrrrr3szs