o !d&@sddlZddlZddlmZmZmZmZmZmZddl m Z ddl m Z m Z mZddlmZeeZdZdZGdd d e ZdS) N)&DATAPIPELINE_DEFAULT_SERVICE_ROLE_NAME'DATAPIPELINE_DEFAULT_RESOURCE_ROLE_NAME%DATAPIPELINE_DEFAULT_SERVICE_ROLE_ARN&DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ARN/DATAPIPELINE_DEFAULT_SERVICE_ROLE_ASSUME_POLICY0DATAPIPELINE_DEFAULT_RESOURCE_ROLE_ASSUME_POLICY) BasicCommand)display_responsedict_to_string get_region) ClientErrora Support for this command has been deprecated and may fail to create these roles if they do not already exist. For more information on managing these policies manually see the following documentation: https://docs.aws.amazon.com/datapipeline/latest/DeveloperGuide/dp-iam-roles.html a- NOTE: {} Creates the default IAM role "{}" and "{}" which are used while creating an EMR cluster. If these roles do not exist, create-default-roles will automatically create them and set their policies. If these roles have already been created create-default-roles will not update their policies. cseZdZdZdZeeee Z dfdd Z ddZ dd Z d d Zd d ZddZddZddZddZddZddZZS)CreateDefaultRoleszcreate-default-rolesTNcstt||dSN)superr __init__)selfZsession formatter __class__Yusr/lib/python3.10/site-packages/awscli/customizations/datapipeline/createdefaultroles.pyrAszCreateDefaultRoles.__init__cKsHt|j||_|j|_|jjd|j|j|jd|_t t | ||S)zCall to run the commandsZiam)Z region_name endpoint_urlZverify) r _sessionZ_regionrZ _endpoint_urlZ create_clientZ verify_ssl _iam_clientwarningswarn_DEPRECATION_NOTICE_create_default_roles)r parsed_argsparsed_globalskwargsrrr _run_mainDs  zCreateDefaultRoles._run_maincCsbd}d}||rtd|d||fStd|d|||||}||}||fS)z[Method to create a role for a given role name and arn if it does not exist NzRole  exists.z0 does not exist. Creating default role for EC2: )_check_if_role_existsLOGdebug_create_role_with_role_policy_get_role_policy)r role_namerole_arnZ role_policyZ role_resultZrole_policy_resultrrr _create_roleQs   zCreateDefaultRoles._create_rolecCs$g}|||||||||S)znMethod to create a resultant list of responses for create roles for service and resource role ))_construct_role_and_role_policy_structure)rZdpl_default_resultZdpl_default_policyZdpl_default_res_resultZdpl_default_res_policyresultrrr_construct_resultfsz$CreateDefaultRoles._construct_resultc Cs|ttt\}}|ttt\}}t}||r#t d|dnt d|d|| ||| ||||}t |j d||dS)NzInstance Profile r"z2does not exist. Creating default Instance Profile create_roler)r*rrrrrr!_check_if_instance_profile_existsr$r%"_create_instance_profile_with_roler-r r) rrrZdatapipline_default_resultZdatapipline_default_policyZ#datapipline_default_resource_resultZ#datapipline_default_resource_policyinstance_profile_namer,rrrrws@  z(CreateDefaultRoles._create_default_rolescCs2|jj|d}|jj||ddd}|ddS)zvMethod to get the Policy for a particular ARN This is used to display the policy contents to the user ) PolicyArnPolicyZDefaultVersionId)r2Z VersionIdZ PolicyVersionZDocument)rZ get_policyZget_policy_version)rZarnZpol_detZpolicy_version_detailsrrrr's   z#CreateDefaultRoles._get_role_policycCs(|jj|t|d}|jj||d|S)z]Method to create role with a given rolename, assume_role_policy and role_arn )RoleNameZAssumeRolePolicyDocument)r2r4)rr.r Zattach_role_policy)rr(Zassume_role_policyr)Zcreate_role_responserrrr&sz0CreateDefaultRoles._create_role_with_role_policycCs4|dur|ddur||d|d|SdSdS)z;Method to construct the message to be displayed to the userNRole)r5Z RolePolicy)append)rZlist_valresponsepolicyrrrr+szr?NFT)rZget_roler r7)rr(r@rrrr#s z(CreateDefaultRoles._check_if_role_existscCs"|jj|d|jj||ddS)z3Method to create the instance profile with the roler;)r<r4N)rZcreate_instance_profileZadd_role_to_instance_profile)rr1r(rrrr0s  z5CreateDefaultRoles._create_instance_profile_with_roler)__name__ __module__ __qualname__NAMEZ _UNDOCUMENTED _DESCRIPTIONformatrrrZ DESCRIPTIONrr!r*r-rr'r&r+r/r#r0 __classcell__rrrrr 7s& #  r )loggingrZ,awscli.customizations.datapipeline.constantsrrrrrrZawscli.customizations.commandsrZ-awscli.customizations.datapipeline.translatorr r r Zbotocore.exceptionsr getLoggerrAr$rrEr rrrrs