Example #1
0
def ec2_iam_role_validator(param_key, param_value, pcluster_config):
    errors = []
    warnings = []
    try:
        iam = boto3.client("iam")
        arn = iam.get_role(RoleName=param_value).get("Role").get("Arn")
        account_id = boto3.client(
            "sts", endpoint_url=_get_sts_endpoint()).get_caller_identity().get(
                "Account")

        iam_policy = _get_pcluster_user_policy(get_partition(), get_region(),
                                               account_id)

        for actions, resource_arn in iam_policy:
            response = iam.simulate_principal_policy(
                PolicySourceArn=arn,
                ActionNames=actions,
                ResourceArns=[resource_arn])
            for decision in response.get("EvaluationResults"):
                if decision.get("EvalDecision") != "allowed":
                    errors.append(
                        "IAM role error on user provided role {0}: action {1} is {2}.\n"
                        "See https://docs.aws.amazon.com/parallelcluster/latest/ug/iam.html"
                        .format(param_value, decision.get("EvalActionName"),
                                decision.get("EvalDecision")))
    except ClientError as e:
        errors.append(e.response.get("Error").get("Message"))

    return errors, warnings
def automate_vpc_with_subnet_creation(network_configuration, compute_subnet_size):
    print("Beginning VPC creation. Please do not leave the terminal until the creation is finalized")
    vpc_creator = VpcFactory(get_region())
    vpc_id = vpc_creator.create()
    vpc_creator.setup(vpc_id, name="ParallelClusterVPC" + TIMESTAMP)
    if not vpc_creator.check(vpc_id):
        logging.critical("Something went wrong in VPC creation. Please delete it and start the process again")
        sys.exit(1)

    vpc_parameters = {"vpc_id": vpc_id}
    vpc_parameters.update(automate_subnet_creation(vpc_id, network_configuration, compute_subnet_size))
    return vpc_parameters
Example #3
0
def _get_keys():
    """Return a list of keys."""
    keypairs = boto3.client("ec2").describe_key_pairs()
    key_options = []
    for key in keypairs.get("KeyPairs"):
        key_name = key.get("KeyName")
        key_options.append(key_name)

    if not key_options:
        print(
            "No KeyPair found in region {0}, please create one following the guide: "
            "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html"
            .format(get_region()))

    return key_options
Example #4
0
def dcv_enabled_validator(param_key, param_value, pcluster_config):
    errors = []
    warnings = []

    cluster_section = pcluster_config.get_section("cluster")
    if param_value == "master":

        allowed_oses = get_supported_dcv_os()
        if cluster_section.get_param_value("base_os") not in allowed_oses:
            errors.append(
                "NICE DCV can be used with one of the following operating systems: {0}. "
                "Please double check the 'base_os' configuration parameter".
                format(allowed_oses))

        if get_partition() not in get_supported_dcv_partition():
            errors.append(
                "NICE DCV is not supported in the selected region '{0}'".
                format(get_region()))

    return errors, warnings
def _validate_vpc(vpc_id):
    # This function should be further expandend once we decide to allow the user to use his vpcs. For example, we should
    # also check for the presence of a NAT gateway
    if not VpcFactory(get_region()).check(vpc_id):
        logging.error("WARNING: The VPC does not have the correct parameters set.")
Example #6
0
def _get_sts_endpoint():
    """Get regionalized STS endpoint."""
    region = get_region()
    return "https://sts.{0}.{1}".format(
        region,
        "amazonaws.com.cn" if region.startswith("cn-") else "amazonaws.com")
Example #7
0
def dcv_enabled_validator(param_key, param_value, pcluster_config):
    errors = []
    warnings = []

    cluster_section = pcluster_config.get_section("cluster")
    if param_value == "master":

        allowed_oses = get_supported_dcv_os()
        if cluster_section.get_param_value("base_os") not in allowed_oses:
            errors.append(
                "NICE DCV can be used with one of the following operating systems: {0}. "
                "Please double check the 'base_os' configuration parameter".format(allowed_oses)
            )

        if get_partition() not in get_supported_dcv_partition():
            errors.append("NICE DCV is not supported in the selected region '{0}'".format(get_region()))

        if pcluster_config.get_section("dcv").get_param_value("access_from") == CIDR_ALL_IPS:
            LOGFILE_LOGGER.warning(
                DCV_MESSAGES["warnings"]["access_from_world"].format(
                    port=pcluster_config.get_section("dcv").get_param_value("port")
                )
            )

    return errors, warnings