def ec2_iam_role_validator(param_key, param_value, pcluster_config): errors = [] warnings = [] try: iam = boto3.client("iam") arn = iam.get_role(RoleName=param_value).get("Role").get("Arn") account_id = boto3.client( "sts", endpoint_url=_get_sts_endpoint()).get_caller_identity().get( "Account") iam_policy = _get_pcluster_user_policy(get_partition(), get_region(), account_id) for actions, resource_arn in iam_policy: response = iam.simulate_principal_policy( PolicySourceArn=arn, ActionNames=actions, ResourceArns=[resource_arn]) for decision in response.get("EvaluationResults"): if decision.get("EvalDecision") != "allowed": errors.append( "IAM role error on user provided role {0}: action {1} is {2}.\n" "See https://docs.aws.amazon.com/parallelcluster/latest/ug/iam.html" .format(param_value, decision.get("EvalActionName"), decision.get("EvalDecision"))) except ClientError as e: errors.append(e.response.get("Error").get("Message")) return errors, warnings
def automate_vpc_with_subnet_creation(network_configuration, compute_subnet_size): print("Beginning VPC creation. Please do not leave the terminal until the creation is finalized") vpc_creator = VpcFactory(get_region()) vpc_id = vpc_creator.create() vpc_creator.setup(vpc_id, name="ParallelClusterVPC" + TIMESTAMP) if not vpc_creator.check(vpc_id): logging.critical("Something went wrong in VPC creation. Please delete it and start the process again") sys.exit(1) vpc_parameters = {"vpc_id": vpc_id} vpc_parameters.update(automate_subnet_creation(vpc_id, network_configuration, compute_subnet_size)) return vpc_parameters
def _get_keys(): """Return a list of keys.""" keypairs = boto3.client("ec2").describe_key_pairs() key_options = [] for key in keypairs.get("KeyPairs"): key_name = key.get("KeyName") key_options.append(key_name) if not key_options: print( "No KeyPair found in region {0}, please create one following the guide: " "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html" .format(get_region())) return key_options
def dcv_enabled_validator(param_key, param_value, pcluster_config): errors = [] warnings = [] cluster_section = pcluster_config.get_section("cluster") if param_value == "master": allowed_oses = get_supported_dcv_os() if cluster_section.get_param_value("base_os") not in allowed_oses: errors.append( "NICE DCV can be used with one of the following operating systems: {0}. " "Please double check the 'base_os' configuration parameter". format(allowed_oses)) if get_partition() not in get_supported_dcv_partition(): errors.append( "NICE DCV is not supported in the selected region '{0}'". format(get_region())) return errors, warnings
def _validate_vpc(vpc_id): # This function should be further expandend once we decide to allow the user to use his vpcs. For example, we should # also check for the presence of a NAT gateway if not VpcFactory(get_region()).check(vpc_id): logging.error("WARNING: The VPC does not have the correct parameters set.")
def _get_sts_endpoint(): """Get regionalized STS endpoint.""" region = get_region() return "https://sts.{0}.{1}".format( region, "amazonaws.com.cn" if region.startswith("cn-") else "amazonaws.com")
def dcv_enabled_validator(param_key, param_value, pcluster_config): errors = [] warnings = [] cluster_section = pcluster_config.get_section("cluster") if param_value == "master": allowed_oses = get_supported_dcv_os() if cluster_section.get_param_value("base_os") not in allowed_oses: errors.append( "NICE DCV can be used with one of the following operating systems: {0}. " "Please double check the 'base_os' configuration parameter".format(allowed_oses) ) if get_partition() not in get_supported_dcv_partition(): errors.append("NICE DCV is not supported in the selected region '{0}'".format(get_region())) if pcluster_config.get_section("dcv").get_param_value("access_from") == CIDR_ALL_IPS: LOGFILE_LOGGER.warning( DCV_MESSAGES["warnings"]["access_from_world"].format( port=pcluster_config.get_section("dcv").get_param_value("port") ) ) return errors, warnings