def ec2_iam_role_validator(param_key, param_value, pcluster_config):
errors = []
warnings = []
try:
iam = boto3.client("iam")
arn = iam.get_role(RoleName=param_value).get("Role").get("Arn")
account_id = boto3.client(
"sts", endpoint_url=_get_sts_endpoint()).get_caller_identity().get(
"Account")
iam_policy = _get_pcluster_user_policy(get_partition(), get_region(),
account_id)
for actions, resource_arn in iam_policy:
response = iam.simulate_principal_policy(
PolicySourceArn=arn,
ActionNames=actions,
ResourceArns=[resource_arn])
for decision in response.get("EvaluationResults"):
if decision.get("EvalDecision") != "allowed":
errors.append(
"IAM role error on user provided role {0}: action {1} is {2}.\n"
"See https://docs.aws.amazon.com/parallelcluster/latest/ug/iam.html"
.format(param_value, decision.get("EvalActionName"),
decision.get("EvalDecision")))
except ClientError as e:
errors.append(e.response.get("Error").get("Message"))
return errors, warnings
def automate_vpc_with_subnet_creation(network_configuration, compute_subnet_size):
print("Beginning VPC creation. Please do not leave the terminal until the creation is finalized")
vpc_creator = VpcFactory(get_region())
vpc_id = vpc_creator.create()
vpc_creator.setup(vpc_id, name="ParallelClusterVPC" + TIMESTAMP)
if not vpc_creator.check(vpc_id):
logging.critical("Something went wrong in VPC creation. Please delete it and start the process again")
sys.exit(1)
vpc_parameters = {"vpc_id": vpc_id}
vpc_parameters.update(automate_subnet_creation(vpc_id, network_configuration, compute_subnet_size))
return vpc_parameters
def _get_keys():
"""Return a list of keys."""
keypairs = boto3.client("ec2").describe_key_pairs()
key_options = []
for key in keypairs.get("KeyPairs"):
key_name = key.get("KeyName")
key_options.append(key_name)
if not key_options:
print(
"No KeyPair found in region {0}, please create one following the guide: "
"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html"
.format(get_region()))
return key_options
def dcv_enabled_validator(param_key, param_value, pcluster_config):
errors = []
warnings = []
cluster_section = pcluster_config.get_section("cluster")
if param_value == "master":
allowed_oses = get_supported_dcv_os()
if cluster_section.get_param_value("base_os") not in allowed_oses:
errors.append(
"NICE DCV can be used with one of the following operating systems: {0}. "
"Please double check the 'base_os' configuration parameter".
format(allowed_oses))
if get_partition() not in get_supported_dcv_partition():
errors.append(
"NICE DCV is not supported in the selected region '{0}'".
format(get_region()))
return errors, warnings
def _validate_vpc(vpc_id):
# This function should be further expandend once we decide to allow the user to use his vpcs. For example, we should
# also check for the presence of a NAT gateway
if not VpcFactory(get_region()).check(vpc_id):
logging.error("WARNING: The VPC does not have the correct parameters set.")
def _get_sts_endpoint():
"""Get regionalized STS endpoint."""
region = get_region()
return "https://sts.{0}.{1}".format(
region,
"amazonaws.com.cn" if region.startswith("cn-") else "amazonaws.com")
def dcv_enabled_validator(param_key, param_value, pcluster_config):
errors = []
warnings = []
cluster_section = pcluster_config.get_section("cluster")
if param_value == "master":
allowed_oses = get_supported_dcv_os()
if cluster_section.get_param_value("base_os") not in allowed_oses:
errors.append(
"NICE DCV can be used with one of the following operating systems: {0}. "
"Please double check the 'base_os' configuration parameter".format(allowed_oses)
)
if get_partition() not in get_supported_dcv_partition():
errors.append("NICE DCV is not supported in the selected region '{0}'".format(get_region()))
if pcluster_config.get_section("dcv").get_param_value("access_from") == CIDR_ALL_IPS:
LOGFILE_LOGGER.warning(
DCV_MESSAGES["warnings"]["access_from_world"].format(
port=pcluster_config.get_section("dcv").get_param_value("port")
)
)
return errors, warnings