U

<�^mR�@s
dd
lZdd
l
Z
dd
lZdd
lZdd
lZdd
lZdd
lZdd
lZdd
lZdd
l	Z	dd
l
Z
ddlmZ
ddl
mZmZmZ
ddlmZ
ddlmZ
e�e�
ZdZejdd�
Zd	Zd
Ze�dej�Ze�d�
Z e�d
�
Z!dZ"d�#�Z$dd�Z%dd�Z&Gdd�de�Z'dd�Z(dd�Z)d
S)�N)
�ClientError)�shlex_quote�urlopen�ensure_text_type)
�BasicCommand)
�!create_client_from_parsed_globalszOpsWorks-Instance�)
Zminutesz/AWS/OpsWorks/z7arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistrationz^(?!-)[a-z0-9-]{1,63}(?<!-)$z
^i-[0-9a-f]+$z^\d+\.\d+\.\d+\.\d+$z@http://169.254.169.254/latest/dynamic/instance-identity/documenta�

set -e
umask 007
AGENT_TMP_DIR=$(mktemp -d /tmp/opsworks-agent-installer.XXXXXXXXXXXXXXXX)
curl --retry 5 -L %(agent_installer_url)s | tar xz -C $AGENT_TMP_DIR
cat >$AGENT_TMP_DIR/opsworks-agent-installer/preconfig <<EOF
%(preconfig)s
EOF
exec sudo /bin/sh -c "OPSWORKS_ASSETS_DOWNLOAD_BUCKET=%(assets_download_bucket)s $AGENT_TMP_DIR/opsworks-agent-installer/boot-registration; rm -rf $AGENT_TMP_DIR"
c

Cs|�d
t
�
dS)Nzbuilding-command-table.opsworks)�register�inject_commands)
Zcli�r�@/usr/lib/python3/dist-packages/awscli/customizations/opsworks.py�
initialize=s
r
cKst|
�
|d
<dS)Nr	)
�OpsWorksRegister)Z
command_table�session�kwargsrrrr
As
r
cs
eZ
dZd
Ze�d�
��Zdddd�dddd	gd
d�dd
dd�dddd�dddd�dddd�dddd�dddd�dd d!d"�d#d d$d"�d%dd&d'd(d)�gZ�f
d*d+�Z	d,d-�Z
d.d/�Zd0d1�Zd2d3�Z
d4d5�Zd6d7�Zd8d9�Zd:d;�Zd<d=�Zd>d?�ZedEdAdB�
�
ZedCdD��
Z�ZS)Frr	z�
        Registers an EC2 instance or machine with AWS OpsWorks.

        Registering a machine using this command will install the AWS OpsWorks
        agent on the target machine and register it with an existing OpsWorks
        stack.
    zstack-idTzZA stack ID. The instance will be registered with the
                         given stack.)�name�required�	help_textzinfrastructure-class�ec2�on-premiseszzSpecifies whether to register an EC2 instance (`ec2`)
                         or an on-premises instance (`on-premises`).)rr�choicesrzoverride-hostname�hostnamezrThe instance hostname. If not provided, the current
                         hostname of the machine will be used.)r�destrzoverride-private-ip�
private_ipaA
An IP address. If you set this parameter, the given IP
                         address will be used as the private IP address within
                         OpsWorks.  Otherwise the private IP address will be
                         determined automatically. Not to be used with EC2
                         instances.zoverride-public-ip�	public_ipa?
An IP address. If you set this parameter, the given IP
                         address will be used as the public IP address within
                         OpsWorks.  Otherwise the public IP address will be
                         determined automatically. Not to be used with EC2
                         instances.zoverride-ssh�sshzmIf you set this parameter, the given command will be
                         used to connect to the machine.zssh-username�usernamezXIf provided, this username will be used to connect to
                         the host.zssh-private-key�private_keyzhIf provided, the given private key file will be used
                         to connect to the machine.�local�
store_truez�If given, instead of a remote machine, the local
                         machine will be imported. Cannot be used together
                         with `target`.)r�actionrzuse-instance-profilezRUse the instance profile instead of creating an IAM
                         user.�target�
?z
[<target>]z�Either the EC2 instance ID or the hostname of the
                         instance or machine to be registered with OpsWorks.
                         Cannot be used together with `--local`.)rZpositional_arg�nargsZsynopsisrcs>tt
|��|
�

d|_d|_d|_d|_d|_d|_d|_	dS�
N)
�superr�__init__�_stack�
_ec2_instance�_prov_params�_use_address�
_use_hostname�
_name_for_iam�
access_key)�selfr�
�	__class__rrr&}s







zOpsWorksRegister.__init__cCs"|j�
d
�
|_t|jd|�|_dS)N�iam�opsworks)�_session�
create_clientr1rr2�r.�argsZparsed_globalsrrr�_create_clients�s


�z OpsWorksRegister._create_clientscCsL|�|
|�
|�
|
�

|�|
�

|�|
�

|�|
�

|�|
�

|�|
�

dSr$)r7�prevalidate_arguments�retrieve_stack�validate_arguments�determine_details�create_iam_entities�setup_target_machiner5rrr�	_run_main�s










zOpsWorksRegister._run_maincCs�|
js|
j
std
�
�
n|
jr*|
j
r*td�
�
|
j
rDt��dkrDtd�
�
|
jr^|
jsV|
jr^td�
�
|
jdkr�|
j	rvtd�
�
|
j
r�td�
�
|
jd	kr�|
jr�td
�
�
|
jr�t
�|
j�
s�td|
j�
�
dS)
zN
        Validates command line arguments before doing anything else.
        z%One of target or --local is required.z4Arguments target and --local are mutually exclusive.ZLinuxz6Non-Linux instances are not supported by AWS OpsWorks.zYArgument --override-ssh cannot be used together with --ssh-username or --ssh-private-key.rz/--override-private-ip is not supported for EC2.z.--override-public-ip is not supported for EC2.rz1--use-instance-profile is only supported for EC2.zxInvalid hostname: '%s'. Hostnames must consist of letters, digits and dashes only and must not start or end with a dash.N)r!r�
ValueError�platform�systemrrr�infrastructure_classrr�use_instance_profiler�HOSTNAME_RE�match�r.r6rrrr8�sH




�

�

�



�

�

�
�


��z&OpsWorksRegister.prevalidate_argumentscs~
t�
d
�

|jj�jg
d�
dd|_|jj|jdd�
|_�jdk�
rz�j	�
szt�
d�

|j
jd|jd	d
�}dgi
}g�
d|jkr�|d�d
|jdg
d��

n�
�dd��

t
��j�
r̈jg
|d<n@t��j�
r�
��f
dd��

�j|_n|d�d�jg
d��

�
f
dd�|jf|�
dD�
}|�
s@td�j�
�
n0t|�
dk�
rptd�jd�dd�|D�
�
f�
�
|d|_dS)z�
        Retrieves the stack from the API, thereby ensures that it exists.

        Provides `self._stack`, `self._prov_params`, `self._use_address`, and
        `self._ec2_instance`.
        z,Retrieving stack and provisioning parameters)
ZStackIdsZStacksr
�StackId�
rGrz#Retrieving EC2 instance information�Region)
Zregion_nameZFilters�VpcIdzvpc-id)�NameZValuesc

Ssd
|kS)NrJr�
�instancerrr�<lambda>��z1OpsWorksRegister.retrieve_stack.<locals>.<lambda>ZInstanceIdsc

s |�d
�
�j
kp|�d�
�j
kS)N�PrivateIpAddress�PublicIpAddress)�getr!rL�
r6rrrN�s

ztag:Namec
s4g|],}
|
dD]�t�f
d
d��
D�
�
r��qqS)�	Instancesc
3s|]}
|
��
V
qdSr$r)�.0�
c�
�
irr�	<genexpr>�sz=OpsWorksRegister.retrieve_stack.<locals>.<listcomp>.<genexpr>)
�all)rU�
r)
�
conditionsrWr�
<listcomp>�s



�z3OpsWorksRegister.retrieve_stack.<locals>.<listcomp>ZReservationsz&Did not find any instance matching %s.�
z)Found multiple instances matching %s: %s.z, c
ss|]}
|
dV
qd
S)Z
InstanceIdNr)rUrXrrrrY
sz2OpsWorksRegister.retrieve_stack.<locals>.<genexpr>N)�LOG�debugr2Zdescribe_stacks�stack_idr'Z&describe_stack_provisioning_parametersr)rBrr3r4�append�INSTANCE_ID_RErEr!�
IP_ADDRESS_REr*�describe_instancesr?�len�joinr()r.r6rZ	desc_args�	instancesr)r6r\rr9�sd


���
��



�



�



�

�
�

�



��zOpsWorksRegister.retrieve_stackcs��jrB|j
j|jd
d�
d}t�f
dd�|D�
�
rBtd�j�
�
�jdkr��jr�t�	t
tt�
�
��
�
d}||jd	kr�td
�
�
dS)zS
        Validates command line arguments using the retrieved information.
        rGrHrTc
3s |]}
�j�
�|
dkV
qd
S)ZHostnameN)r�lower)rUrMrSrrrY
s
�z6OpsWorksRegister.validate_arguments.<locals>.<genexpr>z@Invalid hostname: '%s'. Hostnames must be unique within a stack.r�regionrIz1The stack's and the instance's region must match.N)rr2rer'�anyr?rBr�json�loadsrr�IDENTITY_URL�read)r.r6rhrjrrSrr:	
s0

��
�

��
�
�

�z#OpsWorksRegister.validate_argumentscCs�|jsn|
j
rn`|
jd
kr\d|jkr0|jd|_qnd|jkrRt�d�

|jd|_qntd�
�
n|
jdkrn|
j|_|
jr�|
j|_	|
j|_
n&|
j
r�d|_	t��|_
nd|_	|
j|_
dS)a


        Determine details (like the address to connect to and the hostname to
        use) from the given arguments and the retrieved data.

        Provides `self._use_address` (if not provided already),
        `self._use_hostname` and `self._name_for_iam`.
        rrQrPzYInstance does not have a public IP address. Trying to use the private address to connect.z1The instance does not seem to have an IP address.rN)
r*rrBr(r_�warnr?r!rr+r,�socketZgethostnamerFrrrr; 
s0











�
�








z"OpsWorksRegister.determine_detailscCsR|
jrt
�d
�

d|_dSt
�d�

dt|jd�
}z |jj|td�
t
�d|�
WnJt	k
r�
}
z,|j
�di��d	�
d
kr�t
�d|�
n�W5d}~XYnXt
�d�

d
tt|jd�
d�tt|j
�
d�f}td�
D]�}||r�d|nd}z|jj|td�
WnNt	k
�
rV
}
z.|j
�di��d	�
d
k�
rDt
�d|�
n�W5d}~XYq�Xt
�d|�

�
qtq�td�
�
t
�d�

|jj||d�
z|jjt|d�
Wn~t	k
�r 
}
z^|j
�di��d	�
dk�rt
�dt|�
|jjt|�|jdt�|d�
t
�dt|�
n�W5d}~XYnXt
�dt|�
t
�d �

|jj|d!�
d"|_dS)#zp
        Creates an IAM group, user and corresponding credentials.

        Provides `self.access_key`.
        zSkipping IAM entity creationNz#Creating the IAM group if necessaryzOpsWorks-%srG)�	GroupName�PathzCreated IAM group %s�ErrorZCodeZEntityAlreadyExistszIAM group %s exists, continuingzCreating an IAM userzOpsWorks-%s-%srK��z+%s�)�UserNamersz/IAM user %s already exists, trying another namezCreated IAM user %sz&Couldn't find an unused IAM user name.z3Adding the user to the group and attaching a policy)rrrx)Z	PolicyArnrxZAccessDeniedzFUnauthorized to attach policy %s to user %s. Trying to put user policyZArn)Z
PolicyNameZPolicyDocumentrxzPut policy %s to user %szAttached policy %s to user %szCreating an access key)
rxZ	AccessKey)rCr_r`r-�
clean_for_iamr'r1Zcreate_group�IAM_PATHrZresponserR�shorten_namer,�rangeZcreate_userr?Zadd_user_to_groupZattach_user_policy�IAM_POLICY_ARNZput_user_policy�IAM_USER_POLICY_NAME�_iam_policy_document�IAM_USER_POLICY_TIMEOUTZcreate_access_key)r.r6Z
group_name�
eZ
base_usernameZtry_rrrrr<G
s�















�







�





�




�


��


�


�


��z$OpsWorksRegister.create_iam_entitiescCsht|j
d
|�|�|
�
�
|j
ddd�}|
jrNt�d�

t�dd|g�

nt�d�

|�	|
|�
d	S)
zz
        Setups the target machine by copying over the credentials and starting
        the installation process.
        ZAgentInstallerUrl�
Parameters�assets_download_bucket)Zagent_installer_urlZ	preconfigr�zRunning the installer locally�/bin/sh�-cz6Connecting to the target machine to run the installer.N)
�
REMOTE_SCRIPTr)�
_to_ruby_yaml�_pre_config_documentrr_r`�
subprocess�
check_callr)r.r6�
remote_scriptrrrr=�
s�	




z%OpsWorksRegister.setup_target_machinec	Cs8
t�
�d
kr�z�tjddd�}|�|�

|��
|
j	r<|
j	}nBd}|
j
rT|d|
j
7}|
jrh|d|
j7}|d|j7}|d	7}|d|j7}t
j|d
d�
W5t�|j�

Xn�|
j	r�t�t|
j	�
�
}n@dd
g}|
j
r�|�d|
j
g�

|
jr�|�d|
jg�

|�|j�

dd|g}|�d�dd�|D�
�
�

t
�|�

dS)zA
        Runs a (sh) script on a remote machine via SSH.
        ZWindowsZwtF)
�deleteZplinkz -l "%s"z -i "%s"z "%s"z -mT)
�shellrz-ttz-lz-ir�r��
 c
ss|]}
t|
�
V
qdSr$)
r)rUZwordrrrrY�
sz'OpsWorksRegister.ssh.<locals>.<genexpr>N)r@rA�os�remover�tempfileZNamedTemporaryFile�write�closerrrr*r�r��shlex�split�str�extendrbrg)r.r6r�Zscript_file�callZremote_callrrrr�
s8






















zOpsWorksRegister.sshcCs�tfd
|j
di
|jd��
}|jr@|jd|d<|jd|d<|jrP|j|d<|
jr`|
j|d	<|
jrp|
j|d
<|
jdk|d<t�	d
|�
|S)NrarGr�ZAccessKeyIdZ
access_key_idZSecretAccessKeyZsecret_access_keyrrrr�importzUsing pre-config: %r)
�dictr'r)r-r+rrrBr_r`)r.r6�
parametersrrrr��
s$

��
�










z%OpsWorksRegister._pre_config_documentNcCsNd
d|d�}|
dk	r8tj�
�|
}dd|�d�
i
i
|d<|g
dd	�}t�|�
S)
Nzopsworks:RegisterInstanceZAllow)ZActionZEffectZResourceZDateLessThanzaws:CurrentTimez%Y-%m-%dT%H:%M:%SZZ	Conditionz
2012-10-17)Z	StatementZVersion)�datetimeZutcnow�strftimerl�dumps)ZarnZtimeoutZ	statementZvalid_untilZpolicy_documentrrrr�
s

�


��
�z%OpsWorksRegister._iam_policy_documentc

Csd
�dd�t
|���
D�
�
S)N�

c
ss$|]\}
}d|
t�
|�
fV
qd
S)z:%s: %sN)rlr�)rU�
k�
vrrrrYs
�z1OpsWorksRegister._to_ruby_yaml.<locals>.<genexpr>)rg�sorted�items)
r�rrrr�	s


�zOpsWorksRegister._to_ruby_yaml)
N)�__name__�
__module__�__qualname__�NAME�textwrap�dedent�stripZDESCRIPTIONZ	ARG_TABLEr&r7r>r8r9r:r;r<r=rr��staticmethodrr��
__classcell__rrr/rrEsj

	
�

�
�
�
�
�
�
�
�
�

��.

'L'\(

rc

Cst�
d
d|�S)z9
    Cleans a name to fit IAM's naming requirements.
    z[^A-Za-z0-9+=,.@_-]+�
-)�re�sub)
rrrrrysrycCsDt|�
|
k
r|St
|
d
d�\}}|d||�d||d�S)z<
    Shortens a name to the given number of characters.
    ��Nz...)rf�divmod)rZ
max_length�
qr[rrrr{s


r{)*r�rlZloggingr�r@r�r�rqr�r�r�Zbotocore.exceptionsrZ
awscli.compatrrrZawscli.customizations.commandsrZawscli.customizations.utilsrZ	getLoggerr�r_r~Z	timedeltar�rzr}�compile�
IrDrcrdrn�lstripr�r
r
rryr{rrrr�<module>
sB



















�M