in Onboarding/AWS/GrantAccessToEksClusters.py [0:0]
def fileter_unsupported_roles(roles_details: List[Dict[str, Dict]]) -> List[Dict[str, Dict]]:
supported_roles = []
unsupported_roles = []
for role in roles_details:
trust_policy_document = role["Role"]["AssumeRolePolicyDocument"]
conditions = check_required_conditions(trust_policy_document)
if any(conditions.values()):
unsupported_roles.append((role, conditions))
else:
supported_roles.append(role)
if not supported_roles:
sys.exit("All of the provided roles are not supported. Please make sure the roles you provided doesn't require MFA, ExternalId, or SourceIdentity")
for role, conditions in unsupported_roles:
role_arn = role['Role']['Arn']
warnings = [f"Role {role_arn} doesn't allow sts:AssumeRole action. Skipping..."
if condition == "sts:AssumeRole" else f"Role {role_arn} requires {condition}, which is currently not supported. Skipping..."
for condition, required in conditions.items() if required]
print_warning("\n".join(warnings))
return supported_roles