1
# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
#
3
# Licensed under the Apache License, Version 2.0 (the "License"). You
4
# may not use this file except in compliance with the License. A copy of
5
# the License is located at
6
#
7
#     http://aws.amazon.com/apache2.0/
8
#
9
# or in the "license" file accompanying this file. This file is
10
# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
11
# ANY KIND, either express or implied. See the License for the specific
12
# language governing permissions and limitations under the License.
13

14
# Declare all the constants used by Lifecycle in this file
15

16
# Lifecycle role names
17
TRUST_POLICY_STATEMENT_FORMAT = '{ \
18
    "Effect": "Allow", \
19
    "Principal": { \
20
        "Federated": "arn:%(AWS_PARTITION)s:iam::%(AWS_ACCOUNT_ID)s:oidc-provider/' \
21
                                '%(OIDC_PROVIDER)s" \
22
    }, \
23
    "Action": "sts:AssumeRoleWithWebIdentity", \
24
    "Condition": { \
25
        "StringLike": { \
26
            "%(OIDC_PROVIDER)s:sub": "system:serviceaccount:%(NAMESPACE)s' \
27
                                ':emr-containers-sa-*-*-%(AWS_ACCOUNT_ID)s-' \
28
                                '%(BASE36_ENCODED_ROLE_NAME)s" \
29
        } \
30
    } \
31
}'
32

33
TRUST_POLICY_STATEMENT_ALREADY_EXISTS = "Trust policy statement already " \
34
                                        "exists for role %s. No changes " \
35
                                        "were made!"
36

37
TRUST_POLICY_UPDATE_SUCCESSFUL = "Successfully updated trust policy of role %s"
38

39