doc and workflow fixes

README.md

@@ -83,21 +83,28 @@ cid-cmd share
 ```
 
 #### Initialize Amazon QuickSight
-One time action to intialize Amazon QuickSight Enerprise Edition.
+One time action to initialize Amazon QuickSight Enterprise Edition.
 
 ```bash
-cid-cmd initqs
+cid-cmd init-qs
 ```
 
+#### Initialize CUR
+One time action to initialize Athena table and Crawler from s3 with CUR data.
+
+```bash
+cid-cmd init-cur
+```
 
 #### Delete Dashboard and all dependencies unused by other
 Delete Dashboards and all dependencies unused by other CID-managed dashboards.(including QuickSight datasets, Athena views and tables)
 ```bash
 cid-cmd delete
 ```
+
 #### Delete Command Options:
 ```
- --dashboard-id TEXT QuickSight dashboard id 
+ --dashboard-id TEXT QuickSight dashboard id
  --athena-database TEXT Athena database
  ```
 

cid/cli.py

@@ -227,34 +227,30 @@ def cleanup(ctx, **kwargs):
 @cid_command
 def share(ctx, dashboard_id, **kwargs):
     """Share QuickSight resources (Dashboard, Datasets, DataSource)"""
-
     ctx.obj.share(dashboard_id)
 
 @click.option('-v', '--verbose', count=True)
 @click.option('-y', '--yes', help='confirm all', is_flag=True, default=False)
 @cid_command
-def initqs(ctx, **kwargs):
+def init_qs(ctx, **kwargs):
     """Initialize Amazon QuickSight
 
     \b
-
      --enable-quicksight-enterprise (yes|no) Confirm the activation of QuickSight
-     --account-name NAME                     Unique QuickSight account name (Unique across all AWS users) 
+     --account-name NAME                     Unique QuickSight account name (Unique across all AWS users)
      --notification-email EMAIL              User's email for QuickSight notifications
     """
 
-    ctx.obj.initqs(**kwargs)
+    ctx.obj.init_qs(**kwargs)
 
 @click.option('-v', '--verbose', count=True)
 @cid_command
 def init_cur(ctx, **kwargs):
     """Initialize CUR
 
     \b
-
-     --enable-quicksight-enterprise (yes|no) Confirm the activation of QuickSight
-     --account-name NAME                     Unique QuickSight account name (Unique across all AWS users) 
-     --notification-email EMAIL              User's email for QuickSight notifications
+     --view-cur-location  s3://BUCKET/PATH   S3 path with CUR data. We support only 2 types of CUR path: 's3://{bucket}/cur' and 's3://{bucket}/{prefix}/{name}/{name}'
+     --crawler-role       ROLE               Name or ARN of crawler role
     """
 
     ctx.obj.init_cur(**kwargs)

cid/common.py

@@ -1244,11 +1244,29 @@ def get_data_from_definition(self, asset_type, definition):
         return data
 
     def create_datasource(self, datasource_id) -> str:
+        """Create datasource with given id
+        uses parameters: 'quicksight-datasource-role-arn', 'quicksight-datasource-role'
+        """
         role_arn = get_parameters().get('quicksight-datasource-role-arn')
         if not role_arn:
             role_name = get_parameters().get('quicksight-datasource-role')
             if role_name:
                 role_arn = f'arn:aws:iam::{self.base.account_id}:role/{role_name}'
+
+        if not role_arn:
+            quicksight_trusted_roles = list(self.iam.iterate_role_names(search="Roles[?AssumeRolePolicyDocument.Statement[?Principal.Service == 'quicksight.amazonaws.com']].Arn"))
+            quicksight_trusted_roles = [role for role in quicksight_trusted_roles if role.split('/')[-1] not in ('aws-quicksight-secretsmanager-role-v0')] # filter out irrelevant roles
+            # TODO: filter only roles with Athena and S3 policies
+            if not quicksight_trusted_roles:
+                logger.critical('Cannot find any role that trust QuickSight service. Will try the default role of QuickSight. You please make sure it is configured to access Athena and S3 buckets here: https://quicksight.aws.amazon.com/sn/admin#aws')
+            else:
+                # TODO: add option to create role
+                role_arn = get_parameter(
+                    'quicksight-datasource-role-arn',
+                    message='Please choose a QuickSight role. It must have access to Athena',
+                    choices=quicksight_trusted_roles,
+                )
+
         athena_datasource = self.qs.create_data_source(
             athena_workgroup=self.athena.WorkGroup,
             datasource_id=datasource_id,
@@ -1689,7 +1707,7 @@ def map(self, **kwargs):
             self.accountMap.create(v)
 
     @command
-    def initqs(self, **kwargs):
+    def init_qs(self, **kwargs):
         """ Initialize QuickSight resources for deployment """
         return InitQsCommand(cid=self, **kwargs).execute()
 
@@ -1721,10 +1739,10 @@ def init_cur(self, **kwargs):
                     '{"Name":"month","Type":"string"}]'
                 )
             })
-        elif path_fragments[-1] == path_fragments[-2]: # CUR that is not created by CID but still supported 
+        elif len(path_fragments) == 3 and path_fragments[-1] == path_fragments[-2]: # CUR that is not created by CID but still supported
             set_parameters({'view-cur-partitions': '[{"Name":"year","Type":"string"},{"Name":"month","Type":"string"}]'})
         else:
-            raise NotImplementedError("We support only 2 types of CUR and this is something else.")
+            raise NotImplementedError(f"We support only 2 types of CUR and this is something else ({s3path}).")
 
         set_parameters({'crawler-cur-s3path': get_parameters().get('view-cur-location')})
         cid_print('Creating / updating CUR table')