feat(secret): Add min version validateion in repository

packages/aws-rfdk/lib/deadline/lib/render-queue.ts

@@ -215,13 +215,6 @@ export class RenderQueue extends RenderQueueBase implements IGrantable {
   */
   private static readonly MINIMUM_LOAD_BALANCING_VERSION = new Version([10, 1, 10, 0]);
 
-  // TODO: Update this with the version of Deadline that includes the changes for RFDK Secrets Management.
-  // This is a temporary minimum version until this feature branch is merged
-  /**
-   * The minimum Deadline version required to enable Deadline Secrets Management on the Render Queue.
-   */
-  private static readonly MINIMUM_SECRETS_MANAGEMENT_VERSION = new Version([10, 1, 15, 0]);
-
   /**
    * Regular expression that validates a hostname (portion in front of the subdomain).
    */
@@ -423,8 +416,8 @@ export class RenderQueue extends RenderQueueBase implements IGrantable {
 
     if (props.repository.secretsManagementSettings.enabled) {
       const errors = [];
-      if (props.version.isLessThan(RenderQueue.MINIMUM_SECRETS_MANAGEMENT_VERSION)) {
-        errors.push(`The supplied Deadline version (${props.version.versionString}) is lower than the minimum required version: ${RenderQueue.MINIMUM_SECRETS_MANAGEMENT_VERSION.toString()}`);
+      if (props.version.isLessThan(Version.MINIMUM_SECRETS_MANAGEMENT_VERSION)) {
+        errors.push(`The supplied Deadline version (${props.version.versionString}) does not support Deadline Secrets Management in RFDK. Either upgrade Deadline to the minimum required version (${Version.MINIMUM_SECRETS_MANAGEMENT_VERSION.versionString}) or disable the feature in the Repository's construct properties.`);
       }
       if (props.repository.secretsManagementSettings.credentials === undefined) {
         errors.push('The Repository does not have Secrets Management credentials');

packages/aws-rfdk/lib/deadline/lib/repository.ts

@@ -77,6 +77,7 @@ import {
 
 import { DatabaseConnection } from './database-connection';
 import { IHost } from './host-ref';
+import { Version } from './version';
 import { VersionQuery } from './version-query';
 import { IVersion } from './version-ref';
 
@@ -584,6 +585,10 @@ export class Repository extends Construct implements IRepository {
 
     this.version = props.version;
 
+    if ((props.secretsManagementSettings?.enabled ?? true) && this.version.isLessThan(Version.MINIMUM_SECRETS_MANAGEMENT_VERSION)) {
+      throw new Error(`The supplied Deadline version (${props.version.versionString}) does not support Deadline Secrets Management in RFDK. Either upgrade Deadline to the minimum required version (${Version.MINIMUM_SECRETS_MANAGEMENT_VERSION.versionString}) or disable the feature in the Repository's construct properties.`);
+    }
+
     this.secretsManagementSettings = {
       enabled: props.secretsManagementSettings?.enabled ?? true,
       credentials: props.secretsManagementSettings?.credentials ??

packages/aws-rfdk/lib/deadline/lib/version.ts

@@ -17,6 +17,11 @@ export class Version implements IPatchVersion {
    */
   public static readonly MINIMUM_SUPPORTED_DEADLINE_VERSION = new Version([10, 1, 9, 2]);
 
+  /**
+   * The minimum Deadline version required to enable Deadline Secrets Management.
+   */
+  public static readonly MINIMUM_SECRETS_MANAGEMENT_VERSION = new Version([10, 1, 19, 0]);
+
   /**
    * This method parses the input string and returns the version object.
    *

packages/aws-rfdk/lib/deadline/test/render-queue.test.ts

@@ -76,12 +76,14 @@ import {
   RenderQueueProps,
   RenderQueueSecurityGroups,
   Repository,
+  Version,
   VersionQuery,
 } from '../lib';
 import {
   RQ_CONNECTION_ASSET,
 } from './asset-constants';
 
+
 describe('RenderQueue', () => {
   let app: App;
   let dependencyStack: Stack;
@@ -2832,7 +2834,7 @@ describe('RenderQueue', () => {
 
         // THEN
         /* eslint-disable-next-line dot-notation */
-        .toThrowError(`The supplied Deadline version (${oldVersion.versionString}) is lower than the minimum required version: ${RenderQueue['MINIMUM_SECRETS_MANAGEMENT_VERSION'].toString()}`);
+        .toThrowError(`The supplied Deadline version (${oldVersion.versionString}) does not support Deadline Secrets Management in RFDK. Either upgrade Deadline to the minimum required version (${Version.MINIMUM_SECRETS_MANAGEMENT_VERSION.versionString}) or disable the feature in the Repository's construct properties.`);
     });
 
     test('grants read permissions to secrets management credentials', () => {

packages/aws-rfdk/lib/deadline/test/repository.test.ts

@@ -112,7 +112,7 @@ beforeEach(() => {
     }
   }
 
-  version = new MockVersion([10,1,9,2]);
+  version = new MockVersion([10,1,19,0]);
 });
 
 test('can create two repositories', () => {
@@ -858,7 +858,7 @@ test('repository instance is created with correct installer path version', () =>
 
   // THEN
   const script = (repo.node.defaultChild as AutoScalingGroup).userData;
-  expect(script.render()).toMatch(/10\.1\.9\.2/);
+  expect(script.render()).toMatch(version.versionString);
 });
 
 test.each([
@@ -1208,6 +1208,23 @@ test('throws an error if supplied a MountableEfs with no Access Point', () => {
   expect(when).toThrow('When using EFS with the Repository, you must provide an EFS Access Point');
 });
 
+test('throws if deadline version is too low', () => {
+  // GIVEN
+  const newStack = new Stack(app, 'NewStack');
+  const oldVersion = new VersionQuery(newStack, 'OldDeadlineVersion', { version: '10.0.0.0' });
+
+  // WHEN
+  function when() {
+    new Repository(newStack, 'Repo', {
+      version: oldVersion,
+      vpc,
+    });
+  }
+
+  // THEN
+  expect(when).toThrow(`The supplied Deadline version (${oldVersion.versionString}) does not support Deadline Secrets Management in RFDK. Either upgrade Deadline to the minimum required version (${Version.MINIMUM_SECRETS_MANAGEMENT_VERSION.versionString}) or disable the feature in the Repository's construct properties.`);
+});
+
 test('imports repository settings', () => {
   // GIVEN
   const repositorySettings = new Asset(stack, 'RepositorySettingsAsset', {