feat(deadline): configure identity registration settings for deadline clients #576
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jusiskin
force-pushed
the
sm_worker_auto_registration
branch
5 times, most recently
from
f58da2e
to
8c4292d
Compare
jusiskin
force-pushed
the
sm_worker_auto_registration
branch
from
8c4292d
to
26cd4e1
Compare
jusiskin
changed the title
jusiskin
force-pushed
the
sm_worker_auto_registration
branch
from
26cd4e1
to
0cc7f99
Compare
horsmand
suggested changes
Oct 5, 2021
packages/aws-rfdk/lib/deadline/scripts/python/configure_identity_registration_settings.py
Outdated
Show resolved
Hide resolved
kozlove-aws
reviewed
Oct 5, 2021
packages/aws-rfdk/lib/deadline/scripts/python/configure_identity_registration_settings.py
Show resolved
Hide resolved
jericht
requested changes
Oct 5, 2021
packages/aws-rfdk/lib/deadline/scripts/python/configure_identity_registration_settings.py
Outdated
Show resolved
Hide resolved
packages/aws-rfdk/lib/deadline/scripts/python/configure_identity_registration_settings.py
Show resolved
Hide resolved
kozlove-aws
previously approved these changes
Oct 6, 2021
… client instances
Co-authored-by: David Horsman <56004724+horsmand@users.noreply.github.com>
- reorder DeploymentInstance props - document internal use of RenderQueue.configureSecretsManagementAutoRegistration - move SecretsManagementIdentityRegistration construct ID to constant - Add TSDoc header for SecretsManagementIdentityRegistration construct - Factor out constant for MacOS Deadline path file - Remove artifacts from FileSecret in configure_identity_registration_settings.py - fixes to encoding, logging and error-handling of deadline path on MacOS
…ecret read access
… registration configuration
- TSDoc improvements - Use MachineImage.latestAmazonLinux - Remove unnecessary test parameterization - Add code comments - Fix typos/punctuation/redundant syntax
jusiskin
force-pushed
the
sm_worker_auto_registration
branch
from
4bb8df5
to
0cb6210
Compare
jericht
previously approved these changes
Oct 7, 2021
packages/aws-rfdk/lib/deadline/test/usage-based-licensing.test.ts
Outdated
Show resolved
Hide resolved
horsmand
previously approved these changes
Oct 8, 2021
packages/aws-rfdk/lib/deadline/test/configure-spot-event-plugin.test.ts
Outdated
Show resolved
Hide resolved
- flatten jest test heirarchies - fix typos - clarify test name
horsmand
approved these changes
Oct 8, 2021
jericht
approved these changes
Oct 8, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This change makes RFDK automatically configure Deadline Secrets Management identity registration settings based on the RFDK constructs that are present in a CDK application.
The changes are broken out by construct below:
DeploymentInstance(new)This construct is an extraction/generalization of the CDK/CloudFormation pattern used by the
Repositoryconstruct. It deploys an EC2 Auto-Scaling Group with a size of one. The Auto-Scaling Group is configured to require one CloudFormation success signal which is only sent after the user-data completes without error. The user data can optionally (by default enabled) self-terminate the instance by scaling down its own auto-scaling group to zero.For now, this construct is being kept internal to RFDK and not exported. It was designed with the possibility of making it a public construct in the future.
SecretsManagementIdentityRegistration(new)The
SecretsManagementIdentityRegistrationconstruct is also introduced in this PR. It is responsible for configuring the user data (on aDeploymentInstance) to configure the identity registration settings. It adds IAM permissions and user-data to perform the following steps:The main API of this construct is the
.addSubnetIdentityRegistrationSetting(...)method which a caller can use to specify the subnets of the client, the desired secrets management role and registration status.RenderQueue(modified)This PR introduces a new
configureSecretsManagementAutoRegistration(...)method toIRenderQueue. When called on theRenderQueue, it will lazily createDeploymentInstanceandSecretsManagementIdentityRegistrationconstructs and delegate the work to theSecretsManagementIdentityRegistrationconstruct. It also accepts adependentprop which is used to enforce a CloudFormation dependency on a dependent resource of the caller's choosing.The CloudWatch logs for the
DeploymentInstanceare sent to the/renderfarm/ConfigureRepositorylog group with the intention that the behavior of the deployment instance can be augmented in the future.WorkerInstanceFleet/ConfigureSpotEventPlugin/UsageBasedLicensing(modified)The RFDK constructs that deploy Deadline Clients were modified to call the
configureSecretsManagementAutoRegistration(...)methodIVersion/VersionQuery/ThinkboxDockerRecipes.version(modified)The
IVersioninterface and classes that implement it were modified to return the path to the Deadline Client installer location. This was required in order for theSecretsManagementIdentityRegistrationconstruct to be able to install the Deadline Client on instance deployed by theDeploymentInstance.Testing
Unit tests were updated to reflect all of the changes
Automatic identity registration of Deadline Clients was end-to-end tested by deploying the
All-In-AWS-Infrastructure-BasicTypeScript example app with Thinkbox Usage-Based Licensing (UBL). Verified that:renderfarm/ConfigureRepositorylog group showed correct behaviorBy submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license