feat(deadline): add ability to add spot event plugin managed policies…

… to RenderQueue (#141)
aws · Sep 30, 2020 · b2cf9e0 · b2cf9e0
1 parent 13fb0e8
commit b2cf9e0
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 2 deletions.
diff --git a/packages/aws-rfdk/lib/deadline/lib/render-queue.ts b/packages/aws-rfdk/lib/deadline/lib/render-queue.ts
@@ -39,6 +39,7 @@ import {
 import {
   IGrantable,
   IPrincipal,
+  ManagedPolicy,
   PolicyStatement,
   ServicePrincipal,
 } from '@aws-cdk/aws-iam';
@@ -458,6 +459,23 @@ export class RenderQueue extends RenderQueueBase implements IGrantable {
     this.rqConnection.configureClientInstance(param);
   }
 
+  /**
+   * Adds AWS Managed Policies to the Render Queue so it is able to control Deadlines Spot Event Plugin.
+   *
+   * See: https://docs.thinkboxsoftware.com/products/deadline/10.1/1_User%20Manual/manual/event-spot.html for additonal information.
+   *
+   * @param includeResourceTracker Whether or not the Resource tracker admin policy should also be addd (Default: True)
+   */
+  public addSEPPolicies( includeResourceTracker: boolean = true): void {
+    const sepPolicy = ManagedPolicy.fromAwsManagedPolicyName('AWSThinkboxDeadlineSpotEventPluginAdminPolicy');
+    this.taskDefinition.taskRole.addManagedPolicy(sepPolicy);
+
+    if (includeResourceTracker) {
+      const rtPolicy = ManagedPolicy.fromAwsManagedPolicyName('AWSThinkboxDeadlineResourceTrackerAdminPolicy');
+      this.taskDefinition.taskRole.addManagedPolicy(rtPolicy);
+    }
+  }
+
   /**
    * Add an ordering dependency to another Construct.
    *

diff --git a/packages/aws-rfdk/lib/deadline/test/render-queue.test.ts b/packages/aws-rfdk/lib/deadline/test/render-queue.test.ts
@@ -6,14 +6,14 @@
 import {
   ABSENT,
   arrayWith,
-  not,
+  countResourcesLike,
   deepObjectLike,
   expect as expectCDK,
   haveResource,
   haveResourceLike,
+  not,
   objectLike,
   ResourcePart,
-  countResourcesLike,
 } from '@aws-cdk/assert';
 import {
   Certificate,
@@ -2198,4 +2198,75 @@ describe('RenderQueue', () => {
       },
     });
   });
+
+  describe('SEP Policies', () => {
+    test('with resource tracker', () => {
+      renderQueueCommon.addSEPPolicies();
+      expectCDK(stack).to(countResourcesLike('AWS::IAM::Role', 1, {
+        ManagedPolicyArns: arrayWith(
+          {
+            'Fn::Join': [
+              '',
+              [
+                'arn:',
+                {
+                  Ref: 'AWS::Partition',
+                },
+                ':iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy',
+              ],
+            ],
+          },
+          {
+            'Fn::Join': [
+              '',
+              [
+                'arn:',
+                {
+                  Ref: 'AWS::Partition',
+                },
+                ':iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy',
+              ],
+            ],
+          },
+        ),
+      }));
+    });
+
+    test('no resource tracker', () => {
+      renderQueueCommon.addSEPPolicies(false);
+      expectCDK(stack).to(haveResourceLike('AWS::IAM::Role', {
+        ManagedPolicyArns: arrayWith(
+          {
+            'Fn::Join': [
+              '',
+              [
+                'arn:',
+                {
+                  Ref: 'AWS::Partition',
+                },
+                ':iam::aws:policy/AWSThinkboxDeadlineSpotEventPluginAdminPolicy',
+              ],
+            ],
+          },
+        ),
+      }));
+      expectCDK(stack).notTo(haveResourceLike('AWS::IAM::Role', {
+        ManagedPolicyArns: arrayWith(
+          {
+            'Fn::Join': [
+              '',
+              [
+                'arn:',
+                {
+                  Ref: 'AWS::Partition',
+                },
+                ':iam::aws:policy/AWSThinkboxDeadlineResourceTrackerAdminPolicy',
+              ],
+            ],
+          },
+        ),
+      }));
+    });
+
+  });
 });