test(integ): Add test suites RQ-1 and RQ-2, functional tests for rend…

…er queue in http and https modes (#29)

integ/components/deadline/common/functions/awaitSsmCommand.ts

@@ -0,0 +1,99 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import * as SSM from 'aws-sdk/clients/ssm';
+
+const ssm = new SSM;
+
+interface CommandResponse {
+  output: string;
+  responseCode: number;
+}
+
+// Custom function to send SSM command to run a particular script on the bastion instance,
+// wait for it to finish executing, then return the response.
+export default function awaitSsmCommand(bastionId: string, params:SSM.SendCommandRequest){
+  return new Promise<CommandResponse>( async (res) => {
+
+    // Send the command
+    // eslint-disable-next-line no-shadow
+    const ssmCommandId = await new Promise<SSM.CommandId> ( (res, rej) => {
+      // eslint-disable-next-line no-shadow
+      ssm.sendCommand(params, (err, data) => {
+        if (err) {
+          rej(err);
+        }
+        else {
+          var command = data.Command as SSM.Command;
+          res(command.CommandId);
+        }
+      });
+    });
+    await getCommandStatus().then( commandInvocation => {
+      res(commandInvocation);
+    });
+
+    function getCommandStatus() {
+      // Wait for the command to return a valid status
+      // eslint-disable-next-line no-shadow
+      return new Promise<CommandResponse>( (res, rej) => {
+        // eslint-disable-next-line no-shadow
+        var listParams = {
+          CommandId: ssmCommandId,
+          InstanceId: bastionId,
+          Details: true,
+        };
+        ssm.listCommandInvocations(listParams, (err, data) => {
+          if (err) {
+            rej(err);
+          }
+          else {
+            var commandInvocations = data.CommandInvocations!;
+            if(!commandInvocations[0]) {
+              setTimeout( () => {
+                getCommandStatus().then(res, rej);
+              }, 1000);
+            }
+            else{
+              var commandInvocation = commandInvocations[0];
+              switch(commandInvocation.Status){
+                case 'Success':
+                  // Workaround: if the output of the script execution is very long, it is truncated by `listCommandInvocations`
+                  // If the truncation string is present, this will get the full output from `getCommandInvocation`
+                  if( /---Output truncated---/.test(commandInvocation.CommandPlugins![0].Output!) ) {
+                    var getParams = {
+                      CommandId: ssmCommandId,
+                      InstanceId: bastionId,
+                    };
+                    ssm.getCommandInvocation(getParams, (getErr, getData) => {
+                      if (getErr) {
+                        rej(getErr);
+                      }
+                      else {
+                        res({output: getData.StandardOutputContent!, responseCode: getData.ResponseCode!});
+                      }
+                    });
+                  }
+                  // If the output wasn't truncated, return the output from the `listCommandInvocations` response
+                  else {
+                    res({output: commandInvocation.CommandPlugins![0].Output!, responseCode: commandInvocation.CommandPlugins![0].ResponseCode!});
+                  }
+                  break;
+                case 'Failed':
+                  rej(commandInvocation.CommandPlugins![0]);
+                  break;
+                default:
+                  setTimeout( () => {
+                    getCommandStatus().then(res, rej);
+                  }, 1000);
+                  break;
+              }
+            }
+          }
+        });
+      });
+    }
+  });
+}

integ/components/deadline/common/preflight.test.ts → integ/components/deadline/common/preflight/preflight.test.ts

@@ -22,4 +22,4 @@ else {
   test('Skipping test suite; preflight not run', () =>{
     expect(1).toEqual(1);
   });
-}
+}

integ/components/deadline/common/scripts/bastion/setup/install_deadline_client.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Script to install Deadline client on Bastion instance to test Deadline commands
+#
+# Input:
+#   None
+# Output:
+#   Non-zero return code on failure.
+
+set -xeou pipefail
+
+sudo yum install -y lsb
+sudo ./deadline-client-installer.run --mode unattended

integ/components/deadline/common/scripts/bastion/setup/install_jq.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Script to install jq module for extracting info from JSON files.
+# The script will check whether jq is installed already. If it is, then it will do
+# nothing.
+#
+# Input:
+#   None
+# Output:
+#   Non-zero return code on failure.
+
+set -eou pipefail
+
+SCRIPT_LOC="$(dirname "$0")"
+
+# Only install jq if it is not already on the system
+if ! which jq
+then
+    sudo yum install -y jq
+fi
+
+exit 0

integ/components/deadline/common/scripts/bastion/utils/cleanup-cert.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Removes renderqueue certification file made by `fetch-cert.sh` between test runs
+#
+# Input:
+#   None
+# Output:
+#   Non-zero return code on failure.
+
+rm -rf "./cert"
+
+exit 0

integ/components/deadline/common/scripts/bastion/utils/configure-deadline.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Script to configure a Deadline installation to connect to the render queue and repository at a specified endpoint
+#
+# Input:
+#   ENDPOINT: Endpoint destination for the render queue being queried
+# Output:
+#   Non-zero return code on failure.
+
+set -euo pipefail
+
+ENDPOINT=$1
+DEADLINE="/opt/Thinkbox/Deadline10/bin"
+CERT="$(pwd)/cert"
+
+# If a user-created CERT file is present, set up certificate for authenticating TLS
+if [ -d "$CERT" ]; then
+
+  # Set up client connection settings for TLS by altering ini file with deadlinecommand
+  sudo $DEADLINE/deadlinecommand SetIniFileSetting ProxyUseSSL True
+  sudo $DEADLINE/deadlinecommand SetIniFileSetting ProxySSLCA "$CERT/ca-cert.crt"
+  sudo $DEADLINE/deadlinecommand SetIniFileSetting ClientSSLAuthentication NotRequired
+  # Set Deadline to use repository connection validated by TLS; ChangeRepositorySkipValidation is a workaround that saves the values without testing them
+  sudo $DEADLINE/deadlinecommand ChangeRepositorySkipValidation Proxy $ENDPOINT "$CERT/ca-cert.crt" >/dev/null
+
+else
+  # Non-TLS connections can connect to the repository directly
+  sudo $DEADLINE/deadlinecommand SetIniFileSetting ProxyUseSSL False
+  sudo $DEADLINE/deadlinecommand SetIniFileSetting ProxySSLCA ""
+  sudo $DEADLINE/deadlinecommand ChangeRepository Remote $ENDPOINT >/dev/null
+fi
+
+exit 0

integ/components/deadline/common/scripts/bastion/utils/fetch-cert.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+#
+# Script to retrieve the authentication certificate for a render queue from a provided Secret
+#
+# Input:
+#   AWS_REGION: Region where stacks are deployed, taken from AWS.config
+#   SECRET_ARN: ARN for the Secret that has the value of the X.509 certificate needed to authenticate
+#     the RCS TLS. If present, indicates that the render queue is secured by HTTPS and the ARN is used
+#     to extract the key value of the cert.
+# Output:
+#   Non-zero return code on failure.
+
+set -euo pipefail
+
+AWS_REGION=$1
+SECRET_ARN=$2
+mkdir -p cert
+
+# Extract the value of the Secret
+export SECRET_VALUE=$(aws secretsmanager get-secret-value --secret-id=$SECRET_ARN --region=$AWS_REGION)
+# Use jq to extract the SecretString (i.e. the key)
+SECRET_STRING=$(jq '.SecretString' <<< "$SECRET_VALUE")
+# Format away quotations/escape characters so the key will format correctly, then save it to a temporary file
+SECRET_STRING=${SECRET_STRING#"\""}
+SECRET_STRING=${SECRET_STRING%"\""}
+echo -e $SECRET_STRING > "./cert/ca-cert.crt"
+
+exit 0

integ/components/deadline/renderQueue/bin/deadline-renderQueue.ts

@@ -0,0 +1,42 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+import { App, Stack } from '@aws-cdk/core';
+import { RenderStruct } from '../../../../lib/render-struct';
+import { StorageStruct } from '../../../../lib/storage-struct';
+import { TestingTier } from '../lib/testing-tier';
+
+const app = new App();
+const env = {
+  account: process.env.CDK_DEFAULT_ACCOUNT,
+  region: process.env.CDK_DEFAULT_REGION,
+};
+
+// Get unique tag for this integration test from environment variable
+const integStackTag = process.env.INTEG_STACK_TAG!.toString();
+
+// Create component stack
+const componentTier = new Stack(app, 'RFDKInteg-RQ-ComponentTier' + integStackTag, {env});
+
+// Add struct containing Deadline repository (the same repo is used for all test configurations)
+const storage = new StorageStruct(componentTier, 'StorageStruct', {
+  integStackTag,
+  provideDocdbEfs: 'true',
+});
+
+// Create test struct for Render Queue in http mode
+const render1 = new RenderStruct(componentTier, 'RenderStructRQ1', {
+  integStackTag,
+  repository: storage.repo,
+  protocol: 'http',
+});
+//Create test struct for Render Queue in https mode
+const render2 = new RenderStruct(componentTier, 'RenderStructRQ2', {
+  integStackTag,
+  repository: storage.repo,
+  protocol: 'https',
+});
+
+new TestingTier(app, 'RFDKInteg-RQ-TestingTier' + integStackTag, {env, integStackTag, structs: [render1, render2] });

integ/components/deadline/renderQueue/cdk.json

@@ -0,0 +1,7 @@
+{
+  "app": "npx ts-node bin/deadline-renderQueue.ts",
+  "context": {
+    "@aws-cdk/core:enableStackNameDuplicates": "true",
+    "aws-cdk:enableDiffNoFail": "true"
+  }
+}