in functions/source/lambda_function.py [0:0]
def enable_radius(directory_service_id, instance_private_ip_addresses):
radius_port_number = int(os.environ['radius_proxy_port_number'])
radius_shared_secret = get_radius_shared_secret(os.environ['radius_shared_secret_arn'])
radius_settings = {
"RadiusServers": instance_private_ip_addresses,
"RadiusPort": radius_port_number,
"RadiusTimeout": RADIUS_TIMEOUT,
"RadiusRetries": RADIUS_RETRIES,
"SharedSecret": radius_shared_secret,
"AuthenticationProtocol": RADIUS_AUTHENTICATION_PROTOCOL,
"DisplayLabel": "Duo MFA"
}
# Determine whether RADIUS has been configured.
radius_status = get_directory_service_radius_status(directory_service_id)
print('Current RADIUS status: {}.'.format(radius_status))
# Enable RADIUS.
if radius_status in [RadiusStatus.NotConfigured, RadiusStatus.Failed]:
# Enable the RADIUS settings for this directory.
print('Enabling RADIUS configuration...')
response = ds_client.enable_radius(
DirectoryId = directory_service_id,
RadiusSettings = radius_settings
)
# Update RADIUS.
elif radius_status == RadiusStatus.Completed:
# Update the RADIUS settings for this directory.
print('Updating RADIUS configuration...')
response = ds_client.update_radius(
DirectoryId = directory_service_id,
RadiusSettings = radius_settings
)
# Now get the status; updating the directory service is asynchronous.
MAX_ATTEMPTS = 30
SLEEP_TIME = 5
attempt_number = 1
while attempt_number <= MAX_ATTEMPTS:
response = ds_client.describe_directories(DirectoryIds=[directory_service_id])['DirectoryDescriptions'][0]
print("** ATTEMPT {}: {}".format(attempt_number, response['RadiusStatus']))
if response['RadiusStatus'] == 'Completed':
break
elif response['RadiusStatus'] == 'Failed':
break
else:
time.sleep(SLEEP_TIME)
attempt_number +=1