def configure_deadline()

in packages/aws-rfdk/lib/deadline/scripts/python/client-rq-connection.py [0:0]

• 42 lines of code
• 7 McCabe index (conditional complexity)

def configure_deadline( config ):
    """
    Configures Deadline to be able to connect to the given Render Queue

    :param config: The parsed configuration object
    """

    # Ensure that the client is configured to connect to a Remote RCS.
    call_deadline_command(['SetIniFileSetting', 'ConnectionType', 'Remote'])
    call_deadline_command(['SetIniFileSetting', 'ProxyRoot', config.render_queue.address])

    if config.render_queue.scheme == 'http':
        print( "Configuring Deadline to connect to the Render Queue (%s) using HTTP Traffic" % config.render_queue.address )
        #Ensure SSL is disabled
        call_deadline_command(['SetIniFileSetting','ProxyUseSSL','False'])
        call_deadline_command(['SetIniFileSetting', 'ProxySSLCA', ''])
        call_deadline_command(['SetIniFileSetting', 'ClientSSLAuthentication', 'NotRequired'])

    else:
        print("Configuring Deadline to connect to the Render Queue using HTTPS Traffic")
        call_deadline_command(['SetIniFileSetting', 'ProxyUseSSL', 'True'])

        try:
            os.makedirs(CERT_DIR)
        except OSError as e:
            if e.errno != errno.EEXIST:
                raise

        if config.tls_ca:
            """
            If we are configuring Deadline to connect using a CA for trust then we need to:
            * Fetch the cert chain
            * Confirm the chain contains only 1 cert
            * Tell Deadline that SSL Authentication is not required
            """
            cert_path = os.path.join(CERT_DIR,'ca.crt')
            cert_contents = fetch_secret(config.tls_ca)
            if len( CERT_COUNT_RE.findall(cert_contents) ) != 1:
                raise ValueError("The TLS CA Cert must contain exactly 1 certificate")
            with open(cert_path, 'w') as f:
                f.write(cert_contents)

            call_deadline_command(['SetIniFileSetting', 'ProxySSLCA', cert_path])
            call_deadline_command(['SetIniFileSetting', 'ClientSSLAuthentication', 'NotRequired'])

            # Validate Deadline connection
            print("Testing Deadline connection...")
            stdout.flush()
            call_deadline_command(['GetRepositoryVersion'])

            print("Deadline connection configured correctly")
        else:
            """
            If we are configuring Deadline to connect using a client cert we need to:
            * Fetch the pkcs12 binary file
            * Optionally fetch the password
            * Tell Deadline that SSL Authentication is Required
            """

            cert_path = os.path.join(CERT_DIR, 'client.pfx')
            cert_contents = fetch_secret(config.client_tls_cert)
            with open(cert_path, 'wb') as f:
                f.write(cert_contents)

            call_deadline_command(['SetIniFileSetting', 'ClientSSLAuthentication', 'Required'])

            repo_args = ['ChangeRepository', 'Proxy', config.render_queue.address]
            repo_args.append(cert_path)
            if config.client_tls_cert_passphrase:
                passphrase = fetch_secret(config.client_tls_cert_passphrase)
                repo_args.append(passphrase)

            change_repo_results = call_deadline_command(repo_args)
            print('Running: %s\nResult: %s' % (repo_args, change_repo_results))