[LoginNodes] Modify cli to add custom action configuration parameters to login nodes (#6319)

* Add CustomActions configuration for login nodes

- Added schema for login nodes custom actions
- Added CustomAction to LoginNodesPool resource in cluster_config.py

Signed-off-by: Chris Makin <cmakin@amazon.com>

* Add login node Pool Name to dna_json

* Add DescribeStack action to LoginNodesIamResources

This change allows custom actions OnNodeUpdated to be
performed for login nodes, which requires a check of the cluster stack
status in custom_action_executor.py.

* Modify integration test for custom actions on Login Nodes

- Modified test_essential_features integration test to account
for custom actions on login nodes.

* Update unit tests to include login node custom action changes

- Modified login node dna_json unit test to include pool_name

- Ran tox autoformatter

* Merge head and login nodes custom action schema unit test

- Update changelog
- Fix DescribeStacks resource error in unit test

---------

Signed-off-by: Chris Makin <cmakin@amazon.com>

Author: cjmakin

CHANGELOG.md

@@ -1,6 +1,13 @@
 CHANGELOG
 =========
 
+3.11.0
+------
+
+**ENHANCEMENTS**
+
+- Add support for custom actions on login nodes.
+
 3.10.0
 ------
 

cli/src/pcluster/config/cluster_config.py

@@ -1346,6 +1346,7 @@ def __init__(
         networking: LoginNodesNetworking = None,
         count: int = None,
         ssh: LoginNodesSsh = None,
+        custom_actions: CustomActions = None,
         iam: LoginNodesIam = None,
         gracetime_period: int = None,
         **kwargs,
@@ -1357,6 +1358,7 @@ def __init__(
         self.networking = networking
         self.count = Resource.init_param(count, default=1)
         self.ssh = ssh
+        self.custom_actions = custom_actions
         self.iam = iam or LoginNodesIam(implied=True)
         self.gracetime_period = Resource.init_param(gracetime_period, default=10)
 

cli/src/pcluster/schemas/cluster_schema.py

@@ -1315,6 +1315,19 @@ def make_resource(self, data, **kwargs):
         return CustomActions(**data)
 
 
+class LoginNodesCustomActionsSchema(BaseSchema):
+    """Represent the schema for all available custom actions in a login node pool."""
+
+    on_node_start = OneOrManyCustomActionField(metadata={"update_policy": UpdatePolicy.UNSUPPORTED})
+    on_node_configured = OneOrManyCustomActionField(metadata={"update_policy": UpdatePolicy.UNSUPPORTED})
+    on_node_updated = OneOrManyCustomActionField(metadata={"update_policy": UpdatePolicy.UNSUPPORTED})
+
+    @post_load
+    def make_resource(self, data, **kwargs):
+        """Generate resource."""
+        return CustomActions(**data)
+
+
 class InstanceTypeSchema(BaseSchema):
     """Schema of a compute resource that supports a pool of instance types."""
 
@@ -1422,6 +1435,7 @@ class LoginNodesPoolSchema(BaseSchema):
         metadata={"update_policy": UpdatePolicy.SUPPORTED},
     )
     ssh = fields.Nested(LoginNodesSshSchema, metadata={"update_policy": UpdatePolicy.LOGIN_NODES_STOP})
+    custom_actions = fields.Nested(LoginNodesCustomActionsSchema, metadata={"update_policy": UpdatePolicy.IGNORED})
     iam = fields.Nested(LoginNodesIamSchema, metadata={"update_policy": UpdatePolicy.LOGIN_NODES_STOP})
     gracetime_period = fields.Int(
         validate=validate.Range(

cli/src/pcluster/templates/cdk_builder_utils.py

@@ -934,9 +934,18 @@ def _build_policy(self) -> List[iam.PolicyStatement]:
                 sid="CloudFormation",
                 actions=[
                     "cloudformation:DescribeStackResource",
+                    "cloudformation:DescribeStacks",
                 ],
                 effect=iam.Effect.ALLOW,
-                resources=[core.Aws.STACK_ID],
+                resources=[
+                    self._format_arn(
+                        service="cloudformation",
+                        resource=f"stack/{Stack.of(self).stack_name}/*",
+                        region=Stack.of(self).region,
+                        account=Stack.of(self).account,
+                    ),
+                    core.Aws.STACK_ID,
+                ],
             ),
             iam.PolicyStatement(
                 sid="DynamoDBTable",

cli/src/pcluster/templates/login_nodes_stack.py

@@ -258,6 +258,7 @@ def _add_login_nodes_pool_launch_template(self):
                     "hosted_zone": (str(self._cluster_hosted_zone.ref) if self._cluster_hosted_zone else ""),
                     "log_group_name": self._log_group.log_group_name,
                     "log_rotation_enabled": "true" if self._config.is_log_rotation_enabled else "false",
+                    "pool_name": self._pool.name,
                     "node_type": "LoginNode",
                     "proxy": self._pool.networking.proxy.http_proxy_address if self._pool.networking.proxy else "NONE",
                     "raid_shared_dir": to_comma_separated_string(

cli/tests/pcluster/example_configs/slurm.full.yaml

@@ -17,6 +17,22 @@ LoginNodes:
       - subnet-12345678
     Ssh:
       KeyName: ec2-key-name
+    CustomActions:
+      OnNodeStart:
+        Script: https://test.tgz  # s3:// | https://
+        Args:
+          - arg1
+          - arg2
+      OnNodeConfigured:
+        Script: https://test.tgz  # s3:// | https://
+        Args:
+          - arg1
+          - arg2
+      OnNodeUpdated:
+        Script: https://test.tgz  # s3:// | https://
+        Args:
+          - arg1
+          - arg2
     Iam:
       InstanceRole: arn:aws:iam::aws:role/LoginNodeRole
 HeadNode:

cli/tests/pcluster/schemas/test_cluster_schema.py

@@ -25,6 +25,7 @@
     HeadNodeIamSchema,
     HeadNodeRootVolumeSchema,
     ImageSchema,
+    LoginNodesCustomActionsSchema,
     QueueCustomActionsSchema,
     QueueIamSchema,
     QueueTagSchema,
@@ -259,14 +260,18 @@ def test_head_node_root_volume_schema(mocker, config_dict, failure_message):
         ),
     ],
 )
-def test_head_node_custom_actions_schema(mocker, config_dict, failure_message):
+def test_head_login_node_custom_actions_schema(mocker, config_dict, failure_message):
     mock_aws_api(mocker)
     if failure_message:
         with pytest.raises(ValidationError, match=failure_message):
             HeadNodeCustomActionsSchema().load(config_dict)
+            LoginNodesCustomActionsSchema().load(config_dict)
     else:
-        conf = HeadNodeCustomActionsSchema().load(config_dict)
-        HeadNodeCustomActionsSchema().dump(conf)
+        head_conf = HeadNodeCustomActionsSchema().load(config_dict)
+        login_conf = LoginNodesCustomActionsSchema().load(config_dict)
+
+        HeadNodeCustomActionsSchema().dump(head_conf)
+        LoginNodesCustomActionsSchema().dump(login_conf)
 
 
 @pytest.mark.parametrize(

cli/tests/pcluster/templates/test_cluster_stack.py

@@ -756,11 +756,25 @@ def assert_iam_policy_properties(self, template, resource_name: str):
                             "Sid": "Autoscaling",
                         },
                         {
-                            "Action": "cloudformation:DescribeStackResource",
+                            "Action": ["cloudformation:DescribeStackResource", "cloudformation:DescribeStacks"],
                             "Effect": "Allow",
-                            "Resource": {
-                                "Ref": "AWS::StackId",
-                            },
+                            "Resource": [
+                                {
+                                    "Fn::Join": [
+                                        "",
+                                        [
+                                            "arn:",
+                                            {"Ref": "AWS::Partition"},
+                                            ":cloudformation:",
+                                            {"Ref": "AWS::Region"},
+                                            ":",
+                                            {"Ref": "AWS::AccountId"},
+                                            ":stack/clustername/*",
+                                        ],
+                                    ]
+                                },
+                                {"Ref": "AWS::StackId"},
+                            ],
                             "Sid": "CloudFormation",
                         },
                         {

cli/tests/pcluster/templates/test_cluster_stack/test_cluster_config_limits/slurm.full.all_resources.yaml

@@ -20,6 +20,26 @@ LoginNodes:
         HttpProxyAddress: https://proxy-address:port
     Ssh:
       KeyName: validate_key_name
+    CustomActions:
+      OnNodeStart:
+        Script: https://test.tgz
+        Args:
+          # Number of args doesn't impact number of resources, just the size of the template
+          {% for i in range(number_of_script_args) %}
+          - arg{{ i }}
+          {% endfor %}
+      OnNodeConfigured:
+        Script: https://test.tgz
+        Args:
+          {% for i in range(number_of_script_args) %}
+          - arg{{ i }}
+          {% endfor %}
+      OnNodeUpdated:
+        Script: https://test.tgz
+        Args:
+          {% for i in range(number_of_script_args) %}
+          - arg{{ i }}
+          {% endfor %}
     Iam:
       AdditionalIamPolicies:
         - Policy: arn:aws:iam::aws:policy/AdministratorAccess

cli/tests/pcluster/templates/test_cluster_stack/test_cluster_config_limits/slurm.full_config.snapshot.yaml

@@ -87,6 +87,19 @@ Imds:
 LoginNodes:
   Pools:
   - Count: 1
+    CustomActions:
+      OnNodeConfigured:
+        Args:
+        - arg0
+        Script: https://test.tgz
+      OnNodeStart:
+        Args:
+        - arg0
+        Script: https://test.tgz
+      OnNodeUpdated:
+        Args:
+        - arg0
+        Script: https://test.tgz
     GracetimePeriod: 10
     Iam:
       AdditionalIamPolicies: