Skip to content

Commit

Permalink
feat(client-emr): Added GetClusterSessionCredentials API to allow Ama…
Browse files Browse the repository at this point in the history 
…zon SageMaker Studio to connect to EMR on EC2 clusters with runtime roles and AWS Lake Formation-based access control for Apache Spark, Apache Hive, and Presto queries.
  • Loading branch information
awstools committed Dec 29, 2022
1 parent 16bb484 commit 200974a
Show file tree
Hide file tree
Showing 11 changed files with 448 additions and 70 deletions.
50 changes: 42 additions & 8 deletions clients/client-emr/src/EMR.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,11 @@ import {
GetBlockPublicAccessConfigurationCommandInput,
GetBlockPublicAccessConfigurationCommandOutput,
} from "./commands/GetBlockPublicAccessConfigurationCommand";
import {
GetClusterSessionCredentialsCommand,
GetClusterSessionCredentialsCommandInput,
GetClusterSessionCredentialsCommandOutput,
} from "./commands/GetClusterSessionCredentialsCommand";
import {
GetManagedScalingPolicyCommand,
GetManagedScalingPolicyCommandInput,
Expand Down Expand Up @@ -319,9 +324,7 @@ export class EMR extends EMRClient {
* <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may
* require more than 256 steps to process your data. You can bypass the 256-step limitation in
* various ways, including using SSH to connect to the master node and submitting queries
* directly to the software running on the master node, such as Hive and Hadoop. For more
* information on how to do this, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html">Add More than 256 Steps to a
* Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p>
* directly to the software running on the master node, such as Hive and Hadoop.</p>
* <p>A step specifies the location of a JAR file stored either on the master node of the
* cluster or in Amazon S3. Each step is performed by the main function of the main
* class of the JAR file. The main class can be specified either in the manifest of the JAR or
Expand Down Expand Up @@ -491,7 +494,7 @@ export class EMR extends EMRClient {
* <p>Maps a user or group to the Amazon EMR Studio specified by
* <code>StudioId</code>, and applies a session policy to refine Studio permissions for that
* user or group. Use <code>CreateStudioSessionMapping</code> to assign users to a Studio when
* you use Amazon Web Services SSO authentication. For instructions on how to assign users to a
* you use IAM Identity Center authentication. For instructions on how to assign users to a
* Studio when you use IAM authentication, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-studio-manage-users.html#emr-studio-assign-users-groups">Assign a user or group to your EMR Studio</a>.</p>
*/
public createStudioSessionMapping(
Expand Down Expand Up @@ -930,6 +933,39 @@ export class EMR extends EMRClient {
}
}

/**
* <p>Provides Temporary, basic HTTP credentials that are associated with a given runtime IAM role
* and used by a cluster with fine-grained access control activated. You can use these credentials to connect to cluster endpoints that support username-based and password-based authentication.</p>
*/
public getClusterSessionCredentials(
args: GetClusterSessionCredentialsCommandInput,
options?: __HttpHandlerOptions
): Promise<GetClusterSessionCredentialsCommandOutput>;
public getClusterSessionCredentials(
args: GetClusterSessionCredentialsCommandInput,
cb: (err: any, data?: GetClusterSessionCredentialsCommandOutput) => void
): void;
public getClusterSessionCredentials(
args: GetClusterSessionCredentialsCommandInput,
options: __HttpHandlerOptions,
cb: (err: any, data?: GetClusterSessionCredentialsCommandOutput) => void
): void;
public getClusterSessionCredentials(
args: GetClusterSessionCredentialsCommandInput,
optionsOrCb?: __HttpHandlerOptions | ((err: any, data?: GetClusterSessionCredentialsCommandOutput) => void),
cb?: (err: any, data?: GetClusterSessionCredentialsCommandOutput) => void
): Promise<GetClusterSessionCredentialsCommandOutput> | void {
const command = new GetClusterSessionCredentialsCommand(args);
if (typeof optionsOrCb === "function") {
this.send(command, optionsOrCb);
} else if (typeof cb === "function") {
if (typeof optionsOrCb !== "object") throw new Error(`Expect http options but get ${typeof optionsOrCb}`);
this.send(command, optionsOrCb || {}, cb);
} else {
return this.send(command, optionsOrCb);
}
}

/**
* <p>Fetches the attached managed scaling policy for an Amazon EMR cluster. </p>
*/
Expand Down Expand Up @@ -1747,10 +1783,8 @@ export class EMR extends EMRClient {
* <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may
* require more than 256 steps to process your data. You can bypass the 256-step limitation in
* various ways, including using the SSH shell to connect to the master node and submitting
* queries directly to the software running on the master node, such as Hive and Hadoop. For
* more information on how to do this, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html">Add More than 256 Steps to a
* Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p>
* <p>For long running clusters, we recommend that you periodically store your results.</p>
* queries directly to the software running on the master node, such as Hive and Hadoop.</p>
* <p>For long-running clusters, we recommend that you periodically store your results.</p>
* <note>
* <p>The instance fleets configuration is available only in Amazon EMR versions
* 4.8.0 and later, excluding 5.0.x versions. The RunJobFlow request can contain
Expand Down
6 changes: 6 additions & 0 deletions clients/client-emr/src/EMRClient.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,10 @@ import {
GetBlockPublicAccessConfigurationCommandInput,
GetBlockPublicAccessConfigurationCommandOutput,
} from "./commands/GetBlockPublicAccessConfigurationCommand";
import {
GetClusterSessionCredentialsCommandInput,
GetClusterSessionCredentialsCommandOutput,
} from "./commands/GetClusterSessionCredentialsCommand";
import {
GetManagedScalingPolicyCommandInput,
GetManagedScalingPolicyCommandOutput,
Expand Down Expand Up @@ -215,6 +219,7 @@ export type ServiceInputTypes =
| DescribeStudioCommandInput
| GetAutoTerminationPolicyCommandInput
| GetBlockPublicAccessConfigurationCommandInput
| GetClusterSessionCredentialsCommandInput
| GetManagedScalingPolicyCommandInput
| GetStudioSessionMappingCommandInput
| ListBootstrapActionsCommandInput
Expand Down Expand Up @@ -269,6 +274,7 @@ export type ServiceOutputTypes =
| DescribeStudioCommandOutput
| GetAutoTerminationPolicyCommandOutput
| GetBlockPublicAccessConfigurationCommandOutput
| GetClusterSessionCredentialsCommandOutput
| GetManagedScalingPolicyCommandOutput
| GetStudioSessionMappingCommandOutput
| ListBootstrapActionsCommandOutput
Expand Down
4 changes: 1 addition & 3 deletions clients/client-emr/src/commands/AddJobFlowStepsCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,7 @@ export interface AddJobFlowStepsCommandOutput extends AddJobFlowStepsOutput, __M
* <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may
* require more than 256 steps to process your data. You can bypass the 256-step limitation in
* various ways, including using SSH to connect to the master node and submitting queries
* directly to the software running on the master node, such as Hive and Hadoop. For more
* information on how to do this, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html">Add More than 256 Steps to a
* Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p>
* directly to the software running on the master node, such as Hive and Hadoop.</p>
* <p>A step specifies the location of a JAR file stored either on the master node of the
* cluster or in Amazon S3. Each step is performed by the main function of the main
* class of the JAR file. The main class can be specified either in the manifest of the JAR or
Expand Down
2 changes: 1 addition & 1 deletion clients/client-emr/src/commands/CreateStudioSessionMappingCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ export interface CreateStudioSessionMappingCommandOutput extends __MetadataBeare
* <p>Maps a user or group to the Amazon EMR Studio specified by
* <code>StudioId</code>, and applies a session policy to refine Studio permissions for that
* user or group. Use <code>CreateStudioSessionMapping</code> to assign users to a Studio when
* you use Amazon Web Services SSO authentication. For instructions on how to assign users to a
* you use IAM Identity Center authentication. For instructions on how to assign users to a
* Studio when you use IAM authentication, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-studio-manage-users.html#emr-studio-assign-users-groups">Assign a user or group to your EMR Studio</a>.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
Expand Down
120 changes: 120 additions & 0 deletions clients/client-emr/src/commands/GetClusterSessionCredentialsCommand.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
// smithy-typescript generated code
import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint";
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
MiddlewareStack,
SerdeContext as __SerdeContext,
} from "@aws-sdk/types";

import { EMRClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../EMRClient";
import {
GetClusterSessionCredentialsInput,
GetClusterSessionCredentialsInputFilterSensitiveLog,
GetClusterSessionCredentialsOutput,
GetClusterSessionCredentialsOutputFilterSensitiveLog,
} from "../models/models_0";
import {
deserializeAws_json1_1GetClusterSessionCredentialsCommand,
serializeAws_json1_1GetClusterSessionCredentialsCommand,
} from "../protocols/Aws_json1_1";

export interface GetClusterSessionCredentialsCommandInput extends GetClusterSessionCredentialsInput {}
export interface GetClusterSessionCredentialsCommandOutput
extends GetClusterSessionCredentialsOutput,
__MetadataBearer {}

/**
* <p>Provides Temporary, basic HTTP credentials that are associated with a given runtime IAM role
* and used by a cluster with fine-grained access control activated. You can use these credentials to connect to cluster endpoints that support username-based and password-based authentication.</p>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { EMRClient, GetClusterSessionCredentialsCommand } from "@aws-sdk/client-emr"; // ES Modules import
* // const { EMRClient, GetClusterSessionCredentialsCommand } = require("@aws-sdk/client-emr"); // CommonJS import
* const client = new EMRClient(config);
* const command = new GetClusterSessionCredentialsCommand(input);
* const response = await client.send(command);
* ```
*
* @see {@link GetClusterSessionCredentialsCommandInput} for command's `input` shape.
* @see {@link GetClusterSessionCredentialsCommandOutput} for command's `response` shape.
* @see {@link EMRClientResolvedConfig | config} for EMRClient's `config` shape.
*
*/
export class GetClusterSessionCredentialsCommand extends $Command<
GetClusterSessionCredentialsCommandInput,
GetClusterSessionCredentialsCommandOutput,
EMRClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties

public static getEndpointParameterInstructions(): EndpointParameterInstructions {
return {
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};
}

constructor(readonly input: GetClusterSessionCredentialsCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}

/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
configuration: EMRClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler<GetClusterSessionCredentialsCommandInput, GetClusterSessionCredentialsCommandOutput> {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
this.middlewareStack.use(
getEndpointPlugin(configuration, GetClusterSessionCredentialsCommand.getEndpointParameterInstructions())
);

const stack = clientStack.concat(this.middlewareStack);

const { logger } = configuration;
const clientName = "EMRClient";
const commandName = "GetClusterSessionCredentialsCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: GetClusterSessionCredentialsInputFilterSensitiveLog,
outputFilterSensitiveLog: GetClusterSessionCredentialsOutputFilterSensitiveLog,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments<any>) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}

private serialize(input: GetClusterSessionCredentialsCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return serializeAws_json1_1GetClusterSessionCredentialsCommand(input, context);
}

private deserialize(
output: __HttpResponse,
context: __SerdeContext
): Promise<GetClusterSessionCredentialsCommandOutput> {
return deserializeAws_json1_1GetClusterSessionCredentialsCommand(output, context);
}

// Start section: command_body_extra
// End section: command_body_extra
}
6 changes: 2 additions & 4 deletions clients/client-emr/src/commands/RunJobFlowCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,8 @@ export interface RunJobFlowCommandOutput extends RunJobFlowOutput, __MetadataBea
* <p>If your cluster is long-running (such as a Hive data warehouse) or complex, you may
* require more than 256 steps to process your data. You can bypass the 256-step limitation in
* various ways, including using the SSH shell to connect to the master node and submitting
* queries directly to the software running on the master node, such as Hive and Hadoop. For
* more information on how to do this, see <a href="https://docs.aws.amazon.com/emr/latest/ManagementGuide/AddMoreThan256Steps.html">Add More than 256 Steps to a
* Cluster</a> in the <i>Amazon EMR Management Guide</i>.</p>
* <p>For long running clusters, we recommend that you periodically store your results.</p>
* queries directly to the software running on the master node, such as Hive and Hadoop.</p>
* <p>For long-running clusters, we recommend that you periodically store your results.</p>
* <note>
* <p>The instance fleets configuration is available only in Amazon EMR versions
* 4.8.0 and later, excluding 5.0.x versions. The RunJobFlow request can contain
Expand Down
1 change: 1 addition & 0 deletions clients/client-emr/src/commands/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ export * from "./DescribeStepCommand";
export * from "./DescribeStudioCommand";
export * from "./GetAutoTerminationPolicyCommand";
export * from "./GetBlockPublicAccessConfigurationCommand";
export * from "./GetClusterSessionCredentialsCommand";
export * from "./GetManagedScalingPolicyCommand";
export * from "./GetStudioSessionMappingCommand";
export * from "./ListBootstrapActionsCommand";
Expand Down
2 changes: 1 addition & 1 deletion clients/client-emr/src/endpoint/EndpointParameters.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ export const resolveClientEndpointParameters = <T>(
};

export interface EndpointParameters extends __EndpointParameters {
Region?: string;
Region: string;
UseDualStack?: boolean;
UseFIPS?: boolean;
Endpoint?: string;
Expand Down
42 changes: 21 additions & 21 deletions clients/client-emr/src/endpoint/ruleset.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,27 +6,27 @@ import { RuleSetObject } from "@aws-sdk/util-endpoints";
or see "smithy.rules#endpointRuleSet"
in codegen/sdk-codegen/aws-models/emr.json */

const s="required",
t="fn",
const t="fn",
u="argv",
v="ref";
const a="PartitionResult",
b="tree",
c="error",
d="endpoint",
e="getAttr",
f={[s]:false,"type":"String"},
g={[s]:true,"default":false,"type":"Boolean"},
h={[v]:"Endpoint"},
i={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
j={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
k={},
l={[t]:"booleanEquals",[u]:[true,{[t]:e,[u]:[{[v]:a},"supportsFIPS"]}]},
m={[v]:a},
n={[t]:"booleanEquals",[u]:[true,{[t]:e,[u]:[m,"supportsDualStack"]}]},
o={"url":"https://elasticmapreduce.{Region}.{PartitionResult#dnsSuffix}","properties":{},"headers":{}},
p=[h],
q=[i],
r=[j];
const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[t]:"aws.partition",[u]:[{[v]:"Region"}],assign:a}],type:b,rules:[{conditions:[{[t]:"isSet",[u]:p},{[t]:"parseURL",[u]:p,assign:"url"}],type:b,rules:[{conditions:q,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:r,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]}]},{conditions:[i,j],type:b,rules:[{conditions:[l,n],type:b,rules:[{endpoint:{url:"https://elasticmapreduce-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:q,type:b,rules:[{conditions:[l],type:b,rules:[{type:b,rules:[{conditions:[{[t]:"stringEquals",[u]:["aws-us-gov",{[t]:e,[u]:[m,"name"]}]}],endpoint:o,type:d},{endpoint:{url:"https://elasticmapreduce-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:r,type:b,rules:[{conditions:[n],type:b,rules:[{endpoint:{url:"https://elasticmapreduce.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{endpoint:o,type:d}]}]};
const a=true,
b=false,
c="String",
d="PartitionResult",
e="tree",
f="error",
g="endpoint",
h="getAttr",
i={"required":true,"default":false,"type":"Boolean"},
j={[v]:"Endpoint"},
k={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
l={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
m={},
n={[t]:"booleanEquals",[u]:[true,{[t]:h,[u]:[{[v]:d},"supportsFIPS"]}]},
o={[v]:d},
p={[t]:"booleanEquals",[u]:[true,{[t]:h,[u]:[o,"supportsDualStack"]}]},
q={"url":"https://elasticmapreduce.{Region}.{PartitionResult#dnsSuffix}","properties":{},"headers":{}},
r=[k],
s=[l];
const _data={version:"1.0",parameters:{Region:{required:a,type:c},UseDualStack:i,UseFIPS:i,Endpoint:{required:b,type:c}},rules:[{conditions:[{[t]:"aws.partition",[u]:[{[v]:"Region"}],assign:d}],type:e,rules:[{conditions:[{[t]:"isSet",[u]:[j]}],type:e,rules:[{conditions:r,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:f},{type:e,rules:[{conditions:s,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:f},{endpoint:{url:j,properties:m,headers:m},type:g}]}]},{conditions:[k,l],type:e,rules:[{conditions:[n,p],type:e,rules:[{endpoint:{url:"https://elasticmapreduce-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:g}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:f}]},{conditions:r,type:e,rules:[{conditions:[n],type:e,rules:[{type:e,rules:[{conditions:[{[t]:"stringEquals",[u]:["aws-us-gov",{[t]:h,[u]:[o,"name"]}]}],endpoint:q,type:g},{endpoint:{url:"https://elasticmapreduce-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:g}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:f}]},{conditions:s,type:e,rules:[{conditions:[p],type:e,rules:[{endpoint:{url:"https://elasticmapreduce.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:g}]},{error:"DualStack is enabled but this partition does not support DualStack",type:f}]},{endpoint:q,type:g}]}]};
export const ruleSet: RuleSetObject = _data;
Loading

0 comments on commit 200974a

Please sign in to comment.