fix: notebookplatform fix for type mismatch (#353)

lmouhib · web-flow · commit 007d9a88f6e0 · 2022-05-25T14:18:22.000+02:00
* fix: resolve issue failing the deployment of managedendpoint

* fix: adding e2e test for notebook-platform.ts

* fix: add managednode groups for notebook platform without podtempalte labels

* fix: add default version for emr on eks to be used if no version is provided in the managedendpoint definition

* fix: amend the unit tests to pass the tests. Added the new nodegroup -notebookwithoutpodtemplate-

Co-authored-by: Lotfi Mouhib &lt;mouhib@amazon.com&gt;
diff --git a/core/src/emr-eks-platform/emr-eks-cluster.ts b/core/src/emr-eks-platform/emr-eks-cluster.ts
@@ -154,7 +154,7 @@ export class EmrEksCluster extends TrackedConstruct {
 
     return stack.node.tryFindChild(id) as EmrEksCluster || emrEksCluster!;
   }
-  private static readonly EMR_VERSIONS = ['emr-6.5.0-latest', 'emr-6.4.0-latest', 'emr-6.3.0-latest', 'emr-6.2.0-latest', 'emr-5.33.0-latest', 'emr-5.32.0-latest'];
+  private static readonly EMR_VERSIONS = ['emr-6.6.0-latest', 'emr-6.5.0-latest', 'emr-6.4.0-latest', 'emr-6.3.0-latest', 'emr-6.2.0-latest', 'emr-5.33.0-latest', 'emr-5.32.0-latest'];
   private static readonly DEFAULT_EMR_VERSION = 'emr-6.4.0-latest';
   private static readonly DEFAULT_EKS_VERSION = KubernetesVersion.V1_21;
   private static readonly DEFAULT_CLUSTER_NAME = 'data-platform';
@@ -408,6 +408,7 @@ export class EmrEksCluster extends TrackedConstruct {
       // Add a nodegroup for notebooks
       this.addEmrEksNodegroup('notebookDriver', EmrEksNodegroup.NOTEBOOK_DRIVER);
       this.addEmrEksNodegroup('notebookExecutor', EmrEksNodegroup.NOTEBOOK_EXECUTOR);
+      this.addEmrEksNodegroup('notebookWithoutPodTemplate', EmrEksNodegroup.NOTEBOOK_WITHOUT_PODTEMPLATE);
     }
     // Create an Amazon S3 Bucket for default podTemplate assets
     this.assetBucket = AraBucket.getOrCreate(this, { bucketName: `${this.clusterName.toLowerCase()}-emr-eks-assets`, encryption: BucketEncryption.KMS_MANAGED });
@@ -452,7 +453,7 @@ export class EmrEksCluster extends TrackedConstruct {
     // Replace the pod template location for driver and executor with the correct Amazon S3 path in the notebook default config
     // NotebookDefaultConfig.applicationConfiguration[0].properties['spark.kubernetes.driver.podTemplateFile'] = this.assetBucket.s3UrlForObject(`${this.podTemplateLocation.objectKey}/notebook-driver.yaml`);
     // NotebookDefaultConfig.applicationConfiguration[0].properties['spark.kubernetes.executor.podTemplateFile'] = this.assetBucket.s3UrlForObject(`${this.podTemplateLocation.objectKey}/notebook-executor.yaml`);
-    this.notebookDefaultConfig = JSON.stringify(NotebookDefaultConfig);
+    this.notebookDefaultConfig = JSON.parse(JSON.stringify(NotebookDefaultConfig));
 
     // Replace the pod template location for driver and executor with the correct Amazon S3 path in the critical default config
     CriticalDefaultConfig.applicationConfiguration[0].properties['spark.kubernetes.driver.podTemplateFile'] = this.assetBucket.s3UrlForObject(`${this.podTemplateLocation.objectKey}/critical-driver.yaml`);
diff --git a/core/src/notebook-platform/notebook-platform.ts b/core/src/notebook-platform/notebook-platform.ts
@@ -165,6 +165,7 @@ export enum IdpRelayState {
  * ```
  */
 export class NotebookPlatform extends TrackedConstruct {
+  private static readonly DEFAULT_EMR_VERSION = 'emr-6.6.0-latest';
   private static readonly STUDIO_PRINCIPAL: string = 'elasticmapreduce.amazonaws.com';
   private readonly studioId: string;
   private readonly workSpaceSecurityGroup: SecurityGroup;
@@ -391,7 +392,7 @@ export class NotebookPlatform extends TrackedConstruct {
                 `${user.identityName}${index}`,
                 notebookManagedEndpoint.executionPolicy,
               ),
-              emrOnEksVersion: emrOnEksVersion ? emrOnEksVersion : undefined,
+              emrOnEksVersion: emrOnEksVersion ? emrOnEksVersion : NotebookPlatform.DEFAULT_EMR_VERSION,
               configurationOverrides: configOverride ? configOverride : undefined,
             },
 
diff --git a/core/test/e2e/notebook-platform.test.ts b/core/test/e2e/notebook-platform.test.ts
@@ -0,0 +1,106 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: MIT-0
+
+/**
+ * Tests EmrEksCluster
+ *
+ * @group integ/notebook-platform
+ */
+
+import { ManagedPolicy, PolicyStatement } from '@aws-cdk/aws-iam';
+import * as cdk from '@aws-cdk/core';
+import { ArnFormat, Aws } from '@aws-cdk/core';
+import { SdkProvider } from 'aws-cdk/lib/api/aws-auth';
+import { CloudFormationDeployments } from 'aws-cdk/lib/api/cloudformation-deployments';
+
+import { NotebookPlatform, StudioAuthMode } from '../../src';
+import { EmrEksCluster } from '../../src/emr-eks-platform';
+
+jest.setTimeout(2000000);
+// GIVEN
+const integTestApp = new cdk.App();
+const stack = new cdk.Stack(integTestApp, 'notebookPlatformE2eTest');
+
+const emrEksCluster = EmrEksCluster.getOrCreate(stack, {
+  eksAdminRoleArn: 'arn:aws:iam::123445678912:role/gromav',
+});
+
+const notebookPlatform = new NotebookPlatform(stack, 'platform-notebook', {
+  emrEks: emrEksCluster,
+  eksNamespace: 'notebookspace',
+  studioName: 'testNotebook',
+  studioAuthMode: StudioAuthMode.IAM,
+});
+
+
+const policy1 = new ManagedPolicy(stack, 'MyPolicy1', {
+  statements: [
+    new PolicyStatement({
+      resources: ['*'],
+      actions: ['s3:*'],
+    }),
+    new PolicyStatement({
+      resources: [
+        stack.formatArn({
+          account: Aws.ACCOUNT_ID,
+          region: Aws.REGION,
+          service: 'logs',
+          resource: '*',
+          arnFormat: ArnFormat.NO_RESOURCE_NAME,
+        }),
+      ],
+      actions: [
+        'logs:*',
+      ],
+    }),
+  ],
+});
+
+notebookPlatform.addUser([{
+  identityName: 'janeDoe',
+  notebookManagedEndpoints: [
+    {
+      emrOnEksVersion: 'emr-6.4.0-latest',
+      executionPolicy: policy1,
+    },
+  ],
+}]);
+
+new cdk.CfnOutput(stack, 'EmrEksAdminRoleOutput', {
+  value: emrEksCluster.eksCluster.adminRole.roleArn,
+  exportName: 'emrEksAdminRole',
+});
+
+describe('deploy succeed', () => {
+  it('can be deploy succcessfully', async () => {
+    // GIVEN
+    const stackArtifact = integTestApp.synth().getStackByName(stack.stackName);
+
+    const sdkProvider = await SdkProvider.withAwsCliCompatibleDefaults({
+      profile: process.env.AWS_PROFILE,
+    });
+    const cloudFormation = new CloudFormationDeployments({ sdkProvider });
+
+    // WHEN
+    const deployResult = await cloudFormation.deployStack({
+      stack: stackArtifact,
+    });
+
+    // THEN
+    expect(deployResult.outputs.emrEksAdminRole).toEqual('arn:aws:iam::123445678912:role/gromav');
+
+  }, 9000000);
+});
+
+afterAll(async () => {
+  const stackArtifact = integTestApp.synth().getStackByName(stack.stackName);
+
+  const sdkProvider = await SdkProvider.withAwsCliCompatibleDefaults({
+    profile: process.env.AWS_PROFILE,
+  });
+  const cloudFormation = new CloudFormationDeployments({ sdkProvider });
+
+  await cloudFormation.destroyStack({
+    stack: stackArtifact,
+  });
+});
diff --git a/core/test/unit/cdk-nag/nag-emr-eks.test.ts b/core/test/unit/cdk-nag/nag-emr-eks.test.ts
@@ -403,6 +403,18 @@ NagSuppressions.addResourceSuppressionsByPath(
   [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
 );
 
+NagSuppressions.addResourceSuppressionsByPath(
+  stack,
+  'eks-emr-studio/data-platformCluster/NodegroupnotebookWithoutPodTemplate-0/NodeGroupRole/Resource',
+  [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
+);
+
+NagSuppressions.addResourceSuppressionsByPath(
+  stack,
+  'eks-emr-studio/data-platformCluster/NodegroupnotebookWithoutPodTemplate-1/NodeGroupRole/Resource',
+  [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
+);
+
 test('No unsuppressed Warnings', () => {
   const warnings = Annotations.fromStack(stack).findWarning('*', Match.stringLikeRegexp('AwsSolutions-.*'));
   console.log(warnings);
diff --git a/core/test/unit/cdk-nag/nag-notebook-platform.test.ts b/core/test/unit/cdk-nag/nag-notebook-platform.test.ts
@@ -178,6 +178,18 @@ NagSuppressions.addResourceSuppressionsByPath(
   [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
 );
 
+NagSuppressions.addResourceSuppressionsByPath(
+  stack,
+  'eks-emr-studio/data-platformCluster/NodegroupnotebookWithoutPodTemplate-0/NodeGroupRole/Resource',
+  [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
+);
+
+NagSuppressions.addResourceSuppressionsByPath(
+  stack,
+  'eks-emr-studio/data-platformCluster/NodegroupnotebookWithoutPodTemplate-1/NodeGroupRole/Resource',
+  [{ id: 'AwsSolutions-IAM4', reason: 'Nodegroups are using AWS Managed Policies' }],
+);
+
 NagSuppressions.addResourceSuppressionsByPath(
   stack,
   'eks-emr-studio/data-platformCluster/NodegroupnotebookExecutor-0/NodeGroupRole/Resource',
diff --git a/core/test/unit/emr-eks-platform/emr-eks-cluster.test.ts b/core/test/unit/emr-eks-platform/emr-eks-cluster.test.ts
@@ -124,7 +124,7 @@ test('EKS should have a helm chart for deploying the Kubernetes Dashboard', () =
 
 test('EKS cluster should have the default Nodegroups', () => {
 
-  expect(emrEksClusterStack).toCountResources('AWS::EKS::Nodegroup', 11);
+  expect(emrEksClusterStack).toCountResources('AWS::EKS::Nodegroup', 13);
 
   expect(emrEksClusterStack).toHaveResource('AWS::EKS::Nodegroup', {
     AmiType: 'AL2_x86_64',
diff --git a/core/test/unit/notebook-platform/notebook-platform.test.ts b/core/test/unit/notebook-platform/notebook-platform.test.ts
@@ -7,8 +7,6 @@
  * @group unit/notebook-data-platform
  */
 
-//TODO REDO this unit test to support the new way of deploying notebooks with nested stacks
-
 import * as assertCDK from '@aws-cdk/assert';
 import { ManagedPolicy, PolicyDocument, PolicyStatement } from '@aws-cdk/aws-iam';
 import { Stack } from '@aws-cdk/core';
