export function deployGlueJob()

in source/patterns/@aws-solutions-constructs/core/lib/glue-job-helper.ts [103:187]

• 72 lines of code
• 11 McCabe index (conditional complexity)

export function deployGlueJob(scope: Construct, glueJobProps: glue.CfnJobProps, database: glue.CfnDatabase, table: glue.CfnTable,
  outputDataStore: SinkDataStoreProps): [glue.CfnJob, IRole, [Bucket, (Bucket | undefined)?]] {

  let _glueSecurityConfigName: string;

  if (glueJobProps.securityConfiguration === undefined) {
    _glueSecurityConfigName = 'ETLJobSecurityConfig';
    const _glueKMSKey = `arn:${Aws.PARTITION}:kms:${Aws.REGION}:${Aws.ACCOUNT_ID}:alias/aws/glue`;

    new glue.CfnSecurityConfiguration(scope, 'GlueSecurityConfig', {
      name: _glueSecurityConfigName,
      encryptionConfiguration: {
        jobBookmarksEncryption: {
          jobBookmarksEncryptionMode: 'CSE-KMS',
          kmsKeyArn: _glueKMSKey
        },
        s3Encryptions: [{
          s3EncryptionMode: 'SSE-S3'
        }]
      }
    });
  } else {
    _glueSecurityConfigName = glueJobProps.securityConfiguration;
  }

  const _glueJobPolicy = new Policy(scope, 'LogPolicy', {
    statements: [
      new PolicyStatement({
        effect: Effect.ALLOW,
        actions: [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ],
        resources: [ `arn:${Aws.PARTITION}:logs:${Aws.REGION}:${Aws.ACCOUNT_ID}:log-group:/aws-glue/*` ]
      })
    ]
  });

  let _jobRole: IRole;
  if (glueJobProps.role) {
    _jobRole = Role.fromRoleArn(scope, 'JobRole', glueJobProps.role);
  } else {
    _jobRole = defaults.createGlueJobRole(scope);
  }

  _glueJobPolicy.attachToRole(_jobRole);

  let _outputLocation: [ Bucket, Bucket? ];
  if (outputDataStore !== undefined && outputDataStore.datastoreType === SinkStoreType.S3) {
    if (outputDataStore.existingS3OutputBucket !== undefined) {
      _outputLocation = [ outputDataStore.existingS3OutputBucket, undefined ];
    } else {
      _outputLocation = defaults.buildS3Bucket(scope, { bucketProps: outputDataStore.outputBucketProps } );
    }
  } else {
    _outputLocation = defaults.buildS3Bucket(scope, {});
  }

  _outputLocation[0].grantReadWrite(_jobRole);

  const _jobArgumentsList = {
    "--enable-metrics" : true,
    "--enable-continuous-cloudwatch-log" : true,
    "--database_name": database.ref,
    "--table_name": table.ref,
    ...((outputDataStore === undefined || (outputDataStore && outputDataStore.datastoreType === SinkStoreType.S3)) &&
      { '--output_path' : `s3a://${_outputLocation[0].bucketName}/output/` }),
    ...glueJobProps.defaultArguments
  };

  const _newGlueJobProps: glue.CfnJobProps = overrideProps(defaults.DefaultGlueJobProps(_jobRole!, glueJobProps,
    _glueSecurityConfigName, _jobArgumentsList), glueJobProps);

  let _scriptLocation: string;
  if (isJobCommandProperty(_newGlueJobProps.command)) {
    if (_newGlueJobProps.command.scriptLocation) {
      _scriptLocation = _newGlueJobProps.command.scriptLocation;
    } else {
      throw Error('Script location has to be provided as an s3 Url location. Script location cannot be empty');
    }
  }

  const _scriptBucketLocation: IBucket = Bucket.fromBucketArn(scope, 'ScriptLocaiton', getS3ArnfromS3Url(_scriptLocation!));
  _scriptBucketLocation.grantRead(_jobRole);

  const _glueJob: glue.CfnJob = new glue.CfnJob(scope, 'KinesisETLJob', _newGlueJobProps);
  return [_glueJob, _jobRole, _outputLocation];
}