From 48a2179a66c04775baf87544e5788bfd86c67f75 Mon Sep 17 00:00:00 2001 From: Rishabh Singh Date: Mon, 10 Jun 2024 14:37:52 -0700 Subject: [PATCH 1/6] Add support for c5.2xlarge and c6g.2xlarge instance types (#123) Signed-off-by: Rishabh Singh --- lib/opensearch-config/node-config.ts | 6 ++++++ test/opensearch-cluster-cdk.test.ts | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/opensearch-config/node-config.ts b/lib/opensearch-config/node-config.ts index d192945eb74..4281953a69c 100644 --- a/lib/opensearch-config/node-config.ts +++ b/lib/opensearch-config/node-config.ts @@ -43,6 +43,7 @@ export enum x64Ec2InstanceType { M5_2XLARGE = 'm5.2xlarge', C5_LARGE = 'c5.large', C5_XLARGE = 'c5.xlarge', + C5_2XLARGE = 'c5.2xlarge', R5_LARGE = 'r5.large', R5_XLARGE = 'r5.xlarge', R5_2XLARGE = 'r5.2xlarge', @@ -64,6 +65,7 @@ export enum arm64Ec2InstanceType { M6G_2XLARGE = 'm6g.2xlarge', C6G_LARGE = 'c6g.large', C6G_XLARGE = 'c6g.xlarge', + C6G_2XLARGE = 'c6g.2xlarge', R6G_LARGE = 'r6g.large', R6G_XLARGE = 'r6g.xlarge', R6G_2XLARGE = 'r6g.2xlarge', @@ -83,6 +85,8 @@ export const getX64InstanceTypes = (instanceType: string) => { return InstanceType.of(InstanceClass.C5, InstanceSize.LARGE); case x64Ec2InstanceType.C5_XLARGE: return InstanceType.of(InstanceClass.C5, InstanceSize.XLARGE); + case x64Ec2InstanceType.C5_2XLARGE: + return InstanceType.of(InstanceClass.C5, InstanceSize.XLARGE2); case x64Ec2InstanceType.R5_LARGE: return InstanceType.of(InstanceClass.R5, InstanceSize.LARGE); case x64Ec2InstanceType.R5_XLARGE: @@ -126,6 +130,8 @@ export const getArm64InstanceTypes = (instanceType: string) => { return InstanceType.of(InstanceClass.C6G, InstanceSize.LARGE); case arm64Ec2InstanceType.C6G_XLARGE: return InstanceType.of(InstanceClass.C6G, InstanceSize.XLARGE); + case arm64Ec2InstanceType.C6G_2XLARGE: + return InstanceType.of(InstanceClass.C6G, InstanceSize.XLARGE2); case arm64Ec2InstanceType.R6G_LARGE: return InstanceType.of(InstanceClass.R6G, InstanceSize.LARGE); case arm64Ec2InstanceType.R6G_XLARGE: diff --git a/test/opensearch-cluster-cdk.test.ts b/test/opensearch-cluster-cdk.test.ts index e7fce530890..eb5e2e1b8e2 100644 --- a/test/opensearch-cluster-cdk.test.ts +++ b/test/opensearch-cluster-cdk.test.ts @@ -380,7 +380,7 @@ test('Throw error on wrong cpu arch to instance mapping', () => { expect(error).toBeInstanceOf(Error); // @ts-ignore expect(error.message).toEqual('Invalid instance type provided, please provide any one the following: ' - + 'm6g.xlarge,m6g.2xlarge,c6g.large,c6g.xlarge,r6g.large,r6g.xlarge,r6g.2xlarge,r6g.4xlarge,r6g.8xlarge,' + + 'm6g.xlarge,m6g.2xlarge,c6g.large,c6g.xlarge,c6g.2xlarge,r6g.large,r6g.xlarge,r6g.2xlarge,r6g.4xlarge,r6g.8xlarge,' + 'g5g.large,g5g.xlarge'); } }); @@ -422,7 +422,7 @@ test('Throw error on ec2 instance outside of enum list', () => { expect(error).toBeInstanceOf(Error); // @ts-ignore expect(error.message).toEqual('Invalid instance type provided, please provide any one the following: ' - + 'm5.xlarge,m5.2xlarge,c5.large,c5.xlarge,r5.large,r5.xlarge,r5.2xlarge,r5.4xlarge,r5.8xlarge,g5.large,' + + 'm5.xlarge,m5.2xlarge,c5.large,c5.xlarge,c5.2xlarge,r5.large,r5.xlarge,r5.2xlarge,r5.4xlarge,r5.8xlarge,g5.large,' + 'g5.xlarge,i3.large,i3.xlarge,i3.2xlarge,i3.4xlarge,i3.8xlarge,inf1.xlarge,inf1.2xlarge'); } }); From 974b6f30f297af9fba296ae752caed56be8d483e Mon Sep 17 00:00:00 2001 From: Andre Kurait Date: Fri, 14 Jun 2024 18:07:08 -0500 Subject: [PATCH 2/6] Add support for ALB (#124) Signed-off-by: Andre Kurait --- README.md | 3 +- lib/infra/infra-stack.ts | 214 ++++++++++++++++++++-------- test/infra-stack-props.test.ts | 40 ++++++ test/opensearch-cluster-cdk.test.ts | 49 ++++++- 4 files changed, 248 insertions(+), 58 deletions(-) diff --git a/README.md b/README.md index 684f30c7f86..a9e1ad5c113 100644 --- a/README.md +++ b/README.md @@ -78,6 +78,7 @@ In order to deploy both the stacks the user needs to provide a set of required a | certificateArn | Optional | string | Add ACM certificate to the any listener (OpenSearch or OpenSearch-Dashboards) whose port is mapped to 443. e.g., `--context certificateArn=arn:1234`| | mapOpensearchPortTo | Optional | integer | Load balancer port number to map to OpenSearch. e.g., `--context mapOpensearchPortTo=8440` Defaults to 80 when security is disabled and 443 when security is enabled | | mapOpensearchDashboardsPortTo | Optional | integer | Load balancer port number to map to OpenSearch-Dashboards. e.g., `--context mapOpensearchDashboardsPortTo=443` Always defaults to 8443 | +| loadBalancerType | Optional | string | The type of load balancer to deploy. Valid values are nlb for Network Load Balancer or alb for Application Load Balancer. Defaults to nlb. e.g., `--context loadBalancerType=alb` | * Before starting this step, ensure that your AWS CLI is correctly configured with access credentials. * Also ensure that you're running these commands in the current directory @@ -169,7 +170,7 @@ All the ec2 instances are hosted in private subnet and can only be accessed usin ## Port Mapping -The ports to access the cluster are dependent on the `security` parameter value +The ports to access the cluster are dependent on the `security` parameter value and are identical whether using an Application Load Balancer (ALB) or a Network Load Balancer (NLB): * If `security` is `disable` (HTTP), * OpenSearch 9200 is mapped to port 80 on the LB * If `security` is `enable` (HTTPS), diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts index 8cf8585052f..3f7b4aa67bd 100644 --- a/lib/infra/infra-stack.ts +++ b/lib/infra/infra-stack.ts @@ -29,6 +29,13 @@ import { SubnetType, } from 'aws-cdk-lib/aws-ec2'; import { + ApplicationListener, + ApplicationLoadBalancer, + ApplicationProtocol, + BaseApplicationListenerProps, + BaseListener, + BaseLoadBalancer, + BaseNetworkListenerProps, ListenerCertificate, NetworkListener, NetworkLoadBalancer, Protocol, } from 'aws-cdk-lib/aws-elasticloadbalancingv2'; @@ -55,6 +62,11 @@ enum cpuArchEnum{ ARM64='arm64' } +export enum LoadBalancerType { + NLB = 'nlb', + ALB = 'alb' +} + const getInstanceType = (instanceType: string, arch: string) => { if (arch === 'x64') { if (instanceType !== 'undefined') { @@ -133,10 +145,13 @@ export interface InfraProps extends StackProps { readonly mapOpensearchPortTo ?: number /** Map opensearch-dashboards port on load balancer to */ readonly mapOpensearchDashboardsPortTo ?: number + /** Type of load balancer to use (e.g., 'nlb' or 'alb') */ + readonly loadBalancerType?: LoadBalancerType } export class InfraStack extends Stack { - public readonly nlb: NetworkLoadBalancer; + public readonly elb: NetworkLoadBalancer | ApplicationLoadBalancer; + public readonly elbType: LoadBalancerType; private instanceRole: Role; @@ -200,8 +215,6 @@ export class InfraStack extends Stack { constructor(scope: Stack, id: string, props: InfraProps) { super(scope, id, props); - let opensearchListener: NetworkListener; - let dashboardsListener: NetworkListener; let managerAsgCapacity: number; let dataAsgCapacity: number; let clientNodeAsg: AutoScalingGroup; @@ -398,11 +411,28 @@ export class InfraStack extends Stack { const certificateArn = `${props?.certificateArn ?? scope.node.tryGetContext('certificateArn')}`; - this.nlb = new NetworkLoadBalancer(this, 'clusterNlb', { - vpc: props.vpc, - internetFacing: (!this.isInternal), - crossZoneEnabled: true, - }); + // Set the load balancer type, defaulting to NLB if not specified + const loadBalancerTypeStr = scope.node.tryGetContext('loadBalancerType') ?? 'nlb' + this.elbType = props?.loadBalancerType ?? LoadBalancerType[(loadBalancerTypeStr).toUpperCase() as keyof typeof LoadBalancerType]; + switch (this.elbType) { + case LoadBalancerType.NLB: + this.elb = new NetworkLoadBalancer(this, 'clusterNlb', { + vpc: props.vpc, + internetFacing: (!this.isInternal), + crossZoneEnabled: true, + }); + break; + case LoadBalancerType.ALB: + this.elb = new ApplicationLoadBalancer(this, 'clusterAlb', { + vpc: props.vpc, + internetFacing: (!this.isInternal), + crossZoneEnabled: true, + securityGroup: props.securityGroup, + }); + break; + default: + throw new Error('Invalid load balancer type provided. Valid values are ' + Object.values(LoadBalancerType).join(', ')); + } const opensearchPortMap = `${props?.mapOpensearchPortTo ?? scope.node.tryGetContext('mapOpensearchPortTo')}`; const opensearchDashboardsPortMap = `${props?.mapOpensearchDashboardsPortTo ?? scope.node.tryGetContext('mapOpensearchDashboardsPortTo')}`; @@ -428,34 +458,27 @@ export class InfraStack extends Stack { + ` Current mapping is OpenSearch:${this.opensearchPortMapping} OpenSearch-Dashboards:${this.opensearchDashboardsPortMapping}`); } - if (!this.securityDisabled && !this.minDistribution && this.opensearchPortMapping === 443 && certificateArn !== 'undefined') { - opensearchListener = this.nlb.addListener('opensearch', { - port: this.opensearchPortMapping, - protocol: Protocol.TLS, - certificates: [ListenerCertificate.fromArn(certificateArn)], - }); - } else { - opensearchListener = this.nlb.addListener('opensearch', { - port: this.opensearchPortMapping, - protocol: Protocol.TCP, - }); - } + const useSSLOpensearchListener = !this.securityDisabled && !this.minDistribution && this.opensearchPortMapping === 443 && certificateArn !== 'undefined'; + const opensearchListener = InfraStack.createListener( + this.elb, + this.elbType, + 'opensearch', + this.opensearchPortMapping, + (useSSLOpensearchListener) ? certificateArn : undefined + ); + let dashboardsListener: NetworkListener | ApplicationListener; if (this.dashboardsUrl !== 'undefined') { - if (!this.securityDisabled && !this.minDistribution && this.opensearchDashboardsPortMapping === 443 && certificateArn !== 'undefined') { - dashboardsListener = this.nlb.addListener('dashboards', { - port: this.opensearchDashboardsPortMapping, - protocol: Protocol.TLS, - certificates: [ListenerCertificate.fromArn(certificateArn)], - }); - } else { - dashboardsListener = this.nlb.addListener('dashboards', { - port: this.opensearchDashboardsPortMapping, - protocol: Protocol.TCP, - }); - } + const useSSLDashboardsListener = !this.securityDisabled && !this.minDistribution + && this.opensearchDashboardsPortMapping === 443 && certificateArn !== 'undefined'; + dashboardsListener = InfraStack.createListener( + this.elb, + this.elbType, + 'dashboards', + this.opensearchDashboardsPortMapping, + (useSSLDashboardsListener) ? certificateArn : undefined + ); } - if (this.singleNodeCluster) { console.log('Single node value is true, creating single node configurations'); singleNodeInstance = new Instance(this, 'single-node-instance', { @@ -483,19 +506,23 @@ export class InfraStack extends Stack { }); Tags.of(singleNodeInstance).add('role', 'client'); - opensearchListener.addTargets('single-node-target', { - port: 9200, - protocol: Protocol.TCP, - targets: [new InstanceTarget(singleNodeInstance)], - }); + // Disable target security for now, can be provided as an option in the future + InfraStack.addTargetsToListener( + opensearchListener, + this.elbType, + 'single-node-target', + 9200, + new InstanceTarget(singleNodeInstance), + false); if (this.dashboardsUrl !== 'undefined') { - // @ts-ignore - dashboardsListener.addTargets('single-node-osd-target', { - port: 5601, - protocol: Protocol.TCP, - targets: [new InstanceTarget(singleNodeInstance)], - }); + InfraStack.addTargetsToListener( + dashboardsListener!, + this.elbType, + 'single-node-osd-target', + 5601, + new InstanceTarget(singleNodeInstance), + false); } new CfnOutput(this, 'private-ip', { value: singleNodeInstance.instancePrivateIp, @@ -660,23 +687,27 @@ export class InfraStack extends Stack { Tags.of(mlNodeAsg).add('role', 'ml-node'); } - opensearchListener.addTargets('opensearchTarget', { - port: 9200, - protocol: Protocol.TCP, - targets: [clientNodeAsg], - }); + // Disable target security for now, can be provided as an option in the future + InfraStack.addTargetsToListener( + opensearchListener, + this.elbType, + 'opensearchTarget', + 9200, + clientNodeAsg, + false); if (this.dashboardsUrl !== 'undefined') { - // @ts-ignore - dashboardsListener.addTargets('dashboardsTarget', { - port: 5601, - protocol: Protocol.TCP, - targets: [clientNodeAsg], - }); + InfraStack.addTargetsToListener( + dashboardsListener!, + this.elbType, + 'dashboardsTarget', + 5601, + clientNodeAsg, + false); } } new CfnOutput(this, 'loadbalancer-url', { - value: this.nlb.loadBalancerDnsName, + value: this.elb.loadBalancerDnsName, }); if (this.enableMonitoring) { @@ -1013,4 +1044,75 @@ export class InfraStack extends Stack { return cfnInitConfig; } + + /** + * Creates a listener for the given load balancer. + * If a certificate is provided, the protocol will be set to TLS/HTTPS. + * Otherwise, the protocol will be set to TCP/HTTP. + */ + private static createListener(elb: BaseLoadBalancer, elbType: LoadBalancerType, id: string, port: number, + certificateArn?: string): ApplicationListener | NetworkListener { + const useSSL = !!certificateArn; + + let protocol: ApplicationProtocol | Protocol; + switch(elbType) { + case LoadBalancerType.ALB: + protocol = useSSL ? ApplicationProtocol.HTTPS : ApplicationProtocol.HTTP; + break; + case LoadBalancerType.NLB: + protocol = useSSL ? Protocol.TLS : Protocol.TCP; + break; + default: + throw new Error('Unsupported load balancer type.'); + } + + const listenerProps: BaseApplicationListenerProps | BaseNetworkListenerProps = { + port: port, + protocol: protocol, + certificates: useSSL ? [ListenerCertificate.fromArn(certificateArn)] : undefined, + }; + + switch(elbType) { + case LoadBalancerType.ALB: { + const alb = elb as ApplicationLoadBalancer; + return alb.addListener(id, listenerProps as BaseApplicationListenerProps); + } + case LoadBalancerType.NLB: { + const nlb = elb as NetworkLoadBalancer; + return nlb.addListener(id, listenerProps as BaseNetworkListenerProps); + } + default: + throw new Error('Unsupported load balancer type.'); + } + } + + /** + * Adds targets to the given listener. + * Works for both Application Load Balancers and Network Load Balancers. + */ + private static addTargetsToListener(listener: BaseListener, elbType: LoadBalancerType, id: string, port: number, target: AutoScalingGroup | InstanceTarget, + securityEnabled: boolean) { + switch(elbType) { + case LoadBalancerType.ALB: { + const albListener = listener as ApplicationListener; + albListener.addTargets(id, { + port: port, + protocol: securityEnabled ? ApplicationProtocol.HTTPS : ApplicationProtocol.HTTP, + targets: [target], + }); + break; + } + case LoadBalancerType.NLB: { + const nlbListener = listener as NetworkListener; + nlbListener.addTargets(id, { + port: port, + protocol: securityEnabled ? Protocol.TLS : Protocol.TCP, + targets: [target], + }); + break; + } + default: + throw new Error('Unsupported load balancer type.'); + } + } } diff --git a/test/infra-stack-props.test.ts b/test/infra-stack-props.test.ts index f8be7563e37..83173873bd3 100644 --- a/test/infra-stack-props.test.ts +++ b/test/infra-stack-props.test.ts @@ -317,3 +317,43 @@ test('Throw error on invalid CPU Arch', () => { expect(error.message).toEqual('distributionUrl parameter is required. Please provide the OpenSearch distribution artifact url to download'); } }); + +test('Throw error on invalid load balancer type', () => { + const app = new App({ + context: { + distVersion: '1.0.0', + securityDisabled: false, + minDistribution: false, + cpuArch: 'x64', + singleNodeCluster: false, + dashboardsUrl: 'www.example.com', + distributionUrl: 'www.example.com', + serverAccessType: 'ipv4', + restrictServerAccessTo: 'all', + additionalConfig: '{ "name": "John Doe", "age": 30, "email": "johndoe@example.com" }', + additionalOsdConfig: '{ "something.enabled": "true", "something_else.enabled": "false" }', + loadBalancerType: 'invalid-type', + }, + }); + + try { + // WHEN + const networkStack = new NetworkStack(app, 'opensearch-network-stack', { + env: { account: 'test-account', region: 'us-east-1' }, + }); + + // @ts-ignore + const infraStack = new InfraStack(app, 'opensearch-infra-stack', { + vpc: networkStack.vpc, + securityGroup: networkStack.osSecurityGroup, + env: { account: 'test-account', region: 'us-east-1' }, + }); + + // eslint-disable-next-line no-undef + fail('Expected an error to be thrown'); + } catch (error) { + expect(error).toBeInstanceOf(Error); + // @ts-ignore + expect(error.message).toEqual('Invalid load balancer type provided. Valid values are nlb, alb'); + } +}); diff --git a/test/opensearch-cluster-cdk.test.ts b/test/opensearch-cluster-cdk.test.ts index eb5e2e1b8e2..0f6be488d84 100644 --- a/test/opensearch-cluster-cdk.test.ts +++ b/test/opensearch-cluster-cdk.test.ts @@ -5,7 +5,7 @@ The OpenSearch Contributors require contributions made to this file be licensed under the Apache-2.0 license or a compatible open source license. */ -import { App } from 'aws-cdk-lib'; +import { App, Stack } from 'aws-cdk-lib'; import { Template } from 'aws-cdk-lib/assertions'; import { InfraStack } from '../lib/infra/infra-stack'; import { NetworkStack } from '../lib/networking/vpc-stack'; @@ -1070,3 +1070,50 @@ test('Ensure target group protocol is always TCP', () => { TargetType: 'instance', }); }); + + +describe.each([ + { loadBalancerType: 'alb', securityDisabled: false, expectedType: 'application', expectedProtocol: 'HTTPS' }, + { loadBalancerType: 'alb', securityDisabled: true, expectedType: 'application', expectedProtocol: 'HTTP' }, + { loadBalancerType: 'nlb', securityDisabled: false, expectedType: 'network', expectedProtocol: 'TLS' }, + { loadBalancerType: 'nlb', securityDisabled: true, expectedType: 'network', expectedProtocol: 'TCP' }, +])('Test $loadBalancerType creation with securityDisabled=$securityDisabled', ({ loadBalancerType, securityDisabled, expectedType, expectedProtocol }) => { + test(`should create ${loadBalancerType} with securityDisabled=${securityDisabled}`, () => { + const app = new App({ + context: { + securityDisabled, + certificateArn: (securityDisabled) ? undefined : 'arn:1234', + minDistribution: false, + distributionUrl: 'www.example.com', + cpuArch: 'x64', + singleNodeCluster: false, + dashboardsUrl: 'www.example.com', + distVersion: '1.0.0', + serverAccessType: 'ipv4', + restrictServerAccessTo: 'all', + loadBalancerType, + }, + }); + + // WHEN + const networkStack = new NetworkStack(app, 'opensearch-network-stack', { + env: { account: 'test-account', region: 'us-east-1' }, + }); + + const infraStack = new InfraStack(app as unknown as Stack, 'opensearch-infra-stack', { + vpc: networkStack.vpc, + securityGroup: networkStack.osSecurityGroup, + env: { account: 'test-account', region: 'us-east-1' }, + }); + + // THEN + const infraTemplate = Template.fromStack(infraStack); + infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Type: expectedType, + }); + + infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', { + Protocol: expectedProtocol, + }); + }); +}); From 65896f85fc8d33e20384b1fcf5c07e59b19db284 Mon Sep 17 00:00:00 2001 From: Andre Kurait Date: Mon, 17 Jun 2024 12:55:49 -0500 Subject: [PATCH 3/6] Add feature for contextKey value for nested context (#126) Signed-off-by: Andre Kurait --- README.md | 21 +++++++++++++++++++++ bin/app.ts | 11 +++++++++++ 2 files changed, 32 insertions(+) diff --git a/README.md b/README.md index a9e1ad5c113..c199cb0ba47 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ In order to deploy both the stacks the user needs to provide a set of required a | Name | Requirement | Type | Description | |-------------------------------|:------------|:----------|:------------| +| contextKey | Optional | string | A top-level key that the rest of the parameters can be nested within for organized configuration. This is used to parse config from a specific key in the `cdk.context.json` or in the `context` block in the `cdk.json` file. | | distVersion | Required | string | The OpenSearch distribution version (released/un-released) the user wants to deploy | | securityDisabled | Required | boolean | Enable or disable security plugin | | adminPassword | Optionally required | string | This value is required when security plugin is enabled and the cluster version is greater or equal to `2.12.0`| @@ -109,6 +110,26 @@ cdk synth "*" --context securityDisabled=false \ --context distVersion=2.3.0 --context serverAccessType=ipv4 --context restrictServerAccessTo=10.10.10.10/32 ``` +Alternatively, you can use the `contextKey` to provide the configuration. + +For example, to synthesize the CloudFormation templates using a context key: +```sh +cdk synth "*" --context contextKey=devConfig +``` +You would include the configuration in your `cdk.json` file like this: +```js +// cdk.json +{ + "context": { + "devConfig": { + "securityDisabled": false, + // ... + } + } +} +``` +This approach allows you to manage multiple configurations easily by defining different context keys for each environment. + #### Sample command to set up multi-node cluster with security enabled on x64 AL2 machine Please note that as of now we only support instances backed by Amazon Linux-2 amis. diff --git a/bin/app.ts b/bin/app.ts index 6b0d9b0f9f5..8cb7f693235 100644 --- a/bin/app.ts +++ b/bin/app.ts @@ -12,6 +12,17 @@ import { InfraStack } from '../lib/infra/infra-stack'; import { NetworkStack } from '../lib/networking/vpc-stack'; const app = new App(); + +const contextKey = app.node.tryGetContext('contextKey'); +if (contextKey) { + const nestedContext = app.node.tryGetContext(contextKey); + if (nestedContext && typeof nestedContext === 'object') { + Object.entries(nestedContext).forEach(([nestedKey, nestedValue]) => { + app.node.setContext(nestedKey, nestedValue); + }); + } +} + const region = app.node.tryGetContext('region') ?? process.env.CDK_DEFAULT_REGION; const account = app.node.tryGetContext('account') ?? process.env.CDK_DEFAULT_ACCOUNT; From 244684291bade9e30741385577d88608b413c703 Mon Sep 17 00:00:00 2001 From: Marc Handalian Date: Tue, 9 Jul 2024 18:11:00 -0700 Subject: [PATCH 4/6] Fix cluster bootstrap when using a separate client node asg (#127) Signed-off-by: Marc Handalian --- lib/infra/infra-stack.ts | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts index 3f7b4aa67bd..1e89de63f85 100644 --- a/lib/infra/infra-stack.ts +++ b/lib/infra/infra-stack.ts @@ -469,7 +469,7 @@ export class InfraStack extends Stack { let dashboardsListener: NetworkListener | ApplicationListener; if (this.dashboardsUrl !== 'undefined') { - const useSSLDashboardsListener = !this.securityDisabled && !this.minDistribution + const useSSLDashboardsListener = !this.securityDisabled && !this.minDistribution && this.opensearchDashboardsPortMapping === 443 && certificateArn !== 'undefined'; dashboardsListener = InfraStack.createListener( this.elb, @@ -509,18 +509,18 @@ export class InfraStack extends Stack { // Disable target security for now, can be provided as an option in the future InfraStack.addTargetsToListener( opensearchListener, - this.elbType, - 'single-node-target', - 9200, + this.elbType, + 'single-node-target', + 9200, new InstanceTarget(singleNodeInstance), false); if (this.dashboardsUrl !== 'undefined') { InfraStack.addTargetsToListener( dashboardsListener!, - this.elbType, - 'single-node-osd-target', - 5601, + this.elbType, + 'single-node-osd-target', + 5601, new InstanceTarget(singleNodeInstance), false); } @@ -652,7 +652,7 @@ export class InfraStack extends Stack { requireImdsv2: true, signals: Signals.waitForAll(), }); - Tags.of(clientNodeAsg).add('cluster', scope.stackName); + Tags.of(clientNodeAsg).add('cluster', this.stackName); } Tags.of(clientNodeAsg).add('role', 'client'); @@ -690,18 +690,18 @@ export class InfraStack extends Stack { // Disable target security for now, can be provided as an option in the future InfraStack.addTargetsToListener( opensearchListener, - this.elbType, - 'opensearchTarget', - 9200, + this.elbType, + 'opensearchTarget', + 9200, clientNodeAsg, false); if (this.dashboardsUrl !== 'undefined') { InfraStack.addTargetsToListener( dashboardsListener!, - this.elbType, - 'dashboardsTarget', - 5601, + this.elbType, + 'dashboardsTarget', + 5601, clientNodeAsg, false); } From f5b0bb8f85f241805191fa36dae156f18f25e545 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 15:36:37 -0700 Subject: [PATCH 5/6] Bump micromatch from 4.0.5 to 4.0.8 (#130) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2f2b03a68ac..0bb774e7055 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2241,11 +2241,11 @@ } }, "node_modules/braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "dependencies": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" }, "engines": { "node": ">=8" @@ -3425,9 +3425,9 @@ } }, "node_modules/fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "dependencies": { "to-regex-range": "^5.0.1" }, @@ -5164,11 +5164,11 @@ } }, "node_modules/micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "dependencies": { - "braces": "^3.0.2", + "braces": "^3.0.3", "picomatch": "^2.3.1" }, "engines": { @@ -8567,11 +8567,11 @@ } }, "braces": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz", - "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==", + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", "requires": { - "fill-range": "^7.0.1" + "fill-range": "^7.1.1" } }, "browser-process-hrtime": { @@ -9446,9 +9446,9 @@ } }, "fill-range": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz", - "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==", + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", "requires": { "to-regex-range": "^5.0.1" } @@ -10724,11 +10724,11 @@ "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==" }, "micromatch": { - "version": "4.0.5", - "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.5.tgz", - "integrity": "sha512-DMy+ERcEW2q8Z2Po+WNXuw3c5YaUSFjAO5GsJqfEl7UjvtIuFKO6ZrKvcItdy98dwFI2N1tg3zNIdKaQT+aNdA==", + "version": "4.0.8", + "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz", + "integrity": "sha512-PXwfBhYu0hBCPw8Dn0E+WDYb7af3dSLVWKi3HGv84IdF4TyFoC0ysxFd0Goxw7nSv4T/PzEJQxsYsEiFCKo2BA==", "requires": { - "braces": "^3.0.2", + "braces": "^3.0.3", "picomatch": "^2.3.1" } }, From 379611d61a659ee0a83a0d874dd9acc63cd3aac6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 3 Sep 2024 19:03:14 -0400 Subject: [PATCH 6/6] Bump ws from 7.5.9 to 7.5.10 (#131) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0bb774e7055..4a976888071 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6838,9 +6838,9 @@ } }, "node_modules/ws": { - "version": "7.5.9", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.9.tgz", - "integrity": "sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==", + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", "dev": true, "engines": { "node": ">=8.3.0" @@ -11897,9 +11897,9 @@ } }, "ws": { - "version": "7.5.9", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.9.tgz", - "integrity": "sha512-F+P9Jil7UiSKSkppIiD94dN07AwvFixvLIj1Og1Rl9GGMuNipJnV9JzjD6XuqmAeiswGvUmNLjr5cFuXwNS77Q==", + "version": "7.5.10", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.10.tgz", + "integrity": "sha512-+dbF1tHwZpXcbOJdVOkzLDxZP1ailvSxM6ZweXTegylPny803bFhA+vqBYw4s31NSAk4S2Qz+AKXK9a4wkdjcQ==", "dev": true, "requires": {} },