From c7fcaf7f8d819fa91b93effe2ad55658e980655b Mon Sep 17 00:00:00 2001 From: Joe <89984070+SigniantJoe@users.noreply.github.com> Date: Mon, 18 Mar 2024 13:22:13 -0400 Subject: [PATCH 1/2] fix(opensearch): cannot disable cluster logging (#29205) ### Issue # (if applicable) #29294 ### Reason for this change Currently cannot disable opensearch logging ### Description of changes If log parameters are explicitly set to false rather than undefined, it populates the logPublishingOptions with config to disable that logging ### Description of how you validated changes I added unit tests, although to be honest jest is giving me lots of trouble and I'm out of time for the day so I'll just create this pR and see what happens. Fingers crossed the PR test check is clean and I can pretend I know what I'm doing. ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --------- Co-authored-by: GZ --- ...efaultTestDeployAssert4E6713E1.assets.json | 19 +++ ...aultTestDeployAssert4E6713E1.template.json | 36 ++++ ...ensearch-with-logging-disabled.assets.json | 19 +++ ...search-with-logging-disabled.template.json | 82 +++++++++ .../cdk.out | 1 + .../integ.json | 12 ++ .../manifest.json | 113 ++++++++++++ .../tree.json | 161 ++++++++++++++++++ .../test/integ.opensearch.disable-logging.ts | 29 ++++ .../aws-opensearchservice/lib/domain.ts | 63 +++---- .../aws-opensearchservice/test/domain.test.ts | 84 +++++++++ 11 files changed, 589 insertions(+), 30 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json new file mode 100644 index 0000000000000..2af610f0d4a39 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "IntegDefaultTestDeployAssert4E6713E1.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/IntegDefaultTestDeployAssert4E6713E1.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.assets.json new file mode 100644 index 0000000000000..b46fb3b2b28a2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "415ec226ad6b4b9ef60a562147e766bbbb20cee0dbafabba072b480f5be4521e": { + "source": { + "path": "cdk-integ-opensearch-with-logging-disabled.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "415ec226ad6b4b9ef60a562147e766bbbb20cee0dbafabba072b480f5be4521e.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.template.json new file mode 100644 index 0000000000000..e40bf735f746d --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk-integ-opensearch-with-logging-disabled.template.json @@ -0,0 +1,82 @@ +{ + "Resources": { + "Domain66AC69E0": { + "Type": "AWS::OpenSearchService::Domain", + "Properties": { + "ClusterConfig": { + "DedicatedMasterEnabled": false, + "InstanceCount": 1, + "InstanceType": "r5.large.search", + "MultiAZWithStandbyEnabled": false, + "ZoneAwarenessEnabled": false + }, + "DomainEndpointOptions": { + "EnforceHTTPS": false, + "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07" + }, + "EBSOptions": { + "EBSEnabled": true, + "VolumeSize": 10, + "VolumeType": "gp2" + }, + "EncryptionAtRestOptions": { + "Enabled": false + }, + "EngineVersion": "OpenSearch_2.11", + "LogPublishingOptions": { + "SEARCH_SLOW_LOGS": { + "Enabled": false + }, + "INDEX_SLOW_LOGS": { + "Enabled": false + }, + "ES_APPLICATION_LOGS": { + "Enabled": false + }, + "AUDIT_LOGS": { + "Enabled": false + } + }, + "NodeToNodeEncryptionOptions": { + "Enabled": false + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk.out new file mode 100644 index 0000000000000..1f0068d32659a --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/integ.json new file mode 100644 index 0000000000000..6da636c654237 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "36.0.0", + "testCases": { + "Integ/DefaultTest": { + "stacks": [ + "cdk-integ-opensearch-with-logging-disabled" + ], + "assertionStack": "Integ/DefaultTest/DeployAssert", + "assertionStackName": "IntegDefaultTestDeployAssert4E6713E1" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/manifest.json new file mode 100644 index 0000000000000..22189f0b3cf1b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/manifest.json @@ -0,0 +1,113 @@ +{ + "version": "36.0.0", + "artifacts": { + "cdk-integ-opensearch-with-logging-disabled.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cdk-integ-opensearch-with-logging-disabled.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cdk-integ-opensearch-with-logging-disabled": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "cdk-integ-opensearch-with-logging-disabled.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/415ec226ad6b4b9ef60a562147e766bbbb20cee0dbafabba072b480f5be4521e.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cdk-integ-opensearch-with-logging-disabled.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cdk-integ-opensearch-with-logging-disabled.assets" + ], + "metadata": { + "/cdk-integ-opensearch-with-logging-disabled/Domain/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Domain66AC69E0" + } + ], + "/cdk-integ-opensearch-with-logging-disabled/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cdk-integ-opensearch-with-logging-disabled/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cdk-integ-opensearch-with-logging-disabled" + }, + "IntegDefaultTestDeployAssert4E6713E1.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "IntegDefaultTestDeployAssert4E6713E1.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "IntegDefaultTestDeployAssert4E6713E1": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "IntegDefaultTestDeployAssert4E6713E1.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "IntegDefaultTestDeployAssert4E6713E1.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "IntegDefaultTestDeployAssert4E6713E1.assets" + ], + "metadata": { + "/Integ/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Integ/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Integ/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/tree.json new file mode 100644 index 0000000000000..4164a22f7ead6 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.js.snapshot/tree.json @@ -0,0 +1,161 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "cdk-integ-opensearch-with-logging-disabled": { + "id": "cdk-integ-opensearch-with-logging-disabled", + "path": "cdk-integ-opensearch-with-logging-disabled", + "children": { + "Domain": { + "id": "Domain", + "path": "cdk-integ-opensearch-with-logging-disabled/Domain", + "children": { + "Resource": { + "id": "Resource", + "path": "cdk-integ-opensearch-with-logging-disabled/Domain/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::OpenSearchService::Domain", + "aws:cdk:cloudformation:props": { + "clusterConfig": { + "dedicatedMasterEnabled": false, + "instanceCount": 1, + "instanceType": "r5.large.search", + "multiAzWithStandbyEnabled": false, + "zoneAwarenessEnabled": false + }, + "domainEndpointOptions": { + "enforceHttps": false, + "tlsSecurityPolicy": "Policy-Min-TLS-1-0-2019-07" + }, + "ebsOptions": { + "ebsEnabled": true, + "volumeSize": 10, + "volumeType": "gp2" + }, + "encryptionAtRestOptions": { + "enabled": false + }, + "engineVersion": "OpenSearch_2.11", + "logPublishingOptions": { + "SEARCH_SLOW_LOGS": { + "enabled": false + }, + "INDEX_SLOW_LOGS": { + "enabled": false + }, + "ES_APPLICATION_LOGS": { + "enabled": false + }, + "AUDIT_LOGS": { + "enabled": false + } + }, + "nodeToNodeEncryptionOptions": { + "enabled": false + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_opensearchservice.CfnDomain", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_opensearchservice.Domain", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cdk-integ-opensearch-with-logging-disabled/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cdk-integ-opensearch-with-logging-disabled/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "Integ": { + "id": "Integ", + "path": "Integ", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Integ/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Integ/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Integ/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Integ/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Integ/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.ts new file mode 100644 index 0000000000000..7ebaaa8d1e056 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-opensearchservice/test/integ.opensearch.disable-logging.ts @@ -0,0 +1,29 @@ +import { App, RemovalPolicy, Stack, StackProps } from 'aws-cdk-lib'; +import { Construct } from 'constructs'; +import * as opensearch from 'aws-cdk-lib/aws-opensearchservice'; + +class TestStack extends Stack { + constructor(scope: Construct, id: string, props?: StackProps) { + super(scope, id, props); + + const domainProps: opensearch.DomainProps = { + version: opensearch.EngineVersion.OPENSEARCH_2_11, + removalPolicy: RemovalPolicy.DESTROY, + logging: { + auditLogEnabled: false, + appLogEnabled: false, + slowIndexLogEnabled: false, + slowSearchLogEnabled: false, + }, + capacity: { + multiAzWithStandbyEnabled: false, + }, + }; + + new opensearch.Domain(this, 'Domain', domainProps); + } +} + +const app = new App(); +new TestStack(app, 'cdk-integ-opensearch-with-logging-disabled'); +app.synth(); \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index be08ca406d525..7a6a6bd0ad5f5 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -1724,6 +1724,7 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { // Setup logging const logGroups: logs.ILogGroup[] = []; + const logPublishing: Record = {}; if (props.logging?.slowSearchLogEnabled) { this.slowSearchLogGroup = props.logging.slowSearchLogGroup ?? @@ -1732,6 +1733,14 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { }); logGroups.push(this.slowSearchLogGroup); + logPublishing.SEARCH_SLOW_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.slowSearchLogGroup.logGroupArn, + }; + } else if (props.logging?.slowSearchLogEnabled === false) { + logPublishing.SEARCH_SLOW_LOGS = { + enabled: false, + }; }; if (props.logging?.slowIndexLogEnabled) { @@ -1741,6 +1750,14 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { }); logGroups.push(this.slowIndexLogGroup); + logPublishing.INDEX_SLOW_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.slowIndexLogGroup.logGroupArn, + }; + } else if (props.logging?.slowIndexLogEnabled === false) { + logPublishing.INDEX_SLOW_LOGS = { + enabled: false, + }; }; if (props.logging?.appLogEnabled) { @@ -1750,6 +1767,14 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { }); logGroups.push(this.appLogGroup); + logPublishing.ES_APPLICATION_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.appLogGroup.logGroupArn, + }; + } else if (props.logging?.appLogEnabled === false) { + logPublishing.ES_APPLICATION_LOGS = { + enabled: false, + }; }; if (props.logging?.auditLogEnabled) { @@ -1759,6 +1784,14 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { }); logGroups.push(this.auditLogGroup); + logPublishing.AUDIT_LOGS = { + enabled: true, + cloudWatchLogsLogGroupArn: this.auditLogGroup?.logGroupArn, + }; + } else if (props.logging?.auditLogEnabled === false) { + logPublishing.AUDIT_LOGS = { + enabled: false, + }; }; let logGroupResourcePolicy: LogGroupResourcePolicy | null = null; @@ -1779,36 +1812,6 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable { }); } - const logPublishing: Record = {}; - - if (this.appLogGroup) { - logPublishing.ES_APPLICATION_LOGS = { - enabled: true, - cloudWatchLogsLogGroupArn: this.appLogGroup.logGroupArn, - }; - } - - if (this.slowSearchLogGroup) { - logPublishing.SEARCH_SLOW_LOGS = { - enabled: true, - cloudWatchLogsLogGroupArn: this.slowSearchLogGroup.logGroupArn, - }; - } - - if (this.slowIndexLogGroup) { - logPublishing.INDEX_SLOW_LOGS = { - enabled: true, - cloudWatchLogsLogGroupArn: this.slowIndexLogGroup.logGroupArn, - }; - } - - if (this.auditLogGroup) { - logPublishing.AUDIT_LOGS = { - enabled: this.auditLogGroup != null, - cloudWatchLogsLogGroupArn: this.auditLogGroup?.logGroupArn, - }; - } - let customEndpointCertificate: acm.ICertificate | undefined; if (props.customEndpoint) { if (props.customEndpoint.certificate) { diff --git a/packages/aws-cdk-lib/aws-opensearchservice/test/domain.test.ts b/packages/aws-cdk-lib/aws-opensearchservice/test/domain.test.ts index 4c10e6868b70c..4c7796fe3e5ea 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/test/domain.test.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/test/domain.test.ts @@ -846,6 +846,90 @@ each([testedOpenSearchVersions]).describe('log groups', (engineVersion) => { }, }); }); + + test('can disable application logs', () => { + new Domain(stack, 'Domain1', { + version: engineVersion, + logging: { + appLogEnabled: false, + }, + }); + + Template.fromStack(stack).resourceCountIs('Custom::CloudwatchLogResourcePolicy', 0); + Template.fromStack(stack).hasResourceProperties('AWS::OpenSearchService::Domain', { + LogPublishingOptions: { + ES_APPLICATION_LOGS: { + Enabled: false, + }, + AUDIT_LOGS: Match.absent(), + SEARCH_SLOW_LOGS: Match.absent(), + INDEX_SLOW_LOGS: Match.absent(), + }, + }); + }); + + test('can disable audit logs', () => { + new Domain(stack, 'Domain1', { + version: engineVersion, + logging: { + auditLogEnabled: false, + }, + }); + + Template.fromStack(stack).resourceCountIs('Custom::CloudwatchLogResourcePolicy', 0); + Template.fromStack(stack).hasResourceProperties('AWS::OpenSearchService::Domain', { + LogPublishingOptions: { + ES_APPLICATION_LOGS: Match.absent(), + AUDIT_LOGS: { + Enabled: false, + }, + SEARCH_SLOW_LOGS: Match.absent(), + INDEX_SLOW_LOGS: Match.absent(), + }, + }); + }); + + test('can disable slow search logs', () => { + new Domain(stack, 'Domain1', { + version: engineVersion, + logging: { + slowSearchLogEnabled: false, + }, + }); + + Template.fromStack(stack).resourceCountIs('Custom::CloudwatchLogResourcePolicy', 0); + Template.fromStack(stack).hasResourceProperties('AWS::OpenSearchService::Domain', { + LogPublishingOptions: { + ES_APPLICATION_LOGS: Match.absent(), + AUDIT_LOGS: Match.absent(), + SEARCH_SLOW_LOGS: { + Enabled: false, + }, + INDEX_SLOW_LOGS: Match.absent(), + }, + }); + }); + + test('can disable slow index logs', () => { + new Domain(stack, 'Domain1', { + version: engineVersion, + logging: { + slowIndexLogEnabled: false, + }, + }); + + Template.fromStack(stack).resourceCountIs('Custom::CloudwatchLogResourcePolicy', 0); + Template.fromStack(stack).hasResourceProperties('AWS::OpenSearchService::Domain', { + LogPublishingOptions: { + ES_APPLICATION_LOGS: Match.absent(), + AUDIT_LOGS: Match.absent(), + SEARCH_SLOW_LOGS: Match.absent(), + INDEX_SLOW_LOGS: { + Enabled: false, + }, + }, + }); + }); }); each(testedOpenSearchVersions).describe('grants', (engineVersion) => { From 5142cba1cc4407b4efb68b24faebe42cef2c800f Mon Sep 17 00:00:00 2001 From: Masashi Tomooka Date: Tue, 19 Mar 2024 02:52:31 +0900 Subject: [PATCH 2/2] docs(opensearchservice): fix broken markdown link (#29525) ### Reason for this change Links in the [opensearch doc](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.CapacityConfig.html) are in invalid markdown. For example: ![image](https://github.com/aws/aws-cdk/assets/7490655/2879b0cf-a462-455c-bb24-24dea79052e6) ### Description of changes Removed a newline character between `[]` and `()`. ### Description of how you validated changes Preview in VSCode. ### Checklist - [X] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-opensearchservice/lib/domain.ts | 20 ++++++++----------- 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts index 7a6a6bd0ad5f5..81c7060dd7f2f 100644 --- a/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts +++ b/packages/aws-cdk-lib/aws-opensearchservice/lib/domain.ts @@ -32,8 +32,7 @@ export interface CapacityConfig { /** * The hardware configuration of the computer that hosts the dedicated master * node, such as `m3.medium.search`. For valid values, see [Supported - * Instance Types] - * (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) + * Instance Types](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html) * in the Amazon OpenSearch Service Developer Guide. * * @default - r5.large.search @@ -66,8 +65,8 @@ export interface CapacityConfig { /** * The instance type for your UltraWarm node, such as `ultrawarm1.medium.search`. - * For valid values, see [UltraWarm Storage Limits] - * (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) + * For valid values, see [UltraWarm Storage + * Limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#limits-ultrawarm) * in the Amazon OpenSearch Service Developer Guide. * * @default - ultrawarm1.medium.search @@ -76,8 +75,8 @@ export interface CapacityConfig { /** * Indicates whether Multi-AZ with Standby deployment option is enabled. - * For more information, see [Multi-AZ with Standby] - * (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) + * For more information, see [Multi-AZ with + * Standby](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html#managedomains-za-standby) * * @default - no multi-az with standby */ @@ -95,8 +94,7 @@ export interface ZoneAwarenessConfig { * in the same region to prevent data loss and minimize downtime in the event * of node or data center failure. Don't enable zone awareness if your cluster * has no replica index shards or is a single-node cluster. For more information, - * see [Configuring a Multi-AZ Domain] - * (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) + * see [Configuring a Multi-AZ Domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/managedomains-multiaz.html) * in the Amazon OpenSearch Service Developer Guide. * * @default - false @@ -115,8 +113,7 @@ export interface ZoneAwarenessConfig { /** * The configurations of Amazon Elastic Block Store (Amazon EBS) volumes that * are attached to data nodes in the Amazon OpenSearch Service domain. For more information, see - * [Amazon EBS] - * (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) + * [Amazon EBS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AmazonEBS.html) * in the Amazon Elastic Compute Cloud Developer Guide. */ export interface EbsOptions { @@ -149,8 +146,7 @@ export interface EbsOptions { * The size (in GiB) of the EBS volume for each data node. The minimum and * maximum size of an EBS volume depends on the EBS volume type and the * instance type to which it is attached. For valid values, see - * [EBS volume size limits] - * (https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) + * [EBS volume size limits](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/limits.html#ebsresource) * in the Amazon OpenSearch Service Developer Guide. * * @default 10