Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(opensearchservice): When a Domain has enforceHttps true, set the connections defaultPort #20602

Merged
merged 5 commits into from
Jun 13, 2022
Merged
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 5 additions & 1 deletion packages/@aws-cdk/aws-opensearchservice/lib/domain.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1241,7 +1241,11 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable {
vpc: props.vpc,
description: `Security group for domain ${this.node.id}`,
})];
this._connections = new ec2.Connections({ securityGroups });
if (props.enforceHttps) {
this._connections = new ec2.Connections({ securityGroups, defaultPort: ec2.Port.tcp(443) });
} else {
this._connections = new ec2.Connections({ securityGroups });
}
}

// If VPC options are supplied ensure that the number of subnets matches the number AZ
Expand Down
30 changes: 28 additions & 2 deletions packages/@aws-cdk/aws-opensearchservice/test/domain.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
import { Match, Template } from '@aws-cdk/assertions';
import * as acm from '@aws-cdk/aws-certificatemanager';
import { Metric, Statistic } from '@aws-cdk/aws-cloudwatch';
import { Vpc, EbsDeviceVolumeType, SecurityGroup } from '@aws-cdk/aws-ec2';
import { Vpc, EbsDeviceVolumeType, Port, SecurityGroup } from '@aws-cdk/aws-ec2';
import * as iam from '@aws-cdk/aws-iam';
import * as kms from '@aws-cdk/aws-kms';
import * as logs from '@aws-cdk/aws-logs';
Expand Down Expand Up @@ -31,7 +31,7 @@ const readWriteActions = [

const defaultVersion = EngineVersion.OPENSEARCH_1_0;

test('connections throws if domain is placed inside a vpc', () => {
test('connections throws if domain is not placed inside a vpc', () => {

expect(() => {
new Domain(stack, 'Domain', {
Expand Down Expand Up @@ -109,6 +109,32 @@ test('default subnets and security group when vpc is used', () => {

});

test('connections has no default port if enforceHttps is false', () => {

const vpc = new Vpc(stack, 'Vpc');
const domain = new Domain(stack, 'Domain', {
version: defaultVersion,
vpc,
enforceHttps: false,
});

expect(domain.connections.defaultPort).toBeUndefined();

});

test('connections has default port 443 if enforceHttps is true', () => {

const vpc = new Vpc(stack, 'Vpc');
const domain = new Domain(stack, 'Domain', {
version: defaultVersion,
vpc,
enforceHttps: true,
});

expect(domain.connections.defaultPort).toEqual(Port.tcp(443));

});

test('default removalpolicy is retain', () => {
new Domain(stack, 'Domain', {
version: defaultVersion,
Expand Down