Add source & target details to CDK

[mikaylathompson]

Description

What it does:
Provides a mechanism for users to specify source & target cluster auth and version. Right now, the version is passed around internally but not added to any ECS commands or put into the services.yaml.

For the auth: it is passed around to all the necessary places and it is added to the services.yaml.

I focused on creating clear usage for the public case -- BYO Clusters -- at the expense of some overlapping fields in the non-public use case (creating a target cluster). I tried to integrate error checks to make it clear when two overlapping fields were being provided, so those cases should be clear to internal users.

Issues Resolved

MIGRATIONS-1909

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

• New functionality includes testing
  • All tests pass, including unit test, integration test and doctest
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.62%. Comparing base (3396fce) to head (c1ed295).
Report is 14 commits behind head on main.

Additional details and impacted files

@@             Coverage Diff              @@
##               main     #949      +/-   ##
============================================
- Coverage     78.83%   78.62%   -0.21%     
- Complexity     2430     2520      +90     
============================================
  Files           372      387      +15     
  Lines         14489    15012     +523     
  Branches        875      923      +48     
============================================
+ Hits          11422    11803     +381     
- Misses         2531     2644     +113     
- Partials        536      565      +29     

Flag	Coverage Δ
gradle-test	75.14% <ø> (-0.12%)	⬇️
python-test	88.63% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[AndreKurait]

These are all top level fields, what would be the level of effort to consolidate it into an object/nested object like we have in sourceClusterAuth.

e.g.

{
   "sourceCluster": {
      "auth": {
         "type": "sigv4"
         "region": "us-west-2"
         "serviceSigningName": "es"
      },
      "endpoint": "https://source-cluster:9200",
      "version" : "ES_7.10"
      "disabled": false // optional/inferred
}

[AndreKurait]

Maybe something like this for parsing:

interface BasicAuth {
  type: 'basic';
  username: string;
  password?: string;
  passwordFromArn?: string;
}

interface SigV4Auth {
  type: 'sigv4';
  region: string;
  serviceSigningName: string;
}

interface NoAuth {
  type: 'none';
}

// Union type for all auth types
type Auth = BasicAuth | SigV4Auth | NoAuth;

// Function to parse and validate auth object
function parseAuth(json: any): Auth | null {
  if (json.type === 'basic' && typeof json.username === 'string' && (typeof json.password === 'string' || typeof json.passwordFromArn === 'string') && !(typeof json.password === 'string' && typeof json.passwordFromArn === 'string')) {
    return json as BasicAuth;
  } else if (json.type === 'sigv4' && typeof json.region === 'string' && typeof json.serviceSigningName === 'string') {
    return json as SigV4Auth;
  } else if (json.type === 'none') {
    return json as NoAuth;
  } else {
    return null; // Invalid auth type
  }
}

[AndreKurait]

Mikayla's comments:

I actually went the opposite way of having a single nested object because of your feedback in the previous version of this PR, but I'm happy to flip that. I like the single object more, and I like keeping the format here consistent with the services.yaml (but json).

Down the line, I'd love to pull all of the generate-a-target-cluster fields into a single object as well so it become super clear which approach is being used and which parameters contraindicate each other.

Offline Discussion

Discussed how we can address both concerns with keeping this as a single object while not immediately removing the flattened fields from the cdk.context.json to retain some compatibility with both ways of specifying for a short period.

[lewijacn]

Using getEngineVersion will probably be limiting for newer releases of opensearch or unsupported versions of elasticsearch: https://docs.aws.amazon.com/cdk/api/v2/java/software/amazon/awscdk/services/opensearchservice/EngineVersion.html. We may just want to enforce a format here for now

[lewijacn]

General observation: Whenever we make the change to use the source cluster details that are provided by the user in constructing the commands for RFS,Fetch,Capture Proxy, etc. it seems like we can remove this SSM Parameter from being needed at all

[mikaylathompson]

Yes, I'm hoping so! I'll do a more comprehensive look at whether we can pull it out of all of them.

[mikaylathompson]

Yes, I'm hoping so! I'll do a more comprehensive look at whether we can pull it out of all of them.

[AndreKurait]

This happened automatically with the string parameter, but we need to add " around the value here for it to work

[mikaylathompson]

Good catch, thanks

[AndreKurait]

nit: reads strange that this block specifies targetCluster, but then uses targetClusterEndpoint instead of targetCluster?.endpoint