opensearch-project · gaiksaya · Dec 21, 2023 · Dec 21, 2023 · Dec 21, 2023 · Dec 21, 2023
@@ -6,8 +6,8 @@ The OpenSearch Contributors require contributions made to
 this file be licensed under the Apache-2.0 license or a
 compatible open source license. */
 
-import 'source-map-support/register';
 import { App } from 'aws-cdk-lib';
+import 'source-map-support/register';
 import { OsClusterEntrypoint } from '../lib/os-cluster-entrypoint';
 
 const app = new App();

@@ -14,28 +14,50 @@
 } from 'aws-cdk-lib/aws-ec2';
 import { Construct } from 'constructs';
 
-export interface vpcProps extends StackProps{
-    cidrBlock: string,
-    maxAzs: number,
-    vpcId: string,
-    securityGroupId: string,
-    serverAccessType: string,
-    restrictServerAccessTo: string,
+export interface VpcProps extends StackProps{
+    /** CIDR Block for VPC */
+    cidr?: string,
+    /** VPC ID of existing VPC */
+    vpcId?: string,
+    /** Security Group to be used for all sources */
+    securityGroupId?: string,
+    /** The access type to restrict server. Choose from ipv4, ipv6, prefixList or securityGroupId */
+    serverAccessType?: string,
+    /** Restrict server access to */
+    restrictServerAccessTo?: string,
 }
 
 export class NetworkStack extends Stack {
   public readonly vpc: IVpc;
 
   public readonly osSecurityGroup: ISecurityGroup;
 
-  constructor(scope: Construct, id: string, props: vpcProps) {
-    let serverAccess: IPeer;
+  constructor(scope: Construct, id: string, props: VpcProps) {
     super(scope, id, props);
-    if (props.vpcId === undefined) {
+
+    let serverAccess: IPeer;
+    // Properties and context variables check
+    let cidrRange = `${props?.cidr ?? scope.node.tryGetContext('cidr')}`;
+    if (cidrRange === 'undefined') {
+      cidrRange = '10.0.0.0/16';
+    }
+    const vpcId = `${props?.vpcId ?? scope.node.tryGetContext('vpcId')}`;
+    const serverAccessType = `${props?.serverAccessType ?? scope.node.tryGetContext('serverAccessType')}`;
+    const restrictServerAccessTo = `${props?.restrictServerAccessTo ?? scope.node.tryGetContext('restrictServerAccessTo')}`;
+    const secGroupId = `${props?.securityGroupId ?? scope.node.tryGetContext('securityGroupId')}`;
+
+    if (typeof restrictServerAccessTo === 'undefined' || typeof serverAccessType === 'undefined') {
+      throw new Error('serverAccessType and restrictServerAccessTo parameters are required - eg: serverAccessType=ipv4 restrictServerAccessTo=10.10.10.10/32');
+    } else {
+      serverAccess = NetworkStack.getServerAccess(restrictServerAccessTo, serverAccessType);
+    }
+
+    // VPC specs
+    if (vpcId === 'undefined') {
       console.log('No VPC-Id Provided, a new VPC will be created');
       this.vpc = new Vpc(this, 'opensearchClusterVpc', {
-        cidr: (props.cidrBlock !== undefined) ? props.cidrBlock : '10.0.0.0/16',
-        maxAzs: props.maxAzs,
+        cidr: cidrRange,
+        maxAzs: 3,
         subnetConfiguration: [
           {
             name: 'public-subnet',
@@ -50,25 +72,20 @@
        ],
      });
     } else {
       console.log('VPC provided, using existing');
       this.vpc = Vpc.fromLookup(this, 'opensearchClusterVpc', {
-        vpcId: props.vpcId,
+        vpcId,
       });
     }
 
-    if (typeof props.restrictServerAccessTo === 'undefined' || typeof props.serverAccessType === 'undefined') {
-      throw new Error('serverAccessType and restrictServerAccessTo parameters are required - eg: serverAccessType=ipv4 restrictServerAccessTo=10.10.10.10/32');
-    } else {
-      serverAccess = NetworkStack.getServerAccess(props.restrictServerAccessTo, props.serverAccessType);
-    }
-
-    if (props.securityGroupId === undefined) {
+    // Security Group specs
+    if (secGroupId === 'undefined') {
       this.osSecurityGroup = new SecurityGroup(this, 'osSecurityGroup', {
         vpc: this.vpc,
         allowAllOutbound: true,
       });
     } else {
-      this.osSecurityGroup = SecurityGroup.fromSecurityGroupId(this, 'osSecurityGroup', props.securityGroupId);
+      this.osSecurityGroup = SecurityGroup.fromSecurityGroupId(this, 'osSecurityGroup', secGroupId);
     }
 
     /* The security group allows all ip access by default to all the ports.
@@ -88,7 +105,7 @@
     case 'securityGroupId':
       return Peer.securityGroupId(restrictServerAccessTo);
     default:
-      throw new Error('serverAccessType should be one of the below values: ipv4, ipv6, prefixList or  securityGroupId');
+      throw new Error('serverAccessType should be one of the below values: ipv4, ipv6, prefixList or securityGroupId');
     }
   }
 }
@@ -69,11 +69,6 @@ export class OsClusterEntrypoint {
 
       const x64InstanceTypes: string[] = Object.keys(x64Ec2InstanceType);
       const arm64InstanceTypes: string[] = Object.keys(arm64Ec2InstanceType);
-      const vpcId: string = scope.node.tryGetContext('vpcId');
-      const securityGroupId = scope.node.tryGetContext('securityGroupId');
-      const cidrRange = scope.node.tryGetContext('cidr');
-      const restrictServerAccessTo = scope.node.tryGetContext('restrictServerAccessTo');
-      const serverAccessType = scope.node.tryGetContext('serverAccessType');
 
       const distVersion = `${scope.node.tryGetContext('distVersion')}`;
       if (distVersion.toString() === 'undefined') {
@@ -233,12 +228,6 @@ export class OsClusterEntrypoint {
       }
 
       const network = new NetworkStack(scope, networkStackName, {
-        cidrBlock: cidrRange,
-        maxAzs: 3,
-        vpcId,
-        securityGroupId,
-        serverAccessType,
-        restrictServerAccessTo,
         ...props,
       });