Add commons Stack with DNS and certificate (#143)

Signed-off-by: Sayali Gaikawad <[email protected]>
opensearch-project · Mar 14, 2024 · f68c5f9 · f68c5f9
1 parent 2e7b72d
commit f68c5f9
Show file tree

Hide file tree

Showing 7 changed files with 84 additions and 12 deletions.
diff --git a/.github/workflows/deploy-nightly-playground.yml b/.github/workflows/deploy-nightly-playground.yml
@@ -85,7 +85,7 @@ jobs:
     needs: 
       - set-os-osd-urls
       - validate-and-deploy
-    uses: gaiksaya/opensearch-devops/.github/workflows/index-data.yml@add-GHA
+    uses: opensearch-project/opensearch-devops/.github/workflows/index-data.yml@main
     with:
       endpoint: ${{ needs.validate-and-deploy.outputs.ENDPOINT }}
       opensearch-manifest-url: ${{ needs.set-os-osd-urls.outputs.OPENSEARCH_DIST_MANIFEST_URL }}

diff --git a/.github/workflows/index-data.yml b/.github/workflows/index-data.yml
@@ -33,6 +33,6 @@ jobs:
           yq -o=json '.' opensearch.yml > opensearch.json
           yq -o=json '.' opensearch-dashboards.yml > dashboards.json
 
-          curl -X POST "https://${{inputs.endpoint}}/opensearch/_doc/1" -H "Content-Type: application/json" -d @opensearch.json -u ${{ secrets.opensearch-user }}:${{ secrets.opensearch-password }} --insecure
+          curl -X POST "https://${{inputs.endpoint}}:8443/opensearch/_doc/1" -H "Content-Type: application/json" -d @opensearch.json -u ${{ secrets.opensearch-user }}:${{ secrets.opensearch-password }} --insecure
 
-          curl -X POST "https://${{inputs.endpoint}}/opensearch-dashboards/_doc/1" -H "Content-Type: application/json" -d @dashboards.json -u ${{ secrets.opensearch-user }}:${{ secrets.opensearch-password }} --insecure
+          curl -X POST "https://${{inputs.endpoint}}:8443/opensearch-dashboards/_doc/1" -H "Content-Type: application/json" -d @dashboards.json -u ${{ secrets.opensearch-user }}:${{ secrets.opensearch-password }} --insecure
diff --git a/nightly-playground/lib/common-tools-stack.ts b/nightly-playground/lib/common-tools-stack.ts
@@ -0,0 +1,30 @@
+/* Copyright OpenSearch Contributors
+SPDX-License-Identifier: Apache-2.0
+
+The OpenSearch Contributors require contributions made to
+this file be licensed under the Apache-2.0 license or a
+compatible open source license. */
+
+import { Stack, StackProps } from 'aws-cdk-lib';
+import { Certificate, CertificateValidation } from 'aws-cdk-lib/aws-certificatemanager';
+import { HostedZone } from 'aws-cdk-lib/aws-route53';
+import { Construct } from 'constructs';
+
+export class CommonToolsStack extends Stack {
+    readonly certificateArn: string
+
+    constructor(scope: Construct, id: string, props: StackProps) {
+      super(scope, id, props);
+      const zone = 'playground.nightly.opensearch.org';
+
+      const route53HostedZone = new HostedZone(this, 'nigghhtlyHostedZone', {
+        zoneName: zone,
+      });
+
+      const certificate = new Certificate(this, 'cert', {
+        domainName: zone,
+        validation: CertificateValidation.fromDns(route53HostedZone),
+      });
+      this.certificateArn = certificate.certificateArn;
+    }
+}
diff --git a/nightly-playground/lib/nightly-playground-stack.ts b/nightly-playground/lib/nightly-playground-stack.ts
@@ -9,6 +9,7 @@ import { InfraStack } from '@opensearch-project/opensearch-cluster-cdk/lib/infra
 import { NetworkStack } from '@opensearch-project/opensearch-cluster-cdk/lib/networking/vpc-stack';
 import { Stack, StackProps } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
+import { CommonToolsStack } from './common-tools-stack';
 
 export class NightlyPlaygroundStack {
   public stacks: Stack[] = []; // only required for testing purpose
@@ -38,6 +39,11 @@ export class NightlyPlaygroundStack {
     + '"resources/security-config/roles.yml" : "opensearch/config/opensearch-security/roles.yml", '
     + '"resources/security-config/internal_users.yml": "opensearch/config/opensearch-security/internal_users.yml"}';
 
+    const commonToolsStack = new CommonToolsStack(scope, 'commonsStack', {
+      ...props,
+    });
+    this.stacks.push(commonToolsStack);
+
     // @ts-ignore
     const networkStack = new NetworkStack(scope, `networkStack-${id}`, {
       ...props,
@@ -46,6 +52,7 @@ export class NightlyPlaygroundStack {
     });
 
     this.stacks.push(networkStack);
+    networkStack.addDependency(commonToolsStack);
 
     // @ts-ignore
     const infraStack = new InfraStack(scope, `infraStack-${id}`, {
@@ -62,6 +69,9 @@ export class NightlyPlaygroundStack {
       dashboardsUrl,
       customConfigFiles: securtityConfig,
       additionalOsdConfig: additionalOsdConfigString,
+      certificateArn: commonToolsStack.certificateArn,
+      mapOpensearchPortTo: 8443,
+      mapOpensearchDashboardsPortTo: 443,
     });
     this.stacks.push(infraStack);
 

diff --git a/nightly-playground/package-lock.json b/nightly-playground/package-lock.json
diff --git a/nightly-playground/package.json b/nightly-playground/package.json
@@ -22,7 +22,7 @@
     "typescript": "~3.9.7"
   },
   "dependencies": {
-    "@opensearch-project/opensearch-cluster-cdk": "1.1.0",
+    "@opensearch-project/opensearch-cluster-cdk": "1.2.0",
     "@types/babel__traverse": "^7.18.2",
     "@typescript-eslint/eslint-plugin": "^4.31.1",
     "@typescript-eslint/parser": "^4.31.1",

diff --git a/nightly-playground/test/nightly-playground.test.ts b/nightly-playground/test/nightly-playground.test.ts
@@ -24,7 +24,7 @@ test('Ensure security is always enabled with custom role mapping', () => {
   });
 
   // THEN
-  expect(nightlyStack.stacks).toHaveLength(2);
+  expect(nightlyStack.stacks).toHaveLength(3);
   const infraStack = nightlyStack.stacks.filter((s) => s.stackName === 'infraStack-2x')[0];
   const infraTemplate = Template.fromStack(infraStack);
 
@@ -92,3 +92,35 @@ test('Throw an error for missing distVersion', () => {
     expect(error.message).toEqual('distVersion parameter cannot be empty! Please provide the OpenSearch distribution version');
   }
 });
+
+test('Test commons stack resources', () => {
+  const app = new App({
+    context: {
+      distVersion: '2.3.0',
+      distributionUrl: 'someUrl',
+      dashboardsUrl: 'someUrl',
+    },
+  });
+
+  // WHEN
+  const nightlyStack = new NightlyPlaygroundStack(app, '2x', {
+    env: { account: 'test-account', region: 'us-east-1' },
+  });
+
+  // THEN
+  const commonsStack = nightlyStack.stacks.filter((s) => s.stackName === 'commonsStack')[0];
+  const commonsStackTemplate = Template.fromStack(commonsStack);
+
+  commonsStackTemplate.hasResourceProperties('AWS::Route53::HostedZone', {
+    Name: 'playground.nightly.opensearch.org.',
+  });
+  commonsStackTemplate.hasResourceProperties('AWS::CertificateManager::Certificate', {
+    DomainName: 'playground.nightly.opensearch.org',
+    DomainValidationOptions: [
+      {
+        DomainName: 'playground.nightly.opensearch.org',
+      },
+    ],
+    ValidationMethod: 'DNS',
+  });
+});