From df9319ee4ece25fd7ea1a5bbb9c76963609d87fe Mon Sep 17 00:00:00 2001 From: Sayali Gaikawad Date: Thu, 14 Mar 2024 21:47:24 -0700 Subject: [PATCH] Enforce TCP Protocol for target groups Signed-off-by: Sayali Gaikawad --- lib/infra/infra-stack.ts | 4 +++ package-lock.json | 4 +-- package.json | 2 +- test/opensearch-cluster-cdk.test.ts | 44 +++++++++++++++++++++++++++++ 4 files changed, 51 insertions(+), 3 deletions(-) diff --git a/lib/infra/infra-stack.ts b/lib/infra/infra-stack.ts index 8d0b1cd557d..fb163872250 100644 --- a/lib/infra/infra-stack.ts +++ b/lib/infra/infra-stack.ts @@ -482,6 +482,7 @@ export class InfraStack extends Stack { opensearchListener.addTargets('single-node-target', { port: 9200, + protocol: Protocol.TCP, targets: [new InstanceTarget(singleNodeInstance)], }); @@ -489,6 +490,7 @@ export class InfraStack extends Stack { // @ts-ignore dashboardsListener.addTargets('single-node-osd-target', { port: 5601, + protocol: Protocol.TCP, targets: [new InstanceTarget(singleNodeInstance)], }); } @@ -662,6 +664,7 @@ export class InfraStack extends Stack { opensearchListener.addTargets('opensearchTarget', { port: 9200, + protocol: Protocol.TCP, targets: [clientNodeAsg], }); @@ -669,6 +672,7 @@ export class InfraStack extends Stack { // @ts-ignore dashboardsListener.addTargets('dashboardsTarget', { port: 5601, + protocol: Protocol.TCP, targets: [clientNodeAsg], }); } diff --git a/package-lock.json b/package-lock.json index dc36c712cb4..49887a6788e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "@opensearch-project/opensearch-cluster-cdk", - "version": "1.2.1", + "version": "1.2.2", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "@opensearch-project/opensearch-cluster-cdk", - "version": "1.2.1", + "version": "1.2.2", "dependencies": { "@typescript-eslint/eslint-plugin": "^4.31.1", "@typescript-eslint/parser": "^4.31.1", diff --git a/package.json b/package.json index e9f4103820d..7cc2704b6e9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "@opensearch-project/opensearch-cluster-cdk", - "version": "1.2.1", + "version": "1.2.2", "bin": { "cdk_v2": "bin/app.js" }, diff --git a/test/opensearch-cluster-cdk.test.ts b/test/opensearch-cluster-cdk.test.ts index d38edc4a520..e7fce530890 100644 --- a/test/opensearch-cluster-cdk.test.ts +++ b/test/opensearch-cluster-cdk.test.ts @@ -1026,3 +1026,47 @@ test('Throw error on duplicate ports', () => { expect(error.message).toEqual('OpenSearch and OpenSearch-Dashboards cannot be mapped to the same port! Please provide different port numbers. Current mapping is OpenSearch:8443 OpenSearch-Dashboards:8443'); } }); + +test('Ensure target group protocol is always TCP', () => { + const app = new App({ + context: { + securityDisabled: false, + minDistribution: false, + distributionUrl: 'www.example.com', + cpuArch: 'x64', + singleNodeCluster: false, + dashboardsUrl: 'www.example.com', + distVersion: '1.0.0', + serverAccessType: 'ipv4', + restrictServerAccessTo: 'all', + certificateArn: 'arn:1234', + mapOpensearchPortTo: '8440', + mapOpensearchDashboardsPortTo: '443', + }, + }); + + // WHEN + const networkStack = new NetworkStack(app, 'opensearch-network-stack', { + env: { account: 'test-account', region: 'us-east-1' }, + }); + + // @ts-ignore + const infraStack = new InfraStack(app, 'opensearch-infra-stack', { + vpc: networkStack.vpc, + securityGroup: networkStack.osSecurityGroup, + env: { account: 'test-account', region: 'us-east-1' }, + }); + + // THEN + const infraTemplate = Template.fromStack(infraStack); + infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', { + Port: 9200, + Protocol: 'TCP', + TargetType: 'instance', + }); + infraTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', { + Port: 5601, + Protocol: 'TCP', + TargetType: 'instance', + }); +});