Added CDK tests

.github/workflows/cdk-ci-test.yml

@@ -16,6 +16,7 @@ jobs:
 
       - name: Run CDK Test
         run: |
+          ./gradlew clean build
           cd infrastructure
           npm install
           npm test

.gitignore

@@ -36,9 +36,9 @@ replay_pid*
 build/
 
 # CDK 
-infrastructure/*.js
+infrastructure/**/*.js
 infrastructure/!jest.config.js
-infrastructure/*.d.ts
+infrastructure/**/*.d.ts
 infrastructure/node_modules
 
 # CDK asset staging directory

infrastructure/lib/stacks/metricsWorkflow.ts

@@ -34,7 +34,7 @@ export class OpenSearchMetricsWorkflowStack extends Stack {
             targets: [new SfnStateMachine(opensearchMetricsWorkflow)],
         });
 
-        // This rule is to ensure OpenSearch Dashboards does not show 0 values in visualizations when used now/d-now-1/d
+        // This rule is to ensure OpenSearch Dashboards does not show 0 values in visualizations when used now/d to now+1d/d
         new Rule(this, 'MetricsWorkflow-12AM-PDT', {
             schedule: Schedule.expression('cron(0 7 * * ? *)'),
             targets: [new SfnStateMachine(opensearchMetricsWorkflow)],

infrastructure/lib/stacks/opensearch.ts

@@ -10,8 +10,6 @@ import {OpenSearchMetricsNginxCognito} from "../constructs/opensearchNginxProxyC
 import {OpenSearchHealthRoute53} from "./route53";
 import Project from "../enums/project";
 
-;
-
 
 export interface OpenSearchStackProps {
     readonly region: string;

infrastructure/test/hostedzone-stack.test.ts

@@ -0,0 +1,37 @@
+import {App} from "aws-cdk-lib";
+import {VpcStack} from "../lib/stacks/vpc";
+import {Template} from "aws-cdk-lib/assertions";
+import {OpenSearchHealthRoute53} from "../lib/stacks/route53";
+import Project from "../lib/enums/project";
+
+test('HostedZone Stack Test', () => {
+    const app = new App();
+    const hostedZoneStack = new OpenSearchHealthRoute53(app, 'Test-OpenSearchMetrics-HostedZone', {
+        hostedZone: Project.METRICS_HOSTED_ZONE,
+        appName: "OpenSearchMetrics"
+    });
+    const hostedZoneStackTemplate = Template.fromStack(hostedZoneStack);
+    hostedZoneStackTemplate.resourceCountIs('AWS::Route53::HostedZone', 1);
+    hostedZoneStackTemplate.hasResourceProperties('AWS::Route53::HostedZone', {
+        "Name": "metrics.opensearch.org."
+    });
+    hostedZoneStackTemplate.hasResourceProperties('AWS::CertificateManager::Certificate', {
+        "DomainName": "metrics.opensearch.org"
+    });
+});
+
+test('HostedZoneCognito Stack Test', () => {
+    const app = new App();
+    const hostedZoneCognitoStack = new OpenSearchHealthRoute53(app, 'Test-OpenSearchMetrics-HostedZoneCognito', {
+        hostedZone: Project.METRICS_COGNITO_HOSTED_ZONE,
+        appName: "OpenSearchMetricsCognito"
+    });
+    const hostedZoneCognitoStackTemplate = Template.fromStack(hostedZoneCognitoStack);
+    hostedZoneCognitoStackTemplate.resourceCountIs('AWS::Route53::HostedZone', 1);
+    hostedZoneCognitoStackTemplate.hasResourceProperties('AWS::Route53::HostedZone', {
+        "Name": "metrics.login.opensearch.org."
+    });
+    hostedZoneCognitoStackTemplate.hasResourceProperties('AWS::CertificateManager::Certificate', {
+        "DomainName": "metrics.login.opensearch.org"
+    });
+});

infrastructure/test/nginx.test.ts

@@ -0,0 +1,212 @@
+import {App} from "aws-cdk-lib";
+import {VpcStack} from "../lib/stacks/vpc";
+import {Template} from "aws-cdk-lib/assertions";
+import {OpenSearchMetricsNginxReadonly} from "../lib/stacks/opensearchNginxProxyReadonly";
+import Project from "../lib/enums/project";
+import {OpenSearchDomainStack} from "../lib/stacks/opensearch";
+import {ArnPrincipal} from "aws-cdk-lib/aws-iam";
+import {OpenSearchHealthRoute53} from "../lib/stacks/route53";
+
+test('OpenSearchMetricsNginxReadonly Stack Test', () => {
+    const app = new App();
+    const vpcStack = new VpcStack(app, "OpenSearchHealth-VPC", {});
+    const openSearchDomainStack = new OpenSearchDomainStack(app, "OpenSearchHealth-OpenSearch", {
+        region: Project.REGION,
+        account: Project.AWS_ACCOUNT,
+        vpcStack: vpcStack,
+        enableNginxCognito: true,
+        jenkinsAccess: {
+            jenkinsAccountRoles:  [
+                new ArnPrincipal(Project.JENKINS_MASTER_ROLE),
+                new ArnPrincipal(Project.JENKINS_AGENT_ROLE)
+            ]
+        }
+    });
+    const metricsHostedZone = new OpenSearchHealthRoute53(app, "OpenSearchMetrics-HostedZone", {
+        hostedZone: Project.METRICS_HOSTED_ZONE,
+        appName: "OpenSearchMetrics"
+    });
+    const stack = new OpenSearchMetricsNginxReadonly(app, 'Test-OpenSearchMetricsNginxReadonly', {
+        region: Project.REGION,
+        account: Project.AWS_ACCOUNT,
+        vpc: vpcStack.vpc,
+        securityGroup: vpcStack.securityGroup,
+        opensearchDashboardUrlProps: {
+            opensearchDashboardVpcUrl: openSearchDomainStack.domain.domainEndpoint,
+            openSearchDomainName: openSearchDomainStack.domain.domainName
+        },
+        albProps: {
+            hostedZone: metricsHostedZone,
+            certificateArn: metricsHostedZone.certificateArn,
+        },
+    });
+    const template = Template.fromStack(stack);
+    template.resourceCountIs('AWS::Route53::RecordSet', 1);
+    template.hasResourceProperties('AWS::Route53::RecordSet', {
+        "Name": "metrics.opensearch.org.",
+        "Type": "A"
+    });
+    template.resourceCountIs('AWS::EC2::SecurityGroup', 2);
+    template.hasResourceProperties('AWS::EC2::SecurityGroup', {
+        "SecurityGroupEgress": [
+            {
+                "CidrIp": "0.0.0.0/0",
+                "Description": "Allow all outbound traffic by default",
+                "IpProtocol": "-1"
+            }
+        ]
+    });
+    template.hasResourceProperties('AWS::EC2::SecurityGroup', {
+        "SecurityGroupIngress": [
+            {
+                "CidrIp": "0.0.0.0/0",
+                "Description": "Allow from anyone on port 443",
+                "FromPort": 443,
+                "IpProtocol": "tcp",
+                "ToPort": 443
+            }
+        ]
+    });
+});
+
+test('OpenSearchMetricsNginxCognito Test', () => {
+    const app = new App();
+    const openSearchDomainStack = new OpenSearchDomainStack(app, 'Test-OpenSearchHealth-OpenSearch', {
+        region: "us-east-1",
+        account: "test-account",
+        vpcStack: new VpcStack(app, 'OpenSearchHealth-VPC', {}),
+        enableNginxCognito: true,
+        jenkinsAccess: {
+            jenkinsAccountRoles:  [
+                new ArnPrincipal(Project.JENKINS_MASTER_ROLE),
+                new ArnPrincipal(Project.JENKINS_AGENT_ROLE)
+            ]
+        }
+    });
+    const openSearchDomainStackTemplate = Template.fromStack(openSearchDomainStack);
+    openSearchDomainStackTemplate.resourceCountIs('AWS::Route53::RecordSet', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::Route53::RecordSet', {
+        "Name": "metrics.login.opensearch.org.",
+        "Type": "A"
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::EC2::SecurityGroup', 2);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
+        "SecurityGroupEgress": [
+            {
+                "CidrIp": "0.0.0.0/0",
+                "Description": "Allow all outbound traffic by default",
+                "IpProtocol": "-1"
+            }
+        ]
+    });
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::EC2::SecurityGroup', {
+        "SecurityGroupIngress": [
+            {
+                "CidrIp": "0.0.0.0/0",
+                "Description": "Allow from anyone on port 443",
+                "FromPort": 443,
+                "IpProtocol": "tcp",
+                "ToPort": 443
+            }
+        ]
+    });
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::IAM::Role', {
+            "AssumeRolePolicyDocument": {
+                "Statement": [
+                    {
+                        "Action": "sts:AssumeRole",
+                        "Effect": "Allow",
+                        "Principal": {
+                            "Service": "ec2.amazonaws.com"
+                        }
+                    }
+                ],
+                "Version": "2012-10-17"
+            },
+            "ManagedPolicyArns": [
+                {
+                    "Fn::Join": [
+                        "",
+                        [
+                            "arn:",
+                            {
+                                "Ref": "AWS::Partition"
+                            },
+                            ":iam::aws:policy/AmazonSSMManagedInstanceCore"
+                        ]
+                    ]
+                }
+            ],
+            "RoleName": "OpenSearchCognitoUserAccess"
+    })
+    openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::LoadBalancer', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', {
+        "LoadBalancerAttributes": [
+            {
+                "Key": "deletion_protection.enabled",
+                "Value": "false"
+            }
+        ],
+        "Scheme": "internet-facing",
+        "Type": "application"
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::Listener', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::Listener', {
+        "Port": 443,
+        "Protocol": "HTTPS"
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::ElasticLoadBalancingV2::TargetGroup', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::ElasticLoadBalancingV2::TargetGroup', {
+        "HealthCheckPath": "/",
+        "HealthCheckPort": "80",
+        "Port": 443,
+        "Protocol": "HTTPS",
+        "TargetGroupAttributes": [
+            {
+                "Key": "stickiness.enabled",
+                "Value": "false"
+            }
+        ],
+        "TargetType": "instance",
+        "VpcId": {
+            "Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcB885AABED860B3EB"
+        }
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::AutoScaling::AutoScalingGroup', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::AutoScaling::AutoScalingGroup', {
+            "DesiredCapacity": "1",
+            "HealthCheckGracePeriod": 90,
+            "HealthCheckType": "EC2",
+            "LaunchConfigurationName": {
+                "Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoMetricsProxyAsgLaunchConfig8D060946"
+            },
+            "MaxSize": "1",
+            "MinSize": "1",
+            "Tags": [
+                {
+                    "Key": "name",
+                    "PropagateAtLaunch": true,
+                    "Value": "OpenSearchMetricsCognito-NginxProxyHost"
+                },
+                {
+                    "Key": "Name",
+                    "PropagateAtLaunch": true,
+                    "Value": "OpenSearchMetricsCognito"
+                }
+            ],
+            "TargetGroupARNs": [
+                {
+                    "Ref": "OpenSearchMetricsNginxOpenSearchMetricsCognitoNginxProxyAlbOpenSearchMetricsCognitoNginxProxyAlbListenerOpenSearchMetricsCognitoNginxProxyAlbTargetGroup8E449B4A"
+                }
+            ],
+            "VPCZoneIdentifier": [
+                {
+                    "Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet1Subnet529349B600974078"
+                },
+                {
+                    "Fn::ImportValue": "OpenSearchHealth-VPC:ExportsOutputRefOpenSearchHealthVpcPrivateSubnet2SubnetBA599EDB2BEEEA30"
+                }
+            ]
+    });
+
+});

infrastructure/test/opensearch-stack.test.ts

@@ -1,9 +1,3 @@
-// import * as cdk from 'aws-cdk-lib';
-// import { Template } from 'aws-cdk-lib/assertions';
-// import * as Infrastructure from '../lib/infrastructure-stack';
-
-// example test. To run these tests, uncomment this file along with the
-// example resource in lib/infrastructure-stack.ts
 import {App} from "aws-cdk-lib";
 import {Template} from "aws-cdk-lib/assertions";
 import {OpenSearchDomainStack} from "../lib/stacks/opensearch";
@@ -27,4 +21,80 @@ test('OpenSearchDomain Stack Test', () => {
     });
     const openSearchDomainStackTemplate = Template.fromStack(openSearchDomainStack);
     openSearchDomainStackTemplate.resourceCountIs('AWS::IAM::Role', 8);
+    openSearchDomainStackTemplate.resourceCountIs('AWS::Cognito::UserPool', 1);
+    openSearchDomainStackTemplate.resourceCountIs('AWS::Cognito::UserPoolGroup', 1);
+    openSearchDomainStackTemplate.resourceCountIs('AWS::IAM::Policy', 4);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::IAM::Role', {
+        "AssumeRolePolicyDocument": {
+            "Statement": [
+                {
+                    "Action": "sts:AssumeRoleWithWebIdentity",
+                    "Condition": {
+                        "StringEquals": {
+                            "cognito-identity.amazonaws.com:aud": {
+                                "Ref": "IdentityPool"
+                            }
+                        },
+                        "ForAnyValue:StringLike": {
+                            "cognito-identity.amazonaws.com:amr": "authenticated"
+                        }
+                    },
+                    "Effect": "Allow",
+                    "Principal": {
+                        "Federated": "cognito-identity.amazonaws.com"
+                    }
+                }
+            ],
+            "Version": "2012-10-17"
+        }
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::Cognito::UserPoolGroup', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::Cognito::UserPoolGroup', {
+        "GroupName": "opensearch-admin-group",
+        "RoleArn": {
+            "Fn::GetAtt": [
+                "OpenSearchHealthCognitoCognitoopensearchhealthidentitypoolAdminRole3AC37B11",
+                "Arn"
+            ]
+        },
+        "UserPoolId": {
+            "Ref": "UserPool"
+        }
+    });
+    openSearchDomainStackTemplate.resourceCountIs('AWS::Cognito::IdentityPoolRoleAttachment', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::Cognito::IdentityPoolRoleAttachment', {
+        "IdentityPoolId": {
+            "Ref": "IdentityPool"
+        },
+        "Roles": {
+            "authenticated": {
+                "Fn::GetAtt": [
+                    "OpenSearchHealthCognitoCognitoopensearchhealthidentitypoolAuthRole50009EF2",
+                    "Arn"
+                ]
+            }
+        }
+    });
+
+    openSearchDomainStackTemplate.resourceCountIs('AWS::OpenSearchService::Domain', 1);
+    openSearchDomainStackTemplate.hasResourceProperties('AWS::OpenSearchService::Domain', {
+        "CognitoOptions": {
+            "Enabled": true,
+            "IdentityPoolId": {
+                "Ref": "IdentityPool"
+            },
+            "RoleArn": {
+                "Fn::GetAtt": [
+                    "OpenSearchHealthCognitoAmazonOpenSearchServiceCognitoAccessA34D822B",
+                    "Arn"
+                ]
+            },
+            "UserPoolId": {
+                "Ref": "UserPool"
+            }
+        }
+    });
+
+
+
 });