Skip to content

Commit

Permalink
fix(opensearch): add validation to domainName property (aws#17017)
Browse files Browse the repository at this point in the history
Add validation to domainName property as per  https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname

Fixes aws#17016 

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
nom3ad authored and TikiTDO committed Feb 21, 2022
1 parent d88c54f commit 6202d56
Show file tree
Hide file tree
Showing 4 changed files with 66 additions and 8 deletions.
22 changes: 18 additions & 4 deletions packages/@aws-cdk/aws-elasticsearch/lib/domain.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1543,9 +1543,9 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable {

if (props.logging?.auditLogEnabled) {
this.auditLogGroup = props.logging.auditLogGroup ??
new logs.LogGroup(this, 'AuditLogs', {
retention: logs.RetentionDays.ONE_MONTH,
});
new logs.LogGroup(this, 'AuditLogs', {
retention: logs.RetentionDays.ONE_MONTH,
});

logGroups.push(this.auditLogGroup);
};
Expand Down Expand Up @@ -1695,7 +1695,21 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable {

if (logGroupResourcePolicy) { this.domain.node.addDependency(logGroupResourcePolicy); }

if (props.domainName) { this.node.addMetadata('aws:cdk:hasPhysicalName', props.domainName); }
if (props.domainName) {
if (!cdk.Token.isUnresolved(props.domainName)) {
// https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname
if (!props.domainName.match(/^[a-z0-9\-]+$/)) {
throw new Error(`Invalid domainName '${props.domainName}'. Valid characters are a-z (lowercase only), 0-9, and – (hyphen).`);
}
if (props.domainName.length < 3 || props.domainName.length > 28) {
throw new Error(`Invalid domainName '${props.domainName}'. It must be between 3 and 28 characters`);
}
if (props.domainName[0] < 'a' || props.domainName[0] > 'z') {
throw new Error(`Invalid domainName '${props.domainName}'. It must start with a lowercase letter`);
}
}
this.node.addMetadata('aws:cdk:hasPhysicalName', props.domainName);
}

this.domainName = this.getResourceNameAttribute(this.domain.ref);

Expand Down
15 changes: 15 additions & 0 deletions packages/@aws-cdk/aws-elasticsearch/test/domain.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1378,6 +1378,21 @@ describe('custom error responses', () => {
})).toThrow(/Unknown Elasticsearch version: 5\.4/);
});

test('error when invalid domain name is given', () => {
expect(() => new Domain(stack, 'Domain1', {
version: ElasticsearchVersion.V7_4,
domainName: 'InvalidName',
})).toThrow(/Valid characters are a-z/);
expect(() => new Domain(stack, 'Domain2', {
version: ElasticsearchVersion.V7_4,
domainName: 'a'.repeat(29),
})).toThrow(/It must be between 3 and 28 characters/);
expect(() => new Domain(stack, 'Domain3', {
version: ElasticsearchVersion.V7_4,
domainName: '123domain',
})).toThrow(/It must start with a lowercase letter/);
});

test('error when error log publishing is enabled for elasticsearch version < 5.1', () => {
const error = /Error logs publishing requires Elasticsearch version 5.1 or later/;
expect(() => new Domain(stack, 'Domain1', {
Expand Down
22 changes: 18 additions & 4 deletions packages/@aws-cdk/aws-opensearchservice/lib/domain.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1472,9 +1472,9 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable {

if (props.logging?.auditLogEnabled) {
this.auditLogGroup = props.logging.auditLogGroup ??
new logs.LogGroup(this, 'AuditLogs', {
retention: logs.RetentionDays.ONE_MONTH,
});
new logs.LogGroup(this, 'AuditLogs', {
retention: logs.RetentionDays.ONE_MONTH,
});

logGroups.push(this.auditLogGroup);
};
Expand Down Expand Up @@ -1624,7 +1624,21 @@ export class Domain extends DomainBase implements IDomain, ec2.IConnectable {

if (logGroupResourcePolicy) { this.domain.node.addDependency(logGroupResourcePolicy); }

if (props.domainName) { this.node.addMetadata('aws:cdk:hasPhysicalName', props.domainName); }
if (props.domainName) {
if (!cdk.Token.isUnresolved(props.domainName)) {
// https://docs.aws.amazon.com/opensearch-service/latest/developerguide/configuration-api.html#configuration-api-datatypes-domainname
if (!props.domainName.match(/^[a-z0-9\-]+$/)) {
throw new Error(`Invalid domainName '${props.domainName}'. Valid characters are a-z (lowercase only), 0-9, and – (hyphen).`);
}
if (props.domainName.length < 3 || props.domainName.length > 28) {
throw new Error(`Invalid domainName '${props.domainName}'. It must be between 3 and 28 characters`);
}
if (props.domainName[0] < 'a' || props.domainName[0] > 'z') {
throw new Error(`Invalid domainName '${props.domainName}'. It must start with a lowercase letter`);
}
}
this.node.addMetadata('aws:cdk:hasPhysicalName', props.domainName);
}

this.domainName = this.getResourceNameAttribute(this.domain.ref);

Expand Down
15 changes: 15 additions & 0 deletions packages/@aws-cdk/aws-opensearchservice/test/domain.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -1319,6 +1319,21 @@ describe('custom error responses', () => {
})).toThrow('Unknown Elasticsearch version: 5.4');
});

test('error when invalid domain name is given', () => {
expect(() => new Domain(stack, 'Domain1', {
version: EngineVersion.OPENSEARCH_1_0,
domainName: 'InvalidName',
})).toThrow(/Valid characters are a-z/);
expect(() => new Domain(stack, 'Domain2', {
version: EngineVersion.OPENSEARCH_1_0,
domainName: 'a'.repeat(29),
})).toThrow(/It must be between 3 and 28 characters/);
expect(() => new Domain(stack, 'Domain3', {
version: EngineVersion.OPENSEARCH_1_0,
domainName: '123domain',
})).toThrow(/It must start with a lowercase letter/);
});

test('error when error log publishing is enabled for Elasticsearch version < 5.1', () => {
const error = /Error logs publishing requires Elasticsearch version 5.1 or later or OpenSearch version 1.0 or later/;
expect(() => new Domain(stack, 'Domain1', {
Expand Down

0 comments on commit 6202d56

Please sign in to comment.