Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(aws-elasticsearch): Domain.fromDomainEndpoint returning incorrect ARN #13380

Open
justindra opened this issue Mar 3, 2021 · 7 comments
Open
Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service bug This issue is a bug. effort/small Small work item – less than a day of effort p2

Comments

@justindra
Copy link

When using the Domain.fromDomainEndpoint function to retrieve an ES Instance and reference in the rest of the Stack, it returns an incorrect ARN. When I output the ARN, it gives the following results:

ACTUAL ARN -> arn:aws:es:[region]:[accountId]:domain/infrast-elasti-...
OUTPUTTED  -> arn:aws:es:[region]:[accountId]:domain/search-infrast-elasti-...

Reproduction Steps

  • Have an existing ElasticSearch Service Instance running
  • Import it from the CDK
const esDomain = Domain.fromDomainEndpoint(
  this,
  `${id}ESDomain`,
  'https://search-infrast-elasti-....[region].es.amazonaws.com/'
);

new CfnOutput(this, `ElasticSearchArn`, {
  value: esDomain.domainArn,
  exportName: `ElasticSearchArn`,
});
  • Compare the actual ARN and the ARN returned

What did you expect to happen?

The provided ARN should be the correct ARN

What actually happened?

The provided ARN was incorrect

Environment

  • CDK CLI Version : 1.91.0
  • Framework Version: 1.91.0
  • Node.js Version: 12.20.1
  • OS : Ubuntu 20
  • Language (Version): TypeScript (3.9.7)

Other


This is 🐛 Bug Report

@justindra justindra added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 3, 2021
@github-actions github-actions bot added the @aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service label Mar 3, 2021
@iliapolo
Copy link
Contributor

iliapolo commented Mar 8, 2021

@justindra Thanks for reporting this.

Looks like we neglected to consider the search- prefix.

Note to self: Given that users can also specify custom endpoints, this makes me think we shouldn't try to deduce the ARN from the endpoint, and instead just provide a Domain.fromDomainArn function and thats it.

@iliapolo iliapolo added effort/small Small work item – less than a day of effort p1 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 8, 2021
@iliapolo
Copy link
Contributor

iliapolo commented Mar 8, 2021

Linking #10841 since I believe a solution here would need to address it.

@lenonestrella
Copy link

+1

Spotted this issue - the permissions given by .grantXXX methods from a Domain construct imported from domain endpoint is not working as expected cause of the wrong ARN.

Although I have some concerns about the possible clashes of the prefixes we should take into account (vpc- and search-) and custom endpoints when we extract the ARN from the endpoint.

Someone could have a look on this one (and the linked pull request?)

@BenChaimberg
Copy link
Contributor

I'm in agreement with @iliapolo above (#13380 (comment)); we should not attempt to parse the domain name from the endpoint, ever. Instead of expanding the current extraction logic, we should instead deprecate fromDomainEndpoint and issue a warning in fromDomainAttributes if we are unable to parse the domain name from the domain ARN. We do not remove the behaviour completely for the latter case as it could break existing implementations, however we should ensure that the warning mentions it will be removed in the next major version and remove it then.

@BenChaimberg BenChaimberg added p2 and removed p1 labels Jul 21, 2021
@neovasili
Copy link
Contributor

Found the same issue in @aws-cdk/aws-opensearchservice using the fromDomainEndpoint method (cdk v1.50.0).

May I suggest to add a method fromDomainName and deprecate the other one? since looks like ARN is composed by appending domain name at the end.

@adri1wald
Copy link

It also doesn't extract the region, instead assuming it exists in the same region as the stack

@RyPope
Copy link

RyPope commented Oct 18, 2024

This is still not fixed as of 2.162.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-elasticsearch Related to Amazon Elasticsearch Service bug This issue is a bug. effort/small Small work item – less than a day of effort p2
Projects
None yet
7 participants