Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aws_opensearchservice: High Level Constructs For OpenSearch SamlOptions Feature #26600

Closed
1 of 2 tasks
devardee opened this issue Aug 2, 2023 · 2 comments · Fixed by #26673
Closed
1 of 2 tasks

aws_opensearchservice: High Level Constructs For OpenSearch SamlOptions Feature #26600

devardee opened this issue Aug 2, 2023 · 2 comments · Fixed by #26673
Labels
@aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2

Comments

@devardee
Copy link

devardee commented Aug 2, 2023

Describe the feature

SAMLOptions is an existing Feature for OpenSearch Domain. Feature Documentation Link. According to the CDK docs currently there is no high level CDK construct for this feature.CDK Docs link for the SamlOptions

Use Case

The general recommendation is to use high level constructs and due to lack of High level construct for this feature, the CDK template needs to be migrated to use CFN constructs if there is a need to Create an OpenSearchDomain with SAMLOptionsProperty. This serves as a hinderance to the adoption of the SAMLOptionsProperty feature for AWS OpenSearch Domains.

Proposed Solution

Add the SAMLOptionsProperty to the AdvancedSecurityOptions interface object CDK Doc for AdvancedSecurityOptions Attribute .
A SamlOptions enabeld OpenSearchDomain created using CDK high level constructs should look like

const domain = new Domain(this, 'Domain', {
  version: EngineVersion.OPENSEARCH_1_0,
  enforceHttps: true,
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
  fineGrainedAccessControl: {
    masterUserName: 'master-user',
    samlOptions: {
      enabled: true,
      idp: {
             entityId: 'entityId',
             metadataContent: 'metadataContent',
      },
     masterBackendRole: 'masterBackendRole',
     masterUserName: 'masterUserName',
     rolesKey: 'rolesKey',
     sessionTimeoutMinutes: 123,
     subjectKey: 'subjectKey',
   }
  },
  logging: {
    auditLogEnabled: true,
    slowSearchLogEnabled: true,
    appLogEnabled: true,
    slowIndexLogEnabled: true,
  },
});

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.84.0

Environment details (OS name and version, etc.)

macOS Ventura 13.4
@devardee devardee added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Aug 2, 2023
@github-actions github-actions bot added the @aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package label Aug 2, 2023
@khushail khushail added the investigating This issue is being investigated and/or work is in progress to resolve the issue. label Aug 2, 2023
@khushail
Copy link
Contributor

khushail commented Aug 2, 2023

thanks @devardee for submitting this feature request. You could get started with this contributing guide for the PR.

@khushail khushail changed the title Amazon OpenSearch Service: High Level Constructs For OpenSearch SamlOptions Feature aws_opensearchservice: High Level Constructs For OpenSearch SamlOptions Feature Aug 2, 2023
@khushail khushail added p2 effort/medium Medium work item – several days of effort and removed needs-triage This issue or PR still needs to be triaged. investigating This issue is being investigated and/or work is in progress to resolve the issue. labels Aug 2, 2023
@lpizzinidev lpizzinidev mentioned this issue Aug 8, 2023
Merged
lpizzinidev added a commit to lpizzinidev/aws-cdk that referenced this issue Aug 11, 2023
@lpizzinidev
Merge branch 'main' into awsgh-26600
b0a9a05
colifran added a commit to lpizzinidev/aws-cdk that referenced this issue Aug 12, 2023
@colifran
Merge branch 'main' into awsgh-26600
85ccded
mergify bot added a commit to lpizzinidev/aws-cdk that referenced this issue Aug 12, 2023
@mergify
Merge branch 'main' into awsgh-26600
e25f7bf
@mergify mergify bot closed this as completed in #26673 Aug 12, 2023
mergify bot pushed a commit that referenced this issue Aug 12, 2023
@lpizzinidev
feat(opensearchservice): SAML authorization properties for Domain con…
6e20cbf 
…struct (#26673)

Allows to specify [SAML authentication](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html) for OpenSearch domains via high-level construct properties.

Example:
```
const domain = new Domain(this, 'Domain', {
  version: EngineVersion.OPENSEARCH_1_0,
  enforceHttps: true,
  nodeToNodeEncryption: true,
  encryptionAtRest: {
    enabled: true,
  },
  fineGrainedAccessControl: {
    masterUserName: 'master-user',
    samlAuthenticationEnabled: true,
    samlAuthenticationOptions: {
      idpEntityId: 'entity-id',
      idpMetadataContent: 'metadata-content-with-quotes-escaped',
    },
  },
});
```

Closes #26600.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
@github-actions
Copy link

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

@github-actions github-actions bot mentioned this issue Sep 1, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
@aws-cdk/aws-opensearch Related to the @aws-cdk/aws-opensearchservice package effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(opensearchservice): SAML authorization properties for Domain construct lpizzinidev/aws-cdk
2 participants
@devardee @khushail