Add support for opensearch serverless

examples/opensearch-serverless/access-policy.gyro

@@ -0,0 +1,6 @@
+aws::opensearch-serverless-access-policy access-policy
+    name: "example-data-access-policy"
+    description: "example data access policy"
+    type: "data"
+    policy: "data-access-policy.json"
+end

examples/opensearch-serverless/collection.gyro

@@ -0,0 +1,31 @@
+aws::opensearch-serverless-security-policy encryption-security-policy
+    name: "vs-coll-enc-policy"
+    description: "serverless-collection example encryption security policy"
+    type: "encryption"
+    policy: "encryption-policy.json"
+end
+
+aws::opensearch-serverless-security-policy network-security-policy
+    name: "vs-coll-net-policy"
+    description: "serverless-collection example network security policy"
+    type: "network"
+    policy: "network-policy.json"
+end
+
+aws::opensearch-serverless-access-policy data-access-policy
+    name: "vs-coll-dal-policy"
+    description: "serverless-collection example data access policy"
+    type: "data"
+    policy: "data-access-policy.json"
+end
+
+aws::opensearch-serverless-collection collection
+    name: "vector-search-collection-example"
+    description: "vector search collection example"
+    type: "VECTORSEARCH"
+    standby-replicas: DISABLED
+
+    tags: {
+        Name: "opensearch-vector-search-collection-example"
+    }
+end

examples/opensearch-serverless/data-access-policy.json

@@ -0,0 +1,13 @@
+[ {
+  "Rules" : [ {
+    "Resource" : [ "collection/vector-search-collection-example" ],
+    "Permission" : [ "aoss:CreateCollectionItems", "aoss:DeleteCollectionItems", "aoss:UpdateCollectionItems", "aoss:DescribeCollectionItems" ],
+    "ResourceType" : "collection"
+  }, {
+    "Resource" : [ "index/vector-search-collection-example/*" ],
+    "Permission" : [ "aoss:CreateIndex", "aoss:DeleteIndex", "aoss:UpdateIndex", "aoss:DescribeIndex", "aoss:ReadDocument", "aoss:WriteDocument" ],
+    "ResourceType" : "index"
+  } ],
+  "Principal" : [ "arn:aws:iam::242040583208:role/ops-desk" ],
+  "Description" : "vector-search-collection-example data access policy"
+} ]

examples/opensearch-serverless/encryption-policy.json

@@ -0,0 +1,7 @@
+{
+  "Rules" : [ {
+    "Resource" : [ "collection/vector-search-collection-example" ],
+    "ResourceType" : "collection"
+  } ],
+  "AWSOwnedKey" : true
+}

examples/opensearch-serverless/lifecycle-policy.gyro

@@ -0,0 +1,6 @@
+aws::opensearch-serverless-lifecycle-policy lifecycle-policy
+    name: "example-lifecycle-policy"
+    description: "example lifecycle policy"
+    type: "retention"
+    policy: "retention-policy.json"
+end

examples/opensearch-serverless/network-policy.json

@@ -0,0 +1,7 @@
+[ {
+  "Rules" : [ {
+    "Resource" : [ "collection/vector-search-collection-example" ],
+    "ResourceType" : "collection"
+  } ],
+  "AllowFromPublic" : true
+} ]

examples/opensearch-serverless/retention-policy.json

@@ -0,0 +1,7 @@
+{
+  "Rules" : [ {
+    "Resource" : [ "index/vector-search-collection-example/*" ],
+    "ResourceType" : "index",
+    "MinIndexRetention" : "30d"
+  } ]
+}

examples/opensearch-serverless/saml-metadata.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://idp.example.com">
+    <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+        <KeyDescriptor use="signing">
+            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+                <X509Data>
+                    <X509Certificate>MII...CERT_CONTENT...</X509Certificate>
+                </X509Data>
+            </KeyInfo>
+        </KeyDescriptor>
+        <SingleSignOnService
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                Location="https://idp.example.com/sso"/>
+        <SingleLogoutService
+                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                Location="https://idp.example.com/slo"/>
+    </IDPSSODescriptor>
+</EntityDescriptor>

examples/opensearch-serverless/security-config.gyro

@@ -0,0 +1,11 @@
+aws::opensearch-serverless-security-config security-config
+    name: "example-security-config"
+    description: "example security config"
+    type: "saml"
+    saml-config
+        group-attribute: "group"
+        user-attribute: "username"
+        session-timeout: 600
+        metadata: "saml-metadata.xml"
+    end
+end

examples/opensearch-serverless/security-policy.gyro

@@ -0,0 +1,6 @@
+aws::opensearch-serverless-security-policy security-policy
+    name: "example-security-policy"
+    description: "example security policy"
+    type: "encryption"
+    policy: "encryption-policy.json"
+end

examples/opensearch-serverless/vpc-endpoint.gyro

@@ -0,0 +1,55 @@
+aws::vpc vpc-example
+    cidr-block: "10.0.0.0/16"
+    provide-ipv6-cidr-block: true
+
+    tags: {
+        Name: "opensearch-collection-example"
+    }
+end
+
+aws::subnet example-subnet-1
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1a
+    cidr-block: "10.0.0.0/24"
+
+    tags: {
+        Name: "opensearch-collection-example-1"
+    }
+end
+
+aws::subnet example-subnet-2
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1b
+    cidr-block: "10.0.1.0/24"
+
+    tags: {
+        Name: "opensearch-collection-example-2"
+    }
+end
+
+aws::subnet example-subnet-3
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1c
+    cidr-block: "10.0.2.0/24"
+
+    tags: {
+        Name: "opensearch-collection-example-3"
+    }
+end
+
+aws::security-group example-security-group
+    name: "opensearch-collection-example"
+    vpc: $(aws::vpc vpc-example)
+    description: "security group example for es"
+end
+
+aws::opensearch-serverless-vpc-endpoint vpc-endpoint-example
+    name: "os-coll-vpc-endpoint"
+    vpc: $(aws::vpc vpc-example)
+    security-groups: $(aws::security-group example-security-group)
+    subnets: [
+        $(aws::subnet example-subnet-1),
+        $(aws::subnet example-subnet-2),
+        $(aws::subnet example-subnet-3)
+    ]
+end

src/main/java/gyro/aws/opensearchserverless/OpenSearchServerlessAccessPolicyFinder.java

@@ -0,0 +1,108 @@
+/*
+ * Copyright 2024, Brightspot.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package gyro.aws.opensearchserverless;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import gyro.aws.AwsFinder;
+import gyro.core.Type;
+import software.amazon.awssdk.services.opensearchserverless.OpenSearchServerlessClient;
+import software.amazon.awssdk.services.opensearchserverless.model.AccessPolicyDetail;
+import software.amazon.awssdk.services.opensearchserverless.model.AccessPolicySummary;
+import software.amazon.awssdk.services.opensearchserverless.model.AccessPolicyType;
+import software.amazon.awssdk.services.opensearchserverless.model.ListAccessPoliciesResponse;
+import software.amazon.awssdk.services.opensearchserverless.model.ResourceNotFoundException;
+
+/**
+ * Query OpenSearch Serverless access policy.
+ *
+ * Example
+ * -------
+ *
+ * .. code-block:: gyro
+ *
+ *    access-policy: $(external-query aws::opensearch-serverless-access-policy { name: ''})
+ */
+@Type("opensearch-serverless-access-policy")
+public class OpenSearchServerlessAccessPolicyFinder
+    extends AwsFinder<OpenSearchServerlessClient, AccessPolicyDetail, OpenSearchServerlessAccessPolicyResource> {
+
+    private String name;
+    private String type;
+
+    /**
+     * The name of the access policy.
+     */
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * The type of the access policy.
+     */
+    public String getType() {
+        return type;
+    }
+
+    public void setType(String type) {
+        this.type = type;
+    }
+
+    @Override
+    protected List<AccessPolicyDetail> findAllAws(OpenSearchServerlessClient client) {
+        List<AccessPolicyDetail> accessPolicyDetails = new ArrayList<>();
+        for (AccessPolicyType type : AccessPolicyType.knownValues()) {
+            ListAccessPoliciesResponse response = client.listAccessPolicies(r -> r.type(type));
+            List<String> collect = response.accessPolicySummaries()
+                .stream()
+                .map(AccessPolicySummary::name)
+                .collect(Collectors.toList());
+
+            for (String name : collect) {
+                accessPolicyDetails.add(client.getAccessPolicy(r -> r.name(name).type(type)).accessPolicyDetail());
+            }
+        }
+
+        return accessPolicyDetails;
+    }
+
+    @Override
+    protected List<AccessPolicyDetail> findAws(OpenSearchServerlessClient client, Map<String, String> filters) {
+        List<AccessPolicyDetail> accessPolicyDetails = new ArrayList<>();
+
+        if (filters.containsKey("name") && filters.containsKey("type")) {
+            try {
+                accessPolicyDetails.add(client.getAccessPolicy(r -> r
+                        .name(filters.get("name"))
+                        .type(AccessPolicyType.fromValue(filters.get("type"))).build())
+                    .accessPolicyDetail());
+            } catch (ResourceNotFoundException ex) {
+                // Ignore
+            }
+        }
+
+        return accessPolicyDetails;
+    }
+
+}