Add support for Open Search

build.gradle

@@ -83,7 +83,7 @@ dependencies {
     implementation 'com.google.guava:guava:23.0'
     implementation 'com.psddev:dari-util:3.3.607-xe0f27a'
     implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.0'
-    implementation enforcedPlatform('software.amazon.awssdk:bom:2.25.5')
+    implementation enforcedPlatform('software.amazon.awssdk:bom:2.29.30')
     implementation 'software.amazon.awssdk:apache-client'
     implementation 'software.amazon.awssdk:apigatewayv2'
     implementation 'software.amazon.awssdk:autoscaling'
@@ -125,7 +125,8 @@ dependencies {
     implementation 'software.amazon.awssdk:kendra'
     implementation 'software.amazon.awssdk:wafv2'
     implementation 'software.amazon.awssdk:eventbridge'
-    implementation 'org.json:json:20180813'
+    implementation 'software.amazon.awssdk:opensearch'
+    implementation 'org.json:json:20231013'
 
     implementation 'com.fasterxml.jackson.core:jackson-core:2.13.0'
     implementation 'com.fasterxml.jackson.core:jackson-databind:2.13.0'

examples/opensearch/access-policy.json

@@ -0,0 +1,13 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "*"
+      },
+      "Action": "es:*",
+      "Resource": "arn:aws:es:us-east-2:242040583208:domain/testdomain/*"
+    }
+  ]
+}

examples/opensearch/domain.gyro

@@ -0,0 +1,109 @@
+aws::vpc vpc-example
+    cidr-block: "10.0.0.0/16"
+    provide-ipv6-cidr-block: true
+
+    tags: {
+        Name: "opensearch-domain-example"
+    }
+end
+
+aws::subnet example-subnet-1
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1a
+    cidr-block: "10.0.0.0/24"
+
+    tags: {
+        Name: "opensearch-domain-example-1"
+    }
+end
+
+aws::subnet example-subnet-2
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1b
+    cidr-block: "10.0.1.0/24"
+
+    tags: {
+        Name: "opensearch-domain-example-2"
+    }
+end
+
+aws::subnet example-subnet-3
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1c
+    cidr-block: "10.0.2.0/24"
+
+    tags: {
+        Name: "opensearch-domain-example-3"
+    }
+end
+
+aws::security-group example-security-group
+    name: "opensearch-domain-example"
+    vpc: $(aws::vpc vpc-example)
+    description: "security group example for es"
+end
+
+aws::opensearch-domain opensearch-domain-example
+    domain-name: "testdomain"
+    open-search-version: "OpenSearch_1.0"
+
+    ebs-options
+        enable-ebs: true
+        volume-type: standard
+        volume-count: 10
+    end
+
+    node-to-node-encryption-options
+        enable-node-to-node-encryption: true
+    end
+
+    encryption-at-rest-options
+        enable-encryption-at-rest: true
+    end
+
+    cluster-configuration
+        enable-zone-awareness: true
+        instance-count: 4
+
+        zone-awareness-configuration
+            availability-zone-count: 2
+        end
+    end
+
+    domain-endpoint-options
+        enforce-https: true
+    end
+
+    advanced-security-options
+        enable-advanced-security-options: true
+        enable-internal-user-database: true
+
+        master-user-options
+            master-username: "masteruser"
+            master-password: "MasterUser1!"
+        end
+    end
+
+    access-policies: "access-policy.json"
+
+    advanced-options: {
+        "indices.query.bool.max_clause_count": "1026",
+        "rest.action.multi.allow_explicit_index": "true",
+        "override_main_response_version": "false"
+    }
+
+    tags: {
+        "description": "Test Domain"
+    }
+
+    vpc-options
+        subnets: [
+            $(aws::subnet example-subnet-1),
+            $(aws::subnet example-subnet-3)
+        ]
+
+        security-groups: [
+            $(aws::security-group example-security-group)
+        ]
+    end
+end

examples/opensearch/vpc-endpoint.gyro

@@ -0,0 +1,58 @@
+aws::vpc vpc-example
+    cidr-block: "10.0.0.0/16"
+    provide-ipv6-cidr-block: true
+
+    tags: {
+        Name: "opensearch-domain-vpc-endpoint-example"
+    }
+end
+
+aws::subnet example-subnet-1
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1a
+    cidr-block: "10.0.0.0/24"
+
+    tags: {
+        Name: "opensearch-domain-vpc-endpoint-example-1"
+    }
+end
+
+aws::subnet example-subnet-2
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1b
+    cidr-block: "10.0.1.0/24"
+
+    tags: {
+        Name: "opensearch-domain-vpc-endpoint-example-2"
+    }
+end
+
+aws::subnet example-subnet-3
+    vpc: $(aws::vpc vpc-example)
+    availability-zone: us-east-1c
+    cidr-block: "10.0.2.0/24"
+
+    tags: {
+        Name: "opensearch-domain-vpc-endpoint-example-3"
+    }
+end
+
+aws::security-group example-security-group
+    name: "opensearch-domain-vpc-endpoint-example"
+    vpc: $(aws::vpc vpc-example)
+    description: "security group example for es"
+end
+
+aws::opensearch-vpc-endpoint vpc-endpoint
+    domain: "arn:aws:es:us-east-1:242040583208:domain/dj-test"
+    vpc-options
+        subnets: [
+            $(aws::subnet example-subnet-1),
+            $(aws::subnet example-subnet-3)
+        ]
+
+        security-groups: [
+            $(aws::security-group example-security-group)
+        ]
+    end
+end

src/main/java/gyro/aws/opensearch/OpenSearchAdvancedSecurityOptions.java

@@ -0,0 +1,127 @@
+/*
+ * Copyright 2024, Brightspot.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package gyro.aws.opensearch;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
+import gyro.aws.Copyable;
+import gyro.core.resource.Diffable;
+import gyro.core.resource.Updatable;
+import gyro.core.validation.Required;
+import gyro.core.validation.ValidationError;
+import software.amazon.awssdk.services.opensearch.model.AdvancedSecurityOptions;
+import software.amazon.awssdk.services.opensearch.model.AdvancedSecurityOptionsInput;
+
+public class OpenSearchAdvancedSecurityOptions extends Diffable implements Copyable<AdvancedSecurityOptions> {
+
+    private Boolean enableAdvancedSecurityOptions;
+    private Boolean enableInternalUserDatabase;
+    private OpenSearchMasterUserOptions masterUserOptions;
+
+    /**
+     * Enable advanced security for the domain.
+     */
+    @Updatable
+    @Required
+    public Boolean getEnableAdvancedSecurityOptions() {
+        return enableAdvancedSecurityOptions;
+    }
+
+    public void setEnableAdvancedSecurityOptions(Boolean enableAdvancedSecurityOptions) {
+        this.enableAdvancedSecurityOptions = enableAdvancedSecurityOptions;
+    }
+
+    /**
+     * Enable the Internal User Database.
+     */
+    @Updatable
+    public Boolean getEnableInternalUserDatabase() {
+        return enableInternalUserDatabase;
+    }
+
+    public void setEnableInternalUserDatabase(Boolean enableInternalUserDatabase) {
+        this.enableInternalUserDatabase = enableInternalUserDatabase;
+    }
+
+    /**
+     * The master user options configuration. Can only be set if ``enable-advanced-security-options`` is set to ``true``.
+     *
+     * @subresource gyro.aws.opensearch.OpenSearchMasterUserOptions
+     */
+    @Updatable
+    public OpenSearchMasterUserOptions getMasterUserOptions() {
+        return masterUserOptions;
+    }
+
+    public void setMasterUserOptions(OpenSearchMasterUserOptions masterUserOptions) {
+        this.masterUserOptions = masterUserOptions;
+    }
+
+    @Override
+    public void copyFrom(AdvancedSecurityOptions model) {
+        setEnableAdvancedSecurityOptions(model.enabled());
+        setEnableInternalUserDatabase(model.internalUserDatabaseEnabled());
+
+        // Not resetting the masterUserOptions since the api doesn't return the credentials for the master user.
+    }
+
+    @Override
+    public String primaryKey() {
+        return "";
+    }
+
+    AdvancedSecurityOptionsInput toAdvancedSecurityOptionsInput() {
+        AdvancedSecurityOptionsInput.Builder builder = AdvancedSecurityOptionsInput.builder()
+            .enabled(getEnableAdvancedSecurityOptions());
+
+        if (getEnableInternalUserDatabase() != null) {
+            builder.internalUserDatabaseEnabled(getEnableInternalUserDatabase());
+        }
+
+        if (getMasterUserOptions() != null) {
+            builder.masterUserOptions(getMasterUserOptions().toMasterUserOptions());
+        }
+
+        return builder.build();
+    }
+
+    @Override
+    public List<ValidationError> validate(Set<String> configuredFields) {
+        List<ValidationError> errors = new ArrayList<>();
+
+        if (getEnableAdvancedSecurityOptions().equals(Boolean.FALSE) && (
+            configuredFields.contains("enable-internal-user-database") || configuredFields.contains(
+                "master-user-options"))) {
+            errors.add(new ValidationError(
+                this,
+                null,
+                "The 'enable-internal-user-database' or 'master-user-options' can only be set if 'enable-advanced-security-options' is set to 'true'."));
+        }
+
+        if (getEnableAdvancedSecurityOptions().equals(Boolean.TRUE)
+            && !configuredFields.contains("master-user-options")) {
+            errors.add(new ValidationError(
+                this,
+                "master-user-options",
+                "The 'master-user-options' is required if 'enable-advanced-security-options' is set to 'true'."));
+        }
+
+        return errors;
+    }
+}