Enable TLS protocol when cert is provided and port number is 443 #113
Conversation
Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
gaiksaya
requested review from
peterzhuamazon,
bbarani,
rishabh6788,
zelinh,
jordarlu,
prudhvigodithi and
Divyaasm
as code owners
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #113 +/- ##
==========================================
- Coverage 82.58% 82.55% -0.03%
==========================================
Files 6 6
Lines 465 470 +5
Branches 176 179 +3
==========================================
+ Hits 384 388 +4
- Misses 81 82 +1 ☔ View full report in Codecov by Sentry. |
|
DO we have logic and test that verifies if the port mapping parameter passed for OS and OSD is not the same? |
Good catch! Added this check and associated test including defaults. |
| + ` Current mapping is OpenSearch:${this.opensearchPortMapping} OpenSearch-Dashboards:${this.opensearchDashboardsPortMapping}`); | ||
| } | ||
|
|
||
| if (!this.securityDisabled && !this.minDistribution && this.opensearchPortMapping === 443 && certificateArn !== 'undefined') { |
There was a problem hiding this comment.
So it is possible for either os or osd to bind to 443, but not both?
In that case what if someone wants to get TLS on both os and osd?
There was a problem hiding this comment.
For now we have enforced that TLS can only be enabled for 443 port. It can be any OS or OSD and certificate ARN is compulsory.
There was a problem hiding this comment.
For now we decided to go with HTTPS port with TLS. Can surely be extended in future for all ports.
Description
Enables TLS protocol when certificateArn is provided and port number is 443 for both OS and OSD.
Bumps version to
1.2.1Issues Resolved
resolves #112
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.