From 027db12989b3249d8840dbe2a4f2152c7fcc5429 Mon Sep 17 00:00:00 2001
From: Divya Madala <divyaasm@amazon.com>
Date: Mon, 24 Feb 2025 10:25:29 -0800
Subject: [PATCH] Add specific deployment method for beta and prod deployments

Signed-off-by: Divya Madala <divyaasm@amazon.com>
---
 bin/deployments/ci-stack.ts          |  85 +++++++++++++++++++++++++++
 bin/deployments/config.json          |  10 ++++
 bin/deployments/stage-definitions.ts |  26 ++++++++
 resources/envVars.yaml               |   7 +++
 resources/placeholder_script         | Bin 0 -> 4096 bytes
 5 files changed, 128 insertions(+)
 create mode 100644 bin/deployments/ci-stack.ts
 create mode 100644 bin/deployments/config.json
 create mode 100644 bin/deployments/stage-definitions.ts
 create mode 100644 resources/envVars.yaml
 create mode 100644 resources/placeholder_script

diff --git a/bin/deployments/ci-stack.ts b/bin/deployments/ci-stack.ts
new file mode 100644
index 00000000..0d0e170f
--- /dev/null
+++ b/bin/deployments/ci-stack.ts
@@ -0,0 +1,85 @@
+/**
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+import { App } from 'aws-cdk-lib';
+import { Peer } from 'aws-cdk-lib/aws-ec2';
+import {
+  readFileSync, writeFileSync, existsSync, appendFileSync,
+} from 'fs';
+import { CIConfigStack } from '../../lib/ci-config-stack';
+import { CIStack } from '../../lib/ci-stack';
+import { StageDef } from './stage-definitions';
+import { FineGrainedAccessSpecs } from '../../lib/compute/auth-config';
+
+const configPath = './bin/deployments/config.json';
+let fileContent: string;
+const app = new App();
+const isProd = StageDef.envName === 'Prod';
+
+// Below code reads the contents from placeholder script,
+// Replaces the enter_endpoint_here placeholder with actual endpoint passed
+// And then writes to temp file emitter whose contents are passed to SSM Doc creation
+// TO-DO: Look for solution to replace relative path with absolute path
+const serviceName = `OpenSearchCI${StageDef.envName}`;
+const placeholderFilePath = './resources/placeholder_script';
+fileContent = readFileSync(placeholderFilePath).toString('utf-8').replace('enter_endpoint_here', StageDef.Endpoint)
+  .replace('service_name_placeholder', serviceName);
+if (isProd) {
+  const newContent = `${fileContent}\necho "0 * * * * $HOME/emitter --service opensearch-ruby --marketplace us-east-1 `
+        + '--awsregion us-east-1 --endpoints https://raw.githubusercontent.com/opensearch-project/opensearch-ruby/main/certs/opensearch-rubygems.pem '
+        + '--fast" >> newcron\necho "5 * * * * $HOME/emitter --service logstash-output-opensearch --marketplace us-east-1 --awsregion us-east-1 '
+        + '--endpoints https://raw.githubusercontent.com/opensearch-project/logstash-output-opensearch/main/certs/opensearch-rubygems.pem --fast" '
+        + '>> newcron\necho "10 * * * * $HOME/emitter --service logstash-input-opensearch --marketplace us-east-1 --awsregion us-east-1 '
+        + '--endpoints https://raw.githubusercontent.com/opensearch-project/logstash-input-opensearch/main/certs/opensearch-rubygems.pem --fast" '
+        + '>> newcron\ncrontab newcron\nrm newcron';
+
+  fileContent = newContent;
+}
+const inputFilePath = './resources/emitter';
+writeFileSync(inputFilePath, fileContent, {
+  flag: 'w',
+});
+
+let fileConfig: any = {};
+try {
+  fileConfig = JSON.parse(readFileSync(configPath).toString('utf-8'));
+} catch (error) {
+  // eslint-disable-next-line no-console
+  console.warn(error);
+}
+
+const ciConfigStack = new CIConfigStack(app, `OpenSearch-CI-Config-${StageDef.envName}`, {
+});
+
+const benchmarkFineGrainAccess: FineGrainedAccessSpecs = {
+  users: ['reta'],
+  roleName: process.env.BENCHMARK_ROLE || 'benchmark-workflow-build-access-role', // benchmark.....role
+  pattern: '(?i)benchmark-.*',
+  templateName: 'builder-template',
+};
+
+const ciStack = new CIStack(app, `OpenSearch-CI-${StageDef.envName}`, {
+  useSsl: fileConfig.useSsl,
+  authType: fileConfig.authType,
+  ignoreResourcesFailures: fileConfig.ignoreResourcesFailures,
+  adminUsers: fileConfig.adminUsers,
+  dataRetention: fileConfig.dataRetention,
+  additionalCommands: inputFilePath,
+  agentAssumeRole: StageDef.agentAssumeRole,
+  macAgent: fileConfig.macAgent,
+  restrictServerAccessTo: isProd ? Peer.anyIpv4() : Peer.prefixList('pl-60b85b09'),
+  useProdAgents: fileConfig.useProdAgents,
+  enableViews: fileConfig.enableViews,
+  fineGrainedAccessSpecs: [benchmarkFineGrainAccess],
+  envVarsFilePath: './resources/envVars.yaml',
+  env: {
+    account: StageDef.AccountId,
+    region: process.env.CDK_DEFAULT_REGION,
+  },
+});
+ciStack.addDependency(ciConfigStack);
diff --git a/bin/deployments/config.json b/bin/deployments/config.json
new file mode 100644
index 00000000..04d92241
--- /dev/null
+++ b/bin/deployments/config.json
@@ -0,0 +1,10 @@
+{
+  "useSsl": "false",
+  "authType": "default",
+  "ignoreResourcesFailures": false,
+  "adminUsers": ["getsaurabh02", "gaiksaya", "peterzhuamazon", "rishabh6788", "zelinh", "prudhvigodithi", "Divyaasm", "bshien"],
+  "dataRetention": true,
+  "macAgent": true,
+  "useProdAgents": true,
+  "enableViews": true
+}
diff --git a/bin/deployments/stage-definitions.ts b/bin/deployments/stage-definitions.ts
new file mode 100644
index 00000000..00cad189
--- /dev/null
+++ b/bin/deployments/stage-definitions.ts
@@ -0,0 +1,26 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+export interface StageDefinition {
+    readonly envName: string;
+    readonly Region: string;
+    readonly Endpoint: string;
+    readonly AccountId: string;
+    readonly agentAssumeRole: string[];
+}
+
+export const StageDef: StageDefinition = {
+  envName: process.env.ENVIRONMENT || 'Dev',
+  Region: process.env.REGION || 'us-east-1',
+  Endpoint: process.env.ENDPOINT || '',
+  AccountId: process.env.ACCOUNTID || '',
+  agentAssumeRole: process.env.ASSUMED_ROLES ? process.env.ASSUMED_ROLES.split(',') : [
+    '',
+  ],
+};
diff --git a/resources/envVars.yaml b/resources/envVars.yaml
new file mode 100644
index 00000000..1d30eec3
--- /dev/null
+++ b/resources/envVars.yaml
@@ -0,0 +1,7 @@
+GITHUB_BOT_TOKEN_NAME: jenkins-github-bot-token
+PUBLIC_ARTIFACT_URL: https://ci.opensearch.org/ci/dbc
+SONATYPE_STAGING_PROFILE_ID: 78d7607cc6e881
+STAGING_PROFILE_ID: 78d7607cc6e881
+REPO_URL: https://aws.oss.sonatype.org/
+PERF_TEST_CONFIG_LOCATION: bundles/tests/perf-test-config
+BENCHMARK_TEST_CONFIG_LOCATION: bundles/tests/benchmark-test-config
diff --git a/resources/placeholder_script b/resources/placeholder_script
new file mode 100644
index 0000000000000000000000000000000000000000..93ba696b3629aff2fb237900a11b204d4eb66927
GIT binary patch
literal 4096
zcmeIu!3x4K3<lu7fFSb)rk=H%6J?L!!J}TKO(UzT>u5H?i_fk@b{g{mBsnzjHze@s
z<a{{B`8pM!ns(2(TqK0CkEc>}@3XP4!6f@_y3^M@8=L9!SHDmi4<&{hR;8^-I@KUG
zQn%KT^fgw5DnPLUD+7{m10c!TDZs)zgW*CDY~B1i#eXco0t11G$Tn%x#mmJ!o<*m@
Y1P3g@0xZA+EWiRRzyd750{<)U2A{qv)Bpeg

literal 0
HcmV?d00001