Skip to content

opensearchservice: cannot disable logging (still) #29294

New issue
New issue
Closed
Closed
opensearchservice: cannot disable logging (still)#29294
NOUIY/aws-solutions-constructs
#98
 (+2)
Labels
@aws-cdk/aws-opensearchRelated to the @aws-cdk/aws-opensearchservice packagebugThis issue is a bug.effort/mediumMedium work item – several days of effortp1
@sigJoe

Description

@sigJoe
sigJoe
opened on Feb 28, 2024

Describe the bug

Related to #29200, although that one was closed due to a misunderstanding. The documentation was updated to suggest that things work the way I would expect, but that is not how the CDK currently behaves.

The problem is that if you enable logging (e.g. appLogEnabled: true) on an OpenSearch Cluster then try to disable logging (e.g. appLogEnabled: false), the OpenSearch Cluster will still have logging enabled.

Specifically, I'm talking about these configuration properties:

logging: {
  slowSearchLogEnabled: false,
  appLogEnabled: false,
  slowIndexLogEnabled: false,
  auditLogEnabled: false,
}

Expected Behavior

When told to disable logging, CDK should populate LogPublishingOptions with configuration to disable logging:

    "LogPublishingOptions": {
        "ES_APPLICATION_LOGS": {
            "Enabled": false
        },
        "SEARCH_SLOW_LOGS": {
            "Enabled": false
        },
        "INDEX_SLOW_LOGS": {
            "Enabled": false
        }
    },

Current Behavior

When told to disable logging, CDK will leave LogPublishingOptions empty:

    "LogPublishingOptions": {},

This means that CloudFormation will not enforce any configuration and OpenSearch logging configuration remains in its previous state.

Reproduction Steps

Deploy a template such as this:

const { Stack, Duration } = require('aws-cdk-lib');
const es = require('aws-cdk-lib/aws-opensearchservice');

class PocStack extends Stack {
  constructor(scope, id, props) {
    super(scope, id, props);

    const cluster = new es.Domain(this, 'OpenSearchCluster', {
      domainName: 'test-opensearch-cluster',
      version: es.EngineVersion.OPENSEARCH_2_11,
      capacity: {
        dataNodes: 1,
        dataNodeInstanceType: "t4g.medium.search",
      },
      ebs: {
        volumeSize: 10,
      },
      logging: {
        appLogEnabled: true,
      }
    });
  }
}

module.exports = { PocStack }

Then set appLogEnabled: false and observe that the OpenSearch cluster still has logging enabled.

Possible Solution

PR #29205 makes it so that:

  1. If a logging parameter (e.g. appLogEnabled) is explicitly enabled, LogPublishingOptions will be configured to enable that type of logging
  2. If a logging parameter (e.g. appLogEnabled) is explicitly disabled, LogPublishingOptions will be configured to disable that type of logging
  3. If a logging parameter (e.g. appLogEnabled) is left undefined, then LogPublishing Options will omit configuration for that type of logging (for backwards compatibility)

Additional Information/Context

No response

CDK CLI Version

2.128.0

Framework Version

No response

Node.js Version

v18.18.2

OS

OSX

Language

TypeScript

Language Version

No response

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-opensearchRelated to the @aws-cdk/aws-opensearchservice packagebugThis issue is a bug.effort/mediumMedium work item – several days of effortp1

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions