Details

Reviewers

varun

Commits

rCOMM49f169b272b0: [terraform] [1/n] adding Opensearch service

Summary

Adding the Opensearch service as a shared module

Test Plan

Tested on staging. Properly deployed and interactive

Diff Detail

Repository

rCOMM Comm

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

will created this revision.Nov 13 2023, 11:22 PM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptNov 13 2023, 11:22 PM

Harbormaster returned this revision to the author for changes because remote builds failed.Nov 13 2023, 11:39 PM

Harbormaster failed remote builds in B24095: Diff 33194!

will retitled this revision from [terraform] adding Opensearch service to [terraform] [1/n] adding Opensearch service.Nov 13 2023, 11:44 PM

will retitled this revision from [terraform] [1/n] adding Opensearch service to [terraform] [2/n] adding Opensearch service.Nov 20 2023, 6:02 PM

will retitled this revision from [terraform] [2/n] adding Opensearch service to [terraform] [1/n] adding Opensearch service.

will added a child revision: D9876: [terraform] setting variables in main for opensearch.Nov 20 2023, 6:40 PM

squashing opensearch terraform changes

Harbormaster returned this revision to the author for changes because remote builds failed.Nov 20 2023, 8:46 PM

Harbormaster failed remote builds in B24295: Diff 33447!

Update terraform

Harbormaster returned this revision to the author for changes because remote builds failed.Nov 20 2023, 11:05 PM

Harbormaster failed remote builds in B24297: Diff 33449!

Enable Opensearch on local dev terraform environment

Remove unnecessary iam arn for opensearch

Harbormaster returned this revision to the author for changes because remote builds failed.Nov 20 2023, 11:32 PM

Harbormaster failed remote builds in B24299: Diff 33451!

Harbormaster failed remote builds in B24298: Diff 33450!Nov 20 2023, 11:42 PM

Rebase changes to local and remote

will added a child revision: D9877: [terraform] [2/n] enable streams for DynamoDB identity-users table.Nov 21 2023, 12:14 AM

will mentioned this in D9876: [terraform] setting variables in main for opensearch.Nov 21 2023, 12:22 AM

Harbormaster completed remote builds in B24300: Diff 33452.Nov 21 2023, 12:41 AM

will requested review of this revision.Nov 21 2023, 12:41 AM

rebase

Harbormaster completed remote builds in B24317: Diff 33473.Nov 21 2023, 1:41 PM

Add tags and style

Harbormaster completed remote builds in B24323: Diff 33479.Nov 21 2023, 10:27 PM

This diff overlaps with D9757 - are you going to abandon that one?

services/terraform/remote/aws_iam.tf
199–211 ↗	(On Diff #33479)	My comment https://phab.comm.dev/D9757?id=32929#inline-61182 hasn't been addressed. If you're not planning doing it here, can you create a follow-up task as a subtask of ENG-4540?

In D9875#290581, @bartek wrote:

This diff overlaps with D9757 - are you going to abandon that one?

Yeah. There were some issues I ran into while rebasing and I had to abandon D9757.

It's generally best to update existing diffs instead of putting up new ones. If you do want to abandon an existing diff, you should use the abandon option from the menu at the bottom (at this point you should do this)

will mentioned this in D9757: [terraform] Add opensearch service to local dev.Nov 27 2023, 5:13 AM

looks fine to me but setting @bartek as blocking since he's more well-versed in terraform

You addressed my feedback from this diff in D9878 which is currently a draft. That one looks good to me 👍
But changes from that diff overlap with this diff (you created opensearch.tf in both diffs) and that makes me confused which one I should review. I guess you again had some trouble when rebasing

Requesting changes now but feel free to click "Request Review" when you're ready 😉

This revision now requires changes to proceed.Dec 6 2023, 2:40 AM

@wyilio, it's critical that you figure out how to handle diff stacks – right now it looks like you have a pattern of repeatedly opening conflicting diffs.

I'm not exactly sure as to your workflow. I'd suggest that in your next 1:1 with another engineer (eg. @varun, @bartek, or me), you talk through your workflow and get some feedback.

Some high-level advice: if you have multiple diffs touching the same code, it's critical that those diffs correspond to commits within the same local branch.

Restrict domain search policy

Harbormaster completed remote builds in B25148: Diff 34758.Dec 15 2023, 8:28 PM

Change name to opensearch-service

Add principal and remove role specific policy configuration

I was having trouble getting the HTTP requests to work with the opensearch domain when I included opensearch_domain_access under managed_policy_arns. After placing opensearch_domain_access in its own policy, there didn't seem to be any more 403 Forbidden errors when accessing the opensearch domain with the search index lambda.

In this diff, I lay out the policy for future usage. In [4/n], I set the principals identifier to the lambda arn. Hopefully this addresses the earlier comment on limiting access scope.

Harbormaster completed remote builds in B25152: Diff 34762.Dec 16 2023, 1:15 AM

Harbormaster completed remote builds in B25153: Diff 34763.Dec 16 2023, 1:21 AM

formatting

Whitespace changes for formatting

Harbormaster completed remote builds in B25157: Diff 34767.Dec 16 2023, 2:12 AM

Harbormaster completed remote builds in B25159: Diff 34769.Dec 16 2023, 2:27 AM

will updated this revision to Diff 34811.Dec 18 2023, 12:37 PM

This comment was removed by will.

Harbormaster completed remote builds in B25194: Diff 34811.Dec 18 2023, 1:03 PM

will added 1 blocking reviewer(s): varun.Jan 3 2024, 1:39 PM

will removed a reviewer: bartek.