Page MenuHomePhabricator

[Nix] Add more support for localstack
ClosedPublic

Authored by jon on May 9 2023, 11:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Mar 2, 3:42 PM
Unknown Object (File)
Feb 23 2024, 8:10 PM
Unknown Object (File)
Feb 23 2024, 7:31 PM
Unknown Object (File)
Feb 23 2024, 5:34 PM
Unknown Object (File)
Feb 23 2024, 5:11 PM
Unknown Object (File)
Feb 23 2024, 4:31 PM
Unknown Object (File)
Feb 9 2024, 3:59 AM
Unknown Object (File)
Dec 27 2023, 9:10 AM
Subscribers

Details

Summary

Improve localstack experience. The aws sdk crate
would fail unless you had aws credentials. This allows for
tunnelbroker to be ran with just localstack and "nix develop"

Part of: https://linear.app/comm/issue/ENG-3669

Test Plan
nix develop
comm-dev services start

cd services/terraform
./run.sh
awslocal dynamodb list-tables

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

scripts/source_development_defaults.sh
56–57 ↗(On Diff #26317)

One repercussion of this is that this will supersede what you have specified in ~/.aws/credentials.

One option would be to move this into comm-dev, however, nix develop already denotes a development environment; so having it use local configuration doesn't seem too far off the mark.

ashoat added 1 blocking reviewer(s): varun.

Makes sense to me, but would like @varun to take a look RE how this might affect an externally runnning staging environment

scripts/source_development_defaults.sh
56–57 ↗(On Diff #26317)

Curious on how this might affect a workflow that relies on an externally running staging environment.

If somebody wanted to access a staging environment on AWS, would they need to set these envvars in eg. their ~/.profile?

scripts/source_development_defaults.sh
56–57 ↗(On Diff #26317)

Curious on how this might affect a workflow that relies on an externally running staging environment.

This should only have an effect if you're running a service (e.g. identity) locally. Otherwise it shouldn't affect things such as keyserver connecting to a particular service.

If somebody wanted to access a staging environment on AWS, would they need to set these envvars in eg. their ~/.profile?

No. That's a separate issue. This mostly affects code which "loads aws credentials from environment". Such as https://github.com/CommE2E/comm/blob/ee8762ce834ca154fa61f4f0bdd88b927256f3b7/services/blob/src/config.rs#L54

There's 3 possibilities here:

  • Have valid aws credentials in ~/.aws, and localstack just won't use these, but will make calling code which uses aws happy (e.g. aws_sdk crate). However, it's not clear if you're using localstack or actual aws.
  • Have phony aws credentials in ~/.aws. Localstack won't use these, but will still make the calling code happy. However, this will overwrite legitimate aws use cases for a developer.
  • Set phony environment variables (this diff). Localstack doesn't care either way, but will make the calling code happy. These are just set for development, so shouldn't exist when deploying services.
This revision is now accepted and ready to land.May 15 2023, 4:20 AM
This revision was automatically updated to reflect the committed changes.