Page MenuHomePhabricator
Differential D9878

[terraform] [4/n] search_index_lambda terraform configuration options
ClosedPublic
Actions

Authored by will on Nov 13 2023, 11:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 19, 9:51 PM
Unknown Object (File)
Tue, Nov 12, 5:15 PM
Unknown Object (File)
Mon, Oct 28, 2:31 AM
Unknown Object (File)
Mon, Oct 28, 12:25 AM
Unknown Object (File)
Sat, Oct 26, 8:23 AM
Unknown Object (File)
Oct 20 2024, 6:37 PM
Unknown Object (File)
Oct 19 2024, 3:30 PM
Unknown Object (File)
Oct 18 2024, 6:16 AM
View All Files
Subscribers
ashoat
tomek

Details

Reviewers
varun
bartek
Group Reviewers
Restricted Owners Package(Owns No Changed Paths)
Commits
rCOMM4caa544f818b: [terraform] [4/n] search_index_lambda terraform configuration options
Summary

This adds support for search_index_lambda. This lambda consumes our DynamoDB stream for identity-users and then pushes these changes to OpenSearch

Depends on D9936
Depends on D10561

Test Plan

Verified terraform configuration on staging

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
will updated this revision to Diff 34128.Dec 1 2023, 8:41 AM

Restrict opensearch domain policy further

will planned changes to this revision.Dec 1 2023, 9:09 AM

Requires further discussion and planning of error handling. We'll need to set retry limits, batch sizes, and a failed-event destination so we can store failed entries in a queue.

Harbormaster failed remote builds in B24696: Diff 34128!Dec 1 2023, 9:13 AM
bartek mentioned this in D9875: [terraform] [1/n] adding Opensearch service.Dec 6 2023, 2:40 AM
will updated this revision to Diff 34346.Dec 6 2023, 10:42 AM

Remove rebase changes meant for [1/n]

Harbormaster failed remote builds in B24828: Diff 34346!Dec 6 2023, 10:58 AM
will planned changes to this revision.Dec 13 2023, 9:08 AM
will updated this revision to Diff 34755.Dec 15 2023, 6:20 PM

Add error handling 2 time max retry 60 seconds event time

Harbormaster failed remote builds in B25145: Diff 34755!Dec 15 2023, 6:34 PM
will updated this revision to Diff 34757.Dec 15 2023, 7:51 PM

Remove manage opensearch permissions to add to [1/n]

Harbormaster failed remote builds in B25147: Diff 34757!Dec 15 2023, 8:04 PM
will updated this revision to Diff 34759.Dec 15 2023, 8:17 PM

Set up with new search domain access and add back read stream policy

Harbormaster failed remote builds in B25149: Diff 34759!Dec 15 2023, 8:31 PM
will updated this revision to Diff 34760.Dec 16 2023, 12:34 AM

lambda role iam policy and manage opensearch domain policy

will updated this revision to Diff 34761.Dec 16 2023, 12:36 AM

terraform fmt

Harbormaster failed remote builds in B25150: Diff 34760!Dec 16 2023, 12:48 AM
Harbormaster failed remote builds in B25151: Diff 34761!
will updated this revision to Diff 34764.Dec 16 2023, 12:54 AM

rebase manage opensearch domain policy

will updated this revision to Diff 34765.Dec 16 2023, 12:57 AM

Remove leftover merge comments

Harbormaster failed remote builds in B25154: Diff 34764!Dec 16 2023, 1:05 AM
Harbormaster failed remote builds in B25155: Diff 34765!Dec 16 2023, 1:10 AM
will updated this revision to Diff 34766.Dec 16 2023, 1:19 AM

formatting

Harbormaster failed remote builds in B25156: Diff 34766!Dec 16 2023, 1:32 AM
will planned changes to this revision.Dec 17 2023, 11:55 PM

Need to rebase on terraform fmt

will updated this revision to Diff 34814.Dec 18 2023, 1:05 PM

add network interface permissions and output lambda arn

Harbormaster failed remote builds in B25197: Diff 34814!Dec 18 2023, 1:19 PM
will added a child revision: D10392: [services] [5/n] prefix search websocket server.Dec 18 2023, 9:38 PM
will planned changes to this revision.Dec 18 2023, 10:21 PM
will requested review of this revision.Dec 18 2023, 10:55 PM
will added inline comments.
services/terraform/modules/shared/search_index_lambda.tf
58

Will change example to search-index-lambda

will planned changes to this revision.Dec 18 2023, 11:21 PM

Will add dummy file and script for terraform apply and cargo lambda build

services/terraform/remote/aws_iam.tf
302

This will be changed to the actual arn of the lambda, not the iam_role

ashoat added inline comments.Dec 19 2023, 1:25 PM
services/terraform/remote/aws_iam.tf
321

Try to avoid unnecessary changes like this by reviewing git diff before you put a diff up

will updated this revision to Diff 35013.EditedDec 26 2023, 10:50 PM

Add dummy lambda bootstrap.zip, replace example, and remote terraform apply script

Owners added a reviewer: Restricted Owners Package.Dec 26 2023, 10:50 PM
Harbormaster failed remote builds in B25343: Diff 35013!Dec 26 2023, 11:03 PM
ashoat added a comment.Dec 27 2023, 6:15 AM

If bootstrap.zip is a dummy, why is it so large? 3 MiB is a lot to add to the Git repo

will updated this revision to Diff 35116.Dec 29 2023, 11:45 PM

lambda local dev support and commtest support

Harbormaster completed remote builds in B25415: Diff 35116.Dec 30 2023, 12:08 AM
will updated this revision to Diff 35117.Dec 30 2023, 12:25 AM

Reduce lambda size

will added a comment.Dec 30 2023, 12:34 AM
In D9878#302413, @ashoat wrote:

If bootstrap.zip is a dummy, why is it so large? 3 MiB is a lot to add to the Git repo

I was able to reduce the dummy to 725 KB by removing any extraneous dependencies. It's currently a minimally sized lambda but packaging the runtime makes this still decently large.

Hopefully, me and Bartek can figure out S3 buckets relatively soon as to replace this temporary solution. If not, another consideration might be to create a Node.js bootstrap.zip lambda which does not need to include a Rust runtime.

Harbormaster completed remote builds in B25416: Diff 35117.Dec 30 2023, 12:50 AM
ashoat added a comment.EditedDec 30 2023, 7:56 AM

Thanks for explaining! If you end up needing to commit the bootstrap.zip file to the repo, then before you land this diff, can you link a Linear task tracking migrating the file to an S3 bucket?

will added 1 blocking reviewer(s): varun.Jan 3 2024, 1:38 PM
varun requested changes to this revision.Jan 3 2024, 11:44 PM

how long does it take to build the lambda? if we're just adding the zip file to satisfy buildkite we could instead build and zip the lambda with a script similar to run.sh and call that script in the CI steps

services/docker-compose.yml
99 ↗(On Diff #35117)

why do we need this?

services/terraform/modules/shared/search_index_lambda.tf
39 ↗(On Diff #35117)

might be worth adding a comment here explaining why the count is 0 for dev

services/terraform/remote/run.sh
11 ↗(On Diff #35117)

this seems a little dangerous on staging/prod (especially prod). can we still require the user to confirm the changes before they're applied?

This revision now requires changes to proceed.Jan 3 2024, 11:44 PM
ashoat added a comment.Jan 4 2024, 5:55 AM
This comment was removed by ashoat.
will added a comment.Jan 4 2024, 7:44 AM
In D9878#303855, @varun wrote:

how long does it take to build the lambda? if we're just adding the zip file to satisfy buildkite we could instead build and zip the lambda with a script similar to run.sh and call that script in the CI steps

It doesn't take long at all to build the lambda. You're correct; the Zip file is purely there to satisfy buildkite. I definitely believe that removing the zip file and running a script in CI is the better solution.

services/docker-compose.yml
99 ↗(On Diff #35117)

Localstack, when simulating lambdas, uses Docker to run the rust binaries. This line enables the Docker socket in the Localstack container. If removed, there will be a "Docker not available" error

"/var/run/docker.sock:/var/run/docker.sock"

will marked an inline comment as not done.Jan 4 2024, 9:04 AM
will added inline comments.Jan 4 2024, 2:18 PM
services/terraform/modules/shared/search_index_lambda.tf
39 ↗(On Diff #35117)

Making this count = 0 is a mistake. Now that I'm trying to enable local dev with localstack, I'll remove this

will updated this revision to Diff 35230.Jan 4 2024, 2:50 PM

Remove bootstrap.zip and build in CI, address feedback

varun accepted this revision.Jan 4 2024, 3:09 PM
varun added inline comments.
services/terraform/modules/shared/search_index_lambda.tf
39 ↗(On Diff #35117)

so by omitting count entirely does it default to 1? i don't even see count in the docs

services/terraform/remote/run.sh
11 ↗(On Diff #35230)

so when we run this script now, what happens?

This revision is now accepted and ready to land.Jan 4 2024, 3:09 PM
Harbormaster completed remote builds in B25512: Diff 35230.Jan 4 2024, 3:16 PM
will added inline comments.Jan 4 2024, 3:19 PM
services/terraform/remote/run.sh
11 ↗(On Diff #35230)

It will build the lambda bootstrap.zip and move it to the search-index-lambda folder so that the terraform config files can pick up on it. Afterwards, we can just run terraform apply and it'll wait for user confirmation.

If you don't run it, terraform apply will complain that there is no bootstrap.zip file at the specified path.

will added inline comments.Jan 4 2024, 3:29 PM
services/terraform/modules/shared/search_index_lambda.tf
39 ↗(On Diff #35117)

Yeah, that's right. Omitting count guarantees a single instance of this resource.

does it default to 1?

So I don't believe that's exactly how it works. Whenever count is used in a resource, instances of the resource are then indexed. So if it was count = 1, we'd access this by aws_lambda_event_source_mapping.trigger[0]. If we never use count, there shouldn't be an index.

will updated this revision to Diff 35252.Jan 4 2024, 7:21 PM

Now need to include cargo lambda in dev install script

Harbormaster completed remote builds in B25520: Diff 35252.Jan 4 2024, 7:48 PM
bartek added inline comments.Jan 5 2024, 12:43 AM
services/terraform/modules/shared/search_index_lambda.tf
39 ↗(On Diff #35117)

Yeah, that's right. Omitting count guarantees a single instance of this resource.

does it default to 1?

So I don't believe that's exactly how it works. Whenever count is used in a resource, instances of the resource are then indexed. So if it was count = 1, we'd access this by aws_lambda_event_source_mapping.trigger[0]. If we never use count, there shouldn't be an index.

Exactly, count is a built-in Terraform meta-param that spawns multiple instances of a resource and gives ways to iterate through them, without code duplication

will edited the summary of this revision. (Show Details)Jan 6 2024, 6:50 AM
will added a parent revision: D10561: [nix] Upgrade to latest version of nixpkgs-unstable.
will updated this revision to Diff 35686.Jan 16 2024, 11:02 AM

Commtest and terraform use gitignored lambda target folder

Harbormaster completed remote builds in B25811: Diff 35686.Jan 16 2024, 11:21 AM
Closed by commit rCOMM4caa544f818b: [terraform] [4/n] search_index_lambda terraform configuration options (authored by will). · Explain WhyJan 16 2024, 4:08 PM
This revision was automatically updated to reflect the committed changes.
will added a commit: rCOMM4caa544f818b: [terraform] [4/n] search_index_lambda terraform configuration options.

Revision Contents
Changeset List

PathSize
services/
search-index-lambda/
terraform/
modules/
shared/
5 lines
62 lines
remote/
101 lines
5 lines

Diff 34814

View Options

services/search-index-lambda/.gitignore

Loading...
View Options

services/terraform/modules/shared/outputs.tf

Loading...
View Options

services/terraform/modules/shared/search_index_lambda.tf

Loading...
View Options

services/terraform/remote/aws_iam.tf

Loading...
View Options

services/terraform/remote/main.tf

Loading...