fix: Add the ability to configure policy for cross cluster OpenSearch #31
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ofirmac
changed the title
ofirmac
changed the title
ofirmac
changed the title
bryantbiggs
requested changes
Nov 29, 2024
| [for path in try(statement.value.resource_paths, ["*"]) : "${aws_opensearch_domain.this[0].arn}/${path}"] | ||
| [ | ||
| for path in try(statement.value.resource_paths, ["*"]) : | ||
| "${aws_opensearch_domain.this[0].arn}${path == "/*" ? "/*" : path}" |
There was a problem hiding this comment.
this is a breaking change because the assumption by users is that / is already there
|
This PR has been automatically marked as stale because it has been open 30 days |
|
This PR was automatically closed because of stale in 10 days |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This change modifies the default behavior of the policy creation for cross-cluster access in AWS OpenSearch. Specifically, it enables the creation of policies with the "es:ESCrossClusterGet" action without the
/*suffix at the end of the ARN, as required by AWS for certain cross-cluster access configurations.Motivation and Context
The modification aligns with the AWS documentation for cross-cluster replication (link to AWS article), which specifies that the
Actionfield for cross-cluster requests must omit the/*suffix. By default, this change ensures the correct format for the policy without impacting other configurations.Breaking Changes
No, this change does not break backward compatibility with the current major version.
How Has This Been Tested?
examples/*directory, as there are no existing examples for cross-cluster configurations.pre-commit run -aon my pull request with the following results: