Closed jilladams closed 1 year ago
Latest from Joshua regarding escalating to ESECC:
It passed VAEC technical review and is now at ISSO review and approval, this process takes a while.
Being tracked in RFC-009658 in the ESECC portal: https://esecc.va.gov/CGWeb/MainUI/Changemanagement/StaffRFC.aspx?boundtable=IChangeManagementTicket&CloseOnPerformAction=false&ID=12650&windowWidth=1050&openTime=1676411788165
ESECC approved: https://dsva.slack.com/archives/C0229UT3HSR/p1677597409530699?thread_ts=1674492166.999389&cid=C0229UT3HSR
Next step: Plat implementation. Then we can verify.
The ESECC ticket closed. Moving to testing the connectivity from within the expected subnets (ones that vets-api uses).
It appears we may need to escalate this to ESECC as some part of the connection between subnets/VPCs isn't allowing traffic though as expected. This may require coordination with CMS Devops engineers since they are the only ones on our team able to access resources on the test subnets.
@dsasser for next steps, I'll be a bit of a bottleneck these days -- are you comfortable chasing that? Let me know if/where you get blocked and happy to help with unblocking as needed. (I recognize you have a sprint goal on another ticket, so let's discuss if this isn't actually practical given your other commitments.)
Backend refinement update:
It has come to my attention that I may have misunderstood how SOCKS can play a role with accessing the VES database from a local dev environment. It is likely to be impossible to reach the database from SOCKS alone. If it turns out to be true, this will make development difficult if at all possible with a live database connection.
We understood the VES database to be a "simpler" drop-in solution for the IncLim backend than rolling our own or utilizing the vets-api postgresql instance(s). With the "new" information about SOCKS, it may actually be more difficult to create and maintain the new API with the VES db as a backend. Since the vets-api postgresql db is native to vets-api powered APIs, there won't be such a challenge with initial development or maintenance with regards to limitations on the local side of things. That, along with the lack of Housebound limits in the VES database, may mean we should consider if VES is even worth pursuing over other alternatives. The viability of using vets-api postgresql hasn't been flushed out, but it is one of our options, and one that eliminates 3rd party-owned resources should it prove an acceptable option.
We tested connectivity from an ostensibly allowed subnet, but it was not successful. Testing over SOCKS was also not successful.
We need to fully validate the connectivity is/is not established by bringing in: Joshua Faulker, Eric Oliver, and Platform (probably Kyle Matheny since he has been involved already) to a troubleshooting call whereby we can fully validate connectivity status from all 3 subnets. This has proven difficult/impossible for two reasons: Platform has indicated they have high priority concerns, and Eric Oliver has been under tight sprint deadlines.
Progress on booking some of Eric's time: https://dsva.slack.com/archives/C03LFSPGV16/p1681231109596099?thread_ts=1680712011.784739&cid=C03LFSPGV16
We need confirmed tests in all 3 subnets before escalating to ESECC. Eric Oliver is slated to test in all 3 subnets using a java jar file delivered by Joshua Faulkner. This will do two things:
Relevant slack conversation: https://dsva.slack.com/archives/C0229UT3HSR/p1681836819887469?thread_ts=1674492166.999389&cid=C0229UT3HSR
Note: Covered in mid-sprint check in that this is at risk for not completely coming across the line in 82 (but still hopeful!) Understand the collab and dependencies here. (We knew all this walking into the sprint/sprint planning)
@olivereri tested connectivity to the Oracle database from 3 VPCs on 4/20/23. As Eric notes here, the tests had mixed results. The details are summarized below.
Production VPC: ❌ Failed Staging VPC: ❌ Failed Sandbox VPC: ✅ Successful
A small 🎉 for one ✅ .
A troubleshooting call is scheduled for Thursday May 11th with Network Edge Operations NOC, Joshua, myself, and Eric Oliver.
Connectivity established!
From the troubleshooting call on the 11th, the VA Network Edge Operations team noted they found a typo in the original implementation, and corrected this. Today, Eric successfully connected to the target network from all three subnets.
Options for VES-vets-api connection:
Don't want real-time – will migrate data periodically. Concerns are performance, outages, etc.
Option A: Import VES tables directly into vets-api
Option B: keep CSV process the way it is using S3 just automate export from VES
We picked Option B
Currently blocked awaiting Platform support (slack threads ongoing)
Description
https://dsva.slack.com/archives/C0229UT3HSR/p1674492166999389
The Oracle VES database we want to use for Income Limits backend must be accessible via vets-api in order to move forward. Joshua Faulkner owns that db and we are nudging integration with Platform team. Until that connection is established and can be tested, API is blocked.
Once they confirm it's available and testable, we can test and resolve this. This will unblock the next step of writing the actual API in Ruby.
Prereqs
Acceptance Criteria
Team
Please check the team(s) that will do this work.
CMS Team
Public Websites
Facilities
User support