introduce awsResources to replace CloudFormation parameters

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
This commit is contained in:
Nicolas De Loof 2020-09-24 16:11:08 +02:00
Родитель b30cd649b9
Коммит 7034254911
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 9858809D6F8F6E7E
12 изменённых файлов: 510 добавлений и 581 удалений

278
ecs/awsResources.go Normal file
Просмотреть файл

@ -0,0 +1,278 @@
/*
Copyright 2020 Docker Compose CLI authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package ecs
import (
"context"
"fmt"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/awslabs/goformation/v4/cloudformation/ec2"
"github.com/awslabs/goformation/v4/cloudformation/elasticloadbalancingv2"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ecs"
"github.com/compose-spec/compose-go/types"
"github.com/sirupsen/logrus"
)
// awsResources hold the AWS component being used or created to support services definition
type awsResources struct {
sdk sdk
vpc string
subnets []string
cluster string
loadBalancer string
loadBalancerType string
securityGroups map[string]string
}
func (r *awsResources) serviceSecurityGroups(service types.ServiceConfig) []string {
var groups []string
for net := range service.Networks {
groups = append(groups, r.securityGroups[net])
}
return groups
}
func (r *awsResources) allSecurityGroups() []string {
var securityGroups []string
for _, r := range r.securityGroups {
securityGroups = append(securityGroups, r)
}
return securityGroups
}
// parse look into compose project for configured resource to use, and check they are valid
func (r *awsResources) parse(ctx context.Context, project *types.Project) error {
return findProjectFnError(ctx, project,
r.parseClusterExtension,
r.parseVPCExtension,
r.parseLoadBalancerExtension,
r.parseSecurityGroupExtension,
)
}
func (r *awsResources) parseClusterExtension(ctx context.Context, project *types.Project) error {
if x, ok := project.Extensions[extensionCluster]; ok {
cluster := x.(string)
ok, err := r.sdk.ClusterExists(ctx, cluster)
if err != nil {
return err
}
if !ok {
return fmt.Errorf("cluster does not exist: %s", cluster)
}
r.cluster = cluster
}
return nil
}
func (r *awsResources) parseVPCExtension(ctx context.Context, project *types.Project) error {
if x, ok := project.Extensions[extensionVPC]; ok {
vpc := x.(string)
err := r.sdk.CheckVPC(ctx, vpc)
if err != nil {
return err
}
r.vpc = vpc
} else {
defaultVPC, err := r.sdk.GetDefaultVPC(ctx)
if err != nil {
return err
}
r.vpc = defaultVPC
}
subNets, err := r.sdk.GetSubNets(ctx, r.vpc)
if err != nil {
return err
}
if len(subNets) < 2 {
return fmt.Errorf("VPC %s should have at least 2 associated subnets in different availability zones", r.vpc)
}
r.subnets = subNets
return nil
}
func (r *awsResources) parseLoadBalancerExtension(ctx context.Context, project *types.Project) error {
if x, ok := project.Extensions[extensionLoadBalancer]; ok {
loadBalancer := x.(string)
loadBalancerType, err := r.sdk.LoadBalancerType(ctx, loadBalancer)
if err != nil {
return err
}
required := getRequiredLoadBalancerType(project)
if loadBalancerType != required {
return fmt.Errorf("load balancer %s is of type %s, project require a %s", loadBalancer, loadBalancerType, required)
}
r.loadBalancer = loadBalancer
r.loadBalancerType = loadBalancerType
}
return nil
}
func (r *awsResources) parseSecurityGroupExtension(ctx context.Context, project *types.Project) error {
if r.securityGroups == nil {
r.securityGroups = make(map[string]string, len(project.Networks))
}
for name, net := range project.Networks {
if net.External.External {
r.securityGroups[name] = net.Name
}
if x, ok := net.Extensions[extensionSecurityGroup]; ok {
logrus.Warn("to use an existing security-group, use `network.external` and `network.name` in your compose file")
logrus.Debugf("Security Group for network %q set by user to %q", net.Name, x)
r.securityGroups[name] = x.(string)
}
}
return nil
}
// ensure all required resources pre-exists or are defined as cloudformation resources
func (r *awsResources) ensure(project *types.Project, template *cloudformation.Template) {
r.ensureCluster(project, template)
r.ensureNetworks(project, template)
r.ensureLoadBalancer(project, template)
}
func (r *awsResources) ensureCluster(project *types.Project, template *cloudformation.Template) {
if r.cluster != "" {
return
}
template.Resources["Cluster"] = &ecs.Cluster{
ClusterName: project.Name,
Tags: projectTags(project),
}
r.cluster = cloudformation.Ref("Cluster")
}
func (r *awsResources) ensureNetworks(project *types.Project, template *cloudformation.Template) {
if r.securityGroups == nil {
r.securityGroups = make(map[string]string, len(project.Networks))
}
for name, net := range project.Networks {
securityGroup := networkResourceName(name)
template.Resources[securityGroup] = &ec2.SecurityGroup{
GroupDescription: fmt.Sprintf("%s Security Group for %s network", project.Name, name),
GroupName: securityGroup,
VpcId: r.vpc,
Tags: networkTags(project, net),
}
ingress := securityGroup + "Ingress"
template.Resources[ingress] = &ec2.SecurityGroupIngress{
Description: fmt.Sprintf("Allow communication within network %s", name),
IpProtocol: "-1", // all protocols
GroupId: cloudformation.Ref(securityGroup),
SourceSecurityGroupId: cloudformation.Ref(securityGroup),
}
r.securityGroups[name] = cloudformation.Ref(securityGroup)
}
}
func (r *awsResources) ensureLoadBalancer(project *types.Project, template *cloudformation.Template) {
if r.loadBalancer != "" {
return
}
if allServices(project.Services, func(it types.ServiceConfig) bool {
return len(it.Ports) == 0
}) {
logrus.Debug("Application does not expose any public port, so no need for a LoadBalancer")
return
}
balancerType := getRequiredLoadBalancerType(project)
template.Resources["LoadBalancer"] = &elasticloadbalancingv2.LoadBalancer{
Scheme: elbv2.LoadBalancerSchemeEnumInternetFacing,
SecurityGroups: r.getLoadBalancerSecurityGroups(project),
Subnets: r.subnets,
Tags: projectTags(project),
Type: balancerType,
}
r.loadBalancer = cloudformation.Ref("LoadBalancer")
r.loadBalancerType = balancerType
}
func (r *awsResources) getLoadBalancerSecurityGroups(project *types.Project) []string {
securityGroups := []string{}
for name, network := range project.Networks {
if !network.Internal {
securityGroups = append(securityGroups, r.securityGroups[name])
}
}
return securityGroups
}
func getRequiredLoadBalancerType(project *types.Project) string {
loadBalancerType := elbv2.LoadBalancerTypeEnumNetwork
if allServices(project.Services, func(it types.ServiceConfig) bool {
return allPorts(it.Ports, portIsHTTP)
}) {
loadBalancerType = elbv2.LoadBalancerTypeEnumApplication
}
return loadBalancerType
}
func portIsHTTP(it types.ServicePortConfig) bool {
if v, ok := it.Extensions[extensionProtocol]; ok {
protocol := v.(string)
return protocol == "http" || protocol == "https"
}
return it.Target == 80 || it.Target == 443
}
type projectFn func(ctx context.Context, project *types.Project) error
func findProjectFnError(ctx context.Context, project *types.Project, funcs ...projectFn) error {
for _, fn := range funcs {
err := fn(ctx, project)
if err != nil {
return err
}
}
return nil
}
// predicate[types.ServiceConfig]
type servicePredicate func(it types.ServiceConfig) bool
// all[types.ServiceConfig]
func allServices(services types.Services, p servicePredicate) bool {
for _, s := range services {
if !p(s) {
return false
}
}
return true
}
// predicate[types.ServicePortConfig]
type portPredicate func(it types.ServicePortConfig) bool
// all[types.ServicePortConfig]
func allPorts(ports []types.ServicePortConfig, p portPredicate) bool {
for _, s := range ports {
if !p(s) {
return false
}
}
return true
}

Просмотреть файл

@ -73,10 +73,12 @@ func getEcsAPIService(ecsCtx store.EcsContext) (*ecsAPIService, error) {
return nil, err
}
sdk := newSDK(sess)
return &ecsAPIService{
ctx: ecsCtx,
Region: ecsCtx.Region,
SDK: newSDK(sess),
SDK: sdk,
resources: awsResources{sdk: sdk},
}, nil
}
@ -84,6 +86,7 @@ type ecsAPIService struct {
ctx store.EcsContext
Region string
SDK sdk
resources awsResources
}
func (a *ecsAPIService) ContainerService() containers.Service {

Просмотреть файл

@ -35,15 +35,6 @@ import (
"github.com/awslabs/goformation/v4/cloudformation/secretsmanager"
cloudmap "github.com/awslabs/goformation/v4/cloudformation/servicediscovery"
"github.com/compose-spec/compose-go/types"
"github.com/sirupsen/logrus"
)
const (
parameterClusterName = "ParameterClusterName"
parameterVPCId = "ParameterVPCId"
parameterSubnet1Id = "ParameterSubnet1Id"
parameterSubnet2Id = "ParameterSubnet2Id"
parameterLoadBalancerARN = "ParameterLoadBalancerARN"
)
func (b *ecsAPIService) Convert(ctx context.Context, project *types.Project) ([]byte, error) {
@ -52,7 +43,12 @@ func (b *ecsAPIService) Convert(ctx context.Context, project *types.Project) ([]
return nil, err
}
template, networks, err := b.convert(project)
err = b.resources.parse(ctx, project)
if err != nil {
return nil, err
}
template, err := b.convert(project)
if err != nil {
return nil, err
}
@ -68,7 +64,7 @@ func (b *ecsAPIService) Convert(ctx context.Context, project *types.Project) ([]
}
}
err = b.createCapacityProvider(ctx, project, networks, template)
err = b.createCapacityProvider(ctx, project, template)
if err != nil {
return nil, err
}
@ -77,86 +73,31 @@ func (b *ecsAPIService) Convert(ctx context.Context, project *types.Project) ([]
}
// Convert a compose project into a CloudFormation template
func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Template, map[string]string, error) { //nolint:gocyclo
func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Template, error) { //nolint:gocyclo
template := cloudformation.NewTemplate()
template.Description = "CloudFormation template created by Docker for deploying applications on Amazon ECS"
template.Parameters[parameterClusterName] = cloudformation.Parameter{
Type: "String",
Description: "Name of the ECS cluster to deploy to (optional)",
}
b.resources.ensure(project, template)
template.Parameters[parameterVPCId] = cloudformation.Parameter{
Type: "AWS::EC2::VPC::Id",
Description: "ID of the VPC",
}
/*
FIXME can't set subnets: Ref("SubnetIds") see https://github.com/awslabs/goformation/issues/282
template.Parameters["SubnetIds"] = cloudformation.Parameter{
Type: "List<AWS::EC2::Subnet::Id>",
Description: "The list of SubnetIds, for at least two Availability Zones in the region in your VPC",
}
*/
template.Parameters[parameterSubnet1Id] = cloudformation.Parameter{
Type: "AWS::EC2::Subnet::Id",
Description: "SubnetId, for Availability Zone 1 in the region in your VPC",
}
template.Parameters[parameterSubnet2Id] = cloudformation.Parameter{
Type: "AWS::EC2::Subnet::Id",
Description: "SubnetId, for Availability Zone 2 in the region in your VPC",
}
template.Parameters[parameterLoadBalancerARN] = cloudformation.Parameter{
Type: "String",
Description: "Name of the LoadBalancer to connect to (optional)",
}
template.Conditions["CreateCluster"] = cloudformation.Equals("", cloudformation.Ref(parameterClusterName))
cluster := createCluster(project, template)
networks := map[string]string{}
for _, net := range project.Networks {
networks[net.Name] = convertNetwork(project, net, cloudformation.Ref(parameterVPCId), template)
}
for i, s := range project.Secrets {
if s.External.External {
continue
}
secret, err := ioutil.ReadFile(s.File)
for name, secret := range project.Secrets {
err := b.createSecret(project, name, secret, template)
if err != nil {
return nil, nil, err
return nil, err
}
}
name := fmt.Sprintf("%sSecret", normalizeResourceName(s.Name))
template.Resources[name] = &secretsmanager.Secret{
Description: "",
SecretString: string(secret),
Tags: projectTags(project),
}
s.Name = cloudformation.Ref(name)
project.Secrets[i] = s
}
createLogGroup(project, template)
b.createLogGroup(project, template)
// Private DNS namespace will allow DNS name for the services to be <service>.<project>.local
createCloudMap(project, template)
loadBalancerARN := createLoadBalancer(project, template)
b.createCloudMap(project, template)
for _, service := range project.Services {
taskExecutionRole := b.createTaskExecutionRole(project, service, template)
taskRole := b.createTaskRole(service, template)
definition, err := convert(project, service)
definition, err := b.createTaskExecution(project, service)
if err != nil {
return nil, nil, err
return nil, err
}
taskExecutionRole := createTaskExecutionRole(project, service, template)
definition.ExecutionRoleArn = cloudformation.Ref(taskExecutionRole)
taskRole := createTaskRole(service, template)
if taskRole != "" {
definition.TaskRoleArn = cloudformation.Ref(taskRole)
}
@ -165,26 +106,24 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
template.Resources[taskDefinition] = definition
var healthCheck *cloudmap.Service_HealthCheckConfig
serviceRegistry := b.createServiceRegistry(service, template, healthCheck)
serviceRegistry := createServiceRegistry(service, template, healthCheck)
serviceSecurityGroups := []string{}
var (
dependsOn []string
serviceLB []ecs.Service_LoadBalancer
)
for _, port := range service.Ports {
for net := range service.Networks {
serviceSecurityGroups = append(serviceSecurityGroups, networks[net])
b.createIngress(service, net, port, template)
}
dependsOn := []string{}
serviceLB := []ecs.Service_LoadBalancer{}
if len(service.Ports) > 0 {
for _, port := range service.Ports {
protocol := strings.ToUpper(port.Protocol)
if getLoadBalancerType(project) == elbv2.LoadBalancerTypeEnumApplication {
if b.resources.loadBalancerType == elbv2.LoadBalancerTypeEnumApplication {
// we don't set Https as a certificate must be specified for HTTPS listeners
protocol = elbv2.ProtocolEnumHttp
}
if loadBalancerARN != "" {
targetGroupName := createTargetGroup(project, service, port, template, protocol)
listenerName := createListener(service, port, template, targetGroupName, loadBalancerARN, protocol)
targetGroupName := b.createTargetGroup(project, service, port, template, protocol)
listenerName := b.createListener(service, port, template, targetGroupName, b.resources.loadBalancer, protocol)
dependsOn = append(dependsOn, listenerName)
serviceLB = append(serviceLB, ecs.Service_LoadBalancer{
ContainerName: service.Name,
@ -192,8 +131,6 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
TargetGroupArn: cloudformation.Ref(targetGroupName),
})
}
}
}
desiredCount := 1
if service.Deploy != nil && service.Deploy.Replicas != nil {
@ -206,7 +143,7 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
minPercent, maxPercent, err := computeRollingUpdateLimits(service)
if err != nil {
return nil, nil, err
return nil, err
}
assignPublicIP := ecsapi.AssignPublicIpEnabled
@ -220,7 +157,7 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
template.Resources[serviceResourceName(service.Name)] = &ecs.Service{
AWSCloudFormationDependsOn: dependsOn,
Cluster: cluster,
Cluster: b.resources.cluster,
DesiredCount: desiredCount,
DeploymentController: &ecs.Service_DeploymentController{
Type: ecsapi.DeploymentControllerTypeEcs,
@ -235,11 +172,8 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
NetworkConfiguration: &ecs.Service_NetworkConfiguration{
AwsvpcConfiguration: &ecs.Service_AwsVpcConfiguration{
AssignPublicIp: assignPublicIP,
SecurityGroups: serviceSecurityGroups,
Subnets: []string{
cloudformation.Ref(parameterSubnet1Id),
cloudformation.Ref(parameterSubnet2Id),
},
SecurityGroups: b.resources.serviceSecurityGroups(service),
Subnets: b.resources.subnets,
},
},
PlatformVersion: platformVersion,
@ -250,10 +184,46 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
TaskDefinition: cloudformation.Ref(normalizeResourceName(taskDefinition)),
}
}
return template, networks, nil
return template, nil
}
func createLogGroup(project *types.Project, template *cloudformation.Template) {
func (b *ecsAPIService) createIngress(service types.ServiceConfig, net string, port types.ServicePortConfig, template *cloudformation.Template) {
protocol := strings.ToUpper(port.Protocol)
if protocol == "" {
protocol = "-1"
}
ingress := fmt.Sprintf("%s%dIngress", normalizeResourceName(net), port.Target)
template.Resources[ingress] = &ec2.SecurityGroupIngress{
CidrIp: "0.0.0.0/0",
Description: fmt.Sprintf("%s:%d/%s on %s nextwork", service.Name, port.Target, port.Protocol, net),
GroupId: b.resources.securityGroups[net],
FromPort: int(port.Target),
IpProtocol: protocol,
ToPort: int(port.Target),
}
}
func (b *ecsAPIService) createSecret(project *types.Project, name string, s types.SecretConfig, template *cloudformation.Template) error {
if s.External.External {
return nil
}
sensitiveData, err := ioutil.ReadFile(s.File)
if err != nil {
return err
}
resource := fmt.Sprintf("%sSecret", normalizeResourceName(s.Name))
template.Resources[resource] = &secretsmanager.Secret{
Description: fmt.Sprintf("Secret %s", s.Name),
SecretString: string(sensitiveData),
Tags: projectTags(project),
}
s.Name = cloudformation.Ref(resource)
project.Secrets[name] = s
return nil
}
func (b *ecsAPIService) createLogGroup(project *types.Project, template *cloudformation.Template) {
retention := 0
if v, ok := project.Extensions[extensionRetention]; ok {
retention = v.(int)
@ -305,74 +275,9 @@ func computeRollingUpdateLimits(service types.ServiceConfig) (int, int, error) {
return minPercent, maxPercent, nil
}
func getLoadBalancerType(project *types.Project) string {
for _, service := range project.Services {
for _, port := range service.Ports {
protocol := port.Protocol
v, ok := port.Extensions[extensionProtocol]
if ok {
protocol = v.(string)
}
if protocol == "http" || protocol == "https" {
continue
}
if port.Published != 80 && port.Published != 443 {
return elbv2.LoadBalancerTypeEnumNetwork
}
}
}
return elbv2.LoadBalancerTypeEnumApplication
}
func getLoadBalancerSecurityGroups(project *types.Project, template *cloudformation.Template) []string {
securityGroups := []string{}
for _, network := range project.Networks {
if !network.Internal {
net := convertNetwork(project, network, cloudformation.Ref(parameterVPCId), template)
securityGroups = append(securityGroups, net)
}
}
return uniqueStrings(securityGroups)
}
func createLoadBalancer(project *types.Project, template *cloudformation.Template) string {
ports := 0
for _, service := range project.Services {
ports += len(service.Ports)
}
if ports == 0 {
// Project do not expose any port (batch jobs?)
// So no need to create a PortPublisher
return ""
}
// load balancer names are limited to 32 characters total
loadBalancerName := fmt.Sprintf("%.32s", fmt.Sprintf("%sLoadBalancer", strings.Title(project.Name)))
// Create PortPublisher if `ParameterLoadBalancerName` is not set
template.Conditions["CreateLoadBalancer"] = cloudformation.Equals("", cloudformation.Ref(parameterLoadBalancerARN))
loadBalancerType := getLoadBalancerType(project)
securityGroups := []string{}
if loadBalancerType == elbv2.LoadBalancerTypeEnumApplication {
securityGroups = getLoadBalancerSecurityGroups(project, template)
}
template.Resources[loadBalancerName] = &elasticloadbalancingv2.LoadBalancer{
Name: loadBalancerName,
Scheme: elbv2.LoadBalancerSchemeEnumInternetFacing,
SecurityGroups: securityGroups,
Subnets: []string{
cloudformation.Ref(parameterSubnet1Id),
cloudformation.Ref(parameterSubnet2Id),
},
Tags: projectTags(project),
Type: loadBalancerType,
AWSCloudFormationCondition: "CreateLoadBalancer",
}
return cloudformation.If("CreateLoadBalancer", cloudformation.Ref(loadBalancerName), cloudformation.Ref(parameterLoadBalancerARN))
}
func createListener(service types.ServiceConfig, port types.ServicePortConfig, template *cloudformation.Template, targetGroupName string, loadBalancerARN string, protocol string) string {
func (b *ecsAPIService) createListener(service types.ServiceConfig, port types.ServicePortConfig,
template *cloudformation.Template,
targetGroupName string, loadBalancerARN string, protocol string) string {
listenerName := fmt.Sprintf(
"%s%s%dListener",
normalizeResourceName(service.Name),
@ -401,7 +306,7 @@ func createListener(service types.ServiceConfig, port types.ServicePortConfig, t
return listenerName
}
func createTargetGroup(project *types.Project, service types.ServiceConfig, port types.ServicePortConfig, template *cloudformation.Template, protocol string) string {
func (b *ecsAPIService) createTargetGroup(project *types.Project, service types.ServiceConfig, port types.ServicePortConfig, template *cloudformation.Template, protocol string) string {
targetGroupName := fmt.Sprintf(
"%s%s%dTargetGroup",
normalizeResourceName(service.Name),
@ -414,12 +319,12 @@ func createTargetGroup(project *types.Project, service types.ServiceConfig, port
Protocol: protocol,
Tags: projectTags(project),
TargetType: elbv2.TargetTypeEnumIp,
VpcId: cloudformation.Ref(parameterVPCId),
VpcId: b.resources.vpc,
}
return targetGroupName
}
func createServiceRegistry(service types.ServiceConfig, template *cloudformation.Template, healthCheck *cloudmap.Service_HealthCheckConfig) ecs.Service_ServiceRegistry {
func (b *ecsAPIService) createServiceRegistry(service types.ServiceConfig, template *cloudformation.Template, healthCheck *cloudmap.Service_HealthCheckConfig) ecs.Service_ServiceRegistry {
serviceRegistration := fmt.Sprintf("%sServiceDiscoveryEntry", normalizeResourceName(service.Name))
serviceRegistry := ecs.Service_ServiceRegistry{
RegistryArn: cloudformation.GetAtt(serviceRegistration, "Arn"),
@ -446,9 +351,9 @@ func createServiceRegistry(service types.ServiceConfig, template *cloudformation
return serviceRegistry
}
func createTaskExecutionRole(project *types.Project, service types.ServiceConfig, template *cloudformation.Template) string {
func (b *ecsAPIService) createTaskExecutionRole(project *types.Project, service types.ServiceConfig, template *cloudformation.Template) string {
taskExecutionRole := fmt.Sprintf("%sTaskExecutionRole", normalizeResourceName(service.Name))
policies := createPolicies(project, service)
policies := b.createPolicies(project, service)
template.Resources[taskExecutionRole] = &iam.Role{
AssumeRolePolicyDocument: ecsTaskAssumeRolePolicyDocument,
Policies: policies,
@ -460,7 +365,7 @@ func createTaskExecutionRole(project *types.Project, service types.ServiceConfig
return taskExecutionRole
}
func createTaskRole(service types.ServiceConfig, template *cloudformation.Template) string {
func (b *ecsAPIService) createTaskRole(service types.ServiceConfig, template *cloudformation.Template) string {
taskRole := fmt.Sprintf("%sTaskRole", normalizeResourceName(service.Name))
rolePolicies := []iam.Role_Policy{}
if roles, ok := service.Extensions[extensionRole]; ok {
@ -485,88 +390,15 @@ func createTaskRole(service types.ServiceConfig, template *cloudformation.Templa
return taskRole
}
func createCluster(project *types.Project, template *cloudformation.Template) string {
template.Resources["Cluster"] = &ecs.Cluster{
ClusterName: project.Name,
Tags: projectTags(project),
AWSCloudFormationCondition: "CreateCluster",
}
cluster := cloudformation.If("CreateCluster", cloudformation.Ref("Cluster"), cloudformation.Ref(parameterClusterName))
return cluster
}
func createCloudMap(project *types.Project, template *cloudformation.Template) {
func (b *ecsAPIService) createCloudMap(project *types.Project, template *cloudformation.Template) {
template.Resources["CloudMap"] = &cloudmap.PrivateDnsNamespace{
Description: fmt.Sprintf("Service Map for Docker Compose project %s", project.Name),
Name: fmt.Sprintf("%s.local", project.Name),
Vpc: cloudformation.Ref(parameterVPCId),
Vpc: b.resources.vpc,
}
}
func convertNetwork(project *types.Project, net types.NetworkConfig, vpc string, template *cloudformation.Template) string {
if net.External.External {
return net.Name
}
if sg, ok := net.Extensions[extensionSecurityGroup]; ok {
logrus.Warn("to use an existing security-group, set `network.external` and `network.name` in your compose file")
logrus.Debugf("Security Group for network %q set by user to %q", net.Name, sg)
return sg.(string)
}
var ingresses []ec2.SecurityGroup_Ingress
if !net.Internal {
for _, service := range project.Services {
if _, ok := service.Networks[net.Name]; ok {
for _, port := range service.Ports {
protocol := strings.ToUpper(port.Protocol)
if protocol == "" {
protocol = "-1"
}
ingresses = append(ingresses, ec2.SecurityGroup_Ingress{
CidrIp: "0.0.0.0/0",
Description: fmt.Sprintf("%s:%d/%s", service.Name, port.Target, port.Protocol),
FromPort: int(port.Target),
IpProtocol: protocol,
ToPort: int(port.Target),
})
}
}
}
}
securityGroup := networkResourceName(project, net.Name)
template.Resources[securityGroup] = &ec2.SecurityGroup{
GroupDescription: fmt.Sprintf("%s %s Security Group", project.Name, net.Name),
GroupName: securityGroup,
SecurityGroupIngress: ingresses,
VpcId: vpc,
Tags: networkTags(project, net),
}
ingress := securityGroup + "Ingress"
template.Resources[ingress] = &ec2.SecurityGroupIngress{
Description: fmt.Sprintf("Allow communication within network %s", net.Name),
IpProtocol: "-1", // all protocols
GroupId: cloudformation.Ref(securityGroup),
SourceSecurityGroupId: cloudformation.Ref(securityGroup),
}
return cloudformation.Ref(securityGroup)
}
func networkResourceName(project *types.Project, network string) string {
return fmt.Sprintf("%s%sNetwork", normalizeResourceName(project.Name), normalizeResourceName(network))
}
func serviceResourceName(service string) string {
return fmt.Sprintf("%sService", normalizeResourceName(service))
}
func normalizeResourceName(s string) string {
return strings.Title(regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString(s, ""))
}
func createPolicies(project *types.Project, service types.ServiceConfig) []iam.Role_Policy {
func (b *ecsAPIService) createPolicies(project *types.Project, service types.ServiceConfig) []iam.Role_Policy {
var arns []string
if value, ok := service.Extensions[extensionPullCredentials]; ok {
arns = append(arns, value.(string))
@ -593,14 +425,14 @@ func createPolicies(project *types.Project, service types.ServiceConfig) []iam.R
return nil
}
func uniqueStrings(items []string) []string {
keys := make(map[string]bool)
unique := []string{}
for _, item := range items {
if _, val := keys[item]; !val {
keys[item] = true
unique = append(unique, item)
func networkResourceName(network string) string {
return fmt.Sprintf("%sNetwork", normalizeResourceName(network))
}
func serviceResourceName(service string) string {
return fmt.Sprintf("%sService", normalizeResourceName(service))
}
return unique
func normalizeResourceName(s string) string {
return strings.Title(regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString(s, ""))
}

Просмотреть файл

@ -170,13 +170,13 @@ networks:
back-tier:
internal: true
`)
assert.Check(t, template.Resources["TestPublicNetwork"] != nil)
assert.Check(t, template.Resources["TestBacktierNetwork"] != nil)
assert.Check(t, template.Resources["TestBacktierNetworkIngress"] != nil)
i := template.Resources["TestPublicNetworkIngress"]
assert.Check(t, template.Resources["FronttierNetwork"] != nil)
assert.Check(t, template.Resources["BacktierNetwork"] != nil)
assert.Check(t, template.Resources["BacktierNetworkIngress"] != nil)
i := template.Resources["FronttierNetworkIngress"]
assert.Check(t, i != nil)
ingress := *i.(*ec2.SecurityGroupIngress)
assert.Check(t, ingress.SourceSecurityGroupId == cloudformation.Ref("TestPublicNetwork"))
assert.Check(t, ingress.SourceSecurityGroupId == cloudformation.Ref("FronttierNetwork"))
}
@ -187,13 +187,6 @@ func TestLoadBalancerTypeApplication(t *testing.T) {
image: nginx
ports:
- 80:80
`,
`services:
test:
image: nginx
ports:
- target: 8080
protocol: http
`,
`services:
test:
@ -205,7 +198,7 @@ func TestLoadBalancerTypeApplication(t *testing.T) {
}
for _, y := range cases {
template := convertYaml(t, y)
lb := template.Resources["TestLoadBalancer"]
lb := template.Resources["LoadBalancer"]
assert.Check(t, lb != nil)
loadBalancer := *lb.(*elasticloadbalancingv2.LoadBalancer)
assert.Check(t, len(loadBalancer.Name) <= 32)
@ -328,7 +321,7 @@ services:
memory: 2043248M
`)
backend := &ecsAPIService{}
_, _, err := backend.convert(model)
_, err := backend.convert(model)
assert.ErrorContains(t, err, "the resources requested are not supported by ECS/Fargate")
}
@ -341,7 +334,7 @@ services:
- 80:80
- 88:88
`)
lb := template.Resources["TestLoadBalancer"]
lb := template.Resources["LoadBalancer"]
assert.Check(t, lb != nil)
loadBalancer := *lb.(*elasticloadbalancingv2.LoadBalancer)
assert.Check(t, loadBalancer.Type == elbv2.LoadBalancerTypeEnumNetwork)
@ -411,8 +404,13 @@ services:
}
func convertResultAsString(t *testing.T, project *types.Project) string {
backend := &ecsAPIService{}
template, _, err := backend.convert(project)
backend := &ecsAPIService{
resources: awsResources{
vpc: "vpcID",
subnets: []string{"subnet1", "subnet2"},
},
}
template, err := backend.convert(project)
assert.NilError(t, err)
resultAsJSON, err := marshall(template)
assert.NilError(t, err)
@ -432,7 +430,7 @@ func load(t *testing.T, paths ...string) *types.Project {
func convertYaml(t *testing.T, yaml string) *cloudformation.Template {
project := loadConfig(t, yaml)
backend := &ecsAPIService{}
template, _, err := backend.convert(project)
template, err := backend.convert(project)
assert.NilError(t, err)
return template
}

Просмотреть файл

@ -27,6 +27,7 @@ import (
"time"
"github.com/aws/aws-sdk-go/aws"
ecsapi "github.com/aws/aws-sdk-go/service/ecs"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ecs"
@ -39,7 +40,7 @@ import (
const secretsInitContainerImage = "docker/ecs-secrets-sidecar"
func convert(project *types.Project, service types.ServiceConfig) (*ecs.TaskDefinition, error) {
func (b *ecsAPIService) createTaskExecution(project *types.Project, service types.ServiceConfig) (*ecs.TaskDefinition, error) {
cpu, mem, err := toLimits(service)
if err != nil {
return nil, err

Просмотреть файл

@ -28,7 +28,7 @@ import (
"github.com/compose-spec/compose-go/types"
)
func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *types.Project, networks map[string]string, template *cloudformation.Template) error {
func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *types.Project, template *cloudformation.Template) error {
var ec2 bool
for _, s := range project.Services {
if requireEC2(s) {
@ -51,11 +51,6 @@ func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *typ
return err
}
var securityGroups []string
for _, r := range networks {
securityGroups = append(securityGroups, r)
}
template.Resources["CapacityProvider"] = &ecs.CapacityProvider{
AutoScalingGroupProvider: &ecs.CapacityProvider_AutoScalingGroupProvider{
AutoScalingGroupArn: cloudformation.Ref("AutoscalingGroup"),
@ -64,18 +59,13 @@ func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *typ
},
},
Tags: projectTags(project),
AWSCloudFormationCondition: "CreateCluster",
}
template.Resources["AutoscalingGroup"] = &autoscaling.AutoScalingGroup{
LaunchConfigurationName: cloudformation.Ref("LaunchConfiguration"),
MaxSize: "10", //TODO
MinSize: "1",
VPCZoneIdentifier: []string{
cloudformation.Ref(parameterSubnet1Id),
cloudformation.Ref(parameterSubnet2Id),
},
AWSCloudFormationCondition: "CreateCluster",
VPCZoneIdentifier: b.resources.subnets,
}
userData := base64.StdEncoding.EncodeToString([]byte(
@ -84,15 +74,13 @@ func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *typ
template.Resources["LaunchConfiguration"] = &autoscaling.LaunchConfiguration{
ImageId: ami,
InstanceType: machineType,
SecurityGroups: securityGroups,
SecurityGroups: b.resources.allSecurityGroups(),
IamInstanceProfile: cloudformation.Ref("EC2InstanceProfile"),
UserData: userData,
AWSCloudFormationCondition: "CreateCluster",
}
template.Resources["EC2InstanceProfile"] = &iam.InstanceProfile{
Roles: []string{cloudformation.Ref("EC2InstanceRole")},
AWSCloudFormationCondition: "CreateCluster",
}
template.Resources["EC2InstanceRole"] = &iam.Role{
@ -101,7 +89,6 @@ func (b *ecsAPIService) createCapacityProvider(ctx context.Context, project *typ
ecsEC2InstanceRole,
},
Tags: projectTags(project),
AWSCloudFormationCondition: "CreateCluster",
}
cluster := template.Resources["Cluster"].(*ecs.Cluster)

Просмотреть файл

@ -25,18 +25,15 @@ import (
)
func (b *ecsAPIService) Ps(ctx context.Context, project string) ([]compose.ServiceStatus, error) {
parameters, err := b.SDK.ListStackParameters(ctx, project)
if err != nil {
return nil, err
}
cluster := parameters[parameterClusterName]
resources, err := b.SDK.ListStackResources(ctx, project)
if err != nil {
return nil, err
}
servicesARN := []string{}
var (
cluster = project
servicesARN []string
)
for _, r := range resources {
switch r.Type {
case "AWS::ECS::Service":
@ -45,6 +42,7 @@ func (b *ecsAPIService) Ps(ctx context.Context, project string) ([]compose.Servi
cluster = r.ARN
}
}
if len(servicesARN) == 0 {
return nil, nil
}

Просмотреть файл

@ -196,22 +196,13 @@ func (s sdk) StackExists(ctx context.Context, name string) (bool, error) {
return len(stacks.Stacks) > 0, nil
}
func (s sdk) CreateStack(ctx context.Context, name string, template []byte, parameters map[string]string) error {
func (s sdk) CreateStack(ctx context.Context, name string, template []byte) error {
logrus.Debug("Create CloudFormation stack")
param := []*cloudformation.Parameter{}
for name, value := range parameters {
param = append(param, &cloudformation.Parameter{
ParameterKey: aws.String(name),
ParameterValue: aws.String(value),
})
}
_, err := s.CF.CreateStackWithContext(ctx, &cloudformation.CreateStackInput{
OnFailure: aws.String("DELETE"),
StackName: aws.String(name),
TemplateBody: aws.String(string(template)),
Parameters: param,
TimeoutInMinutes: nil,
Capabilities: []*string{
aws.String(cloudformation.CapabilityCapabilityIam),
@ -226,24 +217,15 @@ func (s sdk) CreateStack(ctx context.Context, name string, template []byte, para
return err
}
func (s sdk) CreateChangeSet(ctx context.Context, name string, template []byte, parameters map[string]string) (string, error) {
func (s sdk) CreateChangeSet(ctx context.Context, name string, template []byte) (string, error) {
logrus.Debug("Create CloudFormation Changeset")
param := []*cloudformation.Parameter{}
for name := range parameters {
param = append(param, &cloudformation.Parameter{
ParameterKey: aws.String(name),
UsePreviousValue: aws.Bool(true),
})
}
update := fmt.Sprintf("Update%s", time.Now().Format("2006-01-02-15-04-05"))
changeset, err := s.CF.CreateChangeSetWithContext(ctx, &cloudformation.CreateChangeSetInput{
ChangeSetName: aws.String(update),
ChangeSetType: aws.String(cloudformation.ChangeSetTypeUpdate),
StackName: aws.String(name),
TemplateBody: aws.String(string(template)),
Parameters: param,
Capabilities: []*string{
aws.String(cloudformation.CapabilityCapabilityIam),
},
@ -647,15 +629,18 @@ func (s sdk) GetPublicIPs(ctx context.Context, interfaces ...string) (map[string
return publicIPs, nil
}
func (s sdk) LoadBalancerExists(ctx context.Context, arn string) (bool, error) {
logrus.Debug("CheckRequirements if PortPublisher exists: ", arn)
func (s sdk) LoadBalancerType(ctx context.Context, arn string) (string, error) {
logrus.Debug("Check if LoadBalancer exists: ", arn)
lbs, err := s.ELB.DescribeLoadBalancersWithContext(ctx, &elbv2.DescribeLoadBalancersInput{
LoadBalancerArns: []*string{aws.String(arn)},
})
if err != nil {
return false, err
return "", err
}
return len(lbs.LoadBalancers) > 0, nil
if len(lbs.LoadBalancers) == 0 {
return "", fmt.Errorf("load balancer does not exist: %s", arn)
}
return aws.StringValue(lbs.LoadBalancers[0].Type), nil
}
func (s sdk) GetLoadBalancerURL(ctx context.Context, arn string) (string, error) {

Просмотреть файл

@ -1,59 +1,15 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"CreateCluster": {
"Fn::Equals": [
"",
{
"Ref": "ParameterClusterName"
}
]
},
"CreateLoadBalancer": {
"Fn::Equals": [
"",
{
"Ref": "ParameterLoadBalancerARN"
}
]
}
},
"Description": "CloudFormation template created by Docker for deploying applications on Amazon ECS",
"Parameters": {
"ParameterClusterName": {
"Description": "Name of the ECS cluster to deploy to (optional)",
"Type": "String"
},
"ParameterLoadBalancerARN": {
"Description": "Name of the LoadBalancer to connect to (optional)",
"Type": "String"
},
"ParameterSubnet1Id": {
"Description": "SubnetId, for Availability Zone 1 in the region in your VPC",
"Type": "AWS::EC2::Subnet::Id"
},
"ParameterSubnet2Id": {
"Description": "SubnetId, for Availability Zone 2 in the region in your VPC",
"Type": "AWS::EC2::Subnet::Id"
},
"ParameterVPCId": {
"Description": "ID of the VPC",
"Type": "AWS::EC2::VPC::Id"
}
},
"Resources": {
"CloudMap": {
"Properties": {
"Description": "Service Map for Docker Compose project TestSimpleConvert",
"Name": "TestSimpleConvert.local",
"Vpc": {
"Ref": "ParameterVPCId"
}
"Vpc": "vpcID"
},
"Type": "AWS::ServiceDiscovery::PrivateDnsNamespace"
},
"Cluster": {
"Condition": "CreateCluster",
"Properties": {
"ClusterName": "TestSimpleConvert",
"Tags": [
@ -65,6 +21,72 @@
},
"Type": "AWS::ECS::Cluster"
},
"Default80Ingress": {
"Properties": {
"CidrIp": "0.0.0.0/0",
"Description": "simple:80/tcp on default nextwork",
"FromPort": 80,
"GroupId": {
"Ref": "DefaultNetwork"
},
"IpProtocol": "TCP",
"ToPort": 80
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"DefaultNetwork": {
"Properties": {
"GroupDescription": "TestSimpleConvert Security Group for default network",
"GroupName": "DefaultNetwork",
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
},
{
"Key": "com.docker.compose.network",
"Value": "default"
}
],
"VpcId": "vpcID"
},
"Type": "AWS::EC2::SecurityGroup"
},
"DefaultNetworkIngress": {
"Properties": {
"Description": "Allow communication within network default",
"GroupId": {
"Ref": "DefaultNetwork"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "DefaultNetwork"
}
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"LoadBalancer": {
"Properties": {
"Scheme": "internet-facing",
"SecurityGroups": [
{
"Ref": "DefaultNetwork"
}
],
"Subnets": [
"subnet1",
"subnet2"
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
}
],
"Type": "application"
},
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer"
},
"LogGroup": {
"Properties": {
"LogGroupName": "/docker-compose/TestSimpleConvert"
@ -77,16 +99,8 @@
],
"Properties": {
"Cluster": {
"Fn::If": [
"CreateCluster",
{
"Ref": "Cluster"
},
{
"Ref": "ParameterClusterName"
}
]
},
"DeploymentConfiguration": {
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
@ -110,16 +124,12 @@
"AssignPublicIp": "ENABLED",
"SecurityGroups": [
{
"Ref": "TestSimpleConvertDefaultNetwork"
"Ref": "DefaultNetwork"
}
],
"Subnets": [
{
"Ref": "ParameterSubnet1Id"
},
{
"Ref": "ParameterSubnet2Id"
}
"subnet1",
"subnet2"
]
}
},
@ -191,15 +201,7 @@
}
],
"LoadBalancerArn": {
"Fn::If": [
"CreateLoadBalancer",
{
"Ref": "TestSimpleConvertLoadBalancer"
},
{
"Ref": "ParameterLoadBalancerARN"
}
]
"Ref": "LoadBalancer"
},
"Port": 80,
"Protocol": "HTTP"
@ -217,9 +219,7 @@
}
],
"TargetType": "ip",
"VpcId": {
"Ref": "ParameterVPCId"
}
"VpcId": "vpcID"
},
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup"
},
@ -304,76 +304,6 @@
]
},
"Type": "AWS::IAM::Role"
},
"TestSimpleConvertDefaultNetwork": {
"Properties": {
"GroupDescription": "TestSimpleConvert default Security Group",
"GroupName": "TestSimpleConvertDefaultNetwork",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "simple:80/tcp",
"FromPort": 80,
"IpProtocol": "TCP",
"ToPort": 80
}
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
},
{
"Key": "com.docker.compose.network",
"Value": "default"
}
],
"VpcId": {
"Ref": "ParameterVPCId"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"TestSimpleConvertDefaultNetworkIngress": {
"Properties": {
"Description": "Allow communication within network default",
"GroupId": {
"Ref": "TestSimpleConvertDefaultNetwork"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "TestSimpleConvertDefaultNetwork"
}
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"TestSimpleConvertLoadBalancer": {
"Condition": "CreateLoadBalancer",
"Properties": {
"Name": "TestSimpleConvertLoadBalancer",
"Scheme": "internet-facing",
"SecurityGroups": [
{
"Ref": "TestSimpleConvertDefaultNetwork"
}
],
"Subnets": [
{
"Ref": "ParameterSubnet1Id"
},
{
"Ref": "ParameterSubnet2Id"
}
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
}
],
"Type": "application"
},
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer"
}
}
}

Просмотреть файл

@ -32,42 +32,11 @@ func (b *ecsAPIService) Up(ctx context.Context, project *types.Project) error {
return err
}
cluster, err := b.GetCluster(ctx, project)
if err != nil {
return err
}
template, err := b.Convert(ctx, project)
if err != nil {
return err
}
vpc, err := b.GetVPC(ctx, project)
if err != nil {
return err
}
subNets, err := b.SDK.GetSubNets(ctx, vpc)
if err != nil {
return err
}
if len(subNets) < 2 {
return fmt.Errorf("VPC %s should have at least 2 associated subnets in different availability zones", vpc)
}
lb, err := b.GetLoadBalancer(ctx, project)
if err != nil {
return err
}
parameters := map[string]string{
parameterClusterName: cluster,
parameterVPCId: vpc,
parameterSubnet1Id: subNets[0],
parameterSubnet2Id: subNets[1],
parameterLoadBalancerARN: lb,
}
update, err := b.SDK.StackExists(ctx, project.Name)
if err != nil {
return err
@ -75,7 +44,7 @@ func (b *ecsAPIService) Up(ctx context.Context, project *types.Project) error {
operation := stackCreate
if update {
operation = stackUpdate
changeset, err := b.SDK.CreateChangeSet(ctx, project.Name, template, parameters)
changeset, err := b.SDK.CreateChangeSet(ctx, project.Name, template)
if err != nil {
return err
}
@ -84,7 +53,7 @@ func (b *ecsAPIService) Up(ctx context.Context, project *types.Project) error {
return err
}
} else {
err = b.SDK.CreateStack(ctx, project.Name, template, parameters)
err = b.SDK.CreateStack(ctx, project.Name, template)
if err != nil {
return err
}
@ -101,55 +70,3 @@ func (b *ecsAPIService) Up(ctx context.Context, project *types.Project) error {
err = b.WaitStackCompletion(ctx, project.Name, operation)
return err
}
func (b ecsAPIService) GetVPC(ctx context.Context, project *types.Project) (string, error) {
var vpcID string
//check compose file for custom VPC selected
if vpc, ok := project.Extensions[extensionVPC]; ok {
vpcID = vpc.(string)
} else {
defaultVPC, err := b.SDK.GetDefaultVPC(ctx)
if err != nil {
return "", err
}
vpcID = defaultVPC
}
err := b.SDK.CheckVPC(ctx, vpcID)
if err != nil {
return "", err
}
return vpcID, nil
}
func (b ecsAPIService) GetLoadBalancer(ctx context.Context, project *types.Project) (string, error) {
//check compose file for custom VPC selected
if ext, ok := project.Extensions[extensionLB]; ok {
lb := ext.(string)
ok, err := b.SDK.LoadBalancerExists(ctx, lb)
if err != nil {
return "", err
}
if !ok {
return "", fmt.Errorf("load balancer does not exist: %s", lb)
}
return lb, nil
}
return "", nil
}
func (b ecsAPIService) GetCluster(ctx context.Context, project *types.Project) (string, error) {
//check compose file for custom VPC selected
if ext, ok := project.Extensions[extensionCluster]; ok {
cluster := ext.(string)
ok, err := b.SDK.ClusterExists(ctx, cluster)
if err != nil {
return "", err
}
if !ok {
return "", fmt.Errorf("cluster does not exist: %s", cluster)
}
return cluster, nil
}
return "", nil
}

Просмотреть файл

@ -38,7 +38,7 @@ func (b *ecsAPIService) createNFSmountIngress(securityGroups []string, project *
if ext, ok := network.Extensions[extensionSecurityGroup]; ok {
source = ext.(string)
} else {
source = networkResourceName(project, net)
source = networkResourceName(net)
}
break
}

Просмотреть файл

@ -20,7 +20,7 @@ const (
extensionSecurityGroup = "x-aws-securitygroup"
extensionVPC = "x-aws-vpc"
extensionPullCredentials = "x-aws-pull_credentials"
extensionLB = "x-aws-loadbalancer"
extensionLoadBalancer = "x-aws-loadbalancer"
extensionProtocol = "x-aws-protocol"
extensionCluster = "x-aws-cluster"
extensionKeys = "x-aws-keys"