tyler.durden/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2025-07-25 22:54:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Test we create the expected policy document for pull_credentials

Browse Source 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
This commit is contained in:
Nicolas De Loof 2020-06-08 11:28:15 +02:00
parent e88b11bc26
commit 1d11e847fb
No known key found for this signature in database
GPG Key ID: 9858809D6F8F6E7E
2 changed files with 23 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ecs/pkg/amazon/cloudformation.go
View File

@ -426,7 +426,6 @@ func normalizeResourceName(s string) string {
} }
func (c client) getPolicy(taskDef *ecs.TaskDefinition) (*PolicyDocument, error) { func (c client) getPolicy(taskDef *ecs.TaskDefinition) (*PolicyDocument, error) {
arns := []string{} arns := []string{}
for _, container := range taskDef.ContainerDefinitions { for _, container := range taskDef.ContainerDefinitions {
if container.RepositoryCredentials != nil { if container.RepositoryCredentials != nil {

28
ecs/pkg/amazon/cloudformation_test.go
View File

@ -4,15 +4,13 @@ import (
"fmt" "fmt"
"testing" "testing"
"github.com/awslabs/goformation/v4/cloudformation/ec2"
"github.com/awslabs/goformation/v4/cloudformation" "github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ec2"
"github.com/awslabs/goformation/v4/cloudformation/iam"
"github.com/compose-spec/compose-go/loader" "github.com/compose-spec/compose-go/loader"
"github.com/compose-spec/compose-go/types" "github.com/compose-spec/compose-go/types"
"gotest.tools/assert"
"github.com/docker/ecs-plugin/pkg/compose" "github.com/docker/ecs-plugin/pkg/compose"
"gotest.tools/assert"
"gotest.tools/v3/golden" "gotest.tools/v3/golden"
) )
@ -30,6 +28,26 @@ func TestSimpleWithOverrides(t *testing.T) {
golden.Assert(t, result, expected) golden.Assert(t, result, expected)
} }
func TestRolePolicy(t *testing.T) {
template := convertYaml(t, `
version: "3"
services:
foo:
image: hello_world
x-aws-pull_credentials: "secret"
`)
role := template.Resources["FooTaskExecutionRole"].(*iam.Role)
assert.Check(t, role != nil)
assert.Check(t, role.ManagedPolicyArns[0] == ECSTaskExecutionPolicy)
assert.Check(t, role.ManagedPolicyArns[1] == ECRReadOnlyPolicy)
// We expect an extra policy has been created for x-aws-pull_credentials
assert.Check(t, len(role.Policies) == 1)
policy := role.Policies[0].PolicyDocument.(*PolicyDocument)
expected := []string{"secretsmanager:GetSecretValue", "ssm:GetParameters", "kms:Decrypt"}
assert.DeepEqual(t, expected, policy.Statement[0].Action)
assert.DeepEqual(t, []string{"secret"}, policy.Statement[0].Resource)
}
func TestMapNetworksToSecurityGroups(t *testing.T) { func TestMapNetworksToSecurityGroups(t *testing.T) {
template := convertYaml(t, ` template := convertYaml(t, `
version: "3" version: "3"