From 3283bceac6cae74a02561438d83f8c934d074a2d Mon Sep 17 00:00:00 2001
From: Nicolas De Loof <nicolas.deloof@gmail.com>
Date: Mon, 25 May 2020 16:49:58 +0200
Subject: [PATCH] Support pull from ECR

close #58

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
---
 ecs/pkg/amazon/cloudformation.go                               | 1 +
 ecs/pkg/amazon/iam.go                                          | 1 +
 .../testdata/simple/simple-cloudformation-conversion.golden    | 3 ++-
 .../simple-cloudformation-with-overrides-conversion.golden     | 3 ++-
 4 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/ecs/pkg/amazon/cloudformation.go b/ecs/pkg/amazon/cloudformation.go
index 2eb6f1df8..eec6b854a 100644
--- a/ecs/pkg/amazon/cloudformation.go
+++ b/ecs/pkg/amazon/cloudformation.go
@@ -120,6 +120,7 @@ func (c client) Convert(project *compose.Project) (*cloudformation.Template, err
 			Policies:                 rolePolicies,
 			ManagedPolicyArns: []string{
 				ECSTaskExecutionPolicy,
+				ECRReadOnlyPolicy,
 			},
 		}
 		template.Resources[taskDefinition] = definition
diff --git a/ecs/pkg/amazon/iam.go b/ecs/pkg/amazon/iam.go
index 663577306..affcaaaef 100644
--- a/ecs/pkg/amazon/iam.go
+++ b/ecs/pkg/amazon/iam.go
@@ -2,6 +2,7 @@ package amazon
 
 const (
 	ECSTaskExecutionPolicy = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+	ECRReadOnlyPolicy      = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
 
 	ActionGetSecretValue = "secretsmanager:GetSecretValue"
 	ActionGetParameters  = "ssm:GetParameters"
diff --git a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
index 0910aaf34..0050bca06 100644
--- a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
+++ b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden
@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"
diff --git a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
index 7c4134382..328d627a4 100644
--- a/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
+++ b/ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden
@@ -217,7 +217,8 @@
           "Version": "2012-10-17"
         },
         "ManagedPolicyArns": [
-          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
+          "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
+          "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
         ]
       },
       "Type": "AWS::IAM::Role"