Service can freely communicate within a network

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>

ecs/README.md

@@ -55,11 +55,9 @@ according to the networks declared in Compose model. Doing so, services attached
 communicate together, while services from distinct SecurityGroups can't. We just can't set service aliasses per network.
 
 A CloudMap private namespace is created for application as `{project}.local`. Services get registered so that we 
-get service discovery and DNS round-robin (equivalent for Compose's `endpoint_mode: dnsrr`). Hostname-only service
+get service discovery and DNS round-robin (equivalent for Compose's `endpoint_mode: dnsrr`). Docker images SHOULD 
-discovery is enabled by running application containers with `LOCALDOMAIN={project}.local` 
+include a tiny entrypoint script to replicate this feature:
-(see [resolv.conf(5)](http://man7.org/linux/man-pages/man5/resolv.conf.5.html)). This works out-of-the-box for 
-debian-based Docker images. Alpine images have to include a tiny entrypoint script to replicate this feature:
 ```shell script
-if [ $LOCALDOMAIN ]; then echo "search ${LOCALDOMAIN}" >> /etc/resolv.conf; fi 
+if [ ! -z LOCALDOMAIN ]; then echo "search ${LOCALDOMAIN}" >> /etc/resolv.conf; fi 
 ```  
 

ecs/pkg/amazon/cloudformation.go

@@ -5,6 +5,8 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/compose-spec/compose-go/types"
+
 	"github.com/sirupsen/logrus"
 
 	cloudmapapi "github.com/aws/aws-sdk-go/service/servicediscovery"
@@ -77,9 +79,10 @@ func (c client) Convert(project *compose.Project) (*cloudformation.Template, err
 	}
 	cluster := cloudformation.If("CreateCluster", cloudformation.Ref("Cluster"), cloudformation.Ref(ParameterClusterName))
 
-	for net := range project.Networks {
+	for _, net := range project.Networks {
-		name, resource := convertNetwork(project, net, cloudformation.Ref(ParameterVPCId))
+		for k, v := range convertNetwork(project, net, cloudformation.Ref(ParameterVPCId)) {
-		template.Resources[name] = resource
+			template.Resources[k] = v
+		}
 	}
 
 	logGroup := fmt.Sprintf("/docker-compose/%s", project.Name)
@@ -204,25 +207,28 @@ func (c client) Convert(project *compose.Project) (*cloudformation.Template, err
 	return template, nil
 }
 
-func convertNetwork(project *compose.Project, net string, vpc string) (string, cloudformation.Resource) {
+func convertNetwork(project *compose.Project, net types.NetworkConfig, vpc string) map[string]cloudformation.Resource {
+	resources := map[string]cloudformation.Resource{}
 	var ingresses []ec2.SecurityGroup_Ingress
-	for _, service := range project.Services {
+	if !net.Internal {
-		if _, ok := service.Networks[net]; ok {
+		for _, service := range project.Services {
-			for _, port := range service.Ports {
+			if _, ok := service.Networks[net.Name]; ok {
-				ingresses = append(ingresses, ec2.SecurityGroup_Ingress{
+				for _, port := range service.Ports {
-					CidrIp:      "0.0.0.0/0",
+					ingresses = append(ingresses, ec2.SecurityGroup_Ingress{
-					Description: fmt.Sprintf("%s:%d/%s", service.Name, port.Target, port.Protocol),
+						CidrIp:      "0.0.0.0/0",
-					FromPort:    int(port.Target),
+						Description: fmt.Sprintf("%s:%d/%s", service.Name, port.Target, port.Protocol),
-					IpProtocol:  strings.ToUpper(port.Protocol),
+						FromPort:    int(port.Target),
-					ToPort:      int(port.Target),
+						IpProtocol:  strings.ToUpper(port.Protocol),
-				})
+						ToPort:      int(port.Target),
+					})
+				}
 			}
 		}
 	}
 
-	securityGroup := networkResourceName(project, net)
+	securityGroup := networkResourceName(project, net.Name)
-	resource := &ec2.SecurityGroup{
+	resources[securityGroup] = &ec2.SecurityGroup{
-		GroupDescription:     fmt.Sprintf("%s %s Security Group", project.Name, net),
+		GroupDescription:     fmt.Sprintf("%s %s Security Group", project.Name, net.Name),
 		GroupName:            securityGroup,
 		SecurityGroupIngress: ingresses,
 		VpcId:                vpc,
@@ -233,11 +239,20 @@ func convertNetwork(project *compose.Project, net string, vpc string) (string, c
 			},
 			{
 				Key:   NetworkTag,
-				Value: net,
+				Value: net.Name,
 			},
 		},
 	}
-	return securityGroup, resource
+
+	ingress := securityGroup + "Ingress"
+	resources[ingress] = &ec2.SecurityGroupIngress{
+		Description:           fmt.Sprintf("Allow communication within network %s", net.Name),
+		IpProtocol:            "-1", // all protocols
+		GroupId:               cloudformation.Ref(securityGroup),
+		SourceSecurityGroupId: cloudformation.Ref(securityGroup),
+	}
+
+	return resources
 }
 
 func networkResourceName(project *compose.Project, network string) string {

ecs/pkg/amazon/testdata/simple/simple-cloudformation-conversion.golden

@@ -232,6 +232,19 @@
         }
       },
       "Type": "AWS::EC2::SecurityGroup"
+    },
+    "TestSimpleConvertDefaultNetworkIngress": {
+      "Properties": {
+        "Description": "Allow communication within network default",
+        "GroupId": {
+          "Ref": "TestSimpleConvertDefaultNetwork"
+        },
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "TestSimpleConvertDefaultNetwork"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
     }
   }
 }

ecs/pkg/amazon/testdata/simple/simple-cloudformation-with-overrides-conversion.golden

@@ -232,6 +232,19 @@
         }
       },
       "Type": "AWS::EC2::SecurityGroup"
+    },
+    "TestSimpleWithOverridesDefaultNetworkIngress": {
+      "Properties": {
+        "Description": "Allow communication within network default",
+        "GroupId": {
+          "Ref": "TestSimpleWithOverridesDefaultNetwork"
+        },
+        "IpProtocol": "-1",
+        "SourceSecurityGroupId": {
+          "Ref": "TestSimpleWithOverridesDefaultNetwork"
+        }
+      },
+      "Type": "AWS::EC2::SecurityGroupIngress"
     }
   }
 }

ecs/pkg/amazon/up.go

@@ -54,6 +54,7 @@ func (c *client) ComposeUp(ctx context.Context, project *compose.Project) error
 		return err
 	}
 
+	fmt.Println()
 	return c.WaitStackCompletion(ctx, project.Name, StackCreate)
 }
 

ecs/pkg/compose/normalize.go

@@ -49,5 +49,34 @@ func Normalize(model *types.Config) error {
 		}
 		model.Services[i] = s
 	}
+
+	for i, n := range model.Networks {
+		if n.Name == "" {
+			n.Name = i
+			model.Networks[i] = n
+		}
+	}
+
+	for i, v := range model.Volumes {
+		if v.Name == "" {
+			v.Name = i
+			model.Volumes[i] = v
+		}
+	}
+
+	for i, c := range model.Configs {
+		if c.Name == "" {
+			c.Name = i
+			model.Configs[i] = c
+		}
+	}
+
+	for i, s := range model.Secrets {
+		if s.Name == "" {
+			s.Name = i
+			model.Secrets[i] = s
+		}
+	}
+
 	return nil
 }