tyler.durden
/
compose
mirror of https://github.com/docker/compose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Import docker/ecs-plugin as ECS backend 

Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
This commit is contained in:
Nicolas De Loof 2020-08-17 21:29:22 +02:00
parent e749155839 9eb0a10517
commit 7715ee8e59
No known key found for this signature in database
GPG Key ID: 9858809D6F8F6E7E
71 changed files with 6438 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
ecs/Dockerfile Normal file
View File

@ -0,0 +1,57 @@
# syntax = docker/dockerfile:experimental
ARG GO_VERSION=1.14.4-alpine
ARG ALPINE_PKG_DOCKER_VERSION=19.03.12-r0
ARG GOLANGCI_LINT_VERSION=v1.27.0-alpine
FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION} AS base
WORKDIR /ecs-plugin
ENV GO111MODULE=on
ARG ALPINE_PKG_DOCKER_VERSION
RUN apk add --no-cache \
docker=${ALPINE_PKG_DOCKER_VERSION} \
make \
build-base
COPY go.* .
RUN --mount=type=cache,target=/go/pkg/mod \
go mod download
FROM base AS make-plugin
ARG TARGETOS
ARG TARGETARCH
ARG COMMIT
ARG TAG
COPY . .
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
GOOS=${TARGETOS} \
GOARCH=${TARGETARCH} \
make -f builder.Makefile build
FROM base AS make-cross
ARG COMMIT
ARG TAG
COPY . .
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
make -f builder.Makefile cross
FROM scratch AS build
COPY --from=make-plugin /ecs-plugin/dist/docker-ecs .
FROM scratch AS cross
COPY --from=make-cross /ecs-plugin/dist/* .
FROM make-plugin AS test
RUN --mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
make -f builder.Makefile test
FROM golangci/golangci-lint:${GOLANGCI_LINT_VERSION} AS lint-base
FROM base AS lint
COPY --from=lint-base /usr/bin/golangci-lint /usr/bin/golangci-lint
RUN --mount=target=. \
--mount=type=cache,target=/root/.cache/go-build \
--mount=type=cache,target=/go/pkg/mod \
--mount=type=cache,target=/root/.cache/golangci-lint \
make -f builder.Makefile lint

191
ecs/LICENSE Normal file
View File

@ -0,0 +1,191 @@
Apache License
Version 2.0, January 2004
https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2013-2018 Docker, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

48
ecs/Makefile Normal file
View File

@ -0,0 +1,48 @@
PLATFORM?=local
PWD=$(shell pwd)
export DOCKER_BUILDKIT=1
COMMIT := $(shell git rev-parse --short HEAD)
TAG := $(shell git describe --tags --dirty --match "v*")
.DEFAULT_GOAL := build
build: ## Build for the current
@docker build . \
--output ./dist \
--platform ${PLATFORM} \
--build-arg COMMIT=${COMMIT} \
--build-arg TAG=${TAG} \
--target build
cross: ## Cross build for linux, macos and windows
@docker build . \
--output ./dist \
--build-arg COMMIT=${COMMIT} \
--build-arg TAG=${TAG} \
--target cross
test: build ## Run tests
@docker build . \
--build-arg COMMIT=${COMMIT} \
--build-arg TAG=${TAG} \
--target test
e2e: build ## Run tests
go test ./... -v -tags=e2e
dev: build
@mkdir -p ~/.docker/cli-plugins/
ln -f -s "${PWD}/dist/docker-ecs" "${HOME}/.docker/cli-plugins/docker-ecs"
lint: ## Verify Go files
@docker build . --target lint
fmt: ## Format go files
go fmt ./...
clean:
rm -rf dist/
.PHONY: clean build test dev lint e2e cross fmt

110
ecs/README.md Normal file
View File

@ -0,0 +1,110 @@
# Docker CLI plugin for Amazon ECS
This was announced at AWS Cloud Containers Conference 2020, read the
[blog post](https://www.docker.com/blog/from-docker-straight-to-aws/).
## Status
:exclamation: The Docker ECS plugin is still in Beta.
Its design and UX will evolve until 1.0 Final release.
## Get started
If you're using macOS or Windows you just need to install
Docker Desktop **Edge** and you will have the ECS integration installed.
You can find links here:
- [macOS](https://hub.docker.com/editions/community/docker-ce-desktop-mac)
- [Windows](https://hub.docker.com/editions/community/docker-ce-desktop-windows)
Linux install instructions are [here](./docs/get-started-linux.md).
## Example and documentation
You can find an application for testing this in [example](./example).
You can find more documentation about using the Docker ECS integration
[here](https://docs.docker.com/engine/context/ecs-integration/).
## Architecture
The Docker ECS integration is a
[Docker CLI plugin](https://docs.docker.com/engine/extend/cli_plugins/)
with the root command of `ecs`.
It requires an AWS profile to select the AWS API credentials from
`~/.aws/credentials` as well as an AWS region. You can read more about CLI AWS
credential management
[here](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
Once setup, the AWS profile and region are stored in a Docker context.
A `compose.yaml` file is parsed and converted into a
[CloudFormation](https://aws.amazon.com/cloudformation/) template,
which is then used to create all application resources in dependent order.
Resources are cleaned up with the `down` command or in the case of a deployment
failure.
The architecture of the ECS integration is shown below:
```
+--------------------------------------+
| compose.yaml file |
+--------------------------------------+
- Load
+--------------------------------------+
| Compose Model |
+--------------------------------------+
- Validate
+--------------------------------------+
| Compose Model suitable for ECS |
+--------------------------------------+
- Convert
+--------------------------------------+
| CloudFormation Template |
+--------------------------------------+
- Apply
+--------------+ +----------------+
| AWS API | or | stack file |
+--------------+ +----------------+
```
* The _Load_ phase relies on
[compose-go](https://github.com/compose-spec/compose-go).
Any generic code we write for this purpose should be proposed upstream.
* The _Validate_ phase is responsible for injecting sane ECS defaults into the
compose-go model, and validating the `compose.yaml` file does not include
unsupported features.
* The _Convert_ phase produces a CloudFormation template to define all
application resources required to implement the application model on AWS.
* The _Apply_ phase does the actual apply of the CloudFormation template,
either by exporting to a stack file or to deploy on AWS.
## Application model
### Services
Compose services are mapped to ECS services. The Compose specification does not
have support for multi-container services (like Kubernetes pods) or sidecars.
When an ECS feature requires a sidecar, we use a custom Compose extension
(`x-aws-*`) to expose the ECS features as a service-level feature,
and keep the plumbing details from the user.
### Networking
We map the "network" abstraction from the Compose model to AWS security groups.
The whole application is created within a single VPC,
security groups are created per Compose network, including the implicit
`default` one.
Services are attached according to the networks declared in Compose model.
This approach means that services attached to a common security group can
communicate together, while services from distinct security groups cannot.
This matches the intent of the Compose network model with the limitation that we
cannot set service aliases per network.
A [CloudMap](https://aws.amazon.com/cloud-map/) private namespace is created for
each application as `{project}.local`. Services get registered so that we
have service discovery and DNS round-robin
(equivalent to Compose's `endpoint_mode: dnsrr`). Docker images SHOULD include
an entrypoint script to replicate this feature:
```shell script
if [ ! -z LOCALDOMAIN ]; then echo "search ${LOCALDOMAIN}" >> /etc/resolv.conf; fi
```

39
ecs/builder.Makefile Normal file
View File

@ -0,0 +1,39 @@
GOOS?=$(shell go env GOOS)
GOARCH?=$(shell go env GOARCH)
EXTENSION :=
ifeq ($(GOOS),windows)
EXTENSION := .exe
endif
STATIC_FLAGS=CGO_ENABLED=0
LDFLAGS := "-s -w \
-X github.com/docker/ecs-plugin/internal.GitCommit=$(COMMIT) \
-X github.com/docker/ecs-plugin/internal.Version=$(TAG)"
GO_BUILD=$(STATIC_FLAGS) go build -trimpath -ldflags=$(LDFLAGS)
BINARY=dist/docker-ecs
BINARY_WITH_EXTENSION=$(BINARY)$(EXTENSION)
export DOCKER_BUILDKIT=1
all: build
clean:
rm -rf dist/
build:
$(GO_BUILD) -v -o $(BINARY_WITH_EXTENSION) cmd/main/main.go
cross:
@GOOS=linux GOARCH=amd64 $(GO_BUILD) -v -o $(BINARY)-linux-amd64 cmd/main/main.go
@GOOS=darwin GOARCH=amd64 $(GO_BUILD) -v -o $(BINARY)-darwin-amd64 cmd/main/main.go
@GOOS=windows GOARCH=amd64 $(GO_BUILD) -v -o $(BINARY)-windows-amd64.exe cmd/main/main.go
test: ## Run tests
@$(STATIC_FLAGS) go test -cover $(shell go list ./... | grep -vE 'e2e')
lint: ## Verify Go files
$(STATIC_FLAGS) golangci-lint run --timeout 10m0s --config ./golangci.yaml ./...
.PHONY: all clean build cross test dev lint

152
ecs/cmd/commands/compose.go Normal file
View File

@ -0,0 +1,152 @@
package commands
import (
"context"
"fmt"
"io"
"os"
"strings"
"github.com/compose-spec/compose-go/cli"
"github.com/docker/cli/cli/command"
amazon "github.com/docker/ecs-plugin/pkg/amazon/backend"
"github.com/docker/ecs-plugin/pkg/amazon/cloudformation"
"github.com/docker/ecs-plugin/pkg/docker"
"github.com/docker/ecs-plugin/pkg/progress"
"github.com/spf13/cobra"
)
func ComposeCommand(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Use: "compose",
}
opts := &composeOptions{}
AddFlags(opts, cmd.Flags())
cmd.AddCommand(
ConvertCommand(dockerCli, opts),
UpCommand(dockerCli, opts),
DownCommand(dockerCli, opts),
LogsCommand(dockerCli, opts),
PsCommand(dockerCli, opts),
)
return cmd
}
type upOptions struct {
loadBalancerArn string
}
func (o upOptions) LoadBalancerArn() *string {
if o.loadBalancerArn == "" {
return nil
}
return &o.loadBalancerArn
}
func ConvertCommand(dockerCli command.Cli, options *composeOptions) *cobra.Command {
cmd := &cobra.Command{
Use: "convert",
RunE: WithAwsContext(dockerCli, func(ctx docker.AwsContext, backend *amazon.Backend, args []string) error {
opts, err := options.toProjectOptions()
if err != nil {
return err
}
project, err := cli.ProjectFromOptions(opts)
if err != nil {
return err
}
template, err := backend.Convert(project)
if err != nil {
return err
}
json, err := cloudformation.Marshall(template)
if err != nil {
return err
}
fmt.Printf("%s\n", string(json))
return nil
}),
}
return cmd
}
func UpCommand(dockerCli command.Cli, options *composeOptions) *cobra.Command {
opts := upOptions{}
cmd := &cobra.Command{
Use: "up",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
opts, err := options.toProjectOptions()
if err != nil {
return err
}
return progress.Run(context.Background(), func(ctx context.Context) error {
return backend.Up(ctx, opts)
})
}),
}
cmd.Flags().StringVar(&opts.loadBalancerArn, "load-balancer", "", "")
return cmd
}
func PsCommand(dockerCli command.Cli, options *composeOptions) *cobra.Command {
opts := upOptions{}
cmd := &cobra.Command{
Use: "ps",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
opts, err := options.toProjectOptions()
if err != nil {
return err
}
status, err := backend.Ps(context.Background(), opts)
if err != nil {
return err
}
printSection(os.Stdout, len(status), func(w io.Writer) {
for _, service := range status {
fmt.Fprintf(w, "%s\t%s\t%d/%d\t%s\n", service.ID, service.Name, service.Replicas, service.Desired, strings.Join(service.Ports, ", "))
}
}, "ID", "NAME", "REPLICAS", "PORTS")
return nil
}),
}
cmd.Flags().StringVar(&opts.loadBalancerArn, "load-balancer", "", "")
return cmd
}
type downOptions struct {
DeleteCluster bool
}
func DownCommand(dockerCli command.Cli, options *composeOptions) *cobra.Command {
opts := downOptions{}
cmd := &cobra.Command{
Use: "down",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
opts, err := options.toProjectOptions()
if err != nil {
return err
}
return progress.Run(context.Background(), func(ctx context.Context) error {
return backend.Down(ctx, opts)
})
}),
}
cmd.Flags().BoolVar(&opts.DeleteCluster, "delete-cluster", false, "Delete cluster")
return cmd
}
func LogsCommand(dockerCli command.Cli, options *composeOptions) *cobra.Command {
cmd := &cobra.Command{
Use: "logs [PROJECT NAME]",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
opts, err := options.toProjectOptions()
if err != nil {
return err
}
return backend.Logs(context.Background(), opts, os.Stdout)
}),
}
return cmd
}

31
ecs/cmd/commands/context.go Normal file
View File

@ -0,0 +1,31 @@
package commands
import (
"fmt"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/docker/cli/cli/command"
amazon "github.com/docker/ecs-plugin/pkg/amazon/backend"
"github.com/docker/ecs-plugin/pkg/docker"
"github.com/spf13/cobra"
)
type ContextFunc func(ctx docker.AwsContext, backend *amazon.Backend, args []string) error
func WithAwsContext(dockerCli command.Cli, f ContextFunc) func(cmd *cobra.Command, args []string) error {
return func(cmd *cobra.Command, args []string) error {
ctx, err := docker.GetAwsContext(dockerCli)
if err != nil {
return err
}
backend, err := amazon.NewBackend(ctx.Profile, ctx.Region)
if err != nil {
return err
}
err = f(*ctx, backend, args)
if e, ok := err.(awserr.Error); ok {
return fmt.Errorf(e.Message())
}
return err
}
}

28
ecs/cmd/commands/opts.go Normal file
View File

@ -0,0 +1,28 @@
package commands
import (
"github.com/compose-spec/compose-go/cli"
"github.com/spf13/pflag"
)
type composeOptions struct {
Name string
WorkingDir string
ConfigPaths []string
Environment []string
}
func AddFlags(o *composeOptions, flags *pflag.FlagSet) {
flags.StringArrayVarP(&o.ConfigPaths, "file", "f", nil, "Specify an alternate compose file")
flags.StringVarP(&o.Name, "project-name", "n", "", "Specify an alternate project name (default: directory name)")
flags.StringVarP(&o.WorkingDir, "workdir", "w", "", "Working directory")
flags.StringSliceVarP(&o.Environment, "environment", "e", []string{}, "Environment variables")
}
func (o *composeOptions) toProjectOptions() (*cli.ProjectOptions, error) {
return cli.NewProjectOptions(o.ConfigPaths,
cli.WithOsEnv,
cli.WithEnv(o.Environment),
cli.WithWorkingDirectory(o.WorkingDir),
cli.WithName(o.Name))
}

32
ecs/cmd/commands/root.go Normal file
View File

@ -0,0 +1,32 @@
package commands
import (
"fmt"
"github.com/docker/cli/cli/command"
"github.com/spf13/cobra"
)
// NewRootCmd returns the base root command.
func NewRootCmd(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Short: "Docker ECS",
Long: `run multi-container applications on Amazon ECS.`,
Use: "ecs",
Annotations: map[string]string{"experimentalCLI": "true"},
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) != 0 {
return fmt.Errorf("%q is not a docker ecs command\nSee 'docker ecs --help'", args[0])
}
cmd.Help()
return nil
},
}
cmd.AddCommand(
VersionCommand(),
ComposeCommand(dockerCli),
SecretCommand(dockerCli),
SetupCommand(),
)
return cmd
}

13
ecs/cmd/commands/root_test.go Normal file
View File

@ -0,0 +1,13 @@
package commands
import (
"testing"
"gotest.tools/v3/assert"
)
func TestUnknownCommand(t *testing.T) {
root := NewRootCmd(nil)
_, _, err := root.Find([]string{"unknown_command"})
assert.Error(t, err, "unknown command \"unknown_command\" for \"ecs\"")
}

140
ecs/cmd/commands/secret.go Normal file
View File

@ -0,0 +1,140 @@
package commands
import (
"context"
"errors"
"fmt"
"io"
"os"
"strings"
"text/tabwriter"
"github.com/docker/cli/cli/command"
amazon "github.com/docker/ecs-plugin/pkg/amazon/backend"
"github.com/docker/ecs-plugin/pkg/compose"
"github.com/docker/ecs-plugin/pkg/docker"
"github.com/spf13/cobra"
)
type createSecretOptions struct {
Label string
Username string
Password string
Description string
}
type deleteSecretOptions struct {
recover bool
}
func SecretCommand(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Use: "secret",
Short: "Manages secrets",
}
cmd.AddCommand(
CreateSecret(dockerCli),
InspectSecret(dockerCli),
ListSecrets(dockerCli),
DeleteSecret(dockerCli),
)
return cmd
}
func CreateSecret(dockerCli command.Cli) *cobra.Command {
opts := createSecretOptions{}
cmd := &cobra.Command{
Use: "create NAME",
Short: "Creates a secret.",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
if len(args) == 0 {
return errors.New("Missing mandatory parameter: NAME")
}
name := args[0]
secret := compose.NewSecret(name, opts.Username, opts.Password, opts.Description)
id, err := backend.CreateSecret(context.Background(), secret)
fmt.Println(id)
return err
}),
}
cmd.Flags().StringVarP(&opts.Username, "username", "u", "", "username")
cmd.Flags().StringVarP(&opts.Password, "password", "p", "", "password")
cmd.Flags().StringVarP(&opts.Description, "description", "d", "", "Secret description")
return cmd
}
func InspectSecret(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Use: "inspect ID",
Short: "Displays secret details",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
if len(args) == 0 {
return errors.New("Missing mandatory parameter: ID")
}
id := args[0]
secret, err := backend.InspectSecret(context.Background(), id)
if err != nil {
return err
}
out, err := secret.ToJSON()
if err != nil {
return err
}
fmt.Println(out)
return nil
}),
}
return cmd
}
func ListSecrets(dockerCli command.Cli) *cobra.Command {
cmd := &cobra.Command{
Use: "list",
Aliases: []string{"ls"},
Short: "List secrets stored for the existing account.",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
secrets, err := backend.ListSecrets(context.Background())
if err != nil {
return err
}
printList(os.Stdout, secrets)
return nil
}),
}
return cmd
}
func DeleteSecret(dockerCli command.Cli) *cobra.Command {
opts := deleteSecretOptions{}
cmd := &cobra.Command{
Use: "delete NAME",
Aliases: []string{"rm", "remove"},
Short: "Removes a secret.",
RunE: WithAwsContext(dockerCli, func(clusteropts docker.AwsContext, backend *amazon.Backend, args []string) error {
if len(args) == 0 {
return errors.New("Missing mandatory parameter: [NAME]")
}
return backend.DeleteSecret(context.Background(), args[0], opts.recover)
}),
}
cmd.Flags().BoolVar(&opts.recover, "recover", false, "Enable recovery.")
return cmd
}
func printList(out io.Writer, secrets []compose.Secret) {
printSection(out, len(secrets), func(w io.Writer) {
for _, secret := range secrets {
fmt.Fprintf(w, "%s\t%s\t%s\n", secret.ID, secret.Name, secret.Description)
}
}, "ID", "NAME", "DESCRIPTION")
}
func printSection(out io.Writer, len int, printer func(io.Writer), headers ...string) {
w := tabwriter.NewWriter(out, 20, 1, 3, ' ', 0)
fmt.Fprintln(w, strings.Join(headers, "\t"))
printer(w)
w.Flush()
}

262
ecs/cmd/commands/setup.go Normal file
View File

@ -0,0 +1,262 @@
package commands
import (
"context"
"fmt"
"os"
"path/filepath"
"reflect"
"strings"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/defaults"
amazon "github.com/docker/ecs-plugin/pkg/amazon/backend"
contextStore "github.com/docker/ecs-plugin/pkg/docker"
"github.com/manifoldco/promptui"
"github.com/spf13/cobra"
"gopkg.in/ini.v1"
)
const enterLabelPrefix = "Enter "
type setupOptions struct {
name string
profile string
region string
accessKeyID string
secretAccessKey string
}
func (s setupOptions) unsetRequiredArgs() []string {
unset := []string{}
if s.profile == "" {
unset = append(unset, "profile")
}
if s.region == "" {
unset = append(unset, "region")
}
return unset
}
func SetupCommand() *cobra.Command {
var opts setupOptions
cmd := &cobra.Command{
Use: "setup",
Short: "",
RunE: func(cmd *cobra.Command, args []string) error {
if requiredFlag := opts.unsetRequiredArgs(); len(requiredFlag) > 0 {
if err := interactiveCli(&opts); err != nil {
return err
}
}
if opts.accessKeyID != "" && opts.secretAccessKey != "" {
if err := saveCredentials(opts.profile, opts.accessKeyID, opts.secretAccessKey); err != nil {
return err
}
}
backend, err := amazon.NewBackend(opts.profile, opts.region)
if err != nil {
return err
}
context, _, err := backend.CreateContextData(context.Background(), map[string]string{
amazon.ContextParamProfile: opts.profile,
amazon.ContextParamRegion: opts.region,
})
if err != nil {
return err
}
return contextStore.NewContext(opts.name, context)
},
}
cmd.Flags().StringVarP(&opts.name, "name", "n", "ecs", "Context Name")
cmd.Flags().StringVarP(&opts.profile, "profile", "p", "", "AWS Profile")
cmd.Flags().StringVarP(&opts.region, "region", "r", "", "AWS region")
cmd.Flags().StringVarP(&opts.accessKeyID, "aws-key-id", "k", "", "AWS Access Key ID")
cmd.Flags().StringVarP(&opts.secretAccessKey, "aws-secret-key", "s", "", "AWS Secret Access Key")
return cmd
}
func interactiveCli(opts *setupOptions) error {
var section ini.Section
if err := setContextName(opts); err != nil {
return err
}
section, err := setProfile(opts, section)
if err != nil {
return err
}
if err := setRegion(opts, section); err != nil {
return err
}
if err := setCredentials(opts); err != nil {
return err
}
return nil
}
func saveCredentials(profile string, accessKeyID string, secretAccessKey string) error {
p := credentials.SharedCredentialsProvider{Profile: profile}
_, err := p.Retrieve()
if err == nil {
fmt.Println("credentials already exists!")
return nil
}
if err.(awserr.Error).Code() == "SharedCredsLoad" && err.(awserr.Error).Message() == "failed to load shared credentials file" {
err = os.MkdirAll(filepath.Dir(p.Filename), 0700)
if err != nil {
return err
}
_, err = os.Create(p.Filename)
if err != nil {
return err
}
}
credIni, err := ini.LooseLoad(p.Filename)
if err != nil {
return err
}
section, err := credIni.NewSection(profile)
if err != nil {
return err
}
section.NewKey("aws_access_key_id", accessKeyID)
section.NewKey("aws_secret_access_key", secretAccessKey)
return credIni.SaveTo(p.Filename)
}
func awsProfiles(filename string) (map[string]ini.Section, error) {
profiles := map[string]ini.Section{"new profile": {}}
if filename == "" {
filename = defaults.SharedConfigFilename()
}
credIni, err := ini.LooseLoad(filename)
if err != nil {
return nil, err
}
if err != nil {
return nil, err
}
for _, section := range credIni.Sections() {
if strings.HasPrefix(section.Name(), "profile") {
profiles[section.Name()[len("profile "):]] = *section
}
}
return profiles, nil
}
func setContextName(opts *setupOptions) error {
if opts.name == "ecs" {
result, err := promptString(opts.name, "context name", enterLabelPrefix, 2)
if err != nil {
return err
}
opts.name = result
}
return nil
}
func setProfile(opts *setupOptions, section ini.Section) (ini.Section, error) {
profilesList, err := awsProfiles("")
if err != nil {
return ini.Section{}, err
}
section, ok := profilesList[opts.profile]
if !ok {
prompt := promptui.Select{
Label: "Select AWS Profile",
Items: reflect.ValueOf(profilesList).MapKeys(),
}
_, result, err := prompt.Run()
if result == "new profile" {
result, err := promptString(opts.profile, "profile name", enterLabelPrefix, 2)
if err != nil {
return ini.Section{}, err
}
opts.profile = result
} else {
section = profilesList[result]
opts.profile = result
}
if err != nil {
return ini.Section{}, err
}
}
return section, nil
}
func setRegion(opts *setupOptions, section ini.Section) error {
defaultRegion := opts.region
if defaultRegion == "" && section.Name() != "" {
region, err := section.GetKey("region")
if err == nil {
defaultRegion = region.Value()
}
}
result, err := promptString(defaultRegion, "region", enterLabelPrefix, 2)
if err != nil {
return err
}
opts.region = result
return nil
}
func setCredentials(opts *setupOptions) error {
prompt := promptui.Prompt{
Label: "Enter credentials",
IsConfirm: true,
}
_, err := prompt.Run()
if err == nil {
result, err := promptString(opts.accessKeyID, "AWS Access Key ID", enterLabelPrefix, 3)
if err != nil {
return err
}
opts.accessKeyID = result
prompt = promptui.Prompt{
Label: "Enter AWS Secret Access Key",
Validate: validateMinLen("AWS Secret Access Key", 3),
Mask: '*',
Default: opts.secretAccessKey,
}
result, err = prompt.Run()
if err != nil {
return err
}
opts.secretAccessKey = result
}
return nil
}
func promptString(defaultValue string, label string, labelPrefix string, minLength int) (string, error) {
prompt := promptui.Prompt{
Label: labelPrefix + label,
Validate: validateMinLen(label, minLength),
Default: defaultValue,
}
result, err := prompt.Run()
if err != nil {
return "", err
}
return result, nil
}
func validateMinLen(label string, minLength int) func(input string) error {
return func(input string) error {
if len(input) < minLength {
return fmt.Errorf("%s must have more than %d characters", label, minLength)
}
return nil
}
}

20
ecs/cmd/commands/version.go Normal file
View File

@ -0,0 +1,20 @@
package commands
import (
"fmt"
"github.com/docker/ecs-plugin/internal"
"github.com/spf13/cobra"
)
func VersionCommand() *cobra.Command {
return &cobra.Command{
Use: "version",
Short: "Show version.",
RunE: func(cmd *cobra.Command, args []string) error {
fmt.Fprintf(cmd.OutOrStdout(), "Docker ECS plugin %s (%s)\n", internal.Version, internal.GitCommit)
return nil
},
}
}

20
ecs/cmd/commands/version_test.go Normal file
View File

@ -0,0 +1,20 @@
package commands
import (
"bytes"
"strings"
"testing"
"github.com/docker/ecs-plugin/internal"
"gotest.tools/v3/assert"
)
func TestVersion(t *testing.T) {
root := NewRootCmd(nil)
var out bytes.Buffer
root.SetOut(&out)
root.SetArgs([]string{"version"})
root.Execute()
assert.Check(t, strings.Contains(out.String(), internal.Version))
}

23
ecs/cmd/main/main.go Normal file
View File

@ -0,0 +1,23 @@
package main
import (
"github.com/docker/ecs-plugin/cmd/commands"
"github.com/docker/ecs-plugin/internal"
"github.com/docker/cli/cli-plugins/manager"
"github.com/docker/cli/cli-plugins/plugin"
"github.com/docker/cli/cli/command"
"github.com/spf13/cobra"
)
func main() {
plugin.Run(func(dockerCli command.Cli) *cobra.Command {
cmd := commands.NewRootCmd(dockerCli)
return cmd
}, manager.Metadata{
SchemaVersion: "0.1.0",
Vendor: "Docker Inc.",
Version: internal.Version,
Experimental: true,
})
}

82
ecs/docs/get-started-linux.md Normal file
View File

@ -0,0 +1,82 @@
Getting Started with Docker AWS ECS Plugin Beta on Linux
--------------------------------------------------------
The beta release of [AWS ECS](https://aws.amazon.com/ecs/) support for the
Docker CLI is shipped as a CLI plugin. Later releases will be included as part
of the Docker CLI.
This plugin is included as part of Docker Desktop on Windows and macOS but on
Linux it needs to be installed manually.
## Prerequisites
* [Docker 19.03 or later](https://docs.docker.com/get-docker/)
## Step by step install
### Download
You can download the Docker ECS plugin from this repository using the following
command:
```console
$ curl -LO https://github.com/docker/ecs-plugin/releases/latest/download/docker-ecs-linux-amd64
```
You will then need to make it executable:
```console
$ chmod +x docker-ecs-linux-amd64
```
### Plugin install
In order for the Docker CLI to use the downloaded plugin, you will need to move
it to the right place:
```console
$ mkdir -p /usr/local/lib/docker/cli-plugins
$ mv docker-ecs-linux-amd64 /usr/local/lib/docker/cli-plugins/docker-ecs
```
You can put the CLI plugin into any of the following directories:
* `/usr/local/lib/docker/cli-plugins`
* `/usr/local/libexec/docker/cli-plugins`
* `/usr/lib/docker/cli-plugins`
* `/usr/libexec/docker/cli-plugins`
Finally you need to enable the experimental features on the CLI. This can be
done by setting the environment variable `DOCKER_CLI_EXPERIMENTAL=enabled` or by
setting `experimental` to `"enabled"` in your Docker config found at
`~/.docker/config.json`:
```console
$ export DOCKER_CLI_EXPERIMENTAL=enabled
$ DOCKER_CLI_EXPERIMENTAL=enabled docker help
$ cat ~/.docker/config.json
{
"experimental" : "enabled",
"auths" : {
"https://index.docker.io/v1/" : {
}
}
}
```
To verify the CLI plugin installation, you can check that it appears in the CLI
help output or by outputting the plugin version:
```console
$ docker help | grep ecs
ecs* Docker ECS (Docker Inc., 0.0.1)
$ docker ecs version
Docker ECS plugin 0.0.1
```
You are now ready to [start deploying to ECS](https://docs.docker.com/engine/context/ecs-integration/)

31
ecs/docs/requirements.md Normal file
View File

@ -0,0 +1,31 @@
## Requirements
This plugin relies on AWS API credentials, using the same configuration files as
the AWS command line.
Such credentials can be configured by the `docker ecs setup` command, either by
selecting an existing AWS CLI profile from existing config files, or by creating
one passing an AWS access key ID and secret access key.
## Permissions
AWS accounts (or IAM roles) used with the ECS plugin require following permissions:
- ec2:DescribeSubnets
- ec2:DescribeVpcs
- iam:CreateServiceLinkedRole
- iam:AttachRolePolicy
- cloudformation:*
- ecs:*
- logs:*
- servicediscovery:*
- elasticloadbalancing:*
## Okta support
For those relying on [aws-okta](https://github.com/segmentio/aws-okta) to access a managed AWS account
(as we do at Docker), you can populate your aws config files with temporary access tokens using:
```shell script
aws-okta write-to-credentials <profile> ~/.aws/credentials
```

25
ecs/example/Makefile Normal file
View File

@ -0,0 +1,25 @@
REPO_NAMESPACE ?= ${USER}
FRONTEND_IMG = ${REPO_NAMESPACE}/timestamper
REGISTRY_ID ?= PUT_ECR_REGISTRY_ID_HERE
DOCKER_PUSH_REPOSITORY=dkr.ecr.us-west-2.amazonaws.com
all: build-image
create-ecr:
aws ecr create-repository --repository-name ${FRONTEND_IMG}
build-image:
docker build -t $(REGISTRY_ID).$(DOCKER_PUSH_REPOSITORY)/$(FRONTEND_IMG) ./app
docker build -t $(FRONTEND_IMG) ./app
push-image-ecr:
aws ecr get-login-password --region us-west-2 | docker login -u AWS --password-stdin $(REGISTRY_ID).$(DOCKER_PUSH_REPOSITORY)
docker push $(REGISTRY_ID).$(DOCKER_PUSH_REPOSITORY)/$(FRONTEND_IMG)
push-image-hub:
docker push $(FRONTEND_IMG)
clean:
@docker context use default
@docker context rm aws || true
@docker-compose rm -f || true

181
ecs/example/README.md Normal file
View File

@ -0,0 +1,181 @@
## Compose sample application
This sample application was demoed as part of the AWS Cloud Containers
Conference on 2020-07-09. It has been tested on Linux and macOS.
Note that `$` is used to denote commands in blocks where the command and its
output are included.
### Python/Flask application
```
+--------------------+ +------------------+
| | | |
| Python Flask | timestamps | Redis |
| Application |------------->| |
| | | |
+--------------------+ +------------------+
```
### Things you'll need to do
There are a number of places you'll need to fill in information.
You can find them with:
```console
$ grep -r '<<<' ./*
./docker-compose.yml: x-aws-pull_credentials: <<<your arn for your secret you can get with docker ecs secret list>>>
./docker-compose.yml: image: <<<your docker hub user name>>>/timestamper
## Walk through
```
### Setup pull credentials for private Docker Hub repositories
You should use a Personal Access Token (PAT) rather than your account password.
If you have 2FA enabled on your Hub account you will need to create a PAT.
You can read more about managing access tokens here:
https://docs.docker.com/docker-hub/access-tokens/
You can then create `DockerHubToken` secret on [AWS Secret Manager](https://aws.amazon.com/secrets-manager/) using following command
```console
docker ecs secret create -d MyKey -u myhubusername -p myhubpat DockerHubToken
```
### Create an AWS Docker context and list available contexts
To initialize the Docker ECS integration, you will need to run the `setup`
command. This will create a Docker context that works with AWS ECS.
```console
$ docker ecs setup
Enter context name: aws
✔ sandbox.devtools.developer
Enter cluster name:
Enter region: us-west-2
✗ Enter credentials:
```
You can verify that the context was created by listing your Docker contexts:
```console
$ docker context ls
NAME DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
aws
default * Current DOCKER_HOST based configuration unix:///var/run/docker.sock swarm
```
### Test locally
The first step is to test your application works locally. To do this, you will
need to switch to using the default local context so that you are targeting your
local machine.
```console
docker context use default
```
You can then run the application using `docker-compose`:
```console
docker-compose up
```
Once the application has started, you can navigate to http://localhost:5000
using your Web browser using the following command:
```console
open http://localhost:5000
```
### Push images to Docker Hub for ECS (ECS cannot see your local image cache)
In order to run your application in the cloud, you will need your container
images to be in a registry. You can push them from your local machine using:
```console
docker-compose push
```
You can verify that this command pushed to the Docker Hub by
[logging in](https://hub.docker.com) and looking for the `timestamper`
repository under your user name.
### Switch to ECS context and launch the app
Now that you've tested the application works locally and that you've pushed the
container images to the Docker Hub, you can switch to using the `aws` context
you created earlier.
```console
docker context use aws
```
Running the application on ECS is then as simple as doing a `compose up`:
```console
docker ecs compose up
```
### Check out the CLI
Once the application is running in ECS, you can list the running containers with
the `ps` command. Note that you will need to run this from the directory where
you Compose file is.
```console
docker ecs compose ps
```
You can also read the application logs using `compose logs`:
```console
docker ecs compose logs
```
### Check out the AWS console
You can see all the AWS components created for your running application in the
AWS console. There you will find:
- CloudFormation being used to manage all the infrastructure
- CloudWatch for logs
- Security Groups for network policies
- Load balancers (ELB for this example / ALB if your app only uses 80/443)
### Checkout CloudFormation
The ECS Docker CLI integration has the ability to output the CloudFormation
template used to create the application in the `compose convert` command. You
can see this by running:
```console
docker ecs compose convert
```
### Stop the meters
To shut down your application, you simply need to run:
```console
docker ecs compose down
```
## Using Amazon ECR instead of Docker Hub
If you'd like to use AWS ECR instead of Docker Hub, the [Makefile](Makefile) has
an example setup for creating an ECR repository and pushing to it.
You'll need to have the AWS CLI installed and your AWS credentials available.
```console
make create-ecr
REGISTRY_ID=<from the create above> make build-image
REGISTRY_ID=<from the create above> make push-image-ecr
```
Note that you will need to change the name of the image in the
[Compose file](docker-compose.yml).
If you want to use this often, you'll likely want to replace
`PUT_ECR_REGISTRY_ID_HERE` with the value from above.

7
ecs/example/app/Dockerfile Normal file
View File

@ -0,0 +1,7 @@
FROM python:3.7-alpine
WORKDIR /app
COPY requirements.txt /app
RUN pip3 install -r requirements.txt
COPY . /app
ENTRYPOINT ["/app/scripts/entrypoint.sh"]
CMD ["python3", "app.py"]

19
ecs/example/app/app.py Normal file
View File

@ -0,0 +1,19 @@
from flask import Flask
from flask import render_template
from redis import StrictRedis
from datetime import datetime
app = Flask(__name__)
redis = StrictRedis(host='backend', port=6379)
@app.route('/')
def home():
redis.lpush('times', datetime.now().strftime('%Y-%m-%dT%H:%M:%S%z'))
return render_template('index.html', title='Home',
times=redis.lrange('times', 0, -1))
if __name__ == '__main__':
app.run(host='0.0.0.0', debug=True)

2
ecs/example/app/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
flask
redis

4
ecs/example/app/scripts/entrypoint.sh Executable file
View File

@ -0,0 +1,4 @@
#! /bin/sh
if [ "${LOCALDOMAIN}" != "" ]; then echo "search ${LOCALDOMAIN}" >> /etc/resolv.conf; fi
exec "$@"

125
ecs/example/app/templates/index.html Normal file
View File

@ -0,0 +1,125 @@
<!DOCTYPE html>
<html lang="en">
<head>
<!-- Required meta tags -->
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1, shrink-to-fit=yes"
/>
<!-- Bootstrap CSS -->
<link
rel="stylesheet"
href="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/css/bootstrap.min.css"
integrity="sha384-GJzZqFGwb1QTTN6wy59ffF1BuGJpLSa9DkKMp0DgiMDm4iYMj70gZWKYbI706tWS"
crossorigin="anonymous"
/>
<title>Hello, Docker!</title>
</head>
<body>
<div class="container">
<nav class="navbar sticky-top navbar-expand-lg navbar-dark bg-dark">
<a class="navbar-brand" href="/">Demo</a>
<button
class="navbar-toggler"
type="button"
data-toggle="collapse"
data-target="#navbarNav"
aria-controls="navbarNav"
aria-expanded="false"
aria-label="Toggle navigation"
>
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarNav">
<ul class="navbar-nav">
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Compose Spec
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="https://compose-spec.io/">Overview</a>
<a class="dropdown-item" href="https://github.com/compose-spec/compose-spec/blob/master/spec.md">Specification</a>
<a class="dropdown-item" href="https://github.com/docker/awesome-compose">Awesome Compose - Compose Examples</a>
</div>
</li>
<li class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
Get Docker Desktop
</a>
<div class="dropdown-menu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="https://download.docker.com/mac/stable/Docker.dmg?utm_source=demo&utm_medium=web%20referral&utm_campaign=awsc32020&utm_budget=">Mac</a>
<a class="dropdown-item" href="https://download.docker.com/win/stable/Docker%20Desktop%20Installer.exe?utm_source=demo&utm_medium=web%20referral&utm_campaign=awsc32020&utm_budget=">Windows</a>
</div>
</li>
<li class="nav-item">
<a class="nav-link" href="https://hub.docker.com/signup?utm_source=demo&utm_medium=web%20referral&utm_campaign=awsc32020&utm_budget="
>Sign up for Docker Hub</a
>
</li>
<li class="nav-item">
<a class="nav-link" href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html"
>Amazon ECS Docs</a
>
</li>
</ul>
</div>
</nav>
<br />
<h1>Hello, Docker Folks!</h1>
<br />
<div class="container-sm">
<div class="text-center">
<!-- Button trigger modal -->
<a class="btn btn-primary" href="/">
Timestamp!
</a>
</div>
<br />
<div class="table-responsive">
<table class="table table-striped table-hover table-sm">
<thead>
<tr>
<th scope="col">Timestamp</th>
</tr>
</thead>
<tbody>
{% for t in times %}
<tr>
<td>{{ t.decode('utf-8') }}</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<!-- Optional JavaScript -->
<!-- jQuery first, then Popper.js, then Bootstrap JS -->
<script
src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous"
></script>
<script
src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.6/umd/popper.min.js"
integrity="sha384-wHAiFfRlMFy6i5SRaxvfOCifBUQy1xHdJ/yoi7FRNXMRBu5WHdZYu1hA6ZOblgut"
crossorigin="anonymous"
></script>
<script
src="https://stackpath.bootstrapcdn.com/bootstrap/4.2.1/js/bootstrap.min.js"
integrity="sha384-B0UglyR+jN6CkvvICOB2joaf5I4l3gm9GU6Hc1og6Ls7i6U/mkkaduKaBhlAXv9k"
crossorigin="anonymous"
></script>
</body>
</html>

12
ecs/example/docker-compose.yml Normal file
View File

@ -0,0 +1,12 @@
version: "3.8"
services:
frontend:
build: app
x-aws-pull_credentials: <<<your arn for your secret you can get with docker ecs secret list>>>
image: <<<your docker hub user name>>>/timestamper
ports:
- "5000:5000"
depends_on:
- backend
backend:
image: redis:alpine

61
ecs/go.mod Normal file
View File

@ -0,0 +1,61 @@
module github.com/docker/ecs-plugin
require (
github.com/Microsoft/hcsshim v0.8.7 // indirect
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d // indirect
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 // indirect
github.com/aws/aws-sdk-go v1.33.18
github.com/awslabs/goformation/v4 v4.14.0
github.com/bitly/go-hostpool v0.1.0 // indirect
github.com/bitly/go-simplejson v0.5.0 // indirect
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
github.com/buger/goterm v0.0.0-20200322175922-2f3e71b85129
github.com/bugsnag/bugsnag-go v1.5.3 // indirect
github.com/bugsnag/panicwrap v1.2.0 // indirect
github.com/cenkalti/backoff v2.2.1+incompatible // indirect
github.com/cloudflare/cfssl v1.4.1 // indirect
github.com/compose-spec/compose-go v0.0.0-20200811091145-837f8f4de457
github.com/containerd/console v1.0.0
github.com/containerd/containerd v1.3.2 // indirect
github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb // indirect
github.com/docker/cli v0.0.0-20200130152716-5d0cf8839492
github.com/docker/distribution v2.7.1+incompatible // indirect
github.com/docker/docker v1.4.2-0.20200128034134-2ebaeef943cc // indirect
github.com/docker/docker-credential-helpers v0.6.3 // indirect
github.com/docker/go v1.5.1-1 // indirect
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect
github.com/gofrs/uuid v3.2.0+incompatible // indirect
github.com/gogo/protobuf v1.3.1 // indirect
github.com/gorilla/mux v1.7.3 // indirect
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed // indirect
github.com/jinzhu/gorm v1.9.12 // indirect
github.com/joho/godotenv v1.3.0
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
github.com/lib/pq v1.3.0 // indirect
github.com/manifoldco/promptui v0.7.0
github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
github.com/miekg/pkcs11 v1.0.3 // indirect
github.com/mitchellh/mapstructure v1.3.3
github.com/moby/term v0.0.0-20200611042045-63b9a826fb74
github.com/morikuni/aec v1.0.0
github.com/onsi/ginkgo v1.11.0 // indirect
github.com/opencontainers/image-spec v1.0.1 // indirect
github.com/sirupsen/logrus v1.6.0
github.com/smartystreets/goconvey v1.6.4 // indirect
github.com/spf13/cobra v0.0.5
github.com/spf13/pflag v1.0.5
github.com/theupdateframework/notary v0.6.1 // indirect
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 // indirect
google.golang.org/grpc v1.27.0 // indirect
gopkg.in/dancannon/gorethink.v3 v3.0.5 // indirect
gopkg.in/fatih/pool.v2 v2.0.0 // indirect
gopkg.in/gorethink/gorethink.v3 v3.0.5 // indirect
gopkg.in/ini.v1 v1.55.0
gotest.tools/v3 v3.0.2
vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787 // indirect
)
go 1.14

496
ecs/go.sum Normal file
View File

@ -0,0 +1,496 @@
bazil.org/fuse v0.0.0-20160811212531-371fbbdaa898/go.mod h1:Xbm+BRKSBEpa4q4hTSxohYNQpsxXPbPry4JJWOB3LB8=
bitbucket.org/liamstask/goose v0.0.0-20150115234039-8488cc47d90c/go.mod h1:hSVuE3qU7grINVSwrmzHfpg9k87ALBk+XaualNyUzI4=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5 h1:ygIc8M6trr62pF5DucadTWGdEB4mEyvzi0e2nbcmcyA=
github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tTuCMEN+UleMWgg9dVx4Hu52b1bJo+59jBh3ajtinzw=
github.com/Microsoft/hcsshim v0.8.7 h1:ptnOoufxGSzauVTsdE+wMYnCWA301PdoN4xg5oRdZpg=
github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs=
github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ=
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412 h1:w1UutsfOrms1J05zt7ISrnJIXKzwaspym5BTKGx93EI=
github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0=
github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
github.com/aws/aws-sdk-go v1.33.18 h1:Ccy1SV2SsgJU3rfrD+SOhQ0jvuzfrFuja/oKI86ruPw=
github.com/aws/aws-sdk-go v1.33.18/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
github.com/awslabs/goformation/v4 v4.14.0 h1:E2Pet9eIqA4qzt3dzzzE4YN83V4Kyfbcio0VokBC9TA=
github.com/awslabs/goformation/v4 v4.14.0/go.mod h1:GcJULxCJfloT+3pbqCluXftdEK2AD/UqpS3hkaaBntg=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/bitly/go-hostpool v0.1.0 h1:XKmsF6k5el6xHG3WPJ8U0Ku/ye7njX7W81Ng7O2ioR0=
github.com/bitly/go-hostpool v0.1.0/go.mod h1:4gOCgp6+NZnVqlKyZ/iBZFTAJKembaVENUpMkpg42fw=
github.com/bitly/go-simplejson v0.5.0 h1:6IH+V8/tVMab511d5bn4M7EwGXZf9Hj6i2xSwkNEM+Y=
github.com/bitly/go-simplejson v0.5.0/go.mod h1:cXHtHw4XUPsvGaxgjIAn8PhEWG9NfngEKAMDJEczWVA=
github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
github.com/buger/goterm v0.0.0-20200322175922-2f3e71b85129 h1:gfAMKE626QEuKG3si0pdTRcr/YEbBoxY+3GOH3gWvl4=
github.com/buger/goterm v0.0.0-20200322175922-2f3e71b85129/go.mod h1:u9UyCz2eTrSGy6fbupqJ54eY5c4IC8gREQ1053dK12U=
github.com/bugsnag/bugsnag-go v1.5.3 h1:yeRUT3mUE13jL1tGwvoQsKdVbAsQx9AJ+fqahKveP04=
github.com/bugsnag/bugsnag-go v1.5.3/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
github.com/bugsnag/panicwrap v1.2.0 h1:OzrKrRvXis8qEvOkfcxNcYbOd2O7xXS2nnKMEMABFQA=
github.com/bugsnag/panicwrap v1.2.0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=
github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
github.com/certifi/gocertifi v0.0.0-20180118203423-deb3ae2ef261/go.mod h1:GJKEexRPVJrBSOjoqN5VNOIKJ5Q3RViH6eu3puDRwx4=
github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cloudflare/backoff v0.0.0-20161212185259-647f3cdfc87a/go.mod h1:rzgs2ZOiguV6/NpiDgADjRLPNyZlApIWxKpkT+X8SdY=
github.com/cloudflare/cfssl v1.4.1 h1:vScfU2DrIUI9VPHBVeeAQ0q5A+9yshO1Gz+3QoUQiKw=
github.com/cloudflare/cfssl v1.4.1/go.mod h1:KManx/OJPb5QY+y0+o/898AMcM128sF0bURvoVUSjTo=
github.com/cloudflare/go-metrics v0.0.0-20151117154305-6a9aea36fb41/go.mod h1:eaZPlJWD+G9wseg1BuRXlHnjntPMrywMsyxf+LTOdP4=
github.com/cloudflare/redoctober v0.0.0-20171127175943-746a508df14c/go.mod h1:6Se34jNoqrd8bTxrmJB2Bg2aoZ2CdSXonils9NsiNgo=
github.com/compose-spec/compose-go v0.0.0-20200811091145-837f8f4de457 h1:8ely1LF7H02sIWz6QjgU53YBCiRpYlM9F9u1MeE1ZPk=
github.com/compose-spec/compose-go v0.0.0-20200811091145-837f8f4de457/go.mod h1:cS0vAvM6u9yjJgKWIH2yiqYMWO7WGJb+c0Irw+RefqU=
github.com/containerd/cgroups v0.0.0-20190919134610-bf292b21730f/go.mod h1:OApqhQ4XNSNC13gXIwDjhOQxjWa/NxkwZXJ1EvqT0ko=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 h1:uict5mhHFTzKLUCufdSLym7z/J0CbBJT59lYbP9wtbg=
github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
github.com/containerd/console v1.0.0 h1:fU3UuQapBs+zLJu82NhR11Rif1ny2zfMMAyPJzSN5tQ=
github.com/containerd/console v1.0.0/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE=
github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F0UxetA=
github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb h1:nXPkFq8X1a9ycY3GYQpFNxHh3j2JgY7zDZfq2EXMIzk=
github.com/containerd/continuity v0.0.0-20200413184840-d3ef23f19fbb/go.mod h1:Dq467ZllaHgAtVp4p1xUQWBrFXR9s/wyoTpG8zOJGkY=
github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
github.com/containerd/go-runc v0.0.0-20180907222934-5a6d9f37cfa3/go.mod h1:IV7qH3hrUgRmyYrtgEeGWJfWbgcHL9CSRruz2Vqcph0=
github.com/containerd/ttrpc v0.0.0-20190828154514-0e0f228740de/go.mod h1:PvCDdDGpgqzQIzDW1TphrGLssLDZp2GuS+X5DkEJB8o=
github.com/containerd/typeurl v0.0.0-20180627222232-a93fcdb778cd/go.mod h1:Cm3kwCdlkCfMSHURc+r6fwoGH6/F1hH3S4sg0rLFWPc=
github.com/coreos/etcd v3.3.10+incompatible h1:jFneRYjIvLMLhDLCzuTuU4rSJUjRplcJQ7pD7MnhC04=
github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
github.com/creack/pty v1.1.9 h1:uDmaGzcdjhF4i/plgjmEsriH11Y0o7RKapEf/LDaM3w=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/daaku/go.zipexe v1.0.0/go.mod h1:z8IiR6TsVLEYKwXAoE/I+8ys/sDkgTzSL0CLnGVd57E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd h1:83Wprp6ROGeiHFAP8WJdI2RoxALQYgdllERc3N5N2DM=
github.com/denisenkom/go-mssqldb v0.0.0-20191124224453-732737034ffd/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
github.com/docker/cli v0.0.0-20200130152716-5d0cf8839492 h1:FwssHbCDJD025h+BchanCwE1Q8fyMgqDr2mOQAWOLGw=
github.com/docker/cli v0.0.0-20200130152716-5d0cf8839492/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug=
github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
github.com/docker/docker v1.4.2-0.20200128034134-2ebaeef943cc h1:2xtQXEoAs2hjCs4Ez4/KT2mDaYrXwcUi7TCkfyT+n2k=
github.com/docker/docker v1.4.2-0.20200128034134-2ebaeef943cc/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
github.com/docker/docker-credential-helpers v0.6.3 h1:zI2p9+1NQYdnG6sMU26EX4aVGlqbInSQxQXLvzJ4RPQ=
github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y=
github.com/docker/go v1.5.1-1 h1:hr4w35acWBPhGBXlzPoHpmZ/ygPjnmFVxGxxGnMyP7k=
github.com/docker/go v1.5.1-1/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q=
github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
github.com/docker/go-metrics v0.0.1 h1:AgB/0SvBxihN0X8OR4SjsblXkbMvalQ8cjmtKQ2rQV8=
github.com/docker/go-metrics v0.0.1/go.mod h1:cG1hvH2utMXtqgqqYE9plW6lDxS3/5ayHzueweSI3Vw=
github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw=
github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 h1:UhxFibDNY/bfvqU5CAUmr9zpesgbU6SWc8/B4mflAE4=
github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7/go.mod h1:cyGadeNEkKy96OOhEzfZl+yxihPEzKnqJwvfuSUqbZE=
github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5 h1:Yzb9+7DPaBjB8zlTR87/ElzFsnQfuHnVUVqpZZIcV5Y=
github.com/erikstmartin/go-testdb v0.0.0-20160219214506-8d10e4a1bae5/go.mod h1:a2zkGnVExMxdzMo3M0Hi/3sEU+cWnZpSni0O6/Yb/P0=
github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
github.com/getsentry/raven-go v0.0.0-20180121060056-563b81fc02b7/go.mod h1:KungGk8q33+aIAZUIVWZDr2OfAEBsO49PX4NzFV5kcQ=
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-sql-driver/mysql v1.3.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4=
github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs=
github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/google/certificate-transparency-go v1.0.21 h1:Yf1aXowfZ2nuboBsg7iYGLmwsOARdV86pfH3g95wXmE=
github.com/google/certificate-transparency-go v1.0.21/go.mod h1:QeJfpSbVSfYc7RgB3gJFj9cbuQMMchQxrWXz8Ruopmg=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.1 h1:JFrFEBb2xKufg6XkJsJr+WbKb4FQlURi5RUcBveYu9k=
github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=
github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=
github.com/hashicorp/errwrap v0.0.0-20141028054710-7554cd9344ce/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I=
github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/imdario/mergo v0.3.10 h1:6q5mVkdH/vYmqngx7kZQTjJ5HRsx+ImorDIEQ+beJgc=
github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jinzhu/gorm v1.9.12 h1:Drgk1clyWT9t9ERbzHza6Mj/8FY/CqMyVzOiHviMo6Q=
github.com/jinzhu/gorm v1.9.12/go.mod h1:vhTjlKSJUTWNtcbQtrMBFCxy7eXTzeCAzfL5fBZT/Qs=
github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
github.com/jinzhu/now v1.0.1 h1:HjfetcXq097iXP0uoPCdnM4Efp5/9MsM0/M+XOTeR3M=
github.com/jinzhu/now v1.0.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
github.com/jmespath/go-jmespath v0.3.0 h1:OS12ieG61fsCg5+qLJ+SsW9NicxNkg3b25OyT2yCeUc=
github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik=
github.com/jmhodges/clock v0.0.0-20160418191101-880ee4c33548/go.mod h1:hGT6jSUVzF6no3QaDSMLGLEHtHSBSefs+MgcDWnmhmo=
github.com/jmoiron/sqlx v0.0.0-20180124204410-05cef0741ade/go.mod h1:IiEW3SEiiErVyFdH8NTuWjSifiEQKUoyK3LNqr2kCHU=
github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kisielk/sqlstruct v0.0.0-20150923205031-648daed35d49/go.mod h1:yyMNCyc/Ib3bDTKd379tNMpB/7/H5TjM2Y9QJ5THLbE=
github.com/kisom/goutils v1.1.0/go.mod h1:+UBTfd78habUYWFbNWTJNG+jNG/i/lGURakr4A/yNRw=
github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kylelemons/go-gypsy v0.0.0-20160905020020-08cad365cd28/go.mod h1:T/T7jsxVqf9k/zYOqbgNAsANsjxTd1Yq3htjDhQ1H0c=
github.com/lib/pq v0.0.0-20180201184707-88edab080323/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lib/pq v1.3.0 h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU=
github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a h1:weJVJJRzAJBFRlAiJQROKQs8oC9vOxvm4rZmBBk0ONw=
github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
github.com/magiconair/properties v1.8.0 h1:LLgXmsheXeRoUOBOjtwPQCWIYqM/LU1ayDtDePerRcY=
github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
github.com/manifoldco/promptui v0.7.0 h1:3l11YT8tm9MnwGFQ4kETwkzpAwY2Jt9lCrumCUW4+z4=
github.com/manifoldco/promptui v0.7.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ=
github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
github.com/mattn/go-shellwords v1.0.10 h1:Y7Xqm8piKOO3v10Thp7Z36h4FYFjt5xB//6XvOrs2Gw=
github.com/mattn/go-shellwords v1.0.10/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v2.0.1+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/miekg/pkcs11 v1.0.3 h1:iMwmD7I5225wv84WxIG/bmxz9AXjWvTWIbM/TYHvWtw=
github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
github.com/mitchellh/mapstructure v1.3.3 h1:SzB1nHZ2Xi+17FP0zVQBHIZqvwRN9408fJO8h+eeNA8=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mjibson/esc v0.2.0/go.mod h1:9Hw9gxxfHulMF5OJKCyhYD7PzlSdhzXyaGEBRPH1OPs=
github.com/moby/term v0.0.0-20200611042045-63b9a826fb74 h1:kvRIeqJNICemq2UFLx8q/Pj+1IRNZS0XPTaMFkuNsvg=
github.com/moby/term v0.0.0-20200611042045-63b9a826fb74/go.mod h1:pJ0Ot5YGdTcMdxnPMyGCfAr6fKXe0g9cDlz16MuFEBE=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
github.com/nkovacs/streamquote v0.0.0-20170412213628-49af9bddb229/go.mod h1:0aYXnNPJ8l7uZxf45rWW1a/uME32OF0rhiYGNQ2oF2E=
github.com/onsi/ginkgo v1.5.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v1.2.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
github.com/opencontainers/go-digest v0.0.0-20180430190053-c9281466c8b2/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2iki3E3Ii+WN7gQ=
github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s=
github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI=
github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0=
github.com/opencontainers/runc v0.0.0-20190115041553-12f6a991201f/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
github.com/prometheus/client_golang v1.1.0 h1:BQ53HtBmfOitExawJ6LokA4x8ov/z0SYYb0+HxJfRI8=
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4 h1:gQz4mCbXsO+nc9n1hCxHcGA3Zx3Eo+UHZoInFGUIXNM=
github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
github.com/prometheus/common v0.6.0 h1:kRhiuYSXR3+uv2IbVbZhUxK5zVD/2pp3Gd2PpvPkpEo=
github.com/prometheus/common v0.6.0/go.mod h1:eBmuwkDJBwy6iBfxCBob6t6dR6ENT/y+J+Zk0j9GMYc=
github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
github.com/prometheus/procfs v0.0.3 h1:CTwfnzjQ+8dS6MhHHu4YswVAD99sL2wjPqP+VkURmKE=
github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b h1:jUK33OXuZP/l6babJtnLo1qsGvq6G9so9KMflGAm4YA=
github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b/go.mod h1:8458kAagoME2+LN5//WxE71ysZ3B7r22fdgb7qVmXSY=
github.com/sanathkr/yaml v0.0.0-20170819201035-0056894fa522 h1:fOCp11H0yuyAt2wqlbJtbyPzSgaxHTv8uN1pMpkG1t8=
github.com/sanathkr/yaml v0.0.0-20170819201035-0056894fa522/go.mod h1:tQTYKOQgxoH3v6dEmdHiz4JG+nbxWwM5fgPQUpSZqVQ=
github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvHTf9Beacp5x1UXfOR9xyW/9antXMhjMPG0dEzc=
github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
github.com/spf13/afero v1.1.2 h1:m8/z1t7/fwjysjQRYbP0RD+bUIF/8tJwPdEZsI83ACI=
github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
github.com/spf13/cast v1.3.0 h1:oget//CVOEoFewqQxwr0Ej5yjygnqGkvggSE/gB35Q8=
github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
github.com/spf13/cobra v0.0.5 h1:f0B+LkLX6DtmRH1isoNA9VTtNUK9K8xYd28JNNfOv/s=
github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU=
github.com/spf13/jwalterweatherman v1.0.0 h1:XHEdyB+EcvlqZamSM4ZOMGlc93t6AcsBEu9Gc1vn7yk=
github.com/spf13/jwalterweatherman v1.0.0/go.mod h1:cQK4TGJAtQXfYWX+Ddv3mKDzgVb68N+wFjFa4jdeBTo=
github.com/spf13/pflag v1.0.1-0.20171106142849-4c012f6dcd95/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.3 h1:zPAT6CGy6wXeQ7NtTnaTerfKOsV6V6F8agHXFiazDkg=
github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/spf13/viper v1.3.2 h1:VUFqw5KcqRf7i70GOzW7N+Q7+gxVBkSSqiXB12+JQ4M=
github.com/spf13/viper v1.3.2/go.mod h1:ZiWeW+zYFKm7srdB9IoDzzZXaJaI5eL9QjNiN/DMA2s=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
github.com/theupdateframework/notary v0.6.1 h1:7wshjstgS9x9F5LuB1L5mBI2xNMObWqjz+cjWoom6l0=
github.com/theupdateframework/notary v0.6.1/go.mod h1:MOfgIfmox8s7/7fduvB2xyPPMJCrjRLRizA8OFwpnKY=
github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasttemplate v1.0.1/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPUpymEIMZ47gx8=
github.com/weppos/publicsuffix-go v0.4.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
github.com/weppos/publicsuffix-go v0.5.0 h1:rutRtjBJViU/YjcI5d80t4JAVvDltS6bciJg2K1HrLU=
github.com/weppos/publicsuffix-go v0.5.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
github.com/xeipuuv/gojsonschema v0.0.0-20181112162635-ac52e6811b56 h1:yhqBHs09SmmUoNOHc9jgK4a60T3XFRtPAkYxVnqgY50=
github.com/xeipuuv/gojsonschema v0.0.0-20181112162635-ac52e6811b56/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 h1:j2hhcujLRHAg872RWAV5yaUrEjHEObwDv3aImCaNLek=
github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8=
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e h1:mvOa4+/DXStR4ZXOks/UsjeFdn5O5JpLUtzqk9U8xXw=
github.com/zmap/zcrypto v0.0.0-20190729165852-9051775e6a2e/go.mod h1:w7kd3qXHh8FNaczNjslXqvFQiv5mMWRXlL9klTUAHc8=
github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb h1:vxqkjztXSaPVDc8FQCdHTaejm2x747f6yPbnu1h2xkg=
github.com/zmap/zlint v0.0.0-20190806154020-fd021b4cfbeb/go.mod h1:29UiAJNsiVdvTBFCJW8e3q6dcDbOoPkhMgttOSCIMMY=
go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd h1:GGJVjV8waZKRHrgwvtH66z9ZGVurTD1MT0n1Bb+q4aM=
golang.org/x/crypto v0.0.0-20191205180655-e7c4368fe9dd/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628=
golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09 h1:KaQtG+aDELoNmXYas3TVkGNYRuq8JQ1aa7LJt8EXVyo=
golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU=
golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b h1:0mm1VjtFUOIlE1SbDlwjYaDxZVDP2S5ou6y0gSgXHu8=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200625001655-4c5254603344 h1:vGXIOMxbNfDTk/aXCmfdLgkrSV+Z2tcbze+pEc3v5W4=
golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208 h1:qwRHBd0NqMbJxfbotnDhm2ByMI1Shq4Y6oRJo21SGJA=
golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3 h1:4y9KwBHBgBNwDbtu44R5o1fdOCQUEXhbk/P4A9WmJq0=
golang.org/x/sys v0.0.0-20190801041406-cbf593c0f2f3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo=
golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd h1:xhmwyvizuTgC2qz7ZlMluP20uW+C3Rm0FD/WLDX8884=
golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0 h1:/5xXl8Y5W96D+TtHSlonuFqGHIWVuyCkGJLwGh9JJFs=
golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200717024301-6ddee64345a6/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 h1:gSJIx1SDwno+2ElGhA4+qG2zF97qiUzTM+rQ0klBOcE=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.27.0 h1:rRYRFMVgRv6E0D70Skyfsr28tDXIuuPZyWGMPdMcnXg=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/dancannon/gorethink.v3 v3.0.5 h1:/g7PWP7zUS6vSNmHSDbjCHQh1Rqn8Jy6zSMQxAsBSMQ=
gopkg.in/dancannon/gorethink.v3 v3.0.5/go.mod h1:GXsi1e3N2OcKhcP6nsYABTiUejbWMFO4GY5a4pEaeEc=
gopkg.in/fatih/pool.v2 v2.0.0 h1:xIFeWtxifuQJGk/IEPKsTduEKcKvPmhoiVDGpC40nKg=
gopkg.in/fatih/pool.v2 v2.0.0/go.mod h1:8xVGeu1/2jr2wm5V9SPuMht2H5AEmf5aFMGSQixtjTY=
gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
gopkg.in/gemnasium/logrus-airbrake-hook.v2 v2.1.2/go.mod h1:Xk6kEKp8OKb+X14hQBKWaSkCsqBpgog8nAV2xsGOxlo=
gopkg.in/gorethink/gorethink.v3 v3.0.5 h1:e2Uc/Xe+hpcVQFsj6MuHlYog3r0JYpnTzwDj/y2O4MU=
gopkg.in/gorethink/gorethink.v3 v3.0.5/go.mod h1:+3yIIHJUGMBK+wyPH+iN5TP+88ikFDfZdqTlK3Y9q8I=
gopkg.in/ini.v1 v1.55.0 h1:E8yzL5unfpW3M6fz/eB7Cb5MQAYSZ7GKo4Qth+N2sgQ=
gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.0.2 h1:kG1BFyqVHuQoVQiR1bWGnfz/fmHvvuiSPIV7rvl360E=
gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/kubernetes v1.13.0 h1:qTfB+u5M92k2fCCCVP2iuhgwwSOv1EkAkvQY1tQODD8=
k8s.io/kubernetes v1.13.0/go.mod h1:ocZa8+6APFNC2tX1DZASIbocyYT5jHzqFVsY5aoB7Jk=
vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787 h1:O69FD9pJA4WUZlEwYatBEEkRWKQ5cKodWpdKTrCS/iQ=
vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI=

12
ecs/golangci.yaml Normal file
View File

@ -0,0 +1,12 @@
run:
deadline: 2m
linters:
disable-all: true
enable:
- gofmt
- goimports
- golint
- gosimple
- ineffassign
- misspell

8
ecs/internal/version.go Normal file
View File

@ -0,0 +1,8 @@
package internal
var (
// Version is the git tag that this was built from.
Version = "unknown"
// GitCommit is the commit that this was built from.
GitCommit = "unknown"
)

8
ecs/pkg/amazon/amazon.go Normal file
View File

@ -0,0 +1,8 @@
package amazon
import (
"github.com/docker/ecs-plugin/pkg/amazon/backend"
"github.com/docker/ecs-plugin/pkg/compose"
)
var _ compose.API = &backend.Backend{}

30
ecs/pkg/amazon/backend/backend.go Normal file
View File

@ -0,0 +1,30 @@
package backend
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/docker/ecs-plugin/pkg/amazon/sdk"
)
func NewBackend(profile string, region string) (*Backend, error) {
sess, err := session.NewSessionWithOptions(session.Options{
Profile: profile,
SharedConfigState: session.SharedConfigEnable,
Config: aws.Config{
Region: aws.String(region),
},
})
if err != nil {
return nil, err
}
return &Backend{
Region: region,
api: sdk.NewAPI(sess),
}, nil
}
type Backend struct {
Region string
api sdk.API
}

590
ecs/pkg/amazon/backend/cloudformation.go Normal file
View File

@ -0,0 +1,590 @@
package backend
import (
"fmt"
"io/ioutil"
"regexp"
"strings"
ecsapi "github.com/aws/aws-sdk-go/service/ecs"
"github.com/aws/aws-sdk-go/service/elbv2"
cloudmapapi "github.com/aws/aws-sdk-go/service/servicediscovery"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ec2"
"github.com/awslabs/goformation/v4/cloudformation/ecs"
"github.com/awslabs/goformation/v4/cloudformation/elasticloadbalancingv2"
"github.com/awslabs/goformation/v4/cloudformation/iam"
"github.com/awslabs/goformation/v4/cloudformation/logs"
"github.com/awslabs/goformation/v4/cloudformation/secretsmanager"
cloudmap "github.com/awslabs/goformation/v4/cloudformation/servicediscovery"
"github.com/awslabs/goformation/v4/cloudformation/tags"
"github.com/compose-spec/compose-go/compatibility"
"github.com/compose-spec/compose-go/errdefs"
"github.com/compose-spec/compose-go/types"
"github.com/docker/ecs-plugin/pkg/compose"
"github.com/sirupsen/logrus"
)
const (
ParameterClusterName = "ParameterClusterName"
ParameterVPCId = "ParameterVPCId"
ParameterSubnet1Id = "ParameterSubnet1Id"
ParameterSubnet2Id = "ParameterSubnet2Id"
ParameterLoadBalancerARN = "ParameterLoadBalancerARN"
)
// Convert a compose project into a CloudFormation template
func (b Backend) Convert(project *types.Project) (*cloudformation.Template, error) {
var checker compatibility.Checker = &FargateCompatibilityChecker{
compatibility.AllowList{
Supported: compatibleComposeAttributes,
},
}
compatibility.Check(project, checker)
for _, err := range checker.Errors() {
if errdefs.IsIncompatibleError(err) {
logrus.Error(err.Error())
} else {
logrus.Warn(err.Error())
}
}
if !compatibility.IsCompatible(checker) {
return nil, fmt.Errorf("compose file is incompatible with Amazon ECS")
}
template := cloudformation.NewTemplate()
template.Description = "CloudFormation template created by Docker for deploying applications on Amazon ECS"
template.Parameters[ParameterClusterName] = cloudformation.Parameter{
Type: "String",
Description: "Name of the ECS cluster to deploy to (optional)",
}
template.Parameters[ParameterVPCId] = cloudformation.Parameter{
Type: "AWS::EC2::VPC::Id",
Description: "ID of the VPC",
}
/*
FIXME can't set subnets: Ref("SubnetIds") see https://github.com/awslabs/goformation/issues/282
template.Parameters["SubnetIds"] = cloudformation.Parameter{
Type: "List<AWS::EC2::Subnet::Id>",
Description: "The list of SubnetIds, for at least two Availability Zones in the region in your VPC",
}
*/
template.Parameters[ParameterSubnet1Id] = cloudformation.Parameter{
Type: "AWS::EC2::Subnet::Id",
Description: "SubnetId, for Availability Zone 1 in the region in your VPC",
}
template.Parameters[ParameterSubnet2Id] = cloudformation.Parameter{
Type: "AWS::EC2::Subnet::Id",
Description: "SubnetId, for Availability Zone 2 in the region in your VPC",
}
template.Parameters[ParameterLoadBalancerARN] = cloudformation.Parameter{
Type: "String",
Description: "Name of the LoadBalancer to connect to (optional)",
}
// Create Cluster is `ParameterClusterName` parameter is not set
template.Conditions["CreateCluster"] = cloudformation.Equals("", cloudformation.Ref(ParameterClusterName))
cluster := createCluster(project, template)
networks := map[string]string{}
for _, net := range project.Networks {
networks[net.Name] = convertNetwork(project, net, cloudformation.Ref(ParameterVPCId), template)
}
for i, s := range project.Secrets {
if s.External.External {
continue
}
secret, err := ioutil.ReadFile(s.File)
if err != nil {
return nil, err
}
name := fmt.Sprintf("%sSecret", normalizeResourceName(s.Name))
template.Resources[name] = &secretsmanager.Secret{
Description: "",
SecretString: string(secret),
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
},
}
s.Name = cloudformation.Ref(name)
project.Secrets[i] = s
}
createLogGroup(project, template)
// Private DNS namespace will allow DNS name for the services to be <service>.<project>.local
createCloudMap(project, template)
loadBalancerARN := createLoadBalancer(project, template)
for _, service := range project.Services {
definition, err := Convert(project, service)
if err != nil {
return nil, err
}
taskExecutionRole, err := createTaskExecutionRole(service, err, definition, template)
if err != nil {
return template, err
}
definition.ExecutionRoleArn = cloudformation.Ref(taskExecutionRole)
taskDefinition := fmt.Sprintf("%sTaskDefinition", normalizeResourceName(service.Name))
template.Resources[taskDefinition] = definition
var healthCheck *cloudmap.Service_HealthCheckConfig
if service.HealthCheck != nil && !service.HealthCheck.Disable {
// FIXME ECS only support HTTP(s) health checks, while Docker only support CMD
}
serviceRegistry := createServiceRegistry(service, template, healthCheck)
serviceSecurityGroups := []string{}
for net := range service.Networks {
serviceSecurityGroups = append(serviceSecurityGroups, networks[net])
}
dependsOn := []string{}
serviceLB := []ecs.Service_LoadBalancer{}
if len(service.Ports) > 0 {
for _, port := range service.Ports {
protocol := strings.ToUpper(port.Protocol)
if getLoadBalancerType(project) == elbv2.LoadBalancerTypeEnumApplication {
protocol = elbv2.ProtocolEnumHttps
if port.Published == 80 {
protocol = elbv2.ProtocolEnumHttp
}
}
if loadBalancerARN != "" {
targetGroupName := createTargetGroup(project, service, port, template, protocol)
listenerName := createListener(service, port, template, targetGroupName, loadBalancerARN, protocol)
dependsOn = append(dependsOn, listenerName)
serviceLB = append(serviceLB, ecs.Service_LoadBalancer{
ContainerName: service.Name,
ContainerPort: int(port.Target),
TargetGroupArn: cloudformation.Ref(targetGroupName),
})
}
}
}
desiredCount := 1
if service.Deploy != nil && service.Deploy.Replicas != nil {
desiredCount = int(*service.Deploy.Replicas)
}
for _, dependency := range service.DependsOn {
dependsOn = append(dependsOn, serviceResourceName(dependency))
}
minPercent, maxPercent, err := computeRollingUpdateLimits(service)
if err != nil {
return nil, err
}
template.Resources[serviceResourceName(service.Name)] = &ecs.Service{
AWSCloudFormationDependsOn: dependsOn,
Cluster: cluster,
DesiredCount: desiredCount,
DeploymentController: &ecs.Service_DeploymentController{
Type: ecsapi.DeploymentControllerTypeEcs,
},
DeploymentConfiguration: &ecs.Service_DeploymentConfiguration{
MaximumPercent: maxPercent,
MinimumHealthyPercent: minPercent,
},
LaunchType: ecsapi.LaunchTypeFargate,
LoadBalancers: serviceLB,
NetworkConfiguration: &ecs.Service_NetworkConfiguration{
AwsvpcConfiguration: &ecs.Service_AwsVpcConfiguration{
AssignPublicIp: ecsapi.AssignPublicIpEnabled,
SecurityGroups: serviceSecurityGroups,
Subnets: []string{
cloudformation.Ref(ParameterSubnet1Id),
cloudformation.Ref(ParameterSubnet2Id),
},
},
},
PropagateTags: ecsapi.PropagateTagsService,
SchedulingStrategy: ecsapi.SchedulingStrategyReplica,
ServiceRegistries: []ecs.Service_ServiceRegistry{serviceRegistry},
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
{
Key: compose.ServiceTag,
Value: service.Name,
},
},
TaskDefinition: cloudformation.Ref(normalizeResourceName(taskDefinition)),
}
}
return template, nil
}
func createLogGroup(project *types.Project, template *cloudformation.Template) {
retention := 0
if v, ok := project.Extensions[compose.ExtensionRetention]; ok {
retention = v.(int)
}
logGroup := fmt.Sprintf("/docker-compose/%s", project.Name)
template.Resources["LogGroup"] = &logs.LogGroup{
LogGroupName: logGroup,
RetentionInDays: retention,
}
}
func computeRollingUpdateLimits(service types.ServiceConfig) (int, int, error) {
maxPercent := 200
minPercent := 100
if service.Deploy == nil || service.Deploy.UpdateConfig == nil {
return minPercent, maxPercent, nil
}
updateConfig := service.Deploy.UpdateConfig
min, okMin := updateConfig.Extensions[compose.ExtensionMinPercent]
if okMin {
minPercent = min.(int)
}
max, okMax := updateConfig.Extensions[compose.ExtensionMaxPercent]
if okMax {
maxPercent = max.(int)
}
if okMin && okMax {
return minPercent, maxPercent, nil
}
if updateConfig.Parallelism != nil {
parallelism := int(*updateConfig.Parallelism)
if service.Deploy.Replicas == nil {
return minPercent, maxPercent,
fmt.Errorf("rolling update configuration require deploy.replicas to be set")
}
replicas := int(*service.Deploy.Replicas)
if replicas < parallelism {
return minPercent, maxPercent,
fmt.Errorf("deploy.replicas (%d) must be greater than deploy.update_config.parallelism (%d)", replicas, parallelism)
}
if !okMin {
minPercent = (replicas - parallelism) * 100 / replicas
}
if !okMax {
maxPercent = (replicas + parallelism) * 100 / replicas
}
}
return minPercent, maxPercent, nil
}
func getLoadBalancerType(project *types.Project) string {
for _, service := range project.Services {
for _, port := range service.Ports {
if port.Published != 80 && port.Published != 443 {
return elbv2.LoadBalancerTypeEnumNetwork
}
}
}
return elbv2.LoadBalancerTypeEnumApplication
}
func getLoadBalancerSecurityGroups(project *types.Project, template *cloudformation.Template) []string {
securityGroups := []string{}
for _, network := range project.Networks {
if !network.Internal {
net := convertNetwork(project, network, cloudformation.Ref(ParameterVPCId), template)
securityGroups = append(securityGroups, net)
}
}
return uniqueStrings(securityGroups)
}
func createLoadBalancer(project *types.Project, template *cloudformation.Template) string {
ports := 0
for _, service := range project.Services {
ports += len(service.Ports)
}
if ports == 0 {
// Project do not expose any port (batch jobs?)
// So no need to create a LoadBalancer
return ""
}
// load balancer names are limited to 32 characters total
loadBalancerName := fmt.Sprintf("%.32s", fmt.Sprintf("%sLoadBalancer", strings.Title(project.Name)))
// Create LoadBalancer if `ParameterLoadBalancerName` is not set
template.Conditions["CreateLoadBalancer"] = cloudformation.Equals("", cloudformation.Ref(ParameterLoadBalancerARN))
loadBalancerType := getLoadBalancerType(project)
securityGroups := []string{}
if loadBalancerType == elbv2.LoadBalancerTypeEnumApplication {
securityGroups = getLoadBalancerSecurityGroups(project, template)
}
template.Resources[loadBalancerName] = &elasticloadbalancingv2.LoadBalancer{
Name: loadBalancerName,
Scheme: elbv2.LoadBalancerSchemeEnumInternetFacing,
SecurityGroups: securityGroups,
Subnets: []string{
cloudformation.Ref(ParameterSubnet1Id),
cloudformation.Ref(ParameterSubnet2Id),
},
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
},
Type: loadBalancerType,
AWSCloudFormationCondition: "CreateLoadBalancer",
}
return cloudformation.If("CreateLoadBalancer", cloudformation.Ref(loadBalancerName), cloudformation.Ref(ParameterLoadBalancerARN))
}
func createListener(service types.ServiceConfig, port types.ServicePortConfig, template *cloudformation.Template, targetGroupName string, loadBalancerARN string, protocol string) string {
listenerName := fmt.Sprintf(
"%s%s%dListener",
normalizeResourceName(service.Name),
strings.ToUpper(port.Protocol),
port.Target,
)
//add listener to dependsOn
//https://stackoverflow.com/questions/53971873/the-target-group-does-not-have-an-associated-load-balancer
template.Resources[listenerName] = &elasticloadbalancingv2.Listener{
DefaultActions: []elasticloadbalancingv2.Listener_Action{
{
ForwardConfig: &elasticloadbalancingv2.Listener_ForwardConfig{
TargetGroups: []elasticloadbalancingv2.Listener_TargetGroupTuple{
{
TargetGroupArn: cloudformation.Ref(targetGroupName),
},
},
},
Type: elbv2.ActionTypeEnumForward,
},
},
LoadBalancerArn: loadBalancerARN,
Protocol: protocol,
Port: int(port.Target),
}
return listenerName
}
func createTargetGroup(project *types.Project, service types.ServiceConfig, port types.ServicePortConfig, template *cloudformation.Template, protocol string) string {
targetGroupName := fmt.Sprintf(
"%s%s%dTargetGroup",
normalizeResourceName(service.Name),
strings.ToUpper(port.Protocol),
port.Published,
)
template.Resources[targetGroupName] = &elasticloadbalancingv2.TargetGroup{
Port: int(port.Target),
Protocol: protocol,
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
},
VpcId: cloudformation.Ref(ParameterVPCId),
TargetType: elbv2.TargetTypeEnumIp,
}
return targetGroupName
}
func createServiceRegistry(service types.ServiceConfig, template *cloudformation.Template, healthCheck *cloudmap.Service_HealthCheckConfig) ecs.Service_ServiceRegistry {
serviceRegistration := fmt.Sprintf("%sServiceDiscoveryEntry", normalizeResourceName(service.Name))
serviceRegistry := ecs.Service_ServiceRegistry{
RegistryArn: cloudformation.GetAtt(serviceRegistration, "Arn"),
}
template.Resources[serviceRegistration] = &cloudmap.Service{
Description: fmt.Sprintf("%q service discovery entry in Cloud Map", service.Name),
HealthCheckConfig: healthCheck,
HealthCheckCustomConfig: &cloudmap.Service_HealthCheckCustomConfig{
FailureThreshold: 1,
},
Name: service.Name,
NamespaceId: cloudformation.Ref("CloudMap"),
DnsConfig: &cloudmap.Service_DnsConfig{
DnsRecords: []cloudmap.Service_DnsRecord{
{
TTL: 60,
Type: cloudmapapi.RecordTypeA,
},
},
RoutingPolicy: cloudmapapi.RoutingPolicyMultivalue,
},
}
return serviceRegistry
}
func createTaskExecutionRole(service types.ServiceConfig, err error, definition *ecs.TaskDefinition, template *cloudformation.Template) (string, error) {
taskExecutionRole := fmt.Sprintf("%sTaskExecutionRole", normalizeResourceName(service.Name))
policy, err := getPolicy(definition)
if err != nil {
return taskExecutionRole, err
}
rolePolicies := []iam.Role_Policy{}
if policy != nil {
rolePolicies = append(rolePolicies, iam.Role_Policy{
PolicyDocument: policy,
PolicyName: fmt.Sprintf("%sGrantAccessToSecrets", service.Name),
})
}
if roles, ok := service.Extensions[compose.ExtensionRole]; ok {
rolePolicies = append(rolePolicies, iam.Role_Policy{
PolicyDocument: roles,
})
}
managedPolicies := []string{
ECSTaskExecutionPolicy,
ECRReadOnlyPolicy,
}
if v, ok := service.Extensions[compose.ExtensionManagedPolicies]; ok {
for _, s := range v.([]interface{}) {
managedPolicies = append(managedPolicies, s.(string))
}
}
template.Resources[taskExecutionRole] = &iam.Role{
AssumeRolePolicyDocument: assumeRolePolicyDocument,
Policies: rolePolicies,
ManagedPolicyArns: managedPolicies,
}
return taskExecutionRole, nil
}
func createCluster(project *types.Project, template *cloudformation.Template) string {
template.Resources["Cluster"] = &ecs.Cluster{
ClusterName: project.Name,
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
},
AWSCloudFormationCondition: "CreateCluster",
}
cluster := cloudformation.If("CreateCluster", cloudformation.Ref("Cluster"), cloudformation.Ref(ParameterClusterName))
return cluster
}
func createCloudMap(project *types.Project, template *cloudformation.Template) {
template.Resources["CloudMap"] = &cloudmap.PrivateDnsNamespace{
Description: fmt.Sprintf("Service Map for Docker Compose project %s", project.Name),
Name: fmt.Sprintf("%s.local", project.Name),
Vpc: cloudformation.Ref(ParameterVPCId),
}
}
func convertNetwork(project *types.Project, net types.NetworkConfig, vpc string, template *cloudformation.Template) string {
if sg, ok := net.Extensions[compose.ExtensionSecurityGroup]; ok {
logrus.Debugf("Security Group for network %q set by user to %q", net.Name, sg)
return sg.(string)
}
var ingresses []ec2.SecurityGroup_Ingress
if !net.Internal {
for _, service := range project.Services {
if _, ok := service.Networks[net.Name]; ok {
for _, port := range service.Ports {
ingresses = append(ingresses, ec2.SecurityGroup_Ingress{
CidrIp: "0.0.0.0/0",
Description: fmt.Sprintf("%s:%d/%s", service.Name, port.Target, port.Protocol),
FromPort: int(port.Target),
IpProtocol: strings.ToUpper(port.Protocol),
ToPort: int(port.Target),
})
}
}
}
}
securityGroup := networkResourceName(project, net.Name)
template.Resources[securityGroup] = &ec2.SecurityGroup{
GroupDescription: fmt.Sprintf("%s %s Security Group", project.Name, net.Name),
GroupName: securityGroup,
SecurityGroupIngress: ingresses,
VpcId: vpc,
Tags: []tags.Tag{
{
Key: compose.ProjectTag,
Value: project.Name,
},
{
Key: compose.NetworkTag,
Value: net.Name,
},
},
}
ingress := securityGroup + "Ingress"
template.Resources[ingress] = &ec2.SecurityGroupIngress{
Description: fmt.Sprintf("Allow communication within network %s", net.Name),
IpProtocol: "-1", // all protocols
GroupId: cloudformation.Ref(securityGroup),
SourceSecurityGroupId: cloudformation.Ref(securityGroup),
}
return cloudformation.Ref(securityGroup)
}
func networkResourceName(project *types.Project, network string) string {
return fmt.Sprintf("%s%sNetwork", normalizeResourceName(project.Name), normalizeResourceName(network))
}
func serviceResourceName(dependency string) string {
return fmt.Sprintf("%sService", normalizeResourceName(dependency))
}
func normalizeResourceName(s string) string {
return strings.Title(regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString(s, ""))
}
func getPolicy(taskDef *ecs.TaskDefinition) (*PolicyDocument, error) {
arns := []string{}
for _, container := range taskDef.ContainerDefinitions {
if container.RepositoryCredentials != nil {
arns = append(arns, container.RepositoryCredentials.CredentialsParameter)
}
if len(container.Secrets) > 0 {
for _, s := range container.Secrets {
arns = append(arns, s.ValueFrom)
}
}
}
if len(arns) > 0 {
return &PolicyDocument{
Statement: []PolicyStatement{
{
Effect: "Allow",
Action: []string{ActionGetSecretValue, ActionGetParameters, ActionDecrypt},
Resource: arns,
}},
}, nil
}
return nil, nil
}
func uniqueStrings(items []string) []string {
keys := make(map[string]bool)
unique := []string{}
for _, item := range items {
if _, val := keys[item]; !val {
keys[item] = true
unique = append(unique, item)
}
}
return unique
}

373
ecs/pkg/amazon/backend/cloudformation_test.go Normal file
View File

@ -0,0 +1,373 @@
package backend
import (
"fmt"
"reflect"
"testing"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ec2"
"github.com/awslabs/goformation/v4/cloudformation/ecs"
"github.com/awslabs/goformation/v4/cloudformation/elasticloadbalancingv2"
"github.com/awslabs/goformation/v4/cloudformation/iam"
"github.com/awslabs/goformation/v4/cloudformation/logs"
"github.com/compose-spec/compose-go/cli"
"github.com/compose-spec/compose-go/loader"
"github.com/compose-spec/compose-go/types"
"github.com/docker/ecs-plugin/pkg/compose"
"gotest.tools/v3/assert"
"gotest.tools/v3/golden"
)
func TestSimpleConvert(t *testing.T) {
project := load(t, "testdata/input/simple-single-service.yaml")
result := convertResultAsString(t, project)
expected := "simple/simple-cloudformation-conversion.golden"
golden.Assert(t, result, expected)
}
func TestLogging(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
logging:
options:
awslogs-datetime-pattern: "FOO"
x-aws-logs_retention: 10
`)
def := template.Resources["FooTaskDefinition"].(*ecs.TaskDefinition)
logging := def.ContainerDefinitions[0].LogConfiguration
assert.Equal(t, logging.Options["awslogs-datetime-pattern"], "FOO")
logGroup := template.Resources["LogGroup"].(*logs.LogGroup)
assert.Equal(t, logGroup.RetentionInDays, 10)
}
func TestEnvFile(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
env_file:
- testdata/input/envfile
`)
def := template.Resources["FooTaskDefinition"].(*ecs.TaskDefinition)
env := def.ContainerDefinitions[0].Environment
var found bool
for _, pair := range env {
if pair.Name == "FOO" {
assert.Equal(t, pair.Value, "BAR")
found = true
}
}
assert.Check(t, found, "environment variable FOO not set")
}
func TestEnvFileAndEnv(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
env_file:
- testdata/input/envfile
environment:
- "FOO=ZOT"
`)
def := template.Resources["FooTaskDefinition"].(*ecs.TaskDefinition)
env := def.ContainerDefinitions[0].Environment
var found bool
for _, pair := range env {
if pair.Name == "FOO" {
assert.Equal(t, pair.Value, "ZOT")
found = true
}
}
assert.Check(t, found, "environment variable FOO not set")
}
func TestRollingUpdateLimits(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
deploy:
replicas: 4
update_config:
parallelism: 2
`)
service := template.Resources["FooService"].(*ecs.Service)
assert.Check(t, service.DeploymentConfiguration.MaximumPercent == 150)
assert.Check(t, service.DeploymentConfiguration.MinimumHealthyPercent == 50)
}
func TestRollingUpdateExtension(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
deploy:
update_config:
x-aws-min_percent: 25
x-aws-max_percent: 125
`)
service := template.Resources["FooService"].(*ecs.Service)
assert.Check(t, service.DeploymentConfiguration.MaximumPercent == 125)
assert.Check(t, service.DeploymentConfiguration.MinimumHealthyPercent == 25)
}
func TestRolePolicy(t *testing.T) {
template := convertYaml(t, "test", `
services:
foo:
image: hello_world
x-aws-pull_credentials: "secret"
`)
role := template.Resources["FooTaskExecutionRole"].(*iam.Role)
assert.Check(t, role != nil)
assert.Check(t, role.ManagedPolicyArns[0] == ECSTaskExecutionPolicy)
assert.Check(t, role.ManagedPolicyArns[1] == ECRReadOnlyPolicy)
// We expect an extra policy has been created for x-aws-pull_credentials
assert.Check(t, len(role.Policies) == 1)
policy := role.Policies[0].PolicyDocument.(*PolicyDocument)
expected := []string{"secretsmanager:GetSecretValue", "ssm:GetParameters", "kms:Decrypt"}
assert.DeepEqual(t, expected, policy.Statement[0].Action)
assert.DeepEqual(t, []string{"secret"}, policy.Statement[0].Resource)
}
func TestMapNetworksToSecurityGroups(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: hello_world
networks:
- front-tier
- back-tier
networks:
front-tier:
name: public
back-tier:
internal: true
`)
assert.Check(t, template.Resources["TestPublicNetwork"] != nil)
assert.Check(t, template.Resources["TestBacktierNetwork"] != nil)
assert.Check(t, template.Resources["TestBacktierNetworkIngress"] != nil)
ingress := template.Resources["TestPublicNetworkIngress"].(*ec2.SecurityGroupIngress)
assert.Check(t, ingress != nil)
assert.Check(t, ingress.SourceSecurityGroupId == cloudformation.Ref("TestPublicNetwork"))
}
func TestLoadBalancerTypeApplication(t *testing.T) {
template := convertYaml(t, "test123456789009876543211234567890", `
services:
test:
image: nginx
ports:
- 80:80
`)
lb := template.Resources["TestLoadBalancer"].(*elasticloadbalancingv2.LoadBalancer)
assert.Check(t, lb != nil)
assert.Check(t, len(lb.Name) <= 32)
assert.Check(t, lb.Type == elbv2.LoadBalancerTypeEnumApplication)
assert.Check(t, len(lb.SecurityGroups) > 0)
}
func TestNoLoadBalancerIfNoPortExposed(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: nginx
foo:
image: bar
`)
for _, r := range template.Resources {
assert.Check(t, r.AWSCloudFormationType() != "AWS::ElasticLoadBalancingV2::TargetGroup")
assert.Check(t, r.AWSCloudFormationType() != "AWS::ElasticLoadBalancingV2::Listener")
assert.Check(t, r.AWSCloudFormationType() != "AWS::ElasticLoadBalancingV2::LoadBalancer")
}
}
func TestServiceReplicas(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: nginx
deploy:
replicas: 10
`)
s := template.Resources["TestService"].(*ecs.Service)
assert.Check(t, s != nil)
assert.Check(t, s.DesiredCount == 10)
}
func TestTaskSizeConvert(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: nginx
deploy:
resources:
limits:
cpus: '0.5'
memory: 2048M
reservations:
cpus: '0.5'
memory: 2048M
`)
def := template.Resources["TestTaskDefinition"].(*ecs.TaskDefinition)
assert.Equal(t, def.Cpu, "512")
assert.Equal(t, def.Memory, "2048")
template = convertYaml(t, "test", `
services:
test:
image: nginx
deploy:
resources:
limits:
cpus: '4'
memory: 8192M
reservations:
cpus: '4'
memory: 8192M
`)
def = template.Resources["TestTaskDefinition"].(*ecs.TaskDefinition)
assert.Equal(t, def.Cpu, "4096")
assert.Equal(t, def.Memory, "8192")
}
func TestTaskSizeConvertFailure(t *testing.T) {
model := loadConfig(t, "test", `
services:
test:
image: nginx
deploy:
resources:
limits:
cpus: '0.5'
memory: 2043248M
`)
_, err := Backend{}.Convert(model)
assert.ErrorContains(t, err, "the resources requested are not supported by ECS/Fargate")
}
func TestLoadBalancerTypeNetwork(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: nginx
ports:
- 80:80
- 88:88
`)
lb := template.Resources["TestLoadBalancer"].(*elasticloadbalancingv2.LoadBalancer)
assert.Check(t, lb != nil)
assert.Check(t, lb.Type == elbv2.LoadBalancerTypeEnumNetwork)
}
func TestServiceMapping(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: "image"
command: "command"
entrypoint: "entrypoint"
environment:
- "FOO=BAR"
cap_add:
- SYS_PTRACE
cap_drop:
- SYSLOG
init: true
user: "user"
working_dir: "working_dir"
`)
def := template.Resources["TestTaskDefinition"].(*ecs.TaskDefinition)
container := def.ContainerDefinitions[0]
assert.Equal(t, container.Image, "image")
assert.Equal(t, container.Command[0], "command")
assert.Equal(t, container.EntryPoint[0], "entrypoint")
assert.Equal(t, get(container.Environment, "FOO"), "BAR")
assert.Check(t, container.LinuxParameters.InitProcessEnabled)
assert.Equal(t, container.LinuxParameters.Capabilities.Add[0], "SYS_PTRACE")
assert.Equal(t, container.LinuxParameters.Capabilities.Drop[0], "SYSLOG")
assert.Equal(t, container.User, "user")
assert.Equal(t, container.WorkingDirectory, "working_dir")
}
func get(l []ecs.TaskDefinition_KeyValuePair, name string) string {
for _, e := range l {
if e.Name == name {
return e.Value
}
}
return ""
}
func TestResourcesHaveProjectTagSet(t *testing.T) {
template := convertYaml(t, "test", `
services:
test:
image: nginx
ports:
- 80:80
- 88:88
`)
for _, r := range template.Resources {
tags := reflect.Indirect(reflect.ValueOf(r)).FieldByName("Tags")
if !tags.IsValid() {
continue
}
for i := 0; i < tags.Len(); i++ {
k := tags.Index(i).FieldByName("Key").String()
v := tags.Index(i).FieldByName("Value").String()
if k == compose.ProjectTag {
assert.Equal(t, v, "Test")
}
}
}
}
func convertResultAsString(t *testing.T, project *types.Project) string {
backend, err := NewBackend("", "")
assert.NilError(t, err)
result, err := backend.Convert(project)
assert.NilError(t, err)
resultAsJSON, err := result.JSON()
assert.NilError(t, err)
return fmt.Sprintf("%s\n", string(resultAsJSON))
}
func load(t *testing.T, paths ...string) *types.Project {
options := cli.ProjectOptions{
Name: t.Name(),
ConfigPaths: paths,
}
project, err := cli.ProjectFromOptions(&options)
assert.NilError(t, err)
return project
}
func convertYaml(t *testing.T, name string, yaml string) *cloudformation.Template {
model := loadConfig(t, name, yaml)
template, err := Backend{}.Convert(model)
assert.NilError(t, err)
return template
}
func loadConfig(t *testing.T, name string, yaml string) *types.Project {
dict, err := loader.ParseYAML([]byte(yaml))
assert.NilError(t, err)
model, err := loader.Load(types.ConfigDetails{
ConfigFiles: []types.ConfigFile{
{Config: dict},
},
}, func(options *loader.Options) {
options.Name = "Test"
})
assert.NilError(t, err)
return model
}

87
ecs/pkg/amazon/backend/compatibility.go Normal file
View File

@ -0,0 +1,87 @@
package backend
import (
"github.com/compose-spec/compose-go/compatibility"
"github.com/compose-spec/compose-go/types"
)
type FargateCompatibilityChecker struct {
compatibility.AllowList
}
var compatibleComposeAttributes = []string{
"services.command",
"services.container_name",
"services.cap_drop",
"services.depends_on",
"services.deploy",
"services.deploy.replicas",
"services.deploy.resources.limits",
"services.deploy.resources.limits.cpus",
"services.deploy.resources.limits.memory",
"services.deploy.resources.reservations",
"services.deploy.resources.reservations.cpus",
"services.deploy.resources.reservations.memory",
"services.deploy.update_config",
"services.deploy.update_config.parallelism",
"services.entrypoint",
"services.environment",
"services.env_file",
"services.healthcheck",
"services.healthcheck.interval",
"services.healthcheck.retries",
"services.healthcheck.start_period",
"services.healthcheck.test",
"services.healthcheck.timeout",
"services.image",
"services.init",
"services.logging",
"services.logging.options",
"services.networks",
"services.ports",
"services.ports.mode",
"services.ports.target",
"services.ports.protocol",
"services.secrets",
"services.secrets.source",
"services.secrets.target",
"services.user",
"services.working_dir",
"secrets.external",
"secrets.name",
"secrets.file",
}
func (c *FargateCompatibilityChecker) CheckImage(service *types.ServiceConfig) {
if service.Image == "" {
c.Incompatible("service %s doesn't define a Docker image to run", service.Name)
}
}
func (c *FargateCompatibilityChecker) CheckPortsPublished(p *types.ServicePortConfig) {
if p.Published == 0 {
p.Published = p.Target
}
if p.Published != p.Target {
c.Incompatible("published port can't be set to a distinct value than container port")
}
}
func (c *FargateCompatibilityChecker) CheckCapAdd(service *types.ServiceConfig) {
add := []string{}
for _, cap := range service.CapAdd {
switch cap {
case "SYS_PTRACE":
add = append(add, cap)
default:
c.Incompatible("ECS doesn't allow to add capability %s", cap)
}
}
service.CapAdd = add
}
func (c *FargateCompatibilityChecker) CheckLoggingDriver(config *types.LoggingConfig) {
if config.Driver != "" && config.Driver != "awslogs" {
c.Unsupported("services.logging.driver %s is not supported", config.Driver)
}
}

33
ecs/pkg/amazon/backend/context.go Normal file
View File

@ -0,0 +1,33 @@
package backend
import (
"context"
"fmt"
"github.com/docker/ecs-plugin/pkg/docker"
)
const (
ContextParamRegion = "region"
ContextParamProfile = "profile"
)
func (b *Backend) CreateContextData(ctx context.Context, params map[string]string) (contextData interface{}, description string, err error) {
region, ok := params[ContextParamRegion]
if !ok {
return nil, "", fmt.Errorf("%q parameter is required", ContextParamRegion)
}
profile, ok := params[ContextParamProfile]
if !ok {
return nil, "", fmt.Errorf("%q parameter is required", ContextParamProfile)
}
err = b.api.CheckRequirements(ctx, region)
if err != nil {
return "", "", err
}
return docker.AwsContext{
Profile: profile,
Region: region,
}, "Amazon ECS context", nil
}

464
ecs/pkg/amazon/backend/convert.go Normal file
View File

@ -0,0 +1,464 @@
package backend
import (
"encoding/json"
"fmt"
"os"
"path/filepath"
"sort"
"strconv"
"strings"
"time"
"github.com/aws/aws-sdk-go/aws"
ecsapi "github.com/aws/aws-sdk-go/service/ecs"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation/ecs"
"github.com/awslabs/goformation/v4/cloudformation/tags"
"github.com/compose-spec/compose-go/types"
"github.com/docker/cli/opts"
"github.com/docker/ecs-plugin/pkg/compose"
"github.com/docker/ecs-plugin/secrets"
"github.com/joho/godotenv"
)
const secretsInitContainerImage = "docker/ecs-secrets-sidecar"
func Convert(project *types.Project, service types.ServiceConfig) (*ecs.TaskDefinition, error) {
cpu, mem, err := toLimits(service)
if err != nil {
return nil, err
}
_, memReservation, err := toContainerReservation(service)
if err != nil {
return nil, err
}
credential := getRepoCredentials(service)
// override resolve.conf search directive to also search <project>.local
// TODO remove once ECS support hostname-only service discovery
service.Environment["LOCALDOMAIN"] = aws.String(
cloudformation.Join("", []string{
cloudformation.Ref("AWS::Region"),
".compute.internal",
fmt.Sprintf(" %s.local", project.Name),
}))
logConfiguration := getLogConfiguration(service, project)
var (
containers []ecs.TaskDefinition_ContainerDefinition
volumes []ecs.TaskDefinition_Volume
mounts []ecs.TaskDefinition_MountPoint
initContainers []ecs.TaskDefinition_ContainerDependency
)
if len(service.Secrets) > 0 {
initContainerName := fmt.Sprintf("%s_Secrets_InitContainer", normalizeResourceName(service.Name))
volumes = append(volumes, ecs.TaskDefinition_Volume{
Name: "secrets",
})
mounts = append(mounts, ecs.TaskDefinition_MountPoint{
ContainerPath: "/run/secrets/",
ReadOnly: true,
SourceVolume: "secrets",
})
initContainers = append(initContainers, ecs.TaskDefinition_ContainerDependency{
Condition: ecsapi.ContainerConditionSuccess,
ContainerName: initContainerName,
})
var (
args []secrets.Secret
taskSecrets []ecs.TaskDefinition_Secret
)
for _, s := range service.Secrets {
secretConfig := project.Secrets[s.Source]
if s.Target == "" {
s.Target = s.Source
}
taskSecrets = append(taskSecrets, ecs.TaskDefinition_Secret{
Name: s.Target,
ValueFrom: secretConfig.Name,
})
var keys []string
if ext, ok := secretConfig.Extensions[compose.ExtensionKeys]; ok {
if key, ok := ext.(string); ok {
keys = append(keys, key)
} else {
for _, k := range ext.([]interface{}) {
keys = append(keys, k.(string))
}
}
}
args = append(args, secrets.Secret{
Name: s.Target,
Keys: keys,
})
}
command, err := json.Marshal(args)
if err != nil {
return nil, err
}
containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
Name: initContainerName,
Image: secretsInitContainerImage,
Command: []string{string(command)},
Essential: false, // FIXME this will be ignored, see https://github.com/awslabs/goformation/issues/61#issuecomment-625139607
LogConfiguration: logConfiguration,
MountPoints: []ecs.TaskDefinition_MountPoint{
{
ContainerPath: "/run/secrets/",
ReadOnly: false,
SourceVolume: "secrets",
},
},
Secrets: taskSecrets,
})
}
pairs, err := createEnvironment(project, service)
if err != nil {
return nil, err
}
containers = append(containers, ecs.TaskDefinition_ContainerDefinition{
Command: service.Command,
DisableNetworking: service.NetworkMode == "none",
DependsOnProp: initContainers,
DnsSearchDomains: service.DNSSearch,
DnsServers: service.DNS,
DockerSecurityOptions: service.SecurityOpt,
EntryPoint: service.Entrypoint,
Environment: pairs,
Essential: true,
ExtraHosts: toHostEntryPtr(service.ExtraHosts),
FirelensConfiguration: nil,
HealthCheck: toHealthCheck(service.HealthCheck),
Hostname: service.Hostname,
Image: service.Image,
Interactive: false,
Links: nil,
LinuxParameters: toLinuxParameters(service),
LogConfiguration: logConfiguration,
MemoryReservation: memReservation,
MountPoints: mounts,
Name: service.Name,
PortMappings: toPortMappings(service.Ports),
Privileged: service.Privileged,
PseudoTerminal: service.Tty,
ReadonlyRootFilesystem: service.ReadOnly,
RepositoryCredentials: credential,
ResourceRequirements: nil,
StartTimeout: 0,
StopTimeout: durationToInt(service.StopGracePeriod),
SystemControls: toSystemControls(service.Sysctls),
Ulimits: toUlimits(service.Ulimits),
User: service.User,
VolumesFrom: nil,
WorkingDirectory: service.WorkingDir,
})
return &ecs.TaskDefinition{
ContainerDefinitions: containers,
Cpu: cpu,
Family: fmt.Sprintf("%s-%s", project.Name, service.Name),
IpcMode: service.Ipc,
Memory: mem,
NetworkMode: ecsapi.NetworkModeAwsvpc, // FIXME could be set by service.NetworkMode, Fargate only supports network mode awsvpc.
PidMode: service.Pid,
PlacementConstraints: toPlacementConstraints(service.Deploy),
ProxyConfiguration: nil,
RequiresCompatibilities: []string{ecsapi.LaunchTypeFargate},
Volumes: volumes,
}, nil
}
func createEnvironment(project *types.Project, service types.ServiceConfig) ([]ecs.TaskDefinition_KeyValuePair, error) {
environment := map[string]*string{}
for _, f := range service.EnvFile {
if !filepath.IsAbs(f) {
f = filepath.Join(project.WorkingDir, f)
}
if _, err := os.Stat(f); os.IsNotExist(err) {
return nil, err
}
file, err := os.Open(f)
if err != nil {
return nil, err
}
defer file.Close()
env, err := godotenv.Parse(file)
if err != nil {
return nil, err
}
for k, v := range env {
environment[k] = &v
}
}
for k, v := range service.Environment {
environment[k] = v
}
var pairs []ecs.TaskDefinition_KeyValuePair
for k, v := range environment {
name := k
var value string
if v != nil {
value = *v
}
pairs = append(pairs, ecs.TaskDefinition_KeyValuePair{
Name: name,
Value: value,
})
}
return pairs, nil
}
func getLogConfiguration(service types.ServiceConfig, project *types.Project) *ecs.TaskDefinition_LogConfiguration {
options := map[string]string{
"awslogs-region": cloudformation.Ref("AWS::Region"),
"awslogs-group": cloudformation.Ref("LogGroup"),
"awslogs-stream-prefix": project.Name,
}
if service.Logging != nil {
for k, v := range service.Logging.Options {
if strings.HasPrefix(k, "awslogs-") {
options[k] = v
}
}
}
logConfiguration := &ecs.TaskDefinition_LogConfiguration{
LogDriver: ecsapi.LogDriverAwslogs,
Options: options,
}
return logConfiguration
}
func toTags(labels types.Labels) []tags.Tag {
t := []tags.Tag{}
for n, v := range labels {
t = append(t, tags.Tag{
Key: n,
Value: v,
})
}
return t
}
func toSystemControls(sysctls types.Mapping) []ecs.TaskDefinition_SystemControl {
sys := []ecs.TaskDefinition_SystemControl{}
for k, v := range sysctls {
sys = append(sys, ecs.TaskDefinition_SystemControl{
Namespace: k,
Value: v,
})
}
return sys
}
const MiB = 1024 * 1024
func toLimits(service types.ServiceConfig) (string, string, error) {
// All possible cpu/mem values for Fargate
cpuToMem := map[int64][]types.UnitBytes{
256: {512, 1024, 2048},
512: {1024, 2048, 3072, 4096},
1024: {2048, 3072, 4096, 5120, 6144, 7168, 8192},
2048: {4096, 5120, 6144, 7168, 8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384},
4096: {8192, 9216, 10240, 11264, 12288, 13312, 14336, 15360, 16384, 17408, 18432, 19456, 20480, 21504, 22528, 23552, 24576, 25600, 26624, 27648, 28672, 29696, 30720},
}
cpuLimit := "256"
memLimit := "512"
if service.Deploy == nil {
return cpuLimit, memLimit, nil
}
limits := service.Deploy.Resources.Limits
if limits == nil {
return cpuLimit, memLimit, nil
}
if limits.NanoCPUs == "" {
return cpuLimit, memLimit, nil
}
v, err := opts.ParseCPUs(limits.NanoCPUs)
if err != nil {
return "", "", err
}
var cpus []int64
for k := range cpuToMem {
cpus = append(cpus, k)
}
sort.Slice(cpus, func(i, j int) bool { return cpus[i] < cpus[j] })
for _, cpu := range cpus {
mem := cpuToMem[cpu]
if v <= cpu*MiB {
for _, m := range mem {
if limits.MemoryBytes <= m*MiB {
cpuLimit = strconv.FormatInt(cpu, 10)
memLimit = strconv.FormatInt(int64(m), 10)
return cpuLimit, memLimit, nil
}
}
}
}
return "", "", fmt.Errorf("the resources requested are not supported by ECS/Fargate")
}
func toContainerReservation(service types.ServiceConfig) (string, int, error) {
cpuReservation := ".0"
memReservation := 0
if service.Deploy == nil {
return cpuReservation, memReservation, nil
}
reservations := service.Deploy.Resources.Reservations
if reservations == nil {
return cpuReservation, memReservation, nil
}
return reservations.NanoCPUs, int(reservations.MemoryBytes / MiB), nil
}
func toRequiresCompatibilities(isolation string) []*string {
if isolation == "" {
return nil
}
return []*string{&isolation}
}
func toPlacementConstraints(deploy *types.DeployConfig) []ecs.TaskDefinition_TaskDefinitionPlacementConstraint {
if deploy == nil || deploy.Placement.Constraints == nil || len(deploy.Placement.Constraints) == 0 {
return nil
}
pl := []ecs.TaskDefinition_TaskDefinitionPlacementConstraint{}
for _, c := range deploy.Placement.Constraints {
pl = append(pl, ecs.TaskDefinition_TaskDefinitionPlacementConstraint{
Expression: c,
Type: "",
})
}
return pl
}
func toPortMappings(ports []types.ServicePortConfig) []ecs.TaskDefinition_PortMapping {
if len(ports) == 0 {
return nil
}
m := []ecs.TaskDefinition_PortMapping{}
for _, p := range ports {
m = append(m, ecs.TaskDefinition_PortMapping{
ContainerPort: int(p.Target),
HostPort: int(p.Published),
Protocol: p.Protocol,
})
}
return m
}
func toUlimits(ulimits map[string]*types.UlimitsConfig) []ecs.TaskDefinition_Ulimit {
if len(ulimits) == 0 {
return nil
}
u := []ecs.TaskDefinition_Ulimit{}
for k, v := range ulimits {
u = append(u, ecs.TaskDefinition_Ulimit{
Name: k,
SoftLimit: v.Soft,
HardLimit: v.Hard,
})
}
return u
}
func toLinuxParameters(service types.ServiceConfig) *ecs.TaskDefinition_LinuxParameters {
return &ecs.TaskDefinition_LinuxParameters{
Capabilities: toKernelCapabilities(service.CapAdd, service.CapDrop),
Devices: nil,
InitProcessEnabled: service.Init != nil && *service.Init,
MaxSwap: 0,
// FIXME SharedMemorySize: service.ShmSize,
Swappiness: 0,
Tmpfs: toTmpfs(service.Tmpfs),
}
}
func toTmpfs(tmpfs types.StringList) []ecs.TaskDefinition_Tmpfs {
if tmpfs == nil || len(tmpfs) == 0 {
return nil
}
o := []ecs.TaskDefinition_Tmpfs{}
for _, path := range tmpfs {
o = append(o, ecs.TaskDefinition_Tmpfs{
ContainerPath: path,
Size: 100, // size is required on ECS, unlimited by the compose spec
})
}
return o
}
func toKernelCapabilities(add []string, drop []string) *ecs.TaskDefinition_KernelCapabilities {
if len(add) == 0 && len(drop) == 0 {
return nil
}
return &ecs.TaskDefinition_KernelCapabilities{
Add: add,
Drop: drop,
}
}
func toHealthCheck(check *types.HealthCheckConfig) *ecs.TaskDefinition_HealthCheck {
if check == nil {
return nil
}
retries := 0
if check.Retries != nil {
retries = int(*check.Retries)
}
return &ecs.TaskDefinition_HealthCheck{
Command: check.Test,
Interval: durationToInt(check.Interval),
Retries: retries,
StartPeriod: durationToInt(check.StartPeriod),
Timeout: durationToInt(check.Timeout),
}
}
func durationToInt(interval *types.Duration) int {
if interval == nil {
return 0
}
v := int(time.Duration(*interval).Seconds())
return v
}
func toHostEntryPtr(hosts types.HostsList) []ecs.TaskDefinition_HostEntry {
if hosts == nil || len(hosts) == 0 {
return nil
}
e := []ecs.TaskDefinition_HostEntry{}
for _, h := range hosts {
parts := strings.SplitN(h, ":", 2) // FIXME this should be handled by compose-go
e = append(e, ecs.TaskDefinition_HostEntry{
Hostname: parts[0],
IpAddress: parts[1],
})
}
return e
}
func getRepoCredentials(service types.ServiceConfig) *ecs.TaskDefinition_RepositoryCredentials {
// extract registry and namespace string from image name
for key, value := range service.Extensions {
if key == compose.ExtensionPullCredentials {
return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: value.(string)}
}
}
return nil
}

33
ecs/pkg/amazon/backend/down.go Normal file
View File

@ -0,0 +1,33 @@
package backend
import (
"context"
"github.com/compose-spec/compose-go/cli"
"github.com/docker/ecs-plugin/pkg/compose"
)
func (b *Backend) Down(ctx context.Context, options *cli.ProjectOptions) error {
name, err := b.projectName(options)
if err != nil {
return err
}
err = b.api.DeleteStack(ctx, name)
if err != nil {
return err
}
return b.WaitStackCompletion(ctx, name, compose.StackDelete)
}
func (b *Backend) projectName(options *cli.ProjectOptions) (string, error) {
name := options.Name
if name == "" {
project, err := cli.ProjectFromOptions(options)
if err != nil {
return "", err
}
name = project.Name
}
return name, nil
}

40
ecs/pkg/amazon/backend/iam.go Normal file
View File

@ -0,0 +1,40 @@
package backend
const (
ECSTaskExecutionPolicy = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy"
ECRReadOnlyPolicy = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
ActionGetSecretValue = "secretsmanager:GetSecretValue"
ActionGetParameters = "ssm:GetParameters"
ActionDecrypt = "kms:Decrypt"
)
var assumeRolePolicyDocument = PolicyDocument{
Version: "2012-10-17", // https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html
Statement: []PolicyStatement{
{
Effect: "Allow",
Principal: PolicyPrincipal{
Service: "ecs-tasks.amazonaws.com",
},
Action: []string{"sts:AssumeRole"},
},
},
}
// could alternatively depend on https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/cmd/clusterawsadm/api/iam/v1alpha1/types.go
type PolicyDocument struct {
Version string `json:",omitempty"`
Statement []PolicyStatement `json:",omitempty"`
}
type PolicyStatement struct {
Effect string `json:",omitempty"`
Action []string `json:",omitempty"`
Principal PolicyPrincipal `json:",omitempty"`
Resource []string `json:",omitempty"`
}
type PolicyPrincipal struct {
Service string `json:",omitempty"`
}

59
ecs/pkg/amazon/backend/list.go Normal file
View File

@ -0,0 +1,59 @@
package backend
import (
"context"
"fmt"
"strings"
"github.com/compose-spec/compose-go/cli"
"github.com/docker/ecs-plugin/pkg/compose"
)
func (b *Backend) Ps(ctx context.Context, options *cli.ProjectOptions) ([]compose.ServiceStatus, error) {
projectName, err := b.projectName(options)
if err != nil {
return nil, err
}
parameters, err := b.api.ListStackParameters(ctx, projectName)
if err != nil {
return nil, err
}
cluster := parameters[ParameterClusterName]
resources, err := b.api.ListStackResources(ctx, projectName)
if err != nil {
return nil, err
}
servicesARN := []string{}
for _, r := range resources {
switch r.Type {
case "AWS::ECS::Service":
servicesARN = append(servicesARN, r.ARN)
case "AWS::ECS::Cluster":
cluster = r.ARN
}
}
if len(servicesARN) == 0 {
return nil, nil
}
status, err := b.api.DescribeServices(ctx, cluster, servicesARN)
if err != nil {
return nil, err
}
for i, state := range status {
ports := []string{}
for _, lb := range state.LoadBalancers {
ports = append(ports, fmt.Sprintf(
"%s:%d->%d/%s",
lb.URL,
lb.PublishedPort,
lb.TargetPort,
strings.ToLower(lb.Protocol)))
}
state.Ports = ports
status[i] = state
}
return status, nil
}

72
ecs/pkg/amazon/backend/logs.go Normal file
View File

@ -0,0 +1,72 @@
package backend
import (
"bytes"
"context"
"fmt"
"io"
"os"
"os/signal"
"strconv"
"strings"
"github.com/compose-spec/compose-go/cli"
"github.com/docker/ecs-plugin/pkg/console"
)
func (b *Backend) Logs(ctx context.Context, options *cli.ProjectOptions, writer io.Writer) error {
name := options.Name
if name == "" {
project, err := cli.ProjectFromOptions(options)
if err != nil {
return err
}
name = project.Name
}
err := b.api.GetLogs(ctx, name, &logConsumer{
colors: map[string]console.ColorFunc{},
width: 0,
writer: writer,
})
if err != nil {
return err
}
signalChan := make(chan os.Signal, 1)
signal.Notify(signalChan, os.Interrupt)
<-signalChan
return nil
}
func (l *logConsumer) Log(service, container, message string) {
cf, ok := l.colors[service]
if !ok {
cf = <-console.Rainbow
l.colors[service] = cf
l.computeWidth()
}
prefix := fmt.Sprintf("%-"+strconv.Itoa(l.width)+"s |", service)
for _, line := range strings.Split(message, "\n") {
buf := bytes.NewBufferString(fmt.Sprintf("%s %s\n", cf(prefix), line))
l.writer.Write(buf.Bytes())
}
}
func (l *logConsumer) computeWidth() {
width := 0
for n := range l.colors {
if len(n) > width {
width = len(n)
}
}
l.width = width + 3
}
type logConsumer struct {
colors map[string]console.ColorFunc
width int
writer io.Writer
}

23
ecs/pkg/amazon/backend/secrets.go Normal file
View File

@ -0,0 +1,23 @@
package backend
import (
"context"
"github.com/docker/ecs-plugin/pkg/compose"
)
func (b Backend) CreateSecret(ctx context.Context, secret compose.Secret) (string, error) {
return b.api.CreateSecret(ctx, secret)
}
func (b Backend) InspectSecret(ctx context.Context, id string) (compose.Secret, error) {
return b.api.InspectSecret(ctx, id)
}
func (b Backend) ListSecrets(ctx context.Context) ([]compose.Secret, error) {
return b.api.ListSecrets(ctx)
}
func (b Backend) DeleteSecret(ctx context.Context, id string, recover bool) error {
return b.api.DeleteSecret(ctx, id, recover)
}

1
ecs/pkg/amazon/backend/testdata/input/envfile vendored Normal file
View File

@ -0,0 +1 @@
FOO=BAR

6
ecs/pkg/amazon/backend/testdata/input/simple-single-service.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
version: "3"
services:
simple:
image: nginx
ports:
- "80:80"

5
ecs/pkg/amazon/backend/testdata/invalid_network_mode.yaml vendored Normal file
View File

@ -0,0 +1,5 @@
version: "3"
services:
simple:
image: nginx
network_mode: bridge

378
ecs/pkg/amazon/backend/testdata/simple/simple-cloudformation-conversion.golden vendored Normal file
View File

@ -0,0 +1,378 @@
{
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": {
"CreateCluster": {
"Fn::Equals": [
"",
{
"Ref": "ParameterClusterName"
}
]
},
"CreateLoadBalancer": {
"Fn::Equals": [
"",
{
"Ref": "ParameterLoadBalancerARN"
}
]
}
},
"Description": "CloudFormation template created by Docker for deploying applications on Amazon ECS",
"Parameters": {
"ParameterClusterName": {
"Description": "Name of the ECS cluster to deploy to (optional)",
"Type": "String"
},
"ParameterLoadBalancerARN": {
"Description": "Name of the LoadBalancer to connect to (optional)",
"Type": "String"
},
"ParameterSubnet1Id": {
"Description": "SubnetId, for Availability Zone 1 in the region in your VPC",
"Type": "AWS::EC2::Subnet::Id"
},
"ParameterSubnet2Id": {
"Description": "SubnetId, for Availability Zone 2 in the region in your VPC",
"Type": "AWS::EC2::Subnet::Id"
},
"ParameterVPCId": {
"Description": "ID of the VPC",
"Type": "AWS::EC2::VPC::Id"
}
},
"Resources": {
"CloudMap": {
"Properties": {
"Description": "Service Map for Docker Compose project TestSimpleConvert",
"Name": "TestSimpleConvert.local",
"Vpc": {
"Ref": "ParameterVPCId"
}
},
"Type": "AWS::ServiceDiscovery::PrivateDnsNamespace"
},
"Cluster": {
"Condition": "CreateCluster",
"Properties": {
"ClusterName": "TestSimpleConvert",
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
}
]
},
"Type": "AWS::ECS::Cluster"
},
"LogGroup": {
"Properties": {
"LogGroupName": "/docker-compose/TestSimpleConvert"
},
"Type": "AWS::Logs::LogGroup"
},
"SimpleService": {
"DependsOn": [
"SimpleTCP80Listener"
],
"Properties": {
"Cluster": {
"Fn::If": [
"CreateCluster",
{
"Ref": "Cluster"
},
{
"Ref": "ParameterClusterName"
}
]
},
"DeploymentConfiguration": {
"MaximumPercent": 200,
"MinimumHealthyPercent": 100
},
"DeploymentController": {
"Type": "ECS"
},
"DesiredCount": 1,
"LaunchType": "FARGATE",
"LoadBalancers": [
{
"ContainerName": "simple",
"ContainerPort": 80,
"TargetGroupArn": {
"Ref": "SimpleTCP80TargetGroup"
}
}
],
"NetworkConfiguration": {
"AwsvpcConfiguration": {
"AssignPublicIp": "ENABLED",
"SecurityGroups": [
{
"Ref": "TestSimpleConvertDefaultNetwork"
}
],
"Subnets": [
{
"Ref": "ParameterSubnet1Id"
},
{
"Ref": "ParameterSubnet2Id"
}
]
}
},
"PropagateTags": "SERVICE",
"SchedulingStrategy": "REPLICA",
"ServiceRegistries": [
{
"RegistryArn": {
"Fn::GetAtt": [
"SimpleServiceDiscoveryEntry",
"Arn"
]
}
}
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
},
{
"Key": "com.docker.compose.service",
"Value": "simple"
}
],
"TaskDefinition": {
"Ref": "SimpleTaskDefinition"
}
},
"Type": "AWS::ECS::Service"
},
"SimpleServiceDiscoveryEntry": {
"Properties": {
"Description": "\"simple\" service discovery entry in Cloud Map",
"DnsConfig": {
"DnsRecords": [
{
"TTL": 60,
"Type": "A"
}
],
"RoutingPolicy": "MULTIVALUE"
},
"HealthCheckCustomConfig": {
"FailureThreshold": 1
},
"Name": "simple",
"NamespaceId": {
"Ref": "CloudMap"
}
},
"Type": "AWS::ServiceDiscovery::Service"
},
"SimpleTCP80Listener": {
"Properties": {
"DefaultActions": [
{
"ForwardConfig": {
"TargetGroups": [
{
"TargetGroupArn": {
"Ref": "SimpleTCP80TargetGroup"
}
}
]
},
"Type": "forward"
}
],
"LoadBalancerArn": {
"Fn::If": [
"CreateLoadBalancer",
{
"Ref": "TestSimpleConvertLoadBalancer"
},
{
"Ref": "ParameterLoadBalancerARN"
}
]
},
"Port": 80,
"Protocol": "HTTP"
},
"Type": "AWS::ElasticLoadBalancingV2::Listener"
},
"SimpleTCP80TargetGroup": {
"Properties": {
"Port": 80,
"Protocol": "HTTP",
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
}
],
"TargetType": "ip",
"VpcId": {
"Ref": "ParameterVPCId"
}
},
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup"
},
"SimpleTaskDefinition": {
"Properties": {
"ContainerDefinitions": [
{
"Environment": [
{
"Name": "LOCALDOMAIN",
"Value": {
"Fn::Join": [
"",
[
{
"Ref": "AWS::Region"
},
".compute.internal",
" TestSimpleConvert.local"
]
]
}
}
],
"Essential": true,
"Image": "nginx",
"LinuxParameters": {},
"LogConfiguration": {
"LogDriver": "awslogs",
"Options": {
"awslogs-group": {
"Ref": "LogGroup"
},
"awslogs-region": {
"Ref": "AWS::Region"
},
"awslogs-stream-prefix": "TestSimpleConvert"
}
},
"Name": "simple",
"PortMappings": [
{
"ContainerPort": 80,
"HostPort": 80,
"Protocol": "tcp"
}
]
}
],
"Cpu": "256",
"ExecutionRoleArn": {
"Ref": "SimpleTaskExecutionRole"
},
"Family": "TestSimpleConvert-simple",
"Memory": "512",
"NetworkMode": "awsvpc",
"RequiresCompatibilities": [
"FARGATE"
]
},
"Type": "AWS::ECS::TaskDefinition"
},
"SimpleTaskExecutionRole": {
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": [
"sts:AssumeRole"
],
"Effect": "Allow",
"Principal": {
"Service": "ecs-tasks.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"ManagedPolicyArns": [
"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy",
"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
]
},
"Type": "AWS::IAM::Role"
},
"TestSimpleConvertDefaultNetwork": {
"Properties": {
"GroupDescription": "TestSimpleConvert default Security Group",
"GroupName": "TestSimpleConvertDefaultNetwork",
"SecurityGroupIngress": [
{
"CidrIp": "0.0.0.0/0",
"Description": "simple:80/tcp",
"FromPort": 80,
"IpProtocol": "TCP",
"ToPort": 80
}
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
},
{
"Key": "com.docker.compose.network",
"Value": "default"
}
],
"VpcId": {
"Ref": "ParameterVPCId"
}
},
"Type": "AWS::EC2::SecurityGroup"
},
"TestSimpleConvertDefaultNetworkIngress": {
"Properties": {
"Description": "Allow communication within network default",
"GroupId": {
"Ref": "TestSimpleConvertDefaultNetwork"
},
"IpProtocol": "-1",
"SourceSecurityGroupId": {
"Ref": "TestSimpleConvertDefaultNetwork"
}
},
"Type": "AWS::EC2::SecurityGroupIngress"
},
"TestSimpleConvertLoadBalancer": {
"Condition": "CreateLoadBalancer",
"Properties": {
"Name": "TestSimpleConvertLoadBalancer",
"Scheme": "internet-facing",
"SecurityGroups": [
{
"Ref": "TestSimpleConvertDefaultNetwork"
}
],
"Subnets": [
{
"Ref": "ParameterSubnet1Id"
},
{
"Ref": "ParameterSubnet2Id"
}
],
"Tags": [
{
"Key": "com.docker.compose.project",
"Value": "TestSimpleConvert"
}
],
"Type": "application"
},
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer"
}
}
}

146
ecs/pkg/amazon/backend/up.go Normal file
View File

@ -0,0 +1,146 @@
package backend
import (
"context"
"fmt"
"os"
"os/signal"
"syscall"
"github.com/compose-spec/compose-go/cli"
"github.com/compose-spec/compose-go/types"
"github.com/docker/ecs-plugin/pkg/compose"
)
func (b *Backend) Up(ctx context.Context, options *cli.ProjectOptions) error {
project, err := cli.ProjectFromOptions(options)
if err != nil {
return err
}
err = b.api.CheckRequirements(ctx, b.Region)
if err != nil {
return err
}
cluster, err := b.GetCluster(ctx, project)
if err != nil {
return err
}
template, err := b.Convert(project)
if err != nil {
return err
}
vpc, err := b.GetVPC(ctx, project)
if err != nil {
return err
}
subNets, err := b.api.GetSubNets(ctx, vpc)
if err != nil {
return err
}
if len(subNets) < 2 {
return fmt.Errorf("VPC %s should have at least 2 associated subnets in different availability zones", vpc)
}
lb, err := b.GetLoadBalancer(ctx, project)
if err != nil {
return err
}
parameters := map[string]string{
ParameterClusterName: cluster,
ParameterVPCId: vpc,
ParameterSubnet1Id: subNets[0],
ParameterSubnet2Id: subNets[1],
ParameterLoadBalancerARN: lb,
}
update, err := b.api.StackExists(ctx, project.Name)
if err != nil {
return err
}
operation := compose.StackCreate
if update {
operation = compose.StackUpdate
changeset, err := b.api.CreateChangeSet(ctx, project.Name, template, parameters)
if err != nil {
return err
}
err = b.api.UpdateStack(ctx, changeset)
if err != nil {
return err
}
} else {
err = b.api.CreateStack(ctx, project.Name, template, parameters)
if err != nil {
return err
}
}
signalChan := make(chan os.Signal, 1)
signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM)
go func() {
<-signalChan
fmt.Println("user interrupted deployment. Deleting stack...")
b.Down(ctx, options)
}()
err = b.WaitStackCompletion(ctx, project.Name, operation)
return err
}
func (b Backend) GetVPC(ctx context.Context, project *types.Project) (string, error) {
//check compose file for custom VPC selected
if vpc, ok := project.Extensions[compose.ExtensionVPC]; ok {
vpcID := vpc.(string)
ok, err := b.api.VpcExists(ctx, vpcID)
if err != nil {
return "", err
}
if !ok {
return "", fmt.Errorf("VPC does not exist: %s", vpc)
}
return vpcID, nil
}
defaultVPC, err := b.api.GetDefaultVPC(ctx)
if err != nil {
return "", err
}
return defaultVPC, nil
}
func (b Backend) GetLoadBalancer(ctx context.Context, project *types.Project) (string, error) {
//check compose file for custom VPC selected
if ext, ok := project.Extensions[compose.ExtensionLB]; ok {
lb := ext.(string)
ok, err := b.api.LoadBalancerExists(ctx, lb)
if err != nil {
return "", err
}
if !ok {
return "", fmt.Errorf("load balancer does not exist: %s", lb)
}
return lb, nil
}
return "", nil
}
func (b Backend) GetCluster(ctx context.Context, project *types.Project) (string, error) {
//check compose file for custom VPC selected
if ext, ok := project.Extensions[compose.ExtensionCluster]; ok {
cluster := ext.(string)
ok, err := b.api.ClusterExists(ctx, cluster)
if err != nil {
return "", err
}
if !ok {
return "", fmt.Errorf("cluster does not exist: %s", cluster)
}
return cluster, nil
}
return "", nil
}

93
ecs/pkg/amazon/backend/wait.go Normal file
View File

@ -0,0 +1,93 @@
package backend
import (
"context"
"fmt"
"sort"
"strings"
"time"
"github.com/aws/aws-sdk-go/aws"
"github.com/docker/ecs-plugin/pkg/compose"
"github.com/docker/ecs-plugin/pkg/progress"
)
func (b *Backend) WaitStackCompletion(ctx context.Context, name string, operation int) error {
knownEvents := map[string]struct{}{}
// progress writer
w := progress.ContextWriter(ctx)
// Get the unique Stack ID so we can collect events without getting some from previous deployments with same name
stackID, err := b.api.GetStackID(ctx, name)
if err != nil {
return err
}
ticker := time.NewTicker(1 * time.Second)
done := make(chan bool)
go func() {
b.api.WaitStackComplete(ctx, stackID, operation) //nolint:errcheck
ticker.Stop()
done <- true
}()
var completed bool
var stackErr error
for !completed {
select {
case <-done:
completed = true
case <-ticker.C:
}
events, err := b.api.DescribeStackEvents(ctx, stackID)
if err != nil {
return err
}
sort.Slice(events, func(i, j int) bool {
return events[i].Timestamp.Before(*events[j].Timestamp)
})
for _, event := range events {
if _, ok := knownEvents[*event.EventId]; ok {
continue
}
knownEvents[*event.EventId] = struct{}{}
resource := aws.StringValue(event.LogicalResourceId)
reason := aws.StringValue(event.ResourceStatusReason)
status := aws.StringValue(event.ResourceStatus)
progressStatus := progress.Working
switch status {
case "CREATE_COMPLETE":
if operation == compose.StackCreate {
progressStatus = progress.Done
}
case "UPDATE_COMPLETE":
if operation == compose.StackUpdate {
progressStatus = progress.Done
}
case "DELETE_COMPLETE":
if operation == compose.StackDelete {
progressStatus = progress.Done
}
default:
if strings.HasSuffix(status, "_FAILED") {
progressStatus = progress.Error
if stackErr == nil {
operation = compose.StackDelete
stackErr = fmt.Errorf(reason)
}
}
}
w.Event(progress.Event{
ID: resource,
Status: progressStatus,
StatusText: status,
})
}
}
return stackErr
}

45
ecs/pkg/amazon/cloudformation/marshall.go Normal file
View File

@ -0,0 +1,45 @@
package cloudformation
import (
"encoding/json"
"fmt"
"strings"
"github.com/awslabs/goformation/v4/cloudformation"
)
func Marshall(template *cloudformation.Template) ([]byte, error) {
raw, err := template.JSON()
if err != nil {
return nil, err
}
var unmarshalled interface{}
if err := json.Unmarshal(raw, &unmarshalled); err != nil {
return nil, fmt.Errorf("invalid JSON: %s", err)
}
if input, ok := unmarshalled.(map[string]interface{}); ok {
if resources, ok := input["Resources"]; ok {
for _, uresource := range resources.(map[string]interface{}) {
if resource, ok := uresource.(map[string]interface{}); ok {
if resource["Type"] == "AWS::ECS::TaskDefinition" {
properties := resource["Properties"].(map[string]interface{})
for _, def := range properties["ContainerDefinitions"].([]interface{}) {
containerDefinition := def.(map[string]interface{})
if strings.HasSuffix(containerDefinition["Name"].(string), "_InitContainer") {
containerDefinition["Essential"] = "false"
}
}
}
}
}
}
}
raw, err = json.MarshalIndent(unmarshalled, "", " ")
if err != nil {
return nil, fmt.Errorf("invalid JSON: %s", err)
}
return raw, err
}

42
ecs/pkg/amazon/sdk/api.go Normal file
View File

@ -0,0 +1,42 @@
package sdk
import (
"context"
cf "github.com/aws/aws-sdk-go/service/cloudformation"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/docker/ecs-plugin/pkg/compose"
)
type API interface {
CheckRequirements(ctx context.Context, region string) error
GetDefaultVPC(ctx context.Context) (string, error)
VpcExists(ctx context.Context, vpcID string) (bool, error)
GetSubNets(ctx context.Context, vpcID string) ([]string, error)
StackExists(ctx context.Context, name string) (bool, error)
CreateStack(ctx context.Context, name string, template *cloudformation.Template, parameters map[string]string) error
DeleteStack(ctx context.Context, name string) error
ListStackParameters(ctx context.Context, name string) (map[string]string, error)
ListStackResources(ctx context.Context, name string) ([]compose.StackResource, error)
GetStackID(ctx context.Context, name string) (string, error)
WaitStackComplete(ctx context.Context, name string, operation int) error
DescribeStackEvents(ctx context.Context, stackID string) ([]*cf.StackEvent, error)
CreateChangeSet(ctx context.Context, name string, template *cloudformation.Template, parameters map[string]string) (string, error)
UpdateStack(ctx context.Context, changeset string) error
DescribeServices(ctx context.Context, cluster string, arns []string) ([]compose.ServiceStatus, error)
LoadBalancerExists(ctx context.Context, arn string) (bool, error)
GetLoadBalancerURL(ctx context.Context, arn string) (string, error)
ClusterExists(ctx context.Context, name string) (bool, error)
GetLogs(ctx context.Context, name string, consumer compose.LogConsumer) error
CreateSecret(ctx context.Context, secret compose.Secret) (string, error)
InspectSecret(ctx context.Context, id string) (compose.Secret, error)
ListSecrets(ctx context.Context) ([]compose.Secret, error)
DeleteSecret(ctx context.Context, id string, recover bool) error
}

592
ecs/pkg/amazon/sdk/sdk.go Normal file
View File

@ -0,0 +1,592 @@
package sdk
import (
"context"
"fmt"
"strings"
"time"
cloudformation2 "github.com/docker/ecs-plugin/pkg/amazon/cloudformation"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/cloudformation"
"github.com/aws/aws-sdk-go/service/cloudformation/cloudformationiface"
"github.com/aws/aws-sdk-go/service/cloudwatchlogs"
"github.com/aws/aws-sdk-go/service/cloudwatchlogs/cloudwatchlogsiface"
"github.com/aws/aws-sdk-go/service/ec2"
"github.com/aws/aws-sdk-go/service/ec2/ec2iface"
"github.com/aws/aws-sdk-go/service/ecs"
"github.com/aws/aws-sdk-go/service/ecs/ecsiface"
"github.com/aws/aws-sdk-go/service/elbv2"
"github.com/aws/aws-sdk-go/service/elbv2/elbv2iface"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/aws/aws-sdk-go/service/iam/iamiface"
"github.com/aws/aws-sdk-go/service/secretsmanager"
"github.com/aws/aws-sdk-go/service/secretsmanager/secretsmanageriface"
cf "github.com/awslabs/goformation/v4/cloudformation"
"github.com/docker/ecs-plugin/internal"
"github.com/docker/ecs-plugin/pkg/compose"
"github.com/sirupsen/logrus"
)
type sdk struct {
sess *session.Session
ECS ecsiface.ECSAPI
EC2 ec2iface.EC2API
ELB elbv2iface.ELBV2API
CW cloudwatchlogsiface.CloudWatchLogsAPI
IAM iamiface.IAMAPI
CF cloudformationiface.CloudFormationAPI
SM secretsmanageriface.SecretsManagerAPI
}
func NewAPI(sess *session.Session) API {
sess.Handlers.Build.PushBack(func(r *request.Request) {
request.AddToUserAgent(r, fmt.Sprintf("Docker CLI %s", internal.Version))
})
return sdk{
ECS: ecs.New(sess),
EC2: ec2.New(sess),
ELB: elbv2.New(sess),
CW: cloudwatchlogs.New(sess),
IAM: iam.New(sess),
CF: cloudformation.New(sess),
SM: secretsmanager.New(sess),
}
}
func (s sdk) CheckRequirements(ctx context.Context, region string) error {
settings, err := s.ECS.ListAccountSettingsWithContext(ctx, &ecs.ListAccountSettingsInput{
EffectiveSettings: aws.Bool(true),
Name: aws.String("serviceLongArnFormat"),
})
if err != nil {
return err
}
serviceLongArnFormat := settings.Settings[0].Value
if *serviceLongArnFormat != "enabled" {
return fmt.Errorf("this tool requires the \"new ARN resource ID format\".\n"+
"Check https://%s.console.aws.amazon.com/ecs/home#/settings\n"+
"Learn more: https://aws.amazon.com/blogs/compute/migrating-your-amazon-ecs-deployment-to-the-new-arn-and-resource-id-format-2", region)
}
return nil
}
func (s sdk) ClusterExists(ctx context.Context, name string) (bool, error) {
logrus.Debug("CheckRequirements if cluster was already created: ", name)
clusters, err := s.ECS.DescribeClustersWithContext(ctx, &ecs.DescribeClustersInput{
Clusters: []*string{aws.String(name)},
})
if err != nil {
return false, err
}
return len(clusters.Clusters) > 0, nil
}
func (s sdk) CreateCluster(ctx context.Context, name string) (string, error) {
logrus.Debug("Create cluster ", name)
response, err := s.ECS.CreateClusterWithContext(ctx, &ecs.CreateClusterInput{ClusterName: aws.String(name)})
if err != nil {
return "", err
}
return *response.Cluster.Status, nil
}
func (s sdk) VpcExists(ctx context.Context, vpcID string) (bool, error) {
logrus.Debug("CheckRequirements if VPC exists: ", vpcID)
_, err := s.EC2.DescribeVpcsWithContext(ctx, &ec2.DescribeVpcsInput{VpcIds: []*string{&vpcID}})
return err == nil, err
}
func (s sdk) GetDefaultVPC(ctx context.Context) (string, error) {
logrus.Debug("Retrieve default VPC")
vpcs, err := s.EC2.DescribeVpcsWithContext(ctx, &ec2.DescribeVpcsInput{
Filters: []*ec2.Filter{
{
Name: aws.String("isDefault"),
Values: []*string{aws.String("true")},
},
},
})
if err != nil {
return "", err
}
if len(vpcs.Vpcs) == 0 {
return "", fmt.Errorf("account has not default VPC")
}
return *vpcs.Vpcs[0].VpcId, nil
}
func (s sdk) GetSubNets(ctx context.Context, vpcID string) ([]string, error) {
logrus.Debug("Retrieve SubNets")
subnets, err := s.EC2.DescribeSubnetsWithContext(ctx, &ec2.DescribeSubnetsInput{
DryRun: nil,
Filters: []*ec2.Filter{
{
Name: aws.String("vpc-id"),
Values: []*string{aws.String(vpcID)},
},
},
})
if err != nil {
return nil, err
}
ids := []string{}
for _, subnet := range subnets.Subnets {
ids = append(ids, *subnet.SubnetId)
}
return ids, nil
}
func (s sdk) GetRoleArn(ctx context.Context, name string) (string, error) {
role, err := s.IAM.GetRoleWithContext(ctx, &iam.GetRoleInput{
RoleName: aws.String(name),
})
if err != nil {
return "", err
}
return *role.Role.Arn, nil
}
func (s sdk) StackExists(ctx context.Context, name string) (bool, error) {
stacks, err := s.CF.DescribeStacksWithContext(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(name),
})
if err != nil {
if strings.HasPrefix(err.Error(), fmt.Sprintf("ValidationError: Stack with id %s does not exist", name)) {
return false, nil
}
return false, nil
}
return len(stacks.Stacks) > 0, nil
}
func (s sdk) CreateStack(ctx context.Context, name string, template *cf.Template, parameters map[string]string) error {
logrus.Debug("Create CloudFormation stack")
json, err := cloudformation2.Marshall(template)
if err != nil {
return err
}
param := []*cloudformation.Parameter{}
for name, value := range parameters {
param = append(param, &cloudformation.Parameter{
ParameterKey: aws.String(name),
ParameterValue: aws.String(value),
})
}
_, err = s.CF.CreateStackWithContext(ctx, &cloudformation.CreateStackInput{
OnFailure: aws.String("DELETE"),
StackName: aws.String(name),
TemplateBody: aws.String(string(json)),
Parameters: param,
TimeoutInMinutes: nil,
Capabilities: []*string{
aws.String(cloudformation.CapabilityCapabilityIam),
},
})
return err
}
func (s sdk) CreateChangeSet(ctx context.Context, name string, template *cf.Template, parameters map[string]string) (string, error) {
logrus.Debug("Create CloudFormation Changeset")
json, err := cloudformation2.Marshall(template)
if err != nil {
return "", err
}
param := []*cloudformation.Parameter{}
for name := range parameters {
param = append(param, &cloudformation.Parameter{
ParameterKey: aws.String(name),
UsePreviousValue: aws.Bool(true),
})
}
update := fmt.Sprintf("Update%s", time.Now().Format("2006-01-02-15-04-05"))
changeset, err := s.CF.CreateChangeSetWithContext(ctx, &cloudformation.CreateChangeSetInput{
ChangeSetName: aws.String(update),
ChangeSetType: aws.String(cloudformation.ChangeSetTypeUpdate),
StackName: aws.String(name),
TemplateBody: aws.String(string(json)),
Parameters: param,
Capabilities: []*string{
aws.String(cloudformation.CapabilityCapabilityIam),
},
})
if err != nil {
return "", err
}
err = s.CF.WaitUntilChangeSetCreateCompleteWithContext(ctx, &cloudformation.DescribeChangeSetInput{
ChangeSetName: changeset.Id,
})
return *changeset.Id, err
}
func (s sdk) UpdateStack(ctx context.Context, changeset string) error {
desc, err := s.CF.DescribeChangeSetWithContext(ctx, &cloudformation.DescribeChangeSetInput{
ChangeSetName: aws.String(changeset),
})
if err != nil {
return err
}
if strings.HasPrefix(aws.StringValue(desc.StatusReason), "The submitted information didn't contain changes.") {
return nil
}
_, err = s.CF.ExecuteChangeSet(&cloudformation.ExecuteChangeSetInput{
ChangeSetName: aws.String(changeset),
})
return err
}
func (s sdk) WaitStackComplete(ctx context.Context, name string, operation int) error {
input := &cloudformation.DescribeStacksInput{
StackName: aws.String(name),
}
switch operation {
case compose.StackCreate:
return s.CF.WaitUntilStackCreateCompleteWithContext(ctx, input)
case compose.StackDelete:
return s.CF.WaitUntilStackDeleteCompleteWithContext(ctx, input)
default:
return fmt.Errorf("internal error: unexpected stack operation %d", operation)
}
}
func (s sdk) GetStackID(ctx context.Context, name string) (string, error) {
stacks, err := s.CF.DescribeStacksWithContext(ctx, &cloudformation.DescribeStacksInput{
StackName: aws.String(name),
})
if err != nil {
return "", err
}
return *stacks.Stacks[0].StackId, nil
}
func (s sdk) DescribeStackEvents(ctx context.Context, stackID string) ([]*cloudformation.StackEvent, error) {
// Fixme implement Paginator on Events and return as a chan(events)
events := []*cloudformation.StackEvent{}
var nextToken *string
for {
resp, err := s.CF.DescribeStackEventsWithContext(ctx, &cloudformation.DescribeStackEventsInput{
StackName: aws.String(stackID),
NextToken: nextToken,
})
if err != nil {
return nil, err
}
events = append(events, resp.StackEvents...)
if resp.NextToken == nil {
return events, nil
}
nextToken = resp.NextToken
}
}
func (s sdk) ListStackParameters(ctx context.Context, name string) (map[string]string, error) {
st, err := s.CF.DescribeStacksWithContext(ctx, &cloudformation.DescribeStacksInput{
NextToken: nil,
StackName: aws.String(name),
})
if err != nil {
return nil, err
}
parameters := map[string]string{}
for _, parameter := range st.Stacks[0].Parameters {
parameters[aws.StringValue(parameter.ParameterKey)] = aws.StringValue(parameter.ParameterValue)
}
return parameters, nil
}
func (s sdk) ListStackResources(ctx context.Context, name string) ([]compose.StackResource, error) {
// FIXME handle pagination
res, err := s.CF.ListStackResourcesWithContext(ctx, &cloudformation.ListStackResourcesInput{
StackName: aws.String(name),
})
if err != nil {
return nil, err
}
resources := []compose.StackResource{}
for _, r := range res.StackResourceSummaries {
resources = append(resources, compose.StackResource{
LogicalID: aws.StringValue(r.LogicalResourceId),
Type: aws.StringValue(r.ResourceType),
ARN: aws.StringValue(r.PhysicalResourceId),
Status: aws.StringValue(r.ResourceStatus),
})
}
return resources, nil
}
func (s sdk) DeleteStack(ctx context.Context, name string) error {
logrus.Debug("Delete CloudFormation stack")
_, err := s.CF.DeleteStackWithContext(ctx, &cloudformation.DeleteStackInput{
StackName: aws.String(name),
})
return err
}
func (s sdk) CreateSecret(ctx context.Context, secret compose.Secret) (string, error) {
logrus.Debug("Create secret " + secret.Name)
secretStr, err := secret.GetCredString()
if err != nil {
return "", err
}
response, err := s.SM.CreateSecret(&secretsmanager.CreateSecretInput{
Name: &secret.Name,
SecretString: &secretStr,
Description: &secret.Description,
})
if err != nil {
return "", err
}
return aws.StringValue(response.ARN), nil
}
func (s sdk) InspectSecret(ctx context.Context, id string) (compose.Secret, error) {
logrus.Debug("Inspect secret " + id)
response, err := s.SM.DescribeSecret(&secretsmanager.DescribeSecretInput{SecretId: &id})
if err != nil {
return compose.Secret{}, err
}
labels := map[string]string{}
for _, tag := range response.Tags {
labels[aws.StringValue(tag.Key)] = aws.StringValue(tag.Value)
}
secret := compose.Secret{
ID: aws.StringValue(response.ARN),
Name: aws.StringValue(response.Name),
Labels: labels,
}
if response.Description != nil {
secret.Description = *response.Description
}
return secret, nil
}
func (s sdk) ListSecrets(ctx context.Context) ([]compose.Secret, error) {
logrus.Debug("List secrets ...")
response, err := s.SM.ListSecrets(&secretsmanager.ListSecretsInput{})
if err != nil {
return []compose.Secret{}, err
}
var secrets []compose.Secret
for _, sec := range response.SecretList {
labels := map[string]string{}
for _, tag := range sec.Tags {
labels[*tag.Key] = *tag.Value
}
description := ""
if sec.Description != nil {
description = *sec.Description
}
secrets = append(secrets, compose.Secret{
ID: *sec.ARN,
Name: *sec.Name,
Labels: labels,
Description: description,
})
}
return secrets, nil
}
func (s sdk) DeleteSecret(ctx context.Context, id string, recover bool) error {
logrus.Debug("List secrets ...")
force := !recover
_, err := s.SM.DeleteSecret(&secretsmanager.DeleteSecretInput{SecretId: &id, ForceDeleteWithoutRecovery: &force})
return err
}
func (s sdk) GetLogs(ctx context.Context, name string, consumer compose.LogConsumer) error {
logGroup := fmt.Sprintf("/docker-compose/%s", name)
var startTime int64
for {
var hasMore = true
var token *string
for hasMore {
events, err := s.CW.FilterLogEvents(&cloudwatchlogs.FilterLogEventsInput{
LogGroupName: aws.String(logGroup),
NextToken: token,
StartTime: aws.Int64(startTime),
})
if err != nil {
return err
}
if events.NextToken == nil {
hasMore = false
} else {
token = events.NextToken
}
for _, event := range events.Events {
p := strings.Split(aws.StringValue(event.LogStreamName), "/")
consumer.Log(p[1], p[2], aws.StringValue(event.Message))
startTime = *event.IngestionTime
}
}
time.Sleep(500 * time.Millisecond)
}
}
func (s sdk) DescribeServices(ctx context.Context, cluster string, arns []string) ([]compose.ServiceStatus, error) {
services, err := s.ECS.DescribeServicesWithContext(ctx, &ecs.DescribeServicesInput{
Cluster: aws.String(cluster),
Services: aws.StringSlice(arns),
Include: aws.StringSlice([]string{"TAGS"}),
})
if err != nil {
return nil, err
}
status := []compose.ServiceStatus{}
for _, service := range services.Services {
var name string
for _, t := range service.Tags {
if *t.Key == compose.ServiceTag {
name = aws.StringValue(t.Value)
}
}
if name == "" {
return nil, fmt.Errorf("service %s doesn't have a %s tag", *service.ServiceArn, compose.ServiceTag)
}
targetGroupArns := []string{}
for _, lb := range service.LoadBalancers {
targetGroupArns = append(targetGroupArns, *lb.TargetGroupArn)
}
// getURLwithPortMapping makes 2 queries
// one to get the target groups and another for load balancers
loadBalancers, err := s.getURLWithPortMapping(ctx, targetGroupArns)
if err != nil {
return nil, err
}
status = append(status, compose.ServiceStatus{
ID: aws.StringValue(service.ServiceName),
Name: name,
Replicas: int(aws.Int64Value(service.RunningCount)),
Desired: int(aws.Int64Value(service.DesiredCount)),
LoadBalancers: loadBalancers,
})
}
return status, nil
}
func (s sdk) getURLWithPortMapping(ctx context.Context, targetGroupArns []string) ([]compose.LoadBalancer, error) {
if len(targetGroupArns) == 0 {
return nil, nil
}
groups, err := s.ELB.DescribeTargetGroups(&elbv2.DescribeTargetGroupsInput{
TargetGroupArns: aws.StringSlice(targetGroupArns),
})
if err != nil {
return nil, err
}
lbarns := []*string{}
for _, tg := range groups.TargetGroups {
lbarns = append(lbarns, tg.LoadBalancerArns...)
}
lbs, err := s.ELB.DescribeLoadBalancersWithContext(ctx, &elbv2.DescribeLoadBalancersInput{
LoadBalancerArns: lbarns,
})
if err != nil {
return nil, err
}
filterLB := func(arn *string, lbs []*elbv2.LoadBalancer) *elbv2.LoadBalancer {
if aws.StringValue(arn) == "" {
// load balancer arn is nil/""
return nil
}
for _, lb := range lbs {
if aws.StringValue(lb.LoadBalancerArn) == aws.StringValue(arn) {
return lb
}
}
return nil
}
loadBalancers := []compose.LoadBalancer{}
for _, tg := range groups.TargetGroups {
for _, lbarn := range tg.LoadBalancerArns {
lb := filterLB(lbarn, lbs.LoadBalancers)
if lb == nil {
continue
}
loadBalancers = append(loadBalancers, compose.LoadBalancer{
URL: aws.StringValue(lb.DNSName),
TargetPort: int(aws.Int64Value(tg.Port)),
PublishedPort: int(aws.Int64Value(tg.Port)),
Protocol: aws.StringValue(tg.Protocol),
})
}
}
return loadBalancers, nil
}
func (s sdk) ListTasks(ctx context.Context, cluster string, family string) ([]string, error) {
tasks, err := s.ECS.ListTasksWithContext(ctx, &ecs.ListTasksInput{
Cluster: aws.String(cluster),
Family: aws.String(family),
})
if err != nil {
return nil, err
}
arns := []string{}
for _, arn := range tasks.TaskArns {
arns = append(arns, *arn)
}
return arns, nil
}
func (s sdk) GetPublicIPs(ctx context.Context, interfaces ...string) (map[string]string, error) {
desc, err := s.EC2.DescribeNetworkInterfaces(&ec2.DescribeNetworkInterfacesInput{
NetworkInterfaceIds: aws.StringSlice(interfaces),
})
if err != nil {
return nil, err
}
publicIPs := map[string]string{}
for _, interf := range desc.NetworkInterfaces {
if interf.Association != nil {
publicIPs[aws.StringValue(interf.NetworkInterfaceId)] = aws.StringValue(interf.Association.PublicIp)
}
}
return publicIPs, nil
}
func (s sdk) LoadBalancerExists(ctx context.Context, arn string) (bool, error) {
logrus.Debug("CheckRequirements if LoadBalancer exists: ", arn)
lbs, err := s.ELB.DescribeLoadBalancersWithContext(ctx, &elbv2.DescribeLoadBalancersInput{
LoadBalancerArns: []*string{aws.String(arn)},
})
if err != nil {
return false, err
}
return len(lbs.LoadBalancers) > 0, nil
}
func (s sdk) GetLoadBalancerURL(ctx context.Context, arn string) (string, error) {
logrus.Debug("Retrieve load balancer URL: ", arn)
lbs, err := s.ELB.DescribeLoadBalancersWithContext(ctx, &elbv2.DescribeLoadBalancersInput{
LoadBalancerArns: []*string{aws.String(arn)},
})
if err != nil {
return "", err
}
dnsName := aws.StringValue(lbs.LoadBalancers[0].DNSName)
if dnsName == "" {
return "", fmt.Errorf("Load balancer %s doesn't have a dns name", aws.StringValue(lbs.LoadBalancers[0].LoadBalancerArn))
}
return dnsName, nil
}

26
ecs/pkg/compose/api.go Normal file
View File

@ -0,0 +1,26 @@
package compose
import (
"context"
"io"
"github.com/awslabs/goformation/v4/cloudformation"
"github.com/compose-spec/compose-go/cli"
"github.com/compose-spec/compose-go/types"
)
type API interface {
Up(ctx context.Context, options *cli.ProjectOptions) error
Down(ctx context.Context, options *cli.ProjectOptions) error
CreateContextData(ctx context.Context, params map[string]string) (contextData interface{}, description string, err error)
Convert(project *types.Project) (*cloudformation.Template, error)
Logs(ctx context.Context, options *cli.ProjectOptions, writer io.Writer) error
Ps(ctx context.Context, options *cli.ProjectOptions) ([]ServiceStatus, error)
CreateSecret(ctx context.Context, secret Secret) (string, error)
InspectSecret(ctx context.Context, id string) (Secret, error)
ListSecrets(ctx context.Context) ([]Secret, error)
DeleteSecret(ctx context.Context, id string, recover bool) error
}

7
ecs/pkg/compose/tags.go Normal file
View File

@ -0,0 +1,7 @@
package compose
const (
ProjectTag = "com.docker.compose.project"
NetworkTag = "com.docker.compose.network"
ServiceTag = "com.docker.compose.service"
)

4
ecs/pkg/compose/testdata/simple/compose-with-overrides.yaml vendored Normal file
View File

@ -0,0 +1,4 @@
version: "3"
services:
simple:
image: haproxy

4
ecs/pkg/compose/testdata/simple/compose.yaml vendored Normal file
View File

@ -0,0 +1,4 @@
version: "3"
services:
simple:
image: nginx

74
ecs/pkg/compose/types.go Normal file
View File

@ -0,0 +1,74 @@
package compose
import "encoding/json"
type StackResource struct {
LogicalID string
Type string
ARN string
Status string
}
type LoadBalancer struct {
URL string
TargetPort int
PublishedPort int
Protocol string
}
type ServiceStatus struct {
ID string
Name string
Replicas int
Desired int
Ports []string
LoadBalancers []LoadBalancer
}
const (
StackCreate = iota
StackUpdate
StackDelete
)
type LogConsumer interface {
Log(service, container, message string)
}
type Secret struct {
ID string `json:"ID"`
Name string `json:"Name"`
Labels map[string]string `json:"Labels"`
Description string `json:"Description"`
username string
password string
}
func NewSecret(name, username, password, description string) Secret {
return Secret{
Name: name,
username: username,
password: password,
Description: description,
}
}
func (s Secret) ToJSON() (string, error) {
b, err := json.MarshalIndent(&s, "", "\t")
if err != nil {
return "", err
}
return string(b), nil
}
func (s Secret) GetCredString() (string, error) {
creds := map[string]string{
"username": s.username,
"password": s.password,
}
b, err := json.Marshal(&creds)
if err != nil {
return "", err
}
return string(b), nil
}

15
ecs/pkg/compose/x.go Normal file
View File

@ -0,0 +1,15 @@
package compose
const (
ExtensionSecurityGroup = "x-aws-securitygroup"
ExtensionVPC = "x-aws-vpc"
ExtensionPullCredentials = "x-aws-pull_credentials"
ExtensionLB = "x-aws-loadbalancer"
ExtensionCluster = "x-aws-cluster"
ExtensionKeys = "x-aws-keys"
ExtensionMinPercent = "x-aws-min_percent"
ExtensionMaxPercent = "x-aws-max_percent"
ExtensionRetention = "x-aws-logs_retention"
ExtensionRole = "x-aws-role"
ExtensionManagedPolicies = "x-aws-policies"
)

71
ecs/pkg/console/colors.go Normal file
View File

@ -0,0 +1,71 @@
package console
import (
"fmt"
"strconv"
)
var NAMES = []string{
"grey",
"red",
"green",
"yellow",
"blue",
"magenta",
"cyan",
"white",
}
var COLORS map[string]ColorFunc
// ColorFunc use ANSI codes to render colored text on console
type ColorFunc func(s string) string
var Monochrome = func(s string) string {
return s
}
func ansiColor(code, s string) string {
return fmt.Sprintf("%s%s%s", ansi(code), s, ansi("0"))
}
func ansi(code string) string {
return fmt.Sprintf("\033[%sm", code)
}
func makeColorFunc(code string) ColorFunc {
return func(s string) string {
return ansiColor(code, s)
}
}
var Rainbow = make(chan ColorFunc)
func init() {
COLORS = map[string]ColorFunc{}
for i, name := range NAMES {
COLORS[name] = makeColorFunc(strconv.Itoa(30 + i))
COLORS["intense_"+name] = makeColorFunc(strconv.Itoa(30+i) + ";1")
}
go func() {
i := 0
rainbow := []ColorFunc{
COLORS["cyan"],
COLORS["yellow"],
COLORS["green"],
COLORS["magenta"],
COLORS["blue"],
COLORS["intense_cyan"],
COLORS["intense_yellow"],
COLORS["intense_green"],
COLORS["intense_magenta"],
COLORS["intense_blue"],
}
for {
Rainbow <- rainbow[i]
i = (i + 1) % len(rainbow)
}
}()
}

76
ecs/pkg/docker/contextStore.go Normal file
View File

@ -0,0 +1,76 @@
package docker
import (
"fmt"
"github.com/docker/cli/cli/command"
cliconfig "github.com/docker/cli/cli/config"
"github.com/docker/cli/cli/context/store"
"github.com/mitchellh/mapstructure"
)
const contextType = "aws"
type TypeContext struct {
Type string
}
func getter() interface{} {
return &TypeContext{}
}
type AwsContext struct {
Profile string
Region string
}
func NewContext(name string, awsContext interface{}) error {
_, err := NewContextWithStore(name, awsContext.(AwsContext), cliconfig.ContextStoreDir())
return err
}
func NewContextWithStore(name string, awsContext AwsContext, contextDirectory string) (store.Store, error) {
contextStore := initContextStore(contextDirectory)
endpoints := map[string]interface{}{
"aws": awsContext,
"docker": awsContext,
}
metadata := store.Metadata{
Name: name,
Endpoints: endpoints,
Metadata: TypeContext{Type: contextType},
}
return contextStore, contextStore.CreateOrUpdate(metadata)
}
func initContextStore(contextDir string) store.Store {
config := store.NewConfig(getter)
return store.New(contextDir, config)
}
func checkAwsContextExists(contextName string) (*AwsContext, error) {
if contextName == command.DefaultContextName {
return nil, fmt.Errorf("can't use \"%s\" with ECS command because it is not an AWS context", contextName)
}
contextStore := initContextStore(cliconfig.ContextStoreDir())
metadata, err := contextStore.GetMetadata(contextName)
if err != nil {
return nil, err
}
endpoint := metadata.Endpoints["aws"]
awsContext := AwsContext{}
err = mapstructure.Decode(endpoint, &awsContext)
if err != nil {
return nil, err
}
if awsContext == (AwsContext{}) {
return nil, fmt.Errorf("can't use \"%s\" with ECS command because it is not an AWS context", contextName)
}
return &awsContext, nil
}
func GetAwsContext(dockerCli command.Cli) (*AwsContext, error) {
contextName := dockerCli.CurrentContext()
return checkAwsContextExists(contextName)
}

29
ecs/pkg/progress/plain.go Normal file
View File

@ -0,0 +1,29 @@
package progress
import (
"context"
"fmt"
"io"
)
type plainWriter struct {
out io.Writer
done chan bool
}
func (p *plainWriter) Start(ctx context.Context) error {
select {
case <-ctx.Done():
return ctx.Err()
case <-p.done:
return nil
}
}
func (p *plainWriter) Event(e Event) {
fmt.Println(e.ID, e.Text, e.StatusText)
}
func (p *plainWriter) Stop() {
p.done <- true
}

50
ecs/pkg/progress/spinner.go Normal file
View File

@ -0,0 +1,50 @@
package progress
import (
"runtime"
"time"
)
type spinner struct {
time time.Time
index int
chars []string
stop bool
done string
}
func newSpinner() *spinner {
chars := []string{
"⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏",
}
done := "⠿"
if runtime.GOOS == "windows" {
chars = []string{"-"}
done = "-"
}
return &spinner{
index: 0,
time: time.Now(),
chars: chars,
done: done,
}
}
func (s *spinner) String() string {
if s.stop {
return s.done
}
d := time.Since(s.time)
if d.Milliseconds() > 100 {
s.index = (s.index + 1) % len(s.chars)
}
return s.chars[s.index]
}
func (s *spinner) Stop() {
s.stop = true
}

177
ecs/pkg/progress/tty.go Normal file
View File

@ -0,0 +1,177 @@
package progress
import (
"context"
"fmt"
"io"
"runtime"
"strings"
"sync"
"time"
"github.com/buger/goterm"
"github.com/morikuni/aec"
)
type ttyWriter struct {
out io.Writer
events map[string]Event
eventIDs []string
repeated bool
numLines int
done chan bool
mtx *sync.RWMutex
}
func (w *ttyWriter) Start(ctx context.Context) error {
ticker := time.NewTicker(100 * time.Millisecond)
for {
select {
case <-ctx.Done():
w.print()
return ctx.Err()
case <-w.done:
w.print()
return nil
case <-ticker.C:
w.print()
}
}
}
func (w *ttyWriter) Stop() {
w.done <- true
}
func (w *ttyWriter) Event(e Event) {
w.mtx.Lock()
defer w.mtx.Unlock()
if !StringContains(w.eventIDs, e.ID) {
w.eventIDs = append(w.eventIDs, e.ID)
}
if _, ok := w.events[e.ID]; ok {
last := w.events[e.ID]
switch e.Status {
case Done, Error:
if last.Status != e.Status {
last.stop()
}
}
last.Status = e.Status
last.Text = e.Text
last.StatusText = e.StatusText
w.events[e.ID] = last
} else {
e.startTime = time.Now()
e.spinner = newSpinner()
w.events[e.ID] = e
}
}
func (w *ttyWriter) print() {
w.mtx.Lock()
defer w.mtx.Unlock()
if len(w.eventIDs) == 0 {
return
}
terminalWidth := goterm.Width()
b := aec.EmptyBuilder
for i := 0; i <= w.numLines; i++ {
b = b.Up(1)
}
if !w.repeated {
b = b.Down(1)
}
w.repeated = true
fmt.Fprint(w.out, b.Column(0).ANSI)
// Hide the cursor while we are printing
fmt.Fprint(w.out, aec.Hide)
defer fmt.Fprint(w.out, aec.Show)
firstLine := fmt.Sprintf("[+] Running %d/%d", numDone(w.events), w.numLines)
if w.numLines != 0 && numDone(w.events) == w.numLines {
firstLine = aec.Apply(firstLine, aec.BlueF)
}
fmt.Fprintln(w.out, firstLine)
var statusPadding int
for _, v := range w.eventIDs {
l := len(fmt.Sprintf("%s %s", w.events[v].ID, w.events[v].Text))
if statusPadding < l {
statusPadding = l
}
}
numLines := 0
for _, v := range w.eventIDs {
line := lineText(w.events[v], terminalWidth, statusPadding, runtime.GOOS != "windows")
// nolint: errcheck
fmt.Fprint(w.out, line)
numLines++
}
w.numLines = numLines
}
func lineText(event Event, terminalWidth, statusPadding int, color bool) string {
endTime := time.Now()
if event.Status != Working {
endTime = event.endTime
}
elapsed := endTime.Sub(event.startTime).Seconds()
textLen := len(fmt.Sprintf("%s %s", event.ID, event.Text))
padding := statusPadding - textLen
if padding < 0 {
padding = 0
}
text := fmt.Sprintf(" %s %s %s%s %s",
event.spinner.String(),
event.ID,
event.Text,
strings.Repeat(" ", padding),
event.StatusText,
)
timer := fmt.Sprintf("%.1fs\n", elapsed)
o := align(text, timer, terminalWidth)
if color {
color := aec.WhiteF
if event.Status == Done {
color = aec.BlueF
}
if event.Status == Error {
color = aec.RedF
}
return aec.Apply(o, color)
}
return o
}
func numDone(events map[string]Event) int {
i := 0
for _, e := range events {
if e.Status == Done {
i++
}
}
return i
}
func align(l, r string, w int) string {
return fmt.Sprintf("%-[2]*[1]s %[3]s", l, w-len(r)-1, r)
}
// StringContains check if an array contains a specific value
func StringContains(array []string, needle string) bool {
for _, val := range array {
if val == needle {
return true
}
}
return false
}

112
ecs/pkg/progress/writer.go Normal file
View File

@ -0,0 +1,112 @@
package progress
import (
"context"
"os"
"sync"
"time"
"github.com/containerd/console"
"github.com/moby/term"
"golang.org/x/sync/errgroup"
)
// EventStatus indicates the status of an action
type EventStatus int
const (
// Working means that the current task is working
Working EventStatus = iota
// Done means that the current task is done
Done
// Error means that the current task has errored
Error
)
// Event reprensents a progress event
type Event struct {
ID string
Text string
Status EventStatus
StatusText string
Done bool
startTime time.Time
endTime time.Time
spinner *spinner
}
func (e *Event) stop() {
e.endTime = time.Now()
e.spinner.Stop()
}
// Writer can write multiple progress events
type Writer interface {
Start(context.Context) error
Stop()
Event(Event)
}
type writerKey struct{}
// WithContextWriter adds the writer to the context
func WithContextWriter(ctx context.Context, writer Writer) context.Context {
return context.WithValue(ctx, writerKey{}, writer)
}
// ContextWriter returns the writer from the context
func ContextWriter(ctx context.Context) Writer {
s, _ := ctx.Value(writerKey{}).(Writer)
return s
}
type progressFunc func(context.Context) error
// Run will run a writer and the progress function
// in parallel
func Run(ctx context.Context, pf progressFunc) error {
eg, _ := errgroup.WithContext(ctx)
w, err := NewWriter(os.Stderr)
if err != nil {
return err
}
eg.Go(func() error {
return w.Start(context.Background())
})
ctx = WithContextWriter(ctx, w)
eg.Go(func() error {
defer w.Stop()
return pf(ctx)
})
return eg.Wait()
}
// NewWriter returns a new multi-progress writer
func NewWriter(out console.File) (Writer, error) {
_, isTerminal := term.GetFdInfo(out)
if isTerminal {
con, err := console.ConsoleFromFile(out)
if err != nil {
return nil, err
}
return &ttyWriter{
out: con,
eventIDs: []string{},
events: map[string]Event{},
repeated: false,
done: make(chan bool),
mtx: &sync.RWMutex{},
}, nil
}
return &plainWriter{
out: out,
done: make(chan bool),
}, nil
}

8
ecs/secrets/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM golang:1.14.4-alpine AS builder
WORKDIR $GOPATH/src/github.com/docker/ecs-plugin/secrets
COPY . .
RUN GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o /go/bin/secrets main/main.go
FROM scratch
COPY --from=builder /go/bin/secrets /secrets
ENTRYPOINT ["/secrets"]

87
ecs/secrets/init.go Normal file
View File

@ -0,0 +1,87 @@
package secrets
import (
"encoding/json"
"fmt"
"io/ioutil"
"os"
"path/filepath"
)
type Secret struct {
Name string
Keys []string
}
func CreateSecretFiles(secret Secret, path string) error {
value, ok := os.LookupEnv(secret.Name)
if !ok {
return fmt.Errorf("%q variable not set", secret.Name)
}
secrets := filepath.Join(path, secret.Name)
if len(secret.Keys) == 0 {
// raw Secret
fmt.Printf("inject Secret %q info %s\n", secret.Name, secrets)
return ioutil.WriteFile(secrets, []byte(value), 0444)
}
var unmarshalled interface{}
err := json.Unmarshal([]byte(value), &unmarshalled)
if err != nil {
return fmt.Errorf("%q Secret is not a valid JSON document: %w", secret.Name, err)
}
dict, ok := unmarshalled.(map[string]interface{})
if !ok {
return fmt.Errorf("%q Secret is not a JSON dictionary: %w", secret.Name, err)
}
err = os.MkdirAll(secrets, 0755)
if err != nil {
return err
}
if contains(secret.Keys, "*") {
var keys []string
for k := range dict {
keys = append(keys, k)
}
secret.Keys = keys
}
for _, k := range secret.Keys {
path := filepath.Join(secrets, k)
fmt.Printf("inject Secret %q info %s\n", k, path)
v, ok := dict[k]
if !ok {
return fmt.Errorf("%q Secret has no %q key", secret.Name, k)
}
var raw []byte
if s, ok := v.(string); ok {
raw = []byte(s)
} else {
raw, err = json.Marshal(v)
if err != nil {
return err
}
}
err = ioutil.WriteFile(path, raw, 0444)
if err != nil {
return err
}
}
return nil
}
func contains(keys []string, s string) bool {
for _, k := range keys {
if k == s {
return true
}
}
return false
}

85
ecs/secrets/init_test.go Normal file
View File

@ -0,0 +1,85 @@
package secrets
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
"gotest.tools/v3/assert"
"gotest.tools/v3/fs"
)
func TestRawSecret(t *testing.T) {
dir := fs.NewDir(t, "secrets").Path()
os.Setenv("raw", "something_secret")
defer os.Unsetenv("raw")
err := CreateSecretFiles(Secret{
Name: "raw",
Keys: nil,
}, dir)
assert.NilError(t, err)
file, err := ioutil.ReadFile(filepath.Join(dir, "raw"))
assert.NilError(t, err)
content := string(file)
assert.Equal(t, content, "something_secret")
}
func TestSelectedKeysSecret(t *testing.T) {
dir := fs.NewDir(t, "secrets").Path()
os.Setenv("json", `
{
"foo": "bar",
"zot": "qix"
}`)
defer os.Unsetenv("json")
err := CreateSecretFiles(Secret{
Name: "json",
Keys: []string{"foo"},
}, dir)
assert.NilError(t, err)
file, err := ioutil.ReadFile(filepath.Join(dir, "json", "foo"))
assert.NilError(t, err)
content := string(file)
assert.Equal(t, content, "bar")
_, err = os.Stat(filepath.Join(dir, "json", "zot"))
assert.Check(t, os.IsNotExist(err))
}
func TestAllKeysSecret(t *testing.T) {
dir := fs.NewDir(t, "secrets").Path()
os.Setenv("json", `
{
"foo": "bar",
"zot": "qix"
}`)
defer os.Unsetenv("json")
err := CreateSecretFiles(Secret{
Name: "json",
Keys: []string{"*"},
}, dir)
assert.NilError(t, err)
file, err := ioutil.ReadFile(filepath.Join(dir, "json", "foo"))
assert.NilError(t, err)
content := string(file)
assert.Equal(t, content, "bar")
file, err = ioutil.ReadFile(filepath.Join(dir, "json", "zot"))
assert.NilError(t, err)
content = string(file)
assert.Equal(t, content, "qix")
}
func TestUnknownSecret(t *testing.T) {
dir := fs.NewDir(t, "secrets").Path()
err := CreateSecretFiles(Secret{
Name: "not_set",
Keys: nil,
}, dir)
assert.Check(t, err != nil)
}

33
ecs/secrets/main/main.go Normal file
View File

@ -0,0 +1,33 @@
package main
import (
"encoding/json"
"fmt"
"os"
"github.com/docker/ecs-plugin/secrets"
)
const secretsFolder = "/run/secrets"
func main() {
if len(os.Args) != 2 {
fmt.Fprintf(os.Stderr, "usage: secrets <json encoded []Secret>")
os.Exit(1)
}
var input []secrets.Secret
err := json.Unmarshal([]byte(os.Args[1]), &input)
if err != nil {
fmt.Fprintf(os.Stderr, err.Error())
os.Exit(1)
}
for _, secret := range input {
err := secrets.CreateSecretFiles(secret, secretsFolder)
if err != nil {
fmt.Fprintf(os.Stderr, err.Error())
os.Exit(1)
}
}
}

65
ecs/tests/e2e_deploy_services_test.go Normal file
View File

@ -0,0 +1,65 @@
// +build e2e
package tests
import (
"context"
"testing"
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/docker/ecs-plugin/pkg/amazon/sdk"
"github.com/docker/ecs-plugin/pkg/docker"
"gotest.tools/v3/assert"
"gotest.tools/v3/fs"
"gotest.tools/v3/golden"
"gotest.tools/v3/icmd"
)
const (
composeFileName = "compose.yaml"
)
func TestE2eDeployServices(t *testing.T) {
cmd, cleanup, awsContext := dockerCli.createTestCmd()
defer cleanup()
composeUpSimpleService(t, cmd, awsContext)
}
func composeUpSimpleService(t *testing.T, cmd icmd.Cmd, awsContext docker.AwsContext) {
bgContext := context.Background()
composeYAML := golden.Get(t, "input/simple-single-service.yaml")
tmpDir := fs.NewDir(t, t.Name(),
fs.WithFile(composeFileName, "", fs.WithBytes(composeYAML)),
)
// We can't use the file added in the tmp directory because it will drop if an assertion fails
defer composeDown(t, cmd, golden.Path("input/simple-single-service.yaml"))
defer tmpDir.Remove()
cmd.Command = dockerCli.Command("ecs", "compose", "--file="+tmpDir.Join(composeFileName), "--project-name", t.Name(), "up")
icmd.RunCmd(cmd).Assert(t, icmd.Success)
session, err := session.NewSessionWithOptions(session.Options{
Profile: awsContext.Profile,
Config: aws.Config{
Region: aws.String(awsContext.Region),
},
})
assert.NilError(t, err)
api := sdk.NewAPI(session)
arns, err := api.ListTasks(bgContext, t.Name(), t.Name())
assert.NilError(t, err)
tasks, err := api.DescribeTasks(bgContext, t.Name(), arns...)
publicIps, err := api.GetPublicIPs(context.Background(), tasks[0].NetworkInterface)
assert.NilError(t, err)
for _, ip := range publicIps {
icmd.RunCommand("curl", "-I", "http://"+ip).Assert(t, icmd.Success)
}
}
func composeDown(t *testing.T, cmd icmd.Cmd, composeFile string) {
cmd.Command = dockerCli.Command("ecs", "compose", "--file="+composeFile, "--project-name", t.Name(), "down")
icmd.RunCmd(cmd).Assert(t, icmd.Success)
}

126
ecs/tests/main_test.go Normal file
View File

@ -0,0 +1,126 @@
package tests
import (
"encoding/json"
"flag"
"fmt"
"io/ioutil"
"os"
"path/filepath"
"runtime"
"testing"
dockerConfigFile "github.com/docker/cli/cli/config/configfile"
"github.com/docker/ecs-plugin/pkg/docker"
"gotest.tools/v3/icmd"
)
var (
e2ePath = flag.String("e2e-path", ".", "Set path to the e2e directory")
dockerCliPath = os.Getenv("DOCKERCLI_BINARY")
dockerCli dockerCliCommand
testContextName = "testAwsContextToBeRemoved"
)
type dockerCliCommand struct {
path string
cliPluginDir string
}
type ConfigFileOperator func(configFile *dockerConfigFile.ConfigFile)
func (d dockerCliCommand) createTestCmd(ops ...ConfigFileOperator) (icmd.Cmd, func(), docker.AwsContext) {
configDir, err := ioutil.TempDir("", "config")
if err != nil {
panic(err)
}
configFilePath := filepath.Join(configDir, "config.json")
config := dockerConfigFile.ConfigFile{
CLIPluginsExtraDirs: []string{
d.cliPluginDir,
},
Filename: configFilePath,
}
for _, op := range ops {
op(&config)
}
configFile, err := os.Create(configFilePath)
if err != nil {
panic(err)
}
defer configFile.Close()
err = json.NewEncoder(configFile).Encode(config)
if err != nil {
panic(err)
}
awsContext := docker.AwsContext{
Profile: "sandbox.devtools.developer",
Region: "eu-west-3",
}
testStore, err := docker.NewContextWithStore(testContextName, awsContext, filepath.Join(configDir, "contexts"))
if err != nil {
panic(err)
}
cleanup := func() {
fmt.Println("cleanup")
testStore.Remove(testContextName)
os.RemoveAll(configDir)
}
env := append(os.Environ(),
"DOCKER_CONFIG="+configDir,
"DOCKER_CLI_EXPERIMENTAL=enabled") // TODO: Remove this once docker ecs plugin is no more experimental
return icmd.Cmd{Env: env}, cleanup, awsContext
}
func (d dockerCliCommand) Command(args ...string) []string {
return append([]string{d.path, "--context", testContextName}, args...)
}
func TestMain(m *testing.M) {
flag.Parse()
if err := os.Chdir(*e2ePath); err != nil {
panic(err)
}
cwd, err := os.Getwd()
if err != nil {
panic(err)
}
dockerEcs := os.Getenv("DOCKERECS_BINARY")
if dockerEcs == "" {
dockerEcs = filepath.Join(cwd, "../dist/docker-ecs")
}
dockerEcs, err = filepath.Abs(dockerEcs)
if err != nil {
panic(err)
}
if dockerCliPath == "" {
dockerCliPath = "docker"
} else {
dockerCliPath, err = filepath.Abs(dockerCliPath)
if err != nil {
panic(err)
}
}
// Prepare docker cli to call the docker-ecs plugin binary:
// - Create a symbolic link with the dockerEcs binary to the plugin directory
cliPluginDir, err := ioutil.TempDir("", "configContent")
if err != nil {
panic(err)
}
defer os.RemoveAll(cliPluginDir)
createDockerECSSymLink(dockerEcs, cliPluginDir)
dockerCli = dockerCliCommand{path: dockerCliPath, cliPluginDir: cliPluginDir}
os.Exit(m.Run())
}
func createDockerECSSymLink(dockerEcs, configDir string) {
dockerEcsExecName := "docker-ecs"
if runtime.GOOS == "windows" {
dockerEcsExecName += ".exe"
}
if err := os.Symlink(dockerEcs, filepath.Join(configDir, dockerEcsExecName)); err != nil {
panic(err)
}
}

6
ecs/tests/testdata/input/simple-single-service.yaml vendored Normal file
View File

@ -0,0 +1,6 @@
version: "3"
services:
simple:
image: nginx
ports:
- 80:80

14
ecs/tests/testdata/plugin-usage.golden vendored Normal file
View File

@ -0,0 +1,14 @@
Usage: docker ecs COMMAND
run multi-container applications on Amazon ECS.
Management Commands:
compose
secret Manages secrets
Commands:
setup
version Show version.
Run 'docker ecs COMMAND --help' for more information on a command.

18
ecs/tests/version_test.go Normal file
View File

@ -0,0 +1,18 @@
package tests
import (
"strings"
"testing"
"gotest.tools/v3/assert"
"gotest.tools/v3/icmd"
)
func TestVersionIsSet(t *testing.T) {
cmd, cleanup, _ := dockerCli.createTestCmd()
defer cleanup()
cmd.Command = dockerCli.Command("ecs", "version")
out := icmd.RunCmd(cmd).Assert(t, icmd.Success).Stdout()
assert.Check(t, !strings.Contains(out, "unknown"))
}