tyler.durden/compose
1
0
Fork 0
mirror of https://github.com/docker/compose.git synced 2025-07-26 07:04:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

createPolicies to rely on project/service not converted aws model

Browse Source 
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
This commit is contained in:
Nicolas De Loof 2020-09-22 21:57:24 +02:00
parent 767ed0c20d
commit ed5d774180
No known key found for this signature in database
GPG Key ID: 9858809D6F8F6E7E
2 changed files with 12 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
ecs/cloudformation.go
View File

@ -196,7 +196,7 @@ func (b *ecsAPIService) convert(project *types.Project) (*cloudformation.Templat
return nil, nil, err return nil, nil, err
} }
taskExecutionRole := createTaskExecutionRole(service, definition, template) taskExecutionRole := createTaskExecutionRole(project, service, template)
definition.ExecutionRoleArn = cloudformation.Ref(taskExecutionRole) definition.ExecutionRoleArn = cloudformation.Ref(taskExecutionRole)
taskRole := createTaskRole(service, template) taskRole := createTaskRole(service, template)
@ -489,9 +489,9 @@ func createServiceRegistry(service types.ServiceConfig, template *cloudformation
return serviceRegistry return serviceRegistry
} }
func createTaskExecutionRole(service types.ServiceConfig, definition *ecs.TaskDefinition, template *cloudformation.Template) string { func createTaskExecutionRole(project *types.Project, service types.ServiceConfig, template *cloudformation.Template) string {
taskExecutionRole := fmt.Sprintf("%sTaskExecutionRole", normalizeResourceName(service.Name)) taskExecutionRole := fmt.Sprintf("%sTaskExecutionRole", normalizeResourceName(service.Name))
policies := createPolicies(service, definition) policies := createPolicies(project, service)
template.Resources[taskExecutionRole] = &iam.Role{ template.Resources[taskExecutionRole] = &iam.Role{
AssumeRolePolicyDocument: ecsTaskAssumeRolePolicyDocument, AssumeRolePolicyDocument: ecsTaskAssumeRolePolicyDocument,
Policies: policies, Policies: policies,
@ -609,18 +609,13 @@ func normalizeResourceName(s string) string {
return strings.Title(regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString(s, "")) return strings.Title(regexp.MustCompile("[^a-zA-Z0-9]+").ReplaceAllString(s, ""))
} }
func createPolicies(service types.ServiceConfig, taskDef *ecs.TaskDefinition) []iam.Role_Policy { func createPolicies(project *types.Project, service types.ServiceConfig) []iam.Role_Policy {
arns := []string{} var arns []string
for _, container := range taskDef.ContainerDefinitions { if value, ok := service.Extensions[extensionPullCredentials]; ok {
if container.RepositoryCredentials != nil { arns = append(arns, value.(string))
arns = append(arns, container.RepositoryCredentials.CredentialsParameter) }
} for _, secret := range service.Secrets {
if len(container.Secrets) > 0 { arns = append(arns, project.Secrets[secret.Source].Name)
for _, s := range container.Secrets {
arns = append(arns, s.ValueFrom)
}
}
} }
if len(arns) > 0 { if len(arns) > 0 {
return []iam.Role_Policy{ return []iam.Role_Policy{

7
ecs/convert.go
View File

@ -532,11 +532,8 @@ func toHostEntryPtr(hosts types.HostsList) []ecs.TaskDefinition_HostEntry {
} }
func getRepoCredentials(service types.ServiceConfig) *ecs.TaskDefinition_RepositoryCredentials { func getRepoCredentials(service types.ServiceConfig) *ecs.TaskDefinition_RepositoryCredentials {
// extract registry and namespace string from image name if value, ok := service.Extensions[extensionPullCredentials]; ok {
for key, value := range service.Extensions { return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: value.(string)}
if key == extensionPullCredentials {
return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: value.(string)}
}
} }
return nil return nil
} }