Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(ecs): credentialSpecs in ContainerDefinitionOptions #29085

Merged
merged 14 commits into from
Feb 16, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Removed versioning from s3 objects
cresvi committed Feb 16, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 8f565ba528644616d22fac5756c85ca6501a1547
6 changes: 3 additions & 3 deletions packages/aws-cdk-lib/aws-ecs/lib/container-definition.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import { Construct } from 'constructs';
import { NetworkMode, TaskDefinition } from './base/task-definition';
import { ContainerImage, ContainerImageConfig } from './container-image';
import { CredentialSpec, ICredentialSpecConfig } from './credential-spec';
import { CredentialSpec, CredentialSpecConfig } from './credential-spec';
import { CfnTaskDefinition } from './ecs.generated';
import { EnvironmentFile, EnvironmentFileConfig } from './environment-file';
import { LinuxParameters } from './linux-parameters';
@@ -473,7 +473,7 @@ export class ContainerDefinition extends Construct {
/**
* The crdential specifications for this container.
*/
public readonly credentialSpecs?: ICredentialSpecConfig[];
public readonly credentialSpecs?: CredentialSpecConfig[];

/**
* The name of the image referenced by this container.
@@ -936,7 +936,7 @@ function renderEnvironmentFiles(partition: string, environmentFiles: Environment
return ret;
}

function renderCredentialSpec(credSpec: ICredentialSpecConfig): string {
function renderCredentialSpec(credSpec: CredentialSpecConfig): string {
if (!credSpec.location) {
throw Error('CredentialSpec must specify a valid location or ARN');
}
24 changes: 8 additions & 16 deletions packages/aws-cdk-lib/aws-ecs/lib/credential-spec.ts
Original file line number Diff line number Diff line change
@@ -8,18 +8,12 @@ export class CredentialSpec {
/**
* Get the ARN for an S3 object.
*/
protected static arnForS3Object(bucket: IBucket, key: string, objectVersion?: string) {
let keyPattern = key;

protected static arnForS3Object(bucket: IBucket, key: string) {
if (!key) {
throw new Error('key is undefined');
}

if (objectVersion) {
keyPattern += `/${objectVersion}`;
}

return bucket.arnForObjects(keyPattern);
return bucket.arnForObjects(key);
}

/**
@@ -51,7 +45,7 @@ export class CredentialSpec {
* Called when the container is initialized to allow this object to bind
* to the stack.
*/
public bind(): ICredentialSpecConfig {
public bind(): CredentialSpecConfig {
return {
typePrefix: this.prefixId,
location: this.fileLocation,
@@ -73,11 +67,10 @@ export class DomainJoinedCredentialSpec extends CredentialSpec {
*
* @param bucket The S3 bucket
* @param key The object key
* @param objectVersion Optional S3 object version
* @returns CredSpec with it's locations set to the S3 object's ARN.
*/
public static fromS3Bucket(bucket: IBucket, key: string, objectVersion?: string) {
return new DomainJoinedCredentialSpec(CredentialSpec.arnForS3Object(bucket, key, objectVersion));
public static fromS3Bucket(bucket: IBucket, key: string) {
return new DomainJoinedCredentialSpec(CredentialSpec.arnForS3Object(bucket, key));
}

/**
@@ -109,11 +102,10 @@ export class DomainlessCredentialSpec extends CredentialSpec {
*
* @param bucket The S3 bucket
* @param key The object key
* @param objectVersion Optional S3 object version
* @returns CredSpec with it's locations set to the S3 object's ARN.
*/
public static fromS3Bucket(bucket: IBucket, key: string, objectVersion?: string) {
return new DomainlessCredentialSpec(CredentialSpec.arnForS3Object(bucket, key, objectVersion));
public static fromS3Bucket(bucket: IBucket, key: string) {
return new DomainlessCredentialSpec(CredentialSpec.arnForS3Object(bucket, key));
}

/**
@@ -134,7 +126,7 @@ export class DomainlessCredentialSpec extends CredentialSpec {
/**
* Configuration for a credential specification (CredSpec) used for a ECS container.
*/
export interface ICredentialSpecConfig {
export interface CredentialSpecConfig {
/**
* Prefix used for the CredSpec string.
*/
19 changes: 4 additions & 15 deletions packages/aws-cdk-lib/aws-ecs/test/credential-spec.test.ts
Original file line number Diff line number Diff line change
@@ -21,15 +21,6 @@ describe('credential spec', () => {
});

describe('fromS3Bucket', () => {
test('fails if key name is empty', () => {
// GIVEN
const stack = new cdk.Stack();
const bucket = new s3.Bucket(stack, 'bucket');

// THEN
expect(() => ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, '')).toThrow(/key is undefined/);
});

test('returns a valid version-less S3 object ARN as location', () => {
// GIVEN
const stack = new cdk.Stack();
@@ -46,13 +37,12 @@ describe('credential spec', () => {
// GIVEN
const stack = new cdk.Stack();
const objectKey = 'credSpec';
const objectVersion = 'xwghdvg2672';
const bucket = new s3.Bucket(stack, 'bucket');
const credSpec = ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, objectKey, objectVersion);
const credSpec = ecs.DomainJoinedCredentialSpec.fromS3Bucket(bucket, objectKey);
const containerDefinition = defineContainerDefinition(stack, credSpec);

// THEN
expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(`${objectKey}/${objectVersion}`));
expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(objectKey));
});
});

@@ -112,13 +102,12 @@ describe('credential spec', () => {
// GIVEN
const stack = new cdk.Stack();
const objectKey = 'credSpec';
const objectVersion = 'xwghdvg2672';
const bucket = new s3.Bucket(stack, 'bucket');
const credSpec = ecs.DomainlessCredentialSpec.fromS3Bucket(bucket, objectKey, objectVersion);
const credSpec = ecs.DomainlessCredentialSpec.fromS3Bucket(bucket, objectKey);
const containerDefinition = defineContainerDefinition(stack, credSpec);

// THEN
expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(`${objectKey}/${objectVersion}`));
expect(containerDefinition.credentialSpecs?.at(0)?.location).toEqual(bucket.arnForObjects(objectKey));
});
});