Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ecs): update logic for secret JSON field with fargate task to fail #7317

Merged
merged 9 commits into from
May 6, 2020
Merged

fix(ecs): update logic for secret JSON field with fargate task to fail #7317

merged 9 commits into from
May 6, 2020

Conversation

jogold
Copy link
Contributor

@jogold jogold commented Apr 11, 2020
edited
Loading

Commit Message

fix(ecs): using secret JSON field with fargate task does not fail (#7317)

For tasks that use the Fargate launch type, it is only supported to inject
the full contents of a secret as an environment variable. Specifying a specific
JSON key or version is not supported at this time.

Also clean up/refactor a bit.

See https://docs.aws.amazon.com/AmazonECS/latest/userguide/specifying-sensitive-data-secrets.html#secrets-considerations

Closes #7272

End Commit Message

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

jogold added 2 commits April 11, 2020 12:15
@jogold
fix(ecs): using secret JSON field with fargate task does not fail
ca15ac0 
For tasks that use the Fargate launch type, it is only supported to inject
the full contents of a secret as an environment variable. Specifying a specific
JSON key or version is not supported at this time.

Also clean up/refactor a bit.

See https://docs.aws.amazon.com/AmazonECS/latest/userguide/specifying-sensitive-data-secrets.html#secrets-considerations

Closes aws#7272
@jogold
git add . -u -pfield
9ad6215
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: ca15ac0
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 9ad6215
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: ea4609f
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 1f19bff
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@SomayaB SomayaB added the @aws-cdk/aws-ecs Related to Amazon Elastic Container label Apr 14, 2020
@jogold jogold mentioned this pull request Apr 16, 2020
Merged
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 578604a
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@jogold jogold requested a review from piradeepk April 29, 2020 09:04
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 11fd607
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@jogold
Copy link
Contributor Author

jogold commented May 6, 2020

@pkandasamy91 can you give another look?

efekarakus
efekarakus approved these changes May 6, 2020
View reviewed changes
Copy link
Contributor

@efekarakus efekarakus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

packages/@aws-cdk/aws-ecs/lib/container-definition.ts
Comment on lines +54 to +56
/**
* Grants reading the secret to a principal
*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for adding comments to the public fields!

@piradeepk piradeepk added the pr/do-not-merge This PR should not be merged at this time. label May 6, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: fc13b43
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

piradeepk
piradeepk approved these changes May 6, 2020
View reviewed changes
Copy link
Contributor

@piradeepk piradeepk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ship it! 💯 This looks great, thanks for fixing this issue @jogold!

@piradeepk piradeepk removed the pr/do-not-merge This PR should not be merged at this time. label May 6, 2020
@mergify
Copy link
Contributor

mergify bot commented May 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@piradeepk piradeepk changed the title fix(ecs): using secret JSON field with fargate task does not fail fix(ecs): update logic for secret JSON field with fargate task to fail May 6, 2020
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: fe197b4
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented May 6, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit cb03a60 into aws:master May 6, 2020
karupanerura pushed a commit to karupanerura/aws-cdk that referenced this pull request May 7, 2020
@jogold @karupanerura
fix(ecs): using secret JSON field with fargate task does not fail (aw…
de97f4e 
…s#7317)

For tasks that use the Fargate launch type, it is only supported to inject
the full contents of a secret as an environment variable. Specifying a specific
JSON key or version is not supported at this time.

Also clean up/refactor a bit.

See https://docs.aws.amazon.com/AmazonECS/latest/userguide/specifying-sensitive-data-secrets.html#secrets-considerations

Closes aws#7272
@jogold jogold deleted the fix-fargate-secret-key-env branch May 31, 2020 07:55
@jwmonroe-outschool jwmonroe-outschool mentioned this pull request Sep 10, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efekarakus efekarakus efekarakus approved these changes

@piradeepk piradeepk piradeepk approved these changes

Assignees

@uttarasridhar uttarasridhar

Labels
@aws-cdk/aws-ecs Related to Amazon Elastic Container
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

The new ecs.Secret.fromSecretsManager(secret, field?) is not working
6 participants
@jogold @aws-cdk-automation @efekarakus @piradeepk @uttarasridhar @SomayaB