Feature/fargate support v2 #2559
Conversation
|
Hi @johnnorton Can you tell us more about the motivation behind the Also Finally we'll need to add a test to exercise this new field and ensure it works. Let me know if you need any help with that. Thanks. |
radeksimko
added
enhancement
|
@radeksimko This is my first foray into GoLang. I will will take a look at your suggestions and create a test. Standby.... John |
…vider-aws into feature/fargate_support_v2
| if d.HasChange("network_configration") { | ||
| input.NetworkConfiguration = expandEcsNetworkConfigration(d.Get("network_configuration").([]interface{})) | ||
| } | ||
| //d.HasChange("network_configration") is not working, so explicity calling method. |
There was a problem hiding this comment.
Not sure why the the func HadChange is not detecting a change on "network_configuration". Maybe we need to implement equals on the structure?
|
@radeksimko. Yes updating the network config does not need to force a new resource but the existing tasks will not get the new settings as per the docs. Please review my comments in the code and let me know. Thanks! |
aws/resource_aws_ecs_service_test.go
Outdated
| @@ -1261,6 +1261,7 @@ resource "aws_ecs_service" "main" { | |||
| network_configuration { | |||
| security_groups = ["${aws_security_group.allow_all_a.id}", "${aws_security_group.allow_all_b.id}"] | |||
| subnets = ["${aws_subnet.main.*.id}"] | |||
| assign_public_ip = "ENABLED" | |||
There was a problem hiding this comment.
I am not sure if this is all I need to do for the test. Seems like I am missing something
radeksimko
removed
the
waiting-response
|
@radeksimko Anything else needed here? |
|
Would also like to see this merged |
|
Is there any news on getting this merged? Not being able to set auto assign public IP is preventing me from configuring fargate-backed ECS services in terraform. As a note on the PR itself, I think it would be nicer to be able to use |
|
Made change suggested by @dkuntz2 dkuntz2 |
|
This is also preventing me from configuring Fargate with Terraform. @radeksimko Can we please get this merged soon? |
There was a problem hiding this comment.
Hi @johnnorton! This is getting there and thanks for your effort here. I'm providing a drive by review here since I know a couple of folks are waiting for this. If you don't have time or would like us to take this across the finish line, please let us know. 🚀
aws/resource_aws_ecs_service.go
Outdated
| @@ -133,6 +133,11 @@ func resourceAwsEcsService() *schema.Resource { | |||
| Elem: &schema.Schema{Type: schema.TypeString}, | |||
| Set: schema.HashString, | |||
| }, | |||
| "assign_public_ip": &schema.Schema{ | |||
There was a problem hiding this comment.
You can remove &schema.Schema from this line here.
aws/resource_aws_ecs_service.go
Outdated
| result := make(map[string]interface{}) | ||
| result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) | ||
| result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) | ||
| result["assign_public_ip"] = "true" | ||
| if *nc.AwsvpcConfiguration.AssignPublicIp == "DISABLED" { |
There was a problem hiding this comment.
The AWS SDK provides constants we can use here instead of directly testing our own strings (this applies for all "DISABLED"/"ENABLED" in this PR), e.g. ecs.AssignPublicIpDisabled/ecs.AssignPublicIpEnabled
| @@ -102,6 +102,7 @@ Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query | |||
|
|
|||
| * `subnets` - (Required) The subnets associated with the task or service. | |||
| * `security_groups` - (Optional) The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used. | |||
| * `assign_public_ip` - (Optional) Valid values are "ENABLED" or "DISABLED". Will assign a public IP address to the ENI. | |||
There was a problem hiding this comment.
Documentation needs to be updated since the switch from string values to boolean values and should also note the default of false.
aws/resource_aws_ecs_service_test.go
Outdated
| @@ -1517,6 +1517,7 @@ resource "aws_ecs_service" "main" { | |||
| network_configuration { | |||
| security_groups = ["${aws_security_group.allow_all_a.id}", "${aws_security_group.allow_all_b.id}"] | |||
| subnets = ["${aws_subnet.main.*.id}"] | |||
| assign_public_ip = true | |||
There was a problem hiding this comment.
Can you please add an appropriate attribute test where this is used (and one in the other Fargate test where it should be the default of false)? e.g. resource.TestCheckResourceAttr("aws_ecs_service.main", "network_configuration.0.assign_public_ip", "true")
|
@bflad @radeksimko @paddycarver @austinkelleher --> Sorry I didn't get on this sooner. Sill learning Go (🤞 ) . Anyway please review and see if we can get this merged. |
|
I'll take another look in a few hours. Thanks for the updates and contributions while learning Go! 😃 |
|
Thanks for your work on this @johnnorton. Looking forward to seeing this merged. |
| result := make(map[string]interface{}) | ||
| result["security_groups"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.SecurityGroups)) | ||
| result["subnets"] = schema.NewSet(schema.HashString, flattenStringList(nc.AwsvpcConfiguration.Subnets)) | ||
| result["assign_public_ip"] = "true" | ||
| if *nc.AwsvpcConfiguration.AssignPublicIp == ecs.AssignPublicIpDisabled { |
There was a problem hiding this comment.
If nc.AwsvpcConfiguration.AssignPublicIp is nil (its listed as optional in the ECS API documentation), this can cause Terraform to crash. I can fix this (and clean it up a little since it will automatically default to "false") prior to merge via:
if nc.AwsvpcConfiguration.AssignPublicIp != nil {
result["assign_public_ip"] = fmt.Sprintf("%v", *nc.AwsvpcConfiguration.AssignPublicIp == ecs.AssignPublicIpEnabled)
}
| @@ -34,7 +34,6 @@ func resourceAwsLbListener() *schema.Resource { | |||
| "load_balancer_arn": { | |||
| Type: schema.TypeString, | |||
| Required: true, | |||
| ForceNew: true, | |||
There was a problem hiding this comment.
Unrelated change - will fix prior to merge
|
@johnnorton thank you so much for your contributions here! I will be pulling in your commits, but I am running into some issues acceptance testing this appropriately, which isn't really from your PR. I will fix those on top of this as it requires some refactoring of the resource/testing itself. I wound up down this rabbit hole because ECS will return this error if you try to enable Unfortunately, as noted in #85, the error handling in this resource is already causing trouble as it is retrying on some conditions like the above when it shouldn't be. The launch type and assign_public_ip combination is something we can validate at plan time, but the implementation is a little more complex than just few lines. I think it'll be best if I fix both of these issues together as its already hindering my acceptance testing. More soon. |
|
@bflad Excellent. Please let me know if I can help. |
|
@bflad milestone seems |
|
@cemo good catch, thanks and updated. Also, shout out to @johnnorton for working though the original PR. |
|
This has been released in terraform-provider-aws version 1.9.0. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. |
* commit '5293a0e3b1366ee16d8742b9b2354781a79bfbd9': (224 commits) v1.9.0 Update CHANGELOG for hashicorp#1101 and hashicorp#3283 docs/resource/aws_sns_platform_application: Add note about platform_credential and platform_principal hashing resource/aws_sns_platform_application: Refactor ID parsing to its own function, use testing.T in testAccAwsSnsPlatformApplicationPlatformFromEnv Add lambda example (hashicorp#3168) Update CHANGELOG for hashicorp#3157 docs/data-source/aws_region: Remove now deprecated current argument data-source/aws_region: Refactor logic into findRegionByEc2Endpoint and findRegionByName functions Update CHANGELOG for hashicorp#3301 Update CHANGELOG for hashicorp#2559 and hashicorp#3240 Update CHANGELOG.md resource/aws_kinesis_stream: Retry deletion on LimitExceededException (hashicorp#3108) Update CHANGELOG.md resource/aws_dynamodb_table_item: Cleanup + add missing bits Added dynamodb_table_item resource hashicorp#517 Update CHANGELOG.md New Resource: aws_cloud9_environment_ec2 Update CHANGELOG.md Fixed markdown typo in docs resource/aws_kinesis_firehose_delivery_stream: Prevent crashes on empty CloudWatchLoggingOptions and fix extended_s3_configuration kms_key_arn ... # Conflicts: # aws/validators.go
…parameters-features * commit '5293a0e3b1366ee16d8742b9b2354781a79bfbd9': (752 commits) v1.9.0 Update CHANGELOG for hashicorp#1101 and hashicorp#3283 docs/resource/aws_sns_platform_application: Add note about platform_credential and platform_principal hashing resource/aws_sns_platform_application: Refactor ID parsing to its own function, use testing.T in testAccAwsSnsPlatformApplicationPlatformFromEnv Add lambda example (hashicorp#3168) Update CHANGELOG for hashicorp#3157 docs/data-source/aws_region: Remove now deprecated current argument data-source/aws_region: Refactor logic into findRegionByEc2Endpoint and findRegionByName functions Update CHANGELOG for hashicorp#3301 Update CHANGELOG for hashicorp#2559 and hashicorp#3240 Update CHANGELOG.md resource/aws_kinesis_stream: Retry deletion on LimitExceededException (hashicorp#3108) Update CHANGELOG.md resource/aws_dynamodb_table_item: Cleanup + add missing bits Added dynamodb_table_item resource hashicorp#517 Update CHANGELOG.md New Resource: aws_cloud9_environment_ec2 Update CHANGELOG.md Fixed markdown typo in docs resource/aws_kinesis_firehose_delivery_stream: Prevent crashes on empty CloudWatchLoggingOptions and fix extended_s3_configuration kms_key_arn ... # Conflicts: # aws/resource_aws_ssm_parameter_test.go
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
ghost
locked and limited conversation to collaborators
The previous merge for ECS Fargate support did not include the ability to ENABLE "Assign Public IP" when creating the ECS Service.
From what I can tell, this is an option that only works for services on Fargate. This option assigns a public IP to the ENI. This is required to access the internet from the container if you do not have a NAT gateway setup.