feat(manifest): enable "network" field to specify subnets and sec groups

internal/pkg/deploy/cloudformation/stack/backend_svc.go

@@ -97,6 +97,7 @@ func (s *BackendService) Template() (string, error) {
 		LogConfig:          convertLogging(s.manifest.Logging),
 		DesiredCountLambda: desiredCountLambda.String(),
 		Storage:            storage,
+		Network:            convertNetworkConfig(s.manifest.Network),
 	})
 	if err != nil {
 		return "", fmt.Errorf("parse backend service template: %w", err)

internal/pkg/deploy/cloudformation/stack/backend_svc_test.go

@@ -161,6 +161,11 @@ Outputs:
 						StackName:       addon.StackName,
 						VariableOutputs: []string{"MyTable"},
 					},
+					Network: &template.NetworkOpts{
+						AssignPublicIP: template.DisablePublicIP,
+						SubnetsType:    template.PrivateSubnetsPlacement,
+						SecurityGroups: []string{"sg-1234"},
+					},
 				}).Return(&template.Content{Buffer: bytes.NewBufferString("template")}, nil)
 				svc.parser = m
 				svc.addons = mockTemplater{
@@ -196,6 +201,10 @@ Outputs:
 				},
 				manifest: tc.manifest,
 			}
+			if tc.manifest != nil {
+				conf.manifest.Network.VPC.Placement = aws.String(manifest.PrivateSubnetPlacement)
+				conf.manifest.Network.VPC.SecurityGroups = []string{"sg-1234"}
+			}
 			tc.mockDependencies(t, ctrl, conf)
 
 			// WHEN

internal/pkg/deploy/cloudformation/stack/lb_web_svc.go

@@ -131,6 +131,7 @@ func (s *LoadBalancedWebService) Template() (string, error) {
 		DesiredCountLambda:  desiredCountLambda.String(),
 		EnvControllerLambda: envControllerLambda.String(),
 		Storage:             storage,
+		Network:             convertNetworkConfig(s.manifest.Network),
 	})
 	if err != nil {
 		return "", err

internal/pkg/deploy/cloudformation/stack/lb_web_svc_test.go

@@ -177,6 +177,10 @@ Outputs:
 					RulePriorityLambda:  "lambda",
 					DesiredCountLambda:  "something",
 					EnvControllerLambda: "something",
+					Network: &template.NetworkOpts{
+						AssignPublicIP: template.EnablePublicIP,
+						SubnetsType:    template.PublicSubnetsPlacement,
+					},
 				}).Return(&template.Content{Buffer: bytes.NewBufferString("template")}, nil)
 
 				addons := mockTemplater{err: &addon.ErrAddonsDirNotExist{}}
@@ -205,6 +209,10 @@ Outputs:
 					RulePriorityLambda:  "lambda",
 					DesiredCountLambda:  "something",
 					EnvControllerLambda: "something",
+					Network: &template.NetworkOpts{
+						AssignPublicIP: template.EnablePublicIP,
+						SubnetsType:    template.PublicSubnetsPlacement,
+					},
 				}).Return(&template.Content{Buffer: bytes.NewBufferString("template")}, nil)
 				addons := mockTemplater{
 					tpl: `Resources:

internal/pkg/deploy/cloudformation/stack/scheduled_job.go

@@ -151,6 +151,7 @@ func (j *ScheduledJob) Template() (string, error) {
 		StateMachine:       stateMachine,
 		LogConfig:          convertLogging(j.manifest.Logging),
 		Storage:            storage,
+		Network:            convertNetworkConfig(j.manifest.Network),
 	})
 	if err != nil {
 		return "", fmt.Errorf("parse scheduled job template: %w", err)

internal/pkg/deploy/cloudformation/stack/scheduled_job_test.go

@@ -53,6 +53,10 @@ func TestScheduledJob_Template(t *testing.T) {
 						Timeout: aws.Int(5400),
 						Retries: aws.Int(3),
 					},
+					Network: &template.NetworkOpts{
+						AssignPublicIP: template.EnablePublicIP,
+						SubnetsType:    template.PublicSubnetsPlacement,
+					},
 				})).Return(&template.Content{Buffer: bytes.NewBufferString("template")}, nil)
 				addons := mockTemplater{err: &addon.ErrAddonsDirNotExist{}}
 				j.parser = m
@@ -75,6 +79,10 @@ func TestScheduledJob_Template(t *testing.T) {
 						Timeout: aws.Int(5400),
 						Retries: aws.Int(3),
 					},
+					Network: &template.NetworkOpts{
+						AssignPublicIP: template.EnablePublicIP,
+						SubnetsType:    template.PublicSubnetsPlacement,
+					},
 				})).Return(&template.Content{Buffer: bytes.NewBufferString("template")}, nil)
 				addons := mockTemplater{
 					tpl: `Resources:

internal/pkg/deploy/cloudformation/stack/transformers.go

@@ -53,7 +53,7 @@ func convertSidecar(s map[string]*manifest.SidecarConfig) ([]*template.SidecarOp
 		if err != nil {
 			return nil, err
 		}
-		mp, err := renderSidecarMountPoints(config.MountPoints)
+		mp, err := convertSidecarMountPoints(config.MountPoints)
 		if err != nil {
 			return nil, err
 		}
@@ -161,15 +161,15 @@ func convertStorageOpts(in *manifest.Storage) (*template.StorageOpts, error) {
 	if in == nil {
 		return nil, nil
 	}
-	v, err := renderVolumes(in.Volumes)
+	v, err := convertVolumes(in.Volumes)
 	if err != nil {
 		return nil, err
 	}
-	mp, err := renderMountPoints(in.Volumes)
+	mp, err := convertMountPoints(in.Volumes)
 	if err != nil {
 		return nil, err
 	}
-	perms, err := renderStoragePermissions(in.Volumes)
+	perms, err := convertEFSPermissions(in.Volumes)
 	if err != nil {
 		return nil, err
 	}
@@ -180,14 +180,14 @@ func convertStorageOpts(in *manifest.Storage) (*template.StorageOpts, error) {
 	}, nil
 }
 
-// renderSidecarMountPoints is used to convert from manifest to template objects.
-func renderSidecarMountPoints(in []manifest.SidecarMountPoint) ([]*template.MountPoint, error) {
+// convertSidecarMountPoints is used to convert from manifest to template objects.
+func convertSidecarMountPoints(in []manifest.SidecarMountPoint) ([]*template.MountPoint, error) {
 	if len(in) == 0 {
 		return nil, nil
 	}
 	var output []*template.MountPoint
 	for _, smp := range in {
-		mp, err := renderMountPoint(smp.SourceVolume, smp.ContainerPath, smp.ReadOnly)
+		mp, err := convertMountPoint(smp.SourceVolume, smp.ContainerPath, smp.ReadOnly)
 		if err != nil {
 			return nil, err
 		}
@@ -196,7 +196,7 @@ func renderSidecarMountPoints(in []manifest.SidecarMountPoint) ([]*template.Moun
 	return output, nil
 }
 
-func renderMountPoint(sourceVolume, containerPath *string, readOnly *bool) (*template.MountPoint, error) {
+func convertMountPoint(sourceVolume, containerPath *string, readOnly *bool) (*template.MountPoint, error) {
 	// containerPath must be specified.
 	if aws.StringValue(containerPath) == "" {
 		return nil, errNoContainerPath
@@ -221,13 +221,13 @@ func renderMountPoint(sourceVolume, containerPath *string, readOnly *bool) (*tem
 	}, nil
 }
 
-func renderMountPoints(input map[string]manifest.Volume) ([]*template.MountPoint, error) {
+func convertMountPoints(input map[string]manifest.Volume) ([]*template.MountPoint, error) {
 	if len(input) == 0 {
 		return nil, nil
 	}
 	var output []*template.MountPoint
 	for name, volume := range input {
-		mp, err := renderMountPoint(aws.String(name), volume.ContainerPath, volume.ReadOnly)
+		mp, err := convertMountPoint(aws.String(name), volume.ContainerPath, volume.ReadOnly)
 		if err != nil {
 			return nil, err
 		}
@@ -236,7 +236,7 @@ func renderMountPoints(input map[string]manifest.Volume) ([]*template.MountPoint
 	return output, nil
 }
 
-func renderStoragePermissions(input map[string]manifest.Volume) ([]*template.EFSPermission, error) {
+func convertEFSPermissions(input map[string]manifest.Volume) ([]*template.EFSPermission, error) {
 	if len(input) == 0 {
 		return nil, nil
 	}
@@ -260,7 +260,7 @@ func renderStoragePermissions(input map[string]manifest.Volume) ([]*template.EFS
 	return output, nil
 }
 
-func renderVolumes(input map[string]manifest.Volume) ([]*template.Volume, error) {
+func convertVolumes(input map[string]manifest.Volume) ([]*template.Volume, error) {
 	if len(input) == 0 {
 		return nil, nil
 	}
@@ -317,3 +317,16 @@ func renderVolumes(input map[string]manifest.Volume) ([]*template.Volume, error)
 	}
 	return output, nil
 }
+
+func convertNetworkConfig(network manifest.NetworkConfig) *template.NetworkOpts {
+	opts := &template.NetworkOpts{
+		AssignPublicIP: template.EnablePublicIP,
+		SubnetsType:    template.PublicSubnetsPlacement,
+		SecurityGroups: network.VPC.SecurityGroups,
+	}
+	if aws.StringValue(network.VPC.Placement) != manifest.PublicSubnetPlacement {
+		opts.AssignPublicIP = template.DisablePublicIP
+		opts.SubnetsType = template.PrivateSubnetsPlacement
+	}
+	return opts
+}

internal/pkg/deploy/cloudformation/stack/transformers_test.go

@@ -512,7 +512,7 @@ func Test_convertSidecarMountPoints(t *testing.T) {
 	}
 	for name, tc := range testCases {
 		t.Run(name, func(t *testing.T) {
-			got, err := renderSidecarMountPoints(tc.inMountPoints)
+			got, err := convertSidecarMountPoints(tc.inMountPoints)
 			if tc.wantErr != "" {
 				require.EqualError(t, err, tc.wantErr)
 			} else {

internal/pkg/manifest/backend_svc.go

@@ -39,6 +39,7 @@ type BackendServiceConfig struct {
 	TaskConfig  `yaml:",inline"`
 	*Logging    `yaml:"logging,flow"`
 	Sidecars    map[string]*SidecarConfig `yaml:"sidecars"`
+	Network     NetworkConfig             `yaml:"network"`
 }
 
 type imageWithPortAndHealthcheck struct {
@@ -133,6 +134,11 @@ func newDefaultBackendService() *BackendService {
 					Value: aws.Int(1),
 				},
 			},
+			Network: NetworkConfig{
+				VPC: vpcConfig{
+					Placement: stringP(PublicSubnetPlacement),
+				},
+			},
 		},
 	}
 }

internal/pkg/manifest/backend_svc_test.go

@@ -51,6 +51,11 @@ func TestNewBackendSvc(t *testing.T) {
 							Value: aws.Int(1),
 						},
 					},
+					Network: NetworkConfig{
+						VPC: vpcConfig{
+							Placement: stringP("public"),
+						},
+					},
 				},
 			},
 		},
@@ -93,6 +98,11 @@ func TestNewBackendSvc(t *testing.T) {
 							Value: aws.Int(1),
 						},
 					},
+					Network: NetworkConfig{
+						VPC: vpcConfig{
+							Placement: stringP("public"),
+						},
+					},
 				},
 			},
 		},

internal/pkg/manifest/job.go

@@ -42,6 +42,7 @@ type ScheduledJobConfig struct {
 	Sidecars                map[string]*SidecarConfig `yaml:"sidecars"`
 	On                      JobTriggerConfig          `yaml:"on,flow"`
 	JobFailureHandlerConfig `yaml:",inline"`
+	Network                 NetworkConfig `yaml:"network"`
 }
 
 // JobTriggerConfig represents the configuration for the event that triggers the job.
@@ -78,6 +79,11 @@ func newDefaultScheduledJob() *ScheduledJob {
 					Value: aws.Int(1),
 				},
 			},
+			Network: NetworkConfig{
+				VPC: vpcConfig{
+					Placement: stringP(PublicSubnetPlacement),
+				},
+			},
 		},
 	}
 }

internal/pkg/manifest/lb_web_svc.go

@@ -20,8 +20,6 @@ const (
 
 // Default values for HTTPHealthCheck for a load balanced web service.
 const (
-	// LogRetentionInDays is the default log retention time in days.
-	LogRetentionInDays     = 30
 	DefaultHealthCheckPath = "/"
 )
 
@@ -53,6 +51,7 @@ type LoadBalancedWebServiceConfig struct {
 	TaskConfig  `yaml:",inline"`
 	*Logging    `yaml:"logging,flow"`
 	Sidecars    map[string]*SidecarConfig `yaml:"sidecars"`
+	Network     NetworkConfig             `yaml:"network"`
 }
 
 // HTTPHealthCheckArgs holds the configuration to determine if the load balanced web service is healthy.
@@ -150,6 +149,11 @@ func newDefaultLoadBalancedWebService() *LoadBalancedWebService {
 					Value: aws.Int(1),
 				},
 			},
+			Network: NetworkConfig{
+				VPC: vpcConfig{
+					Placement: stringP(PublicSubnetPlacement),
+				},
+			},
 		},
 	}
 }