Skip to content

Commit

Permalink
feat: ✨ Env vars, secrects, runtime command and iampolicies
Browse files Browse the repository at this point in the history
  • Loading branch information
@Jeeltilva
Jeeltilva committed Apr 2, 2023
1 parent 1a1b058 commit 37c6dfb
Show file tree
Hide file tree
Showing 3 changed files with 115 additions and 108 deletions.
40 changes: 27 additions & 13 deletions compiler.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,19 @@ const compileCluster = (config, images, service) => ({
AutoDeploymentsEnabled: service.autoDeploy ?? true,
ImageRepository: {
ImageIdentifier: images[service.name],
ImageRepositoryType: 'ECR'
ImageRepositoryType: 'ECR',
...( (service.port || service.runtimeSecrets || service.runtimeVariables || service.startCommand)&& {
ImageConfiguration: {
Port: service.port ?? 8080,
...(service.runtimeSecrets.length > 0 && {
RuntimeEnvironmentSecrets : service.runtimeSecrets
}),
...(service.runtimeVariables.length > 0 && {
RuntimeEnvironmentVariables : service.runtimeVariables
}),
...(service.startCommand && { StartCommand: service.startCommand } )
}
})
}
},
InstanceConfiguration: {
Expand Down Expand Up @@ -76,15 +88,15 @@ const ECRAccessRole = (config) => ({
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: [
'ecr:GetDownloadUrlForLayer',
'ecr:BatchGetImage',
'ecr:DescribeImages',
'ecr:GetAuthorizationToken',
'ecr:BatchCheckLayerAvailability'
],
Resource: '*'
Effect: 'Allow',
Action: [
'ecr:GetDownloadUrlForLayer',
'ecr:BatchGetImage',
'ecr:DescribeImages',
'ecr:GetAuthorizationToken',
'ecr:BatchCheckLayerAvailability',
],
Resource: '*'
}
],
},
Expand Down Expand Up @@ -115,18 +127,18 @@ const compileIamRoles = (config, service) => ({
],
},
Policies:
config.iamRoleStatements.length > 0
service.iamRoleStatements.length > 0
? [
{
PolicyName: 'ApprunnerTaskPolicy',
PolicyDocument: {
Version: '2012-10-17',
Statement: config.iamRoleStatements,
Statement: service.iamRoleStatements,
},
},
]
: [],
ManagedPolicyArns: config.iamManagedPolicies,
ManagedPolicyArns: service.iamManagedPolicies,
Tags: toTags(config.tags),
},
},
Expand Down Expand Up @@ -282,6 +294,8 @@ const compileScheduledTask = (identifier, task) => ({
module.exports = (images, config) => {
const ecrRole = ECRAccessRole(config);
const iamRoles = config.services.reduce(({ Resources, Outputs }, service) => {
console.log('service :', service)
console.log(service.runtimeVariables)
const role = compileIamRoles(config, service);
return {
Resources: { ...Resources, ...role.Resources },
Expand Down
3 changes: 3 additions & 0 deletions parser.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ const parseTask = (global, name, task) => {
...global.environment,
...(task.environment || {}),
},
runtimeVariables: task.runtimeVariables || [],
runtimeSecrets: task.runtimeSecrets || [],
tags: { ...global.tags, ...(task.tags || {}) },
cloudFormationResource: {
task: {
Expand All @@ -46,6 +48,7 @@ const parseTask = (global, name, task) => {
...get(task, 'cloudFormationResource.service', {}),
},
},
iamRoleStatements: task.iamRoleStatements || []
};

if (task.schedule) {
Expand Down
180 changes: 85 additions & 95 deletions schema.js
View file
Original file line number Diff line number Diff line change
@@ -1,112 +1,102 @@
module.exports = {
type: 'object',
additionalProperties: false,
properties: {
clusterName: { type: 'string' },
containerInsights: { type: 'boolean' },
memory: { type: 'string' },
cpu: { type: 'integer', enum: [256, 512, 1024, 2048, 4096] },
architecture: { type: 'string', enum: ['X86_64', 'ARM64'] },
environment: { type: 'object' },
executionRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] },
taskRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] },
logGroupName: { type: 'string' },
logRetentionInDays: {
type: 'integer',
enum: [
1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827,
2192, 2557, 2922, 3288, 3653,
],
},
iamRoleStatements: { type: 'array' },
iamManagedPolicies: { type: 'array', items: { type: 'string' } },
vpc: {
type: 'object',
properties: {
securityGroupIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
subnetIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
assignPublicIp: { type: 'boolean' },
type: 'object',
additionalProperties: false,
properties: {
iamRoleStatements: { type: 'array' },
iamManagedPolicies: { type: 'array', items: { type: 'string' } },
vpc: {
type: 'object',
properties: {
securityGroupIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
},
tags: {
type: 'object',
patternProperties: {
'^.+$': { type: 'string' },
subnetIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
assignPublicIp: { type: 'boolean' },
},
cloudFormationResource: {
type: 'object',
properties: {
task: { type: 'object' },
container: { type: 'object' },
service: { type: 'object' },
},
},
tags: {
type: 'object',
patternProperties: {
'^.+$': { type: 'string' },
},
services: {
type: 'object',
patternProperties: {
'^[a-zA-Z0-9-]+$': {
type: 'object',
properties: {
name: { type: 'string' },
image: { type: 'string' },
executionRoleArn: {
anyOf: [{ type: 'object' }, { type: 'string' }],
},
taskRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] },
vpc: {
type: 'object',
properties: {
securityGroupIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
subnetIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
assignPublicIp: { type: 'boolean' },
},
services: {
type: 'object',
patternProperties: {
'^[a-zA-Z0-9-]+$': {
type: 'object',
properties: {
name: { type: 'string' },
image: { type: 'string' },
iamRoleStatements: { type: 'array' },
executionRoleArn: {
anyOf: [{ type: 'object' }, { type: 'string' }],
},
taskRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] },
vpc: {
type: 'object',
properties: {
securityGroupIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
subnetIds: {
type: 'array',
items: { anyOf: [{ type: 'object' }, { type: 'string' }] },
},
assignPublicIp: { type: 'boolean' },
},
command: { type: 'array', items: { type: 'string' } },
entryPoint: { type: 'array', items: { type: 'string' } },

environment: { type: 'object' },
tags: { type: 'object' },
dependsOn: { type: 'array', items: { type: 'string' } },
instanceConfiguration: {
},
startCommand: { type: 'string', pattern: '[^\x0a\x0d]+' },
runtimeSecrets: {
type: 'array',
items: {
type: 'object',
properties: {
cpu: {
type: 'string',
enum: ['1024', '2048', '1 vCPU', '2 vCPU']
},
memory: {
type: 'string',
enum: ['2048', '3072', '4096', '2 GB', '3 GB', '4 GB']
},
instanceRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] }
}
},
cloudFormationResource: {
Name: { type: 'string' },
Value: { type: 'string' }
},
additionalProperties: false,
required: ['Name', 'Value']
}
},
port: { type: 'number', minimum: 0, maximum: 51200 },
runtimeVariables: {
type: 'array',
items: {
type: 'object',
properties: {
task: { type: 'object' },
container: { type: 'object' },
service: { type: 'object' },
Name: { type: 'string' },
Value: { type: 'string' }
},
},
additionalProperties: false,
required: ['Name', 'Value']
}
},
tags: { type: 'object' },
dependsOn: { type: 'array', items: { type: 'string' } },
instanceConfiguration: {
type: 'object',
properties: {
cpu: {
type: 'string',
enum: ['1024', '2048', '1 vCPU', '2 vCPU']
},
memory: {
type: 'string',
enum: ['2048', '3072', '4096', '2 GB', '3 GB', '4 GB']
},
instanceRoleArn: { anyOf: [{ type: 'object' }, { type: 'string' }] }
}
},
additionalProperties: false,
},
additionalProperties: false,
},
},
},
};
},
};

0 comments on commit 37c6dfb

Please sign in to comment.