From 273b809ad3d16c98de968217f6ecb9e094ad11e8 Mon Sep 17 00:00:00 2001 From: yair Date: Wed, 2 Aug 2023 17:48:55 +0300 Subject: [PATCH 1/7] fixed the security groups --- .../terraform/aws/ecs/examples/gitlab/main.tf | 18 +++++++++--------- deployment/terraform/aws/ecs/main.tf | 2 +- .../aws/ecs/modules/ecs_lb/outputs.tf | 4 +++- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/deployment/terraform/aws/ecs/examples/gitlab/main.tf b/deployment/terraform/aws/ecs/examples/gitlab/main.tf index f49c401266..de78336ce6 100644 --- a/deployment/terraform/aws/ecs/examples/gitlab/main.tf +++ b/deployment/terraform/aws/ecs/examples/gitlab/main.tf @@ -1,15 +1,15 @@ module "ocean_integration" { - source = "github.com/port-labs/Port-Ocean/deployment/terraform/aws/ecs" - cluster_name = "my-ecs-cluster" - vpc_id = "vpc-12345678" + source = "../../" + cluster_name = "Port-ECS-Stg-01" + vpc_id = "vpc-0cf3be0bc1019dcf6" subnets = [ - "subnet-12345678", - "subnet-87654321" + "subnet-0b1803e4cd66ad875", + "subnet-0d42598347053f40e" ] port = { - client_id = "2r8d5egc56njs34d" - client_secret = "e5f98sdh78b5n69ws4r3t0p1l2k9h8s7a6v5d4f" + client_id = "cktkrMVbS5mGlD7eqh9pqdNj1l998NxC" + client_secret = "bUb1YRRONSp0z0ZeMvd3Gy3aLYDOMwHkpPh1ooTCd3T6QiLujGaoGkkqjS4AwCGR" } integration = { @@ -19,9 +19,9 @@ module "ocean_integration" { } } - additional_secrets = { + additional_secrets = { OCEAN__INTEGRATION__CONFIG__TOKEN_MAPPING = jsonencode({ - "glpat-jQNe7NYypFHefeaZo_ybA" = ["my-group/**"] + "glpat-jQNe7NYypFHNcaZo_ybA" = ["getport-labs/**"] }) } } \ No newline at end of file diff --git a/deployment/terraform/aws/ecs/main.tf b/deployment/terraform/aws/ecs/main.tf index 6725f3e68f..6a49b764cb 100644 --- a/deployment/terraform/aws/ecs/main.tf +++ b/deployment/terraform/aws/ecs/main.tf @@ -19,7 +19,7 @@ module "port_ocean_ecs" { lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" - additional_security_groups = var.additional_security_groups + additional_security_groups = concat(var.additional_security_groups, module.port_ocean_ecs_lb[0].security_groups) port = { client_id = var.port.client_id diff --git a/deployment/terraform/aws/ecs/modules/ecs_lb/outputs.tf b/deployment/terraform/aws/ecs/modules/ecs_lb/outputs.tf index b45bf8294c..6ec8d1a014 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_lb/outputs.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_lb/outputs.tf @@ -11,5 +11,7 @@ output "target_group_arn" { } output "security_groups" { - value = aws_lb.ocean_lb.security_groups + value = var.create_default_sg ? concat( + var.additional_security_groups, [aws_security_group.default_ocean_sg[0].id] + ) : var.additional_security_groups } \ No newline at end of file From 4139c56d60f53b69992219aa4b2217eab7598efd Mon Sep 17 00:00:00 2001 From: yair Date: Wed, 2 Aug 2023 18:25:13 +0300 Subject: [PATCH 2/7] added service identifier --- deployment/terraform/aws/ecs/modules/ecs_service/main.tf | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf index 113a2449a2..73f8cca470 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf @@ -64,7 +64,10 @@ data "aws_iam_policy_document" "ecs_assume_role_policy" { principals { type = "Service" - identifiers = ["ecs-tasks.amazonaws.com"] + identifiers = [ + "ecs-tasks.amazonaws.com", + "ecs.amazonaws.com" + ] } } } From e32325264a927711c9df8a5d3ab50dcca7868f63 Mon Sep 17 00:00:00 2001 From: yair Date: Thu, 3 Aug 2023 10:34:59 +0300 Subject: [PATCH 3/7] reverted example to mocks --- .../terraform/aws/ecs/examples/gitlab/main.tf | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/deployment/terraform/aws/ecs/examples/gitlab/main.tf b/deployment/terraform/aws/ecs/examples/gitlab/main.tf index de78336ce6..f49c401266 100644 --- a/deployment/terraform/aws/ecs/examples/gitlab/main.tf +++ b/deployment/terraform/aws/ecs/examples/gitlab/main.tf @@ -1,15 +1,15 @@ module "ocean_integration" { - source = "../../" - cluster_name = "Port-ECS-Stg-01" - vpc_id = "vpc-0cf3be0bc1019dcf6" + source = "github.com/port-labs/Port-Ocean/deployment/terraform/aws/ecs" + cluster_name = "my-ecs-cluster" + vpc_id = "vpc-12345678" subnets = [ - "subnet-0b1803e4cd66ad875", - "subnet-0d42598347053f40e" + "subnet-12345678", + "subnet-87654321" ] port = { - client_id = "cktkrMVbS5mGlD7eqh9pqdNj1l998NxC" - client_secret = "bUb1YRRONSp0z0ZeMvd3Gy3aLYDOMwHkpPh1ooTCd3T6QiLujGaoGkkqjS4AwCGR" + client_id = "2r8d5egc56njs34d" + client_secret = "e5f98sdh78b5n69ws4r3t0p1l2k9h8s7a6v5d4f" } integration = { @@ -19,9 +19,9 @@ module "ocean_integration" { } } - additional_secrets = { + additional_secrets = { OCEAN__INTEGRATION__CONFIG__TOKEN_MAPPING = jsonencode({ - "glpat-jQNe7NYypFHNcaZo_ybA" = ["getport-labs/**"] + "glpat-jQNe7NYypFHefeaZo_ybA" = ["my-group/**"] }) } } \ No newline at end of file From fc0b68db0b0410c21e2a871b23485fd7a8eeec40 Mon Sep 17 00:00:00 2001 From: yair Date: Thu, 3 Aug 2023 10:36:28 +0300 Subject: [PATCH 4/7] allowing to override the ecr repo url --- deployment/terraform/aws/ecs/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deployment/terraform/aws/ecs/main.tf b/deployment/terraform/aws/ecs/main.tf index 6a49b764cb..dba1e7b3d2 100644 --- a/deployment/terraform/aws/ecs/main.tf +++ b/deployment/terraform/aws/ecs/main.tf @@ -21,6 +21,8 @@ module "port_ocean_ecs" { lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" additional_security_groups = concat(var.additional_security_groups, module.port_ocean_ecs_lb[0].security_groups) + ecr_repo_url = var.ecr_repo_url + port = { client_id = var.port.client_id client_secret = var.port.client_secret From 099fac8bd23552560d22b9c2967f21ac05ee3de9 Mon Sep 17 00:00:00 2001 From: yair Date: Thu, 3 Aug 2023 10:38:41 +0300 Subject: [PATCH 5/7] renamed --- deployment/terraform/aws/ecs/main.tf | 2 +- deployment/terraform/aws/ecs/modules/ecs_service/main.tf | 2 +- deployment/terraform/aws/ecs/modules/ecs_service/variables.tf | 2 +- deployment/terraform/aws/ecs/variables.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/terraform/aws/ecs/main.tf b/deployment/terraform/aws/ecs/main.tf index dba1e7b3d2..6a87abce7e 100644 --- a/deployment/terraform/aws/ecs/main.tf +++ b/deployment/terraform/aws/ecs/main.tf @@ -21,7 +21,7 @@ module "port_ocean_ecs" { lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" additional_security_groups = concat(var.additional_security_groups, module.port_ocean_ecs_lb[0].security_groups) - ecr_repo_url = var.ecr_repo_url + image_registry_repo = var.image_registry_repo port = { client_id = var.port.client_id diff --git a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf index 73f8cca470..2bfc196027 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf @@ -156,7 +156,7 @@ resource "aws_ecs_task_definition" "service_task_definition" { container_definitions = jsonencode( [ { - image = "${var.ecr_repo_url}/port-ocean-${var.integration.type}:${var.integration_version}", + image = "${var.image_registry_repo}/port-ocean-${var.integration.type}:${var.integration_version}", cpu = var.cpu, memory = var.memory, name = local.service_name, diff --git a/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf b/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf index fbeda436e2..af9cd7df48 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf @@ -1,4 +1,4 @@ -variable "ecr_repo_url" { +variable "image_registry_repo" { type = string default = "ghcr.io/port-labs" } diff --git a/deployment/terraform/aws/ecs/variables.tf b/deployment/terraform/aws/ecs/variables.tf index 29bc74ee93..8419e8cf9e 100644 --- a/deployment/terraform/aws/ecs/variables.tf +++ b/deployment/terraform/aws/ecs/variables.tf @@ -44,7 +44,7 @@ variable "egress_ports" { default = [] } -variable "ecr_repo_url" { +variable "image_registry_repo" { type = string default = "ghcr.io/port-labs" } From 7c1eee1cb547a3d5f2c19d042008e24ce537bbbd Mon Sep 17 00:00:00 2001 From: yair Date: Thu, 3 Aug 2023 10:39:12 +0300 Subject: [PATCH 6/7] renamed --- deployment/terraform/aws/ecs/main.tf | 2 +- deployment/terraform/aws/ecs/modules/ecs_service/main.tf | 2 +- deployment/terraform/aws/ecs/modules/ecs_service/variables.tf | 2 +- deployment/terraform/aws/ecs/variables.tf | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deployment/terraform/aws/ecs/main.tf b/deployment/terraform/aws/ecs/main.tf index 6a87abce7e..7f10ad3373 100644 --- a/deployment/terraform/aws/ecs/main.tf +++ b/deployment/terraform/aws/ecs/main.tf @@ -21,7 +21,7 @@ module "port_ocean_ecs" { lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" additional_security_groups = concat(var.additional_security_groups, module.port_ocean_ecs_lb[0].security_groups) - image_registry_repo = var.image_registry_repo + image_registry = var.image_registry port = { client_id = var.port.client_id diff --git a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf index 2bfc196027..c6df19ddfe 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_service/main.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_service/main.tf @@ -156,7 +156,7 @@ resource "aws_ecs_task_definition" "service_task_definition" { container_definitions = jsonencode( [ { - image = "${var.image_registry_repo}/port-ocean-${var.integration.type}:${var.integration_version}", + image = "${var.image_registry}/port-ocean-${var.integration.type}:${var.integration_version}", cpu = var.cpu, memory = var.memory, name = local.service_name, diff --git a/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf b/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf index af9cd7df48..e8d2145de1 100644 --- a/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf +++ b/deployment/terraform/aws/ecs/modules/ecs_service/variables.tf @@ -1,4 +1,4 @@ -variable "image_registry_repo" { +variable "image_registry" { type = string default = "ghcr.io/port-labs" } diff --git a/deployment/terraform/aws/ecs/variables.tf b/deployment/terraform/aws/ecs/variables.tf index 8419e8cf9e..d5ce553dc1 100644 --- a/deployment/terraform/aws/ecs/variables.tf +++ b/deployment/terraform/aws/ecs/variables.tf @@ -44,7 +44,7 @@ variable "egress_ports" { default = [] } -variable "image_registry_repo" { +variable "image_registry" { type = string default = "ghcr.io/port-labs" } From 1cda94b48aaa1c6651ba836055eab3d60c9115af Mon Sep 17 00:00:00 2001 From: yair Date: Thu, 3 Aug 2023 10:42:51 +0300 Subject: [PATCH 7/7] moved to locals --- deployment/terraform/aws/ecs/main.tf | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/deployment/terraform/aws/ecs/main.tf b/deployment/terraform/aws/ecs/main.tf index 7f10ad3373..ff1852bdeb 100644 --- a/deployment/terraform/aws/ecs/main.tf +++ b/deployment/terraform/aws/ecs/main.tf @@ -1,3 +1,10 @@ +locals { + security_groups = concat( + var.additional_security_groups, + var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].security_groups : [] + ) +} + data "jsonschema_validator" "event_listener_validation" { document = jsonencode(var.event_listener) schema = "${path.module}/defaults/event_listener.json" @@ -18,8 +25,8 @@ module "port_ocean_ecs" { cluster_name = var.cluster_name - lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" - additional_security_groups = concat(var.additional_security_groups, module.port_ocean_ecs_lb[0].security_groups) + lb_targ_group_arn = var.allow_incoming_requests ? module.port_ocean_ecs_lb[0].target_group_arn : "" + additional_security_groups = local.security_groups image_registry = var.image_registry