From 845f1db6c50c714ae5cb3beaba7514294cae2f48 Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Tue, 21 Feb 2023 12:40:23 +1100 Subject: [PATCH 1/6] Add cognito support --- ecs-service.cfhighlander.rb | 4 ++++ ecs-service.cfndsl.rb | 11 ++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/ecs-service.cfhighlander.rb b/ecs-service.cfhighlander.rb index d38c966..3f42680 100644 --- a/ecs-service.cfhighlander.rb +++ b/ecs-service.cfhighlander.rb @@ -9,6 +9,7 @@ end DependsOn 'lib-iam' + DependsOn 'lib-alb@feature/cognito_listener_rules' Description "ecs-service - #{component_name} - #{component_version}" @@ -16,6 +17,9 @@ ComponentParam 'EnvironmentName', 'dev', isGlobal: true ComponentParam 'EnvironmentType', 'development', allowedValues: ['development','production'], isGlobal: true ComponentParam 'EcsCluster' + ComponentParam 'UserPoolId', '' + ComponentParam 'UserPoolClientId', '' + ComponentParam 'UserPoolDomainName', '' if (defined? targetgroup) || ((defined? network_mode) && (network_mode == "awsvpc")) ComponentParam 'VPCId', type: 'AWS::EC2::VPC::Id' diff --git a/ecs-service.cfndsl.rb b/ecs-service.cfndsl.rb index 5e625f7..bcf64a2 100644 --- a/ecs-service.cfndsl.rb +++ b/ecs-service.cfndsl.rb @@ -401,10 +401,19 @@ rule_name = "TargetRule#{index}" end rule_names << rule_name + + actions = [] + actions << { Type: "forward", Order: 5000, TargetGroupArn: Ref(targetgroup['resource_name']) } + + if targetgroup.has_key?('cognito') + if targetgroup['cognito'] == true + actions << cognito(self) + end + end ElasticLoadBalancingV2_ListenerRule(rule_name) do Actions [{ Type: "forward", TargetGroupArn: Ref(targetgroup['resource_name']) }] - Conditions listener_conditions + Conditions actions ListenerArn Ref(targetgroup['listener_resource']) Priority rule['priority'] end From 0313c31a3cc5bde7ae19f02572a5f1566fce57a2 Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Tue, 21 Feb 2023 12:50:17 +1100 Subject: [PATCH 2/6] Fixed conditions --- ecs-service.cfndsl.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ecs-service.cfndsl.rb b/ecs-service.cfndsl.rb index bcf64a2..9c9d93a 100644 --- a/ecs-service.cfndsl.rb +++ b/ecs-service.cfndsl.rb @@ -412,8 +412,8 @@ end ElasticLoadBalancingV2_ListenerRule(rule_name) do - Actions [{ Type: "forward", TargetGroupArn: Ref(targetgroup['resource_name']) }] - Conditions actions + Actions actions + Conditions listener_conditions ListenerArn Ref(targetgroup['listener_resource']) Priority rule['priority'] end From a8aad85efe981aaf10a6c17705f54ee4a1caa351 Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Wed, 22 Feb 2023 15:31:16 +1100 Subject: [PATCH 3/6] Changed to lib-alb --- ecs-service.cfhighlander.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ecs-service.cfhighlander.rb b/ecs-service.cfhighlander.rb index 3f42680..6e1a1c2 100644 --- a/ecs-service.cfhighlander.rb +++ b/ecs-service.cfhighlander.rb @@ -9,7 +9,7 @@ end DependsOn 'lib-iam' - DependsOn 'lib-alb@feature/cognito_listener_rules' + DependsOn 'lib-alb' Description "ecs-service - #{component_name} - #{component_version}" From ea145fb92f0644f868806fb8928d4d6d11505e9a Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Mon, 6 Mar 2023 14:48:02 +1100 Subject: [PATCH 4/6] Refactored cognito to conditonal --- ecs-service.cfndsl.rb | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/ecs-service.cfndsl.rb b/ecs-service.cfndsl.rb index 9c9d93a..5d51124 100644 --- a/ecs-service.cfndsl.rb +++ b/ecs-service.cfndsl.rb @@ -17,6 +17,7 @@ Condition('IsScalingEnabled', FnEquals(Ref('EnableScaling'), 'true')) Condition('NoDesiredCount', FnEquals(Ref('DesiredCount'), '-1')) + Condition(:EnableCognito, FnNot(FnEquals(Ref(:UserPoolClientId), ''))) log_retention = external_parameters.fetch(:log_retention, 7) loggroup_name = external_parameters.fetch(:loggroup_name, Ref('AWS::StackName')) @@ -402,17 +403,11 @@ end rule_names << rule_name - actions = [] - actions << { Type: "forward", Order: 5000, TargetGroupArn: Ref(targetgroup['resource_name']) } - - if targetgroup.has_key?('cognito') - if targetgroup['cognito'] == true - actions << cognito(self) - end - end + actions = [{ Type: "forward", Order: 5000, TargetGroupArn: Ref(targetgroup['resource_name'])}] + actions_with_cognito = actions + [cognito(Ref(:UserPoolId), Ref(:UserPoolClientId), Ref(:UserPoolDomainName))] ElasticLoadBalancingV2_ListenerRule(rule_name) do - Actions actions + Actions FnIf(:EnableCognito, actions_with_cognito, actions) Conditions listener_conditions ListenerArn Ref(targetgroup['listener_resource']) Priority rule['priority'] From 9abb47ddd649fbfae4609463cd3942fc190e1529 Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Mon, 6 Mar 2023 15:56:48 +1100 Subject: [PATCH 5/6] Updated tests to shared workflows --- .github/workflows/rspec.yaml | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) diff --git a/.github/workflows/rspec.yaml b/.github/workflows/rspec.yaml index b1ee9a7..d0a2ef8 100644 --- a/.github/workflows/rspec.yaml +++ b/.github/workflows/rspec.yaml @@ -3,23 +3,6 @@ name: cftest on: [push, pull_request] jobs: - test: - name: test - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: set up ruby 2.7 - uses: actions/setup-ruby@v1 - with: - ruby-version: 2.7.x - - name: install gems - run: gem install cfhighlander rspec - - name: set cfndsl spec - run: cfndsl -u - - name: cftest - run: rspec - env: - AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: ap-southeast-2 \ No newline at end of file + rspec: + uses: theonestack/shared-workflows/.github/workflows/rspec.yaml@main + secrets: inherit \ No newline at end of file From 6e81fc396e7c141176d3dec46a588681afd2513c Mon Sep 17 00:00:00 2001 From: Tarun Menon Date: Mon, 6 Mar 2023 16:59:46 +1100 Subject: [PATCH 6/6] Updated spec tests --- spec/ephemeral_storage_spec.rb | 73 ++++++++++++++++++- spec/extra_hosts_spec.rb | 2 +- spec/fargate_spec.rb | 2 +- spec/linux_parameters_spec.rb | 2 +- spec/multiple_links_spec.rb | 2 +- spec/multiple_scaling_policies_spec.rb | 2 +- spec/multiple_target_groups_parameter_spec.rb | 2 +- spec/multiple_target_groups_spec.rb | 6 +- spec/nginx_service_spec.rb | 2 +- spec/scheduling_strategy_replica_spec.rb | 2 +- spec/secrets_spec.rb | 6 +- spec/security_group_spec.rb | 2 +- spec/task_placement_constraint_spec.rb | 2 +- spec/user_spec.rb | 2 +- spec/volumes_spec.rb | 2 +- 15 files changed, 87 insertions(+), 22 deletions(-) diff --git a/spec/ephemeral_storage_spec.rb b/spec/ephemeral_storage_spec.rb index 60a4a65..b4d94b4 100644 --- a/spec/ephemeral_storage_spec.rb +++ b/spec/ephemeral_storage_spec.rb @@ -12,7 +12,23 @@ context "Resource" do + + context "LogGroup" do + let(:resource) { template["Resources"]["LogGroup"] } + it "is of type AWS::Logs::LogGroup" do + expect(resource["Type"]).to eq("AWS::Logs::LogGroup") + end + + it "to have property LogGroupName" do + expect(resource["Properties"]["LogGroupName"]).to eq({"Ref"=>"AWS::StackName"}) + end + + it "to have property RetentionInDays" do + expect(resource["Properties"]["RetentionInDays"]).to eq("7") + end + + end context "Task" do let(:resource) { template["Resources"]["Task"] } @@ -24,17 +40,66 @@ it "to have property ContainerDefinitions" do expect(resource["Properties"]["ContainerDefinitions"]).to eq([{"Name"=>"nginx", "Image"=>{"Fn::Join"=>["", ["nginx/", "nginx", ":", "latest"]]}, "LogConfiguration"=>{"LogDriver"=>"awslogs", "Options"=>{"awslogs-group"=>{"Ref"=>"LogGroup"}, "awslogs-region"=>{"Ref"=>"AWS::Region"}, "awslogs-stream-prefix"=>"nginx"}}}]) end - - it "to have property ContainerDefinitions" do - expect(resource["Properties"]["ContainerDefinitions"]).to eq([{"Name"=>"nginx", "Image"=>{"Fn::Join"=>["", ["nginx/", "nginx", ":", "latest"]]}, "LogConfiguration"=>{"LogDriver"=>"awslogs", "Options"=>{"awslogs-group"=>{"Ref"=>"LogGroup"}, "awslogs-region"=>{"Ref"=>"AWS::Region"}, "awslogs-stream-prefix"=>"nginx"}}}]) - end it "to have property EphemeralStorage" do expect(resource["Properties"]["EphemeralStorage"]).to eq({"SizeInGiB"=>50}) end + it "to have property Tags" do + expect(resource["Properties"]["Tags"]).to eq([{"Key"=>"Name", "Value"=>"ecs-service"}, {"Key"=>"Environment", "Value"=>{"Ref"=>"EnvironmentName"}}, {"Key"=>"EnvironmentType", "Value"=>{"Ref"=>"EnvironmentType"}}]) + end + + end + + context "Role" do + let(:resource) { template["Resources"]["Role"] } + + it "is of type AWS::IAM::Role" do + expect(resource["Type"]).to eq("AWS::IAM::Role") + end + + it "to have property AssumeRolePolicyDocument" do + expect(resource["Properties"]["AssumeRolePolicyDocument"]).to eq({"Version"=>"2012-10-17", "Statement"=>[{"Effect"=>"Allow", "Principal"=>{"Service"=>"ecs.amazonaws.com"}, "Action"=>"sts:AssumeRole"}]}) + end + + it "to have property Path" do + expect(resource["Properties"]["Path"]).to eq("/") + end + + it "to have property ManagedPolicyArns" do + expect(resource["Properties"]["ManagedPolicyArns"]).to eq(["arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole"]) + end + end + context "Service" do + let(:resource) { template["Resources"]["Service"] } + + it "is of type AWS::ECS::Service" do + expect(resource["Type"]).to eq("AWS::ECS::Service") + end + + it "to have property Cluster" do + expect(resource["Properties"]["Cluster"]).to eq({"Ref"=>"EcsCluster"}) + end + + it "to have property DesiredCount" do + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + end + + it "to have property DeploymentConfiguration" do + expect(resource["Properties"]["DeploymentConfiguration"]).to eq({"MinimumHealthyPercent"=>{"Ref"=>"MinimumHealthyPercent"}, "MaximumPercent"=>{"Ref"=>"MaximumPercent"}}) + end + + it "to have property TaskDefinition" do + expect(resource["Properties"]["TaskDefinition"]).to eq({"Ref"=>"Task"}) + end + + it "to have property Tags" do + expect(resource["Properties"]["Tags"]).to eq([{"Key"=>"Name", "Value"=>"ecs-service"}, {"Key"=>"Environment", "Value"=>{"Ref"=>"EnvironmentName"}}, {"Key"=>"EnvironmentType", "Value"=>{"Ref"=>"EnvironmentType"}}]) + end + + end end diff --git a/spec/extra_hosts_spec.rb b/spec/extra_hosts_spec.rb index d9dc445..8923bbc 100644 --- a/spec/extra_hosts_spec.rb +++ b/spec/extra_hosts_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/fargate_spec.rb b/spec/fargate_spec.rb index 2f48de0..5951d3e 100644 --- a/spec/fargate_spec.rb +++ b/spec/fargate_spec.rb @@ -83,7 +83,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/linux_parameters_spec.rb b/spec/linux_parameters_spec.rb index 0a0ab38..b614c18 100644 --- a/spec/linux_parameters_spec.rb +++ b/spec/linux_parameters_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/multiple_links_spec.rb b/spec/multiple_links_spec.rb index 15353ce..917ec6d 100644 --- a/spec/multiple_links_spec.rb +++ b/spec/multiple_links_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/multiple_scaling_policies_spec.rb b/spec/multiple_scaling_policies_spec.rb index a565a51..3066781 100644 --- a/spec/multiple_scaling_policies_spec.rb +++ b/spec/multiple_scaling_policies_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/multiple_target_groups_parameter_spec.rb b/spec/multiple_target_groups_parameter_spec.rb index 6c259b6..825b6a3 100644 --- a/spec/multiple_target_groups_parameter_spec.rb +++ b/spec/multiple_target_groups_parameter_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/multiple_target_groups_spec.rb b/spec/multiple_target_groups_spec.rb index ec31746..64d132b 100644 --- a/spec/multiple_target_groups_spec.rb +++ b/spec/multiple_target_groups_spec.rb @@ -88,7 +88,7 @@ end it "to have property Actions" do - expect(resource["Properties"]["Actions"]).to eq([{"Type"=>"forward", "TargetGroupArn"=>{"Ref"=>"nginxhttpTargetGroup"}}]) + expect(resource["Properties"]["Actions"]).to eq({"Fn::If"=>["EnableCognito", [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"nginxhttpTargetGroup"}}, {"Type"=>"authenticate-cognito", "Order"=>1, "AuthenticateCognitoConfig"=>{"UserPoolArn"=>{"Ref"=>"UserPoolId"}, "UserPoolClientId"=>{"Ref"=>"UserPoolClientId"}, "UserPoolDomain"=>{"Ref"=>"UserPoolDomainName"}}}], [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"nginxhttpTargetGroup"}}]]}) end it "to have property Conditions" do @@ -146,7 +146,7 @@ end it "to have property Actions" do - expect(resource["Properties"]["Actions"]).to eq([{"Type"=>"forward", "TargetGroupArn"=>{"Ref"=>"nginxhttpsTargetGroup"}}]) + expect(resource["Properties"]["Actions"]).to eq({"Fn::If"=>["EnableCognito", [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"nginxhttpsTargetGroup"}}, {"Type"=>"authenticate-cognito", "Order"=>1, "AuthenticateCognitoConfig"=>{"UserPoolArn"=>{"Ref"=>"UserPoolId"}, "UserPoolClientId"=>{"Ref"=>"UserPoolClientId"}, "UserPoolDomain"=>{"Ref"=>"UserPoolDomainName"}}}], [{"Type"=>"forward", "Order"=>5000, "TargetGroupArn"=>{"Ref"=>"nginxhttpsTargetGroup"}}]]}) end it "to have property Conditions" do @@ -196,7 +196,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/nginx_service_spec.rb b/spec/nginx_service_spec.rb index 71ae3d8..77d0a4a 100644 --- a/spec/nginx_service_spec.rb +++ b/spec/nginx_service_spec.rb @@ -84,7 +84,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/scheduling_strategy_replica_spec.rb b/spec/scheduling_strategy_replica_spec.rb index a2bf7e3..ca66821 100644 --- a/spec/scheduling_strategy_replica_spec.rb +++ b/spec/scheduling_strategy_replica_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/secrets_spec.rb b/spec/secrets_spec.rb index 9ad7e33..be1e2fa 100644 --- a/spec/secrets_spec.rb +++ b/spec/secrets_spec.rb @@ -71,7 +71,7 @@ end it "to have property Policies" do - expect(resource["Properties"]["Policies"]).to eq([{"PolicyName"=>"ssm-secrets", "PolicyDocument"=>{"Statement"=>[{"Sid"=>"ssmsecrets", "Action"=>"ssm:GetParameters", "Resource"=>[{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/key"}, {"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/secret"}], "Effect"=>"Allow"}]}}, {"PolicyName"=>"secretsmanager", "PolicyDocument"=>{"Statement"=>[{"Sid"=>"secretsmanager", "Action"=>"secretsmanager:GetSecretValue", "Resource"=>[{"Fn::Sub"=>"arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:/dont/use/accesskeys-*"}, {"Ref"=>"EnvironmentName"}], "Effect"=>"Allow"}]}}]) + expect(resource["Properties"]["Policies"]).to eq([{"PolicyName"=>"ssm-secrets", "PolicyDocument"=>{"Statement"=>[{"Sid"=>"ssmsecrets", "Action"=>"ssm:GetParameters", "Resource"=>[{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/key*"}, {"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/secret*"}], "Effect"=>"Allow"}]}}, {"PolicyName"=>"secretsmanager", "PolicyDocument"=>{"Statement"=>[{"Sid"=>"secretsmanager", "Action"=>"secretsmanager:GetSecretValue", "Resource"=>[{"Fn::Sub"=>"arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:/dont/use/accesskeys*"}, {"Fn::Sub"=>"arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:{\"Ref\"=>\"EnvironmentName\"}*"}], "Effect"=>"Allow"}]}}]) end end @@ -84,7 +84,7 @@ end it "to have property ContainerDefinitions" do - expect(resource["Properties"]["ContainerDefinitions"]).to eq([{"Name"=>"nginx", "Image"=>{"Fn::Join"=>["", ["nginx/", "nginx", ":", "latest"]]}, "LogConfiguration"=>{"LogDriver"=>"awslogs", "Options"=>{"awslogs-group"=>{"Ref"=>"LogGroup"}, "awslogs-region"=>{"Ref"=>"AWS::Region"}, "awslogs-stream-prefix"=>"nginx"}}, "Secrets"=>[{"Name"=>"API_KEY", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/key"}}, {"Name"=>"API_SECRET", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/secret"}}, {"Name"=>"ACCESSKEY", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:/dont/use/accesskeys"}}, {"Name"=>"SECRETKEY", "ValueFrom"=>{"Ref"=>"EnvironmentName"}}]}]) + expect(resource["Properties"]["ContainerDefinitions"]).to eq([{"Name"=>"nginx", "Image"=>{"Fn::Join"=>["", ["nginx/", "nginx", ":", "latest"]]}, "LogConfiguration"=>{"LogDriver"=>"awslogs", "Options"=>{"awslogs-group"=>{"Ref"=>"LogGroup"}, "awslogs-region"=>{"Ref"=>"AWS::Region"}, "awslogs-stream-prefix"=>"nginx"}}, "Secrets"=>[{"Name"=>"API_KEY", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/key"}}, {"Name"=>"API_SECRET", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter/nginx/${EnvironmentName}/api/secret"}}, {"Name"=>"ACCESSKEY", "ValueFrom"=>"/dont/use/accesskeys"}, {"Name"=>"SECRETKEY", "ValueFrom"=>{"Fn::Sub"=>"arn:aws:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:{\"Ref\"=>\"EnvironmentName\"}"}}]}]) end it "to have property TaskRoleArn" do @@ -134,7 +134,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/security_group_spec.rb b/spec/security_group_spec.rb index 4e2228f..bab9018 100644 --- a/spec/security_group_spec.rb +++ b/spec/security_group_spec.rb @@ -104,7 +104,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/task_placement_constraint_spec.rb b/spec/task_placement_constraint_spec.rb index 799f006..e633e8e 100644 --- a/spec/task_placement_constraint_spec.rb +++ b/spec/task_placement_constraint_spec.rb @@ -84,7 +84,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/user_spec.rb b/spec/user_spec.rb index 7e9a661..b68c9de 100644 --- a/spec/user_spec.rb +++ b/spec/user_spec.rb @@ -80,7 +80,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do diff --git a/spec/volumes_spec.rb b/spec/volumes_spec.rb index cb16a92..e4f4a3c 100644 --- a/spec/volumes_spec.rb +++ b/spec/volumes_spec.rb @@ -109,7 +109,7 @@ end it "to have property DesiredCount" do - expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If" => ["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) + expect(resource["Properties"]["DesiredCount"]).to eq({"Fn::If"=>["NoDesiredCount", {"Ref"=>"AWS::NoValue"}, {"Ref"=>"DesiredCount"}]}) end it "to have property DeploymentConfiguration" do