From 262048490df7b1fb74778966d2f08d414a75e44c Mon Sep 17 00:00:00 2001 From: Andrii Romanenko Date: Tue, 30 Nov 2021 14:49:29 +0200 Subject: [PATCH 1/2] ecs_task_definitions_implementation --- CHANGELOG.md | 1 + client/mocks/mock_ecs.go | 40 + client/services.go | 2 + ...s_task_definition_container_definitions.md | 60 ++ ...ecs_task_definition_requires_attributes.md | 11 + .../tables/aws_ecs_task_definition_volumes.md | 24 + docs/tables/aws_ecs_task_definitions.md | 30 + resources/ecs_task_definitions.go | 914 ++++++++++++++++++ resources/ecs_task_definitions_test.go | 46 + .../aws_ecs_task_definitions_test.go | 59 ++ .../infra/aws_ecs_clusters.tf | 136 +-- resources/provider.go | 1 + 12 files changed, 1265 insertions(+), 59 deletions(-) create mode 100644 docs/tables/aws_ecs_task_definition_container_definitions.md create mode 100644 docs/tables/aws_ecs_task_definition_requires_attributes.md create mode 100644 docs/tables/aws_ecs_task_definition_volumes.md create mode 100644 docs/tables/aws_ecs_task_definitions.md create mode 100644 resources/ecs_task_definitions.go create mode 100644 resources/ecs_task_definitions_test.go create mode 100644 resources/integration_tests/aws_ecs_task_definitions_test.go diff --git a/CHANGELOG.md b/CHANGELOG.md index ab61fddd9..ad1558d94 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 * Added `aws_autoscaling_groups` resource [#268](https://github.com/cloudquery/cq-provider-aws/issues/268) * Added `aws_ecs_cluster_services` relation of `aws_ecs_clusters` * Added `aws_ecs_cluster_container_instances` relation of `aws_ecs_clusters` +* Added `aws_ecs_task_definitions` resource ### :spider: Fixed * Fixed `aws_ec2_ebs_volumes` pagination during fetch [#279](https://github.com/cloudquery/cq-provider-aws/issues/279) diff --git a/client/mocks/mock_ecs.go b/client/mocks/mock_ecs.go index 48967c5fc..fb7fd7042 100644 --- a/client/mocks/mock_ecs.go +++ b/client/mocks/mock_ecs.go @@ -95,6 +95,26 @@ func (mr *MockEcsClientMockRecorder) DescribeServices(arg0, arg1 interface{}, ar return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeServices", reflect.TypeOf((*MockEcsClient)(nil).DescribeServices), varargs...) } +// DescribeTaskDefinition mocks base method. +func (m *MockEcsClient) DescribeTaskDefinition(arg0 context.Context, arg1 *ecs.DescribeTaskDefinitionInput, arg2 ...func(*ecs.Options)) (*ecs.DescribeTaskDefinitionOutput, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "DescribeTaskDefinition", varargs...) + ret0, _ := ret[0].(*ecs.DescribeTaskDefinitionOutput) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// DescribeTaskDefinition indicates an expected call of DescribeTaskDefinition. +func (mr *MockEcsClientMockRecorder) DescribeTaskDefinition(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DescribeTaskDefinition", reflect.TypeOf((*MockEcsClient)(nil).DescribeTaskDefinition), varargs...) +} + // ListClusters mocks base method. func (m *MockEcsClient) ListClusters(arg0 context.Context, arg1 *ecs.ListClustersInput, arg2 ...func(*ecs.Options)) (*ecs.ListClustersOutput, error) { m.ctrl.T.Helper() @@ -174,3 +194,23 @@ func (mr *MockEcsClientMockRecorder) ListTagsForResource(arg0, arg1 interface{}, varargs := append([]interface{}{arg0, arg1}, arg2...) return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListTagsForResource", reflect.TypeOf((*MockEcsClient)(nil).ListTagsForResource), varargs...) } + +// ListTaskDefinitions mocks base method. +func (m *MockEcsClient) ListTaskDefinitions(arg0 context.Context, arg1 *ecs.ListTaskDefinitionsInput, arg2 ...func(*ecs.Options)) (*ecs.ListTaskDefinitionsOutput, error) { + m.ctrl.T.Helper() + varargs := []interface{}{arg0, arg1} + for _, a := range arg2 { + varargs = append(varargs, a) + } + ret := m.ctrl.Call(m, "ListTaskDefinitions", varargs...) + ret0, _ := ret[0].(*ecs.ListTaskDefinitionsOutput) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// ListTaskDefinitions indicates an expected call of ListTaskDefinitions. +func (mr *MockEcsClientMockRecorder) ListTaskDefinitions(arg0, arg1 interface{}, arg2 ...interface{}) *gomock.Call { + mr.mock.ctrl.T.Helper() + varargs := append([]interface{}{arg0, arg1}, arg2...) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListTaskDefinitions", reflect.TypeOf((*MockEcsClient)(nil).ListTaskDefinitions), varargs...) +} diff --git a/client/services.go b/client/services.go index c8251289a..6a4dbcd36 100644 --- a/client/services.go +++ b/client/services.go @@ -346,6 +346,8 @@ type EcsClient interface { DescribeContainerInstances(ctx context.Context, params *ecs.DescribeContainerInstancesInput, optFns ...func(*ecs.Options)) (*ecs.DescribeContainerInstancesOutput, error) ListServices(ctx context.Context, params *ecs.ListServicesInput, optFns ...func(*ecs.Options)) (*ecs.ListServicesOutput, error) ListContainerInstances(ctx context.Context, params *ecs.ListContainerInstancesInput, optFns ...func(*ecs.Options)) (*ecs.ListContainerInstancesOutput, error) + ListTaskDefinitions(ctx context.Context, params *ecs.ListTaskDefinitionsInput, optFns ...func(*ecs.Options)) (*ecs.ListTaskDefinitionsOutput, error) + DescribeTaskDefinition(ctx context.Context, params *ecs.DescribeTaskDefinitionInput, optFns ...func(*ecs.Options)) (*ecs.DescribeTaskDefinitionOutput, error) } //go:generate mockgen -package=mocks -destination=./mocks/mock_elasticsearch.go . ElasticSearch diff --git a/docs/tables/aws_ecs_task_definition_container_definitions.md b/docs/tables/aws_ecs_task_definition_container_definitions.md new file mode 100644 index 000000000..12aa30470 --- /dev/null +++ b/docs/tables/aws_ecs_task_definition_container_definitions.md @@ -0,0 +1,60 @@ + +# Table: aws_ecs_task_definition_container_definitions +Container definitions are used in task definitions to describe the different containers that are launched as part of a task. +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|task_definition_cq_id|uuid|Unique CloudQuery ID of aws_ecs_task_definitions table (FK)| +|command|text[]|The command that is passed to the container| +|cpu|integer|The number of cpu units reserved for the container| +|depends_on|jsonb|The dependencies defined for container startup and shutdown| +|disable_networking|boolean|When this parameter is true, networking is disabled within the container| +|dns_search_domains|text[]|A list of DNS search domains that are presented to the container| +|dns_servers|text[]|A list of DNS servers that are presented to the container| +|docker_labels|jsonb|A key/value map of labels to add to the container| +|docker_security_options|text[]|A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems| +|entry_point|text[]|Early versions of the Amazon ECS container agent do not properly handle entryPoint parameters| +|environment|jsonb|The environment variables to pass to a container| +|environment_files|jsonb|A list of files containing the environment variables to pass to a container. This parameter maps to the --env-file option to docker run (https://docs.docker.com/engine/reference/run/#security-configuration)| +|essential|boolean|If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped| +|extra_hosts|jsonb|A list of hostnames and IP address mappings to append to the /etc/hosts file on the container| +|firelens_configuration_type|text|The log router to use| +|firelens_configuration_options|jsonb|The options to use when configuring the log router| +|health_check_command|text[]|A string array representing the command that the container runs to determine if it is healthy| +|health_check_interval|integer|The time period in seconds between each health check execution| +|health_check_retries|integer|The number of times to retry a failed health check before the container is considered unhealthy| +|health_check_start_period|integer|The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries| +|health_check_timeout|integer|The time period in seconds to wait for a health check to succeed before it is considered a failure| +|hostname|text|The hostname to use for your container| +|image|text|The image used to start a container| +|interactive|boolean|When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated| +|links|text[]|The links parameter allows containers to communicate with each other without the need for port mappings| +|linux_parameters_capabilities_add|text[]|The Linux capabilities for the container that have been added to the default configuration provided by Docker| +|linux_parameters_capabilities_drop|text[]|The Linux capabilities for the container that have been removed from the default configuration provided by Docker| +|linux_parameters_devices|jsonb|Any host devices to expose to the container| +|linux_parameters_init_process_enabled|boolean|Run an init process inside the container that forwards signals and reaps processes| +|linux_parameters_max_swap|integer|The total amount of swap memory (in MiB) a container can use| +|linux_parameters_shared_memory_size|integer|The value for the size (in MiB) of the /dev/shm volume| +|linux_parameters_swappiness|integer|This allows you to tune a container's memory swappiness behavior| +|linux_parameters_tmpfs|jsonb|The container path, mount options, and size (in MiB) of the tmpfs mount| +|log_configuration_log_driver|text|The log driver to use for the container| +|log_configuration_options|jsonb|The configuration options to send to the log driver| +|log_configuration_secret_options|jsonb|The secrets to pass to the log configuration| +|memory|integer|The amount (in MiB) of memory to present to the container| +|memory_reservation|integer|The soft limit (in MiB) of memory to reserve for the container| +|mount_points|jsonb|The mount points for data volumes in your container| +|name|text|The name of a container| +|port_mappings|jsonb|The list of port mappings for the container| +|privileged|boolean|When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user)| +|pseudo_terminal|boolean|When this parameter is true, a TTY is allocated| +|readonly_root_filesystem|boolean|When this parameter is true, the container is given read-only access to its root file system| +|repository_credentials_parameter|text|The Amazon Resource Name (ARN) of the secret containing the private repository credentials| +|resource_requirements|jsonb|The type and amount of a resource to assign to a container| +|secrets|jsonb|The secrets to pass to the container| +|start_timeout|integer|Time duration (in seconds) to wait before giving up on resolving dependencies for a container| +|stop_timeout|integer|Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own| +|system_controls|jsonb|A list of namespaced kernel parameters to set in the container| +|ulimits|jsonb|A list of ulimits to set in the container| +|user|text|The user to use inside the container| +|volumes_from|jsonb|Data volumes to mount from another container| +|working_directory|text|The working directory in which to run commands inside the container| diff --git a/docs/tables/aws_ecs_task_definition_requires_attributes.md b/docs/tables/aws_ecs_task_definition_requires_attributes.md new file mode 100644 index 000000000..b8dd22612 --- /dev/null +++ b/docs/tables/aws_ecs_task_definition_requires_attributes.md @@ -0,0 +1,11 @@ + +# Table: aws_ecs_task_definition_requires_attributes +An attribute is a name-value pair associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|task_definition_cq_id|uuid|Unique CloudQuery ID of aws_ecs_task_definitions table (FK)| +|name|text|The name of the attribute| +|target_id|text|The ID of the target| +|target_type|text|The type of the target with which to attach the attribute| +|value|text|The value of the attribute| diff --git a/docs/tables/aws_ecs_task_definition_volumes.md b/docs/tables/aws_ecs_task_definition_volumes.md new file mode 100644 index 000000000..44d653766 --- /dev/null +++ b/docs/tables/aws_ecs_task_definition_volumes.md @@ -0,0 +1,24 @@ + +# Table: aws_ecs_task_definition_volumes +A data volume used in a task definition +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|task_definition_cq_id|uuid|Unique CloudQuery ID of aws_ecs_task_definitions table (FK)| +|docker_autoprovision|boolean|If this value is true, the Docker volume is created if it does not already exist| +|docker_driver|text|The Docker volume driver to use| +|docker_driver_opts|jsonb|A map of Docker driver-specific options passed through| +|docker_labels|jsonb|Custom metadata to add to your Docker volume| +|docker_scope|text|The scope for the Docker volume that determines its lifecycle| +|efs_file_system_id|text|The Amazon EFS file system ID to use.| +|efs_authorization_config_access_point_id|text|The Amazon EFS access point ID to use| +|efs_authorization_config_iam|text|Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system| +|efs_root_directory|text|The directory within the Amazon EFS file system to mount as the root directory inside the host| +|efs_volume_configuration_transit_encryption|text|Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server| +|efs_transit_encryption_port|integer|The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server| +|fsx_wfs_authorization_config_credentials_parameter|text|The authorization credential option to use| +|fsx_wfs_authorization_config_domain|text|A fully qualified domain name hosted by an AWS Directory Service (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.| +|fsx_wfs_file_system_id|text|The Amazon FSx for Windows File Server file system ID to use.| +|fsx_wfs_root_directory|text|The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.| +|host_source_path|text|When the host parameter is used, specify a sourcePath to declare the path on the host container instance that is presented to the container| +|name|text|The name of the volume| diff --git a/docs/tables/aws_ecs_task_definitions.md b/docs/tables/aws_ecs_task_definitions.md new file mode 100644 index 000000000..73eb7bbf9 --- /dev/null +++ b/docs/tables/aws_ecs_task_definitions.md @@ -0,0 +1,30 @@ + +# Table: aws_ecs_task_definitions +The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task +## Columns +| Name | Type | Description | +| ------------- | ------------- | ----- | +|account_id|text|The AWS Account ID of the resource.| +|region|text|The AWS Region of the resource.| +|tags|jsonb|| +|compatibilities|text[]|The task launch types the task definition validated against during task definition registration| +|cpu|text|The number of cpu units used by the task| +|deregistered_at|timestamp without time zone|The Unix timestamp for when the task definition was deregistered.| +|execution_role_arn|text|The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf| +|family|text|The name of a family that this task definition is registered to| +|inference_accelerators|jsonb|The Elastic Inference accelerator associated with the task.| +|ipc_mode|text|The IPC resource namespace to use for the containers in the task| +|memory|text|The amount (in MiB) of memory used by the task| +|network_mode|text|The Docker networking mode to use for the containers in the task| +|pid_mode|text|The process namespace to use for the containers in the task| +|placement_constraints|jsonb|An array of placement constraint objects to use for tasks| +|proxy_configuration_container_name|text|The name of the container that will serve as the App Mesh proxy.| +|proxy_configuration_properties|jsonb|The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. * IgnoredUID - (Required) The user ID (UID) of the proxy container as defined by the user parameter in a container definition| +|proxy_configuration_type|text|The proxy type| +|registered_at|timestamp without time zone|The Unix timestamp for when the task definition was registered.| +|registered_by|text|The principal that registered the task definition.| +|requires_compatibilities|text[]|The task launch types the task definition was validated against| +|revision|integer|The revision of the task in a particular family| +|status|text|The status of the task definition.| +|arn|text|The full Amazon Resource Name (ARN) of the task definition.| +|task_role_arn|text|The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants containers in the task permission to call AWS APIs on your behalf| diff --git a/resources/ecs_task_definitions.go b/resources/ecs_task_definitions.go new file mode 100644 index 000000000..c9463248e --- /dev/null +++ b/resources/ecs_task_definitions.go @@ -0,0 +1,914 @@ +package resources + +import ( + "context" + "encoding/json" + "fmt" + + "github.com/aws/aws-sdk-go-v2/service/ecs" + "github.com/aws/aws-sdk-go-v2/service/ecs/types" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-sdk/provider/schema" +) + +func EcsTaskDefinitions() *schema.Table { + return &schema.Table{ + Name: "aws_ecs_task_definitions", + Description: "The details of a task definition which describes the container and volume definitions of an Amazon Elastic Container Service task", + Resolver: fetchEcsTaskDefinitions, + Multiplex: client.AccountRegionMultiplex, + IgnoreError: client.IgnoreAccessDeniedServiceDisabled, + DeleteFilter: client.DeleteAccountRegionFilter, + Options: schema.TableCreationOptions{PrimaryKeys: []string{"arn"}}, + Columns: []schema.Column{ + { + Name: "account_id", + Description: "The AWS Account ID of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSAccount, + }, + { + Name: "region", + Description: "The AWS Region of the resource.", + Type: schema.TypeString, + Resolver: client.ResolveAWSRegion, + }, + { + Name: "tags", + Type: schema.TypeJSON, + Resolver: resolveEcsTask_definitionTags, + }, + { + Name: "compatibilities", + Description: "The task launch types the task definition validated against during task definition registration", + Type: schema.TypeStringArray, + }, + { + Name: "cpu", + Description: "The number of cpu units used by the task", + Type: schema.TypeString, + }, + { + Name: "deregistered_at", + Description: "The Unix timestamp for when the task definition was deregistered.", + Type: schema.TypeTimestamp, + }, + { + Name: "execution_role_arn", + Description: "The Amazon Resource Name (ARN) of the task execution role that grants the Amazon ECS container agent permission to make AWS API calls on your behalf", + Type: schema.TypeString, + }, + { + Name: "family", + Description: "The name of a family that this task definition is registered to", + Type: schema.TypeString, + }, + { + Name: "inference_accelerators", + Description: "The Elastic Inference accelerator associated with the task.", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionsInferenceAccelerators, + }, + { + Name: "ipc_mode", + Description: "The IPC resource namespace to use for the containers in the task", + Type: schema.TypeString, + }, + { + Name: "memory", + Description: "The amount (in MiB) of memory used by the task", + Type: schema.TypeString, + }, + { + Name: "network_mode", + Description: "The Docker networking mode to use for the containers in the task", + Type: schema.TypeString, + }, + { + Name: "pid_mode", + Description: "The process namespace to use for the containers in the task", + Type: schema.TypeString, + }, + { + Name: "placement_constraints", + Description: "An array of placement constraint objects to use for tasks", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionsPlacementConstraints, + }, + { + Name: "proxy_configuration_container_name", + Description: "The name of the container that will serve as the App Mesh proxy.", + Type: schema.TypeString, + Resolver: schema.PathResolver("ProxyConfiguration.ContainerName"), + }, + { + Name: "proxy_configuration_properties", + Description: "The set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified as key-value pairs. * IgnoredUID - (Required) The user ID (UID) of the proxy container as defined by the user parameter in a container definition", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionsProxyConfigurationProperties, + }, + { + Name: "proxy_configuration_type", + Description: "The proxy type", + Type: schema.TypeString, + Resolver: schema.PathResolver("ProxyConfiguration.Type"), + }, + { + Name: "registered_at", + Description: "The Unix timestamp for when the task definition was registered.", + Type: schema.TypeTimestamp, + }, + { + Name: "registered_by", + Description: "The principal that registered the task definition.", + Type: schema.TypeString, + }, + { + Name: "requires_compatibilities", + Description: "The task launch types the task definition was validated against", + Type: schema.TypeStringArray, + }, + { + Name: "revision", + Description: "The revision of the task in a particular family", + Type: schema.TypeInt, + }, + { + Name: "status", + Description: "The status of the task definition.", + Type: schema.TypeString, + }, + { + Name: "arn", + Description: "The full Amazon Resource Name (ARN) of the task definition.", + Type: schema.TypeString, + Resolver: schema.PathResolver("TaskDefinitionArn"), + }, + { + Name: "task_role_arn", + Description: "The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that grants containers in the task permission to call AWS APIs on your behalf", + Type: schema.TypeString, + }, + }, + Relations: []*schema.Table{ + { + Name: "aws_ecs_task_definition_container_definitions", + Description: "Container definitions are used in task definitions to describe the different containers that are launched as part of a task.", + Resolver: fetchEcsTaskDefinitionContainerDefinitions, + Columns: []schema.Column{ + { + Name: "task_definition_cq_id", + Description: "Unique CloudQuery ID of aws_ecs_task_definitions table (FK)", + Type: schema.TypeUUID, + Resolver: schema.ParentIdResolver, + }, + { + Name: "command", + Description: "The command that is passed to the container", + Type: schema.TypeStringArray, + }, + { + Name: "cpu", + Description: "The number of cpu units reserved for the container", + Type: schema.TypeInt, + }, + { + Name: "depends_on", + Description: "The dependencies defined for container startup and shutdown", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsDependsOn, + }, + { + Name: "disable_networking", + Description: "When this parameter is true, networking is disabled within the container", + Type: schema.TypeBool, + }, + { + Name: "dns_search_domains", + Description: "A list of DNS search domains that are presented to the container", + Type: schema.TypeStringArray, + }, + { + Name: "dns_servers", + Description: "A list of DNS servers that are presented to the container", + Type: schema.TypeStringArray, + }, + { + Name: "docker_labels", + Description: "A key/value map of labels to add to the container", + Type: schema.TypeJSON, + }, + { + Name: "docker_security_options", + Description: "A list of strings to provide custom labels for SELinux and AppArmor multi-level security systems", + Type: schema.TypeStringArray, + }, + { + Name: "entry_point", + Description: "Early versions of the Amazon ECS container agent do not properly handle entryPoint parameters", + Type: schema.TypeStringArray, + }, + { + Name: "environment", + Description: "The environment variables to pass to a container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsEnvironment, + }, + { + Name: "environment_files", + Description: "A list of files containing the environment variables to pass to a container. This parameter maps to the --env-file option to docker run (https://docs.docker.com/engine/reference/run/#security-configuration)", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsEnvironmentFiles, + }, + { + Name: "essential", + Description: "If the essential parameter of a container is marked as true, and that container fails or stops for any reason, all other containers that are part of the task are stopped", + Type: schema.TypeBool, + }, + { + Name: "extra_hosts", + Description: "A list of hostnames and IP address mappings to append to the /etc/hosts file on the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsExtraHosts, + }, + { + Name: "firelens_configuration_type", + Description: "The log router to use", + Type: schema.TypeString, + Resolver: schema.PathResolver("FirelensConfiguration.Type"), + }, + { + Name: "firelens_configuration_options", + Description: "The options to use when configuring the log router", + Type: schema.TypeJSON, + Resolver: schema.PathResolver("FirelensConfiguration.Options"), + }, + { + Name: "health_check_command", + Description: "A string array representing the command that the container runs to determine if it is healthy", + Type: schema.TypeStringArray, + Resolver: schema.PathResolver("HealthCheck.Command"), + }, + { + Name: "health_check_interval", + Description: "The time period in seconds between each health check execution", + Type: schema.TypeInt, + Resolver: schema.PathResolver("HealthCheck.Interval"), + }, + { + Name: "health_check_retries", + Description: "The number of times to retry a failed health check before the container is considered unhealthy", + Type: schema.TypeInt, + Resolver: schema.PathResolver("HealthCheck.Retries"), + }, + { + Name: "health_check_start_period", + Description: "The optional grace period within which to provide containers time to bootstrap before failed health checks count towards the maximum number of retries", + Type: schema.TypeInt, + Resolver: schema.PathResolver("HealthCheck.StartPeriod"), + }, + { + Name: "health_check_timeout", + Description: "The time period in seconds to wait for a health check to succeed before it is considered a failure", + Type: schema.TypeInt, + Resolver: schema.PathResolver("HealthCheck.Timeout"), + }, + { + Name: "hostname", + Description: "The hostname to use for your container", + Type: schema.TypeString, + }, + { + Name: "image", + Description: "The image used to start a container", + Type: schema.TypeString, + }, + { + Name: "interactive", + Description: "When this parameter is true, this allows you to deploy containerized applications that require stdin or a tty to be allocated", + Type: schema.TypeBool, + }, + { + Name: "links", + Description: "The links parameter allows containers to communicate with each other without the need for port mappings", + Type: schema.TypeStringArray, + }, + { + Name: "linux_parameters_capabilities_add", + Description: "The Linux capabilities for the container that have been added to the default configuration provided by Docker", + Type: schema.TypeStringArray, + Resolver: schema.PathResolver("LinuxParameters.Capabilities.Add"), + }, + { + Name: "linux_parameters_capabilities_drop", + Description: "The Linux capabilities for the container that have been removed from the default configuration provided by Docker", + Type: schema.TypeStringArray, + Resolver: schema.PathResolver("LinuxParameters.Capabilities.Drop"), + }, + { + Name: "linux_parameters_devices", + Description: "Any host devices to expose to the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsLinuxParametersDevices, + }, + { + Name: "linux_parameters_init_process_enabled", + Description: "Run an init process inside the container that forwards signals and reaps processes", + Type: schema.TypeBool, + Resolver: schema.PathResolver("LinuxParameters.InitProcessEnabled"), + }, + { + Name: "linux_parameters_max_swap", + Description: "The total amount of swap memory (in MiB) a container can use", + Type: schema.TypeInt, + Resolver: schema.PathResolver("LinuxParameters.MaxSwap"), + }, + { + Name: "linux_parameters_shared_memory_size", + Description: "The value for the size (in MiB) of the /dev/shm volume", + Type: schema.TypeInt, + Resolver: schema.PathResolver("LinuxParameters.SharedMemorySize"), + }, + { + Name: "linux_parameters_swappiness", + Description: "This allows you to tune a container's memory swappiness behavior", + Type: schema.TypeInt, + Resolver: schema.PathResolver("LinuxParameters.Swappiness"), + }, + { + Name: "linux_parameters_tmpfs", + Description: "The container path, mount options, and size (in MiB) of the tmpfs mount", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfs, + }, + { + Name: "log_configuration_log_driver", + Description: "The log driver to use for the container", + Type: schema.TypeString, + Resolver: schema.PathResolver("LogConfiguration.LogDriver"), + }, + { + Name: "log_configuration_options", + Description: "The configuration options to send to the log driver", + Type: schema.TypeJSON, + Resolver: schema.PathResolver("LogConfiguration.Options"), + }, + { + Name: "log_configuration_secret_options", + Description: "The secrets to pass to the log configuration", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptions, + }, + { + Name: "memory", + Description: "The amount (in MiB) of memory to present to the container", + Type: schema.TypeInt, + }, + { + Name: "memory_reservation", + Description: "The soft limit (in MiB) of memory to reserve for the container", + Type: schema.TypeInt, + }, + { + Name: "mount_points", + Description: "The mount points for data volumes in your container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsMountPoints, + }, + { + Name: "name", + Description: "The name of a container", + Type: schema.TypeString, + }, + { + Name: "port_mappings", + Description: "The list of port mappings for the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsPortMappings, + }, + { + Name: "privileged", + Description: "When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user)", + Type: schema.TypeBool, + }, + { + Name: "pseudo_terminal", + Description: "When this parameter is true, a TTY is allocated", + Type: schema.TypeBool, + }, + { + Name: "readonly_root_filesystem", + Description: "When this parameter is true, the container is given read-only access to its root file system", + Type: schema.TypeBool, + }, + { + Name: "repository_credentials_parameter", + Description: "The Amazon Resource Name (ARN) of the secret containing the private repository credentials", + Type: schema.TypeString, + Resolver: schema.PathResolver("RepositoryCredentials.CredentialsParameter"), + }, + { + Name: "resource_requirements", + Description: "The type and amount of a resource to assign to a container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsResourceRequirements, + }, + { + Name: "secrets", + Description: "The secrets to pass to the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsSecrets, + }, + { + Name: "start_timeout", + Description: "Time duration (in seconds) to wait before giving up on resolving dependencies for a container", + Type: schema.TypeInt, + }, + { + Name: "stop_timeout", + Description: "Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own", + Type: schema.TypeInt, + }, + { + Name: "system_controls", + Description: "A list of namespaced kernel parameters to set in the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsSystemControls, + }, + { + Name: "ulimits", + Description: "A list of ulimits to set in the container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsUlimits, + }, + { + Name: "user", + Description: "The user to use inside the container", + Type: schema.TypeString, + }, + { + Name: "volumes_from", + Description: "Data volumes to mount from another container", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionContainerDefinitionsVolumesFrom, + }, + { + Name: "working_directory", + Description: "The working directory in which to run commands inside the container", + Type: schema.TypeString, + }, + }, + }, + { + Name: "aws_ecs_task_definition_requires_attributes", + Description: "An attribute is a name-value pair associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources", + Resolver: fetchEcsTaskDefinitionRequiresAttributes, + Columns: []schema.Column{ + { + Name: "task_definition_cq_id", + Description: "Unique CloudQuery ID of aws_ecs_task_definitions table (FK)", + Type: schema.TypeUUID, + Resolver: schema.ParentIdResolver, + }, + { + Name: "name", + Description: "The name of the attribute", + Type: schema.TypeString, + }, + { + Name: "target_id", + Description: "The ID of the target", + Type: schema.TypeString, + }, + { + Name: "target_type", + Description: "The type of the target with which to attach the attribute", + Type: schema.TypeString, + }, + { + Name: "value", + Description: "The value of the attribute", + Type: schema.TypeString, + }, + }, + }, + { + Name: "aws_ecs_task_definition_volumes", + Description: "A data volume used in a task definition", + Resolver: fetchEcsTaskDefinitionVolumes, + Columns: []schema.Column{ + { + Name: "task_definition_cq_id", + Description: "Unique CloudQuery ID of aws_ecs_task_definitions table (FK)", + Type: schema.TypeUUID, + Resolver: schema.ParentIdResolver, + }, + { + Name: "docker_autoprovision", + Description: "If this value is true, the Docker volume is created if it does not already exist", + Type: schema.TypeBool, + Resolver: schema.PathResolver("DockerVolumeConfiguration.Autoprovision"), + }, + { + Name: "docker_driver", + Description: "The Docker volume driver to use", + Type: schema.TypeString, + Resolver: schema.PathResolver("DockerVolumeConfiguration.Driver"), + }, + { + Name: "docker_driver_opts", + Description: "A map of Docker driver-specific options passed through", + Type: schema.TypeJSON, + Resolver: schema.PathResolver("DockerVolumeConfiguration.DriverOpts"), + }, + { + Name: "docker_labels", + Description: "Custom metadata to add to your Docker volume", + Type: schema.TypeJSON, + Resolver: schema.PathResolver("DockerVolumeConfiguration.Labels"), + }, + { + Name: "docker_scope", + Description: "The scope for the Docker volume that determines its lifecycle", + Type: schema.TypeString, + Resolver: schema.PathResolver("DockerVolumeConfiguration.Scope"), + }, + { + Name: "efs_file_system_id", + Description: "The Amazon EFS file system ID to use.", + Type: schema.TypeString, + Resolver: schema.PathResolver("EfsVolumeConfiguration.FileSystemId"), + }, + { + Name: "efs_authorization_config_access_point_id", + Description: "The Amazon EFS access point ID to use", + Type: schema.TypeString, + Resolver: schema.PathResolver("EfsVolumeConfiguration.AuthorizationConfig.AccessPointId"), + }, + { + Name: "efs_authorization_config_iam", + Description: "Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system", + Type: schema.TypeString, + Resolver: schema.PathResolver("EfsVolumeConfiguration.AuthorizationConfig.Iam"), + }, + { + Name: "efs_root_directory", + Description: "The directory within the Amazon EFS file system to mount as the root directory inside the host", + Type: schema.TypeString, + Resolver: schema.PathResolver("EfsVolumeConfiguration.RootDirectory"), + }, + { + Name: "efs_volume_configuration_transit_encryption", + Description: "Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server", + Type: schema.TypeString, + Resolver: schema.PathResolver("EfsVolumeConfiguration.TransitEncryption"), + }, + { + Name: "efs_transit_encryption_port", + Description: "The port to use when sending encrypted data between the Amazon ECS host and the Amazon EFS server", + Type: schema.TypeInt, + Resolver: schema.PathResolver("EfsVolumeConfiguration.TransitEncryptionPort"), + }, + { + Name: "fsx_wfs_authorization_config_credentials_parameter", + Description: "The authorization credential option to use", + Type: schema.TypeString, + Resolver: schema.PathResolver("FsxWindowsFileServerVolumeConfiguration.AuthorizationConfig.CredentialsParameter"), + }, + { + Name: "fsx_wfs_authorization_config_domain", + Description: "A fully qualified domain name hosted by an AWS Directory Service (https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.", + Type: schema.TypeString, + Resolver: schema.PathResolver("FsxWindowsFileServerVolumeConfiguration.AuthorizationConfig.Domain"), + }, + { + Name: "fsx_wfs_file_system_id", + Description: "The Amazon FSx for Windows File Server file system ID to use.", + Type: schema.TypeString, + Resolver: schema.PathResolver("FsxWindowsFileServerVolumeConfiguration.FileSystemId"), + }, + { + Name: "fsx_wfs_root_directory", + Description: "The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.", + Type: schema.TypeString, + Resolver: schema.PathResolver("FsxWindowsFileServerVolumeConfiguration.RootDirectory"), + }, + { + Name: "host_source_path", + Description: "When the host parameter is used, specify a sourcePath to declare the path on the host container instance that is presented to the container", + Type: schema.TypeString, + Resolver: schema.PathResolver("Host.SourcePath"), + }, + { + Name: "name", + Description: "The name of the volume", + Type: schema.TypeString, + }, + }, + }, + }, + } +} + +// ==================================================================================================================== +// Table Resolver Functions +// ==================================================================================================================== + +func fetchEcsTaskDefinitions(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { + var config ecs.ListTaskDefinitionsInput + region := meta.(*client.Client).Region + svc := meta.(*client.Client).Services().ECS + for { + listClustersOutput, err := svc.ListTaskDefinitions(ctx, &config, func(o *ecs.Options) { + o.Region = region + }) + if err != nil { + return err + } + if len(listClustersOutput.TaskDefinitionArns) == 0 { + return nil + } + for _, t := range listClustersOutput.TaskDefinitionArns { + describeClusterOutput, err := svc.DescribeTaskDefinition(ctx, &ecs.DescribeTaskDefinitionInput{TaskDefinition: &t}, func(o *ecs.Options) { + o.Region = region + }) + if err != nil { + return err + } + if describeClusterOutput.TaskDefinition == nil { + continue + } + res <- *describeClusterOutput.TaskDefinition + } + + if listClustersOutput.NextToken == nil { + break + } + config.NextToken = listClustersOutput.NextToken + } + return nil +} +func resolveEcsTask_definitionTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) + } + + region := meta.(*client.Client).Region + svc := meta.(*client.Client).Services().ECS + + tags, err := svc.ListTagsForResource(ctx, &ecs.ListTagsForResourceInput{ + ResourceArn: r.TaskDefinitionArn, + }, func(options *ecs.Options) { + options.Region = region + }) + if err != nil { + return err + } + + j := map[string]interface{}{} + for _, a := range tags.Tags { + j[*a.Key] = *a.Value + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionsInferenceAccelerators(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, a := range r.InferenceAccelerators { + j[*a.DeviceName] = *a.DeviceType + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionsPlacementConstraints(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, p := range r.PlacementConstraints { + j[*p.Expression] = p.Type + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionsProxyConfigurationProperties(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.ProxyConfiguration == nil { + return nil + } + for _, p := range r.ProxyConfiguration.Properties { + j[*p.Name] = *p.Value + } + return resource.Set(c.Name, j) +} +func fetchEcsTaskDefinitionContainerDefinitions(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { + r, ok := parent.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", parent.Item) + } + res <- r.ContainerDefinitions + return nil +} +func resolveEcsTaskDefinitionContainerDefinitionsDependsOn(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, p := range r.DependsOn { + j[*p.ContainerName] = p.Condition + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsEnvironment(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, p := range r.Environment { + j[*p.Name] = p.Value + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsEnvironmentFiles(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, p := range r.EnvironmentFiles { + j[string(p.Type)] = p.Value + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsExtraHosts(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + for _, h := range r.ExtraHosts { + j[*h.Hostname] = h.IpAddress + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsLinuxParametersDevices(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + if r.LinuxParameters == nil { + return nil + } + + data, err := json.Marshal(r.LinuxParameters.Devices) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} +func resolveEcsTaskDefinitionContainerDefinitionsLinuxParametersTmpfs(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + if r.LinuxParameters == nil { + return nil + } + + data, err := json.Marshal(r.LinuxParameters.Tmpfs) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} +func resolveEcsTaskDefinitionContainerDefinitionsLogConfigurationSecretOptions(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.LogConfiguration == nil { + return nil + } + for _, s := range r.LogConfiguration.SecretOptions { + j[*s.Name] = *s.ValueFrom + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsMountPoints(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + + data, err := json.Marshal(r.MountPoints) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} +func resolveEcsTaskDefinitionContainerDefinitionsPortMappings(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + data, err := json.Marshal(r.PortMappings) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} +func resolveEcsTaskDefinitionContainerDefinitionsResourceRequirements(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.LogConfiguration == nil { + return nil + } + for _, s := range r.ResourceRequirements { + j[string(s.Type)] = *s.Value + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsSecrets(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.LogConfiguration == nil { + return nil + } + for _, s := range r.Secrets { + j[*s.Name] = *s.ValueFrom + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsSystemControls(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.LogConfiguration == nil { + return nil + } + for _, s := range r.SystemControls { + j[*s.Namespace] = *s.Value + } + return resource.Set(c.Name, j) +} +func resolveEcsTaskDefinitionContainerDefinitionsUlimits(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + + data, err := json.Marshal(r.Ulimits) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} +func resolveEcsTaskDefinitionContainerDefinitionsVolumesFrom(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.ContainerDefinition) + if !ok { + return fmt.Errorf("expected to have types.ContainerDefinition but got %T", resource.Item) + } + j := map[string]interface{}{} + if r.LogConfiguration == nil { + return nil + } + for _, s := range r.VolumesFrom { + j[*s.SourceContainer] = *s.ReadOnly + } + return resource.Set(c.Name, j) +} +func fetchEcsTaskDefinitionRequiresAttributes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { + + r, ok := parent.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", parent.Item) + } + res <- r.RequiresAttributes + return nil +} +func fetchEcsTaskDefinitionVolumes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { + r, ok := parent.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", parent.Item) + } + res <- r.Volumes + return nil +} diff --git a/resources/ecs_task_definitions_test.go b/resources/ecs_task_definitions_test.go new file mode 100644 index 000000000..fe0a28e56 --- /dev/null +++ b/resources/ecs_task_definitions_test.go @@ -0,0 +1,46 @@ +package resources + +import ( + "testing" + + "github.com/aws/aws-sdk-go-v2/service/ecs" + "github.com/cloudquery/cq-provider-aws/client" + "github.com/cloudquery/cq-provider-aws/client/mocks" + "github.com/cloudquery/faker/v3" + "github.com/golang/mock/gomock" +) + +func buildEcsTaskDefinitions(t *testing.T, ctrl *gomock.Controller) client.Services { + m := mocks.NewMockEcsClient(ctrl) + + faker.SetIgnoreInterface(true) + listTaskDefinitionsOutput := ecs.ListTaskDefinitionsOutput{} + err := faker.FakeData(&listTaskDefinitionsOutput) + if err != nil { + t.Fatal(err) + } + listTaskDefinitionsOutput.NextToken = nil + m.EXPECT().ListTaskDefinitions(gomock.Any(), gomock.Any(), gomock.Any()).Return(&listTaskDefinitionsOutput, nil) + + taskDefinition := &ecs.DescribeTaskDefinitionOutput{} + err = faker.FakeData(&taskDefinition) + if err != nil { + t.Fatal(err) + } + m.EXPECT().DescribeTaskDefinition(gomock.Any(), gomock.Any(), gomock.Any()).Return(taskDefinition, nil) + + tags := &ecs.ListTagsForResourceOutput{} + err = faker.FakeData(&tags) + if err != nil { + t.Fatal(err) + } + m.EXPECT().ListTagsForResource(gomock.Any(), gomock.Any(), gomock.Any()).Return(tags, nil) + + return client.Services{ + ECS: m, + } +} + +func TestEcsTaskDefinitions(t *testing.T) { + awsTestHelper(t, EcsTaskDefinitions(), buildEcsTaskDefinitions, TestOptions{}) +} diff --git a/resources/integration_tests/aws_ecs_task_definitions_test.go b/resources/integration_tests/aws_ecs_task_definitions_test.go new file mode 100644 index 000000000..fbf9d1fca --- /dev/null +++ b/resources/integration_tests/aws_ecs_task_definitions_test.go @@ -0,0 +1,59 @@ +package integration_tests + +import ( + "testing" + + "github.com/cloudquery/cq-provider-aws/resources" + providertest "github.com/cloudquery/cq-provider-sdk/provider/testing" +) + +func TestIntegrationEcsTaskDefinitions(t *testing.T) { + resource := resources.EcsTaskDefinitions() + awsTestIntegrationHelper(t, resource, []string{"aws_ecs_clusters.tf", "aws_vpc.tf", "aws_elbv2_load_balancers.tf"}, func(res *providertest.ResourceIntegrationTestData) providertest.ResourceIntegrationVerification { + return providertest.ResourceIntegrationVerification{ + Name: resource.Name, + ExpectedValues: []providertest.ExpectedValue{ + { + Count: 1, + Data: map[string]interface{}{ + "compatibilities": []interface{}{"EC2"}, + "cpu": "1024", + "family": "openapi-task-definition", + "memory": "2048", + "network_mode": "awsvpc", + "requires_compatibilities": []interface{}{"EC2"}, + "revision": float64(33), + "status": "ACTIVE", + }, + }, + }, + Relations: []*providertest.ResourceIntegrationVerification{ + { + Name: "aws_ecs_task_definition_container_definitions", + ForeignKeyName: "task_definition_cq_id", + ExpectedValues: []providertest.ExpectedValue{ + { + Count: 1, + Data: map[string]interface{}{ + "cpu": float64(10), + "docker_labels": nil, + "essential": true, + "image": "nginx", + }, + }, + }, + }, + { + Name: "aws_ecs_task_definition_requires_attributes", + ForeignKeyName: "task_definition_cq_id", + ExpectedValues: []providertest.ExpectedValue{ + { + Count: 4, + Data: map[string]interface{}{}, + }, + }, + }, + }, + } + }) +} diff --git a/resources/integration_tests/infra/aws_ecs_clusters.tf b/resources/integration_tests/infra/aws_ecs_clusters.tf index 34b278de3..8c71709ab 100644 --- a/resources/integration_tests/infra/aws_ecs_clusters.tf +++ b/resources/integration_tests/infra/aws_ecs_clusters.tf @@ -2,12 +2,12 @@ resource "aws_iam_role" "aws_ecs_clusters_ec2_iam_role" { name = "ec2_ec2_iam_role_${var.test_prefix}${var.test_suffix}" assume_role_policy = jsonencode({ - Version = "2012-10-17" + Version = "2012-10-17" Statement = [ { - Action = "sts:AssumeRole" - Effect = "Allow" - Sid = "" + Action = "sts:AssumeRole" + Effect = "Allow" + Sid = "" Principal = { Service = "ec2.amazonaws.com" } @@ -28,35 +28,38 @@ resource "aws_security_group" "aws_ecs_clusters_security_group" { vpc_id = aws_vpc.aws_vpc.id ingress { - protocol = "tcp" + protocol = "tcp" from_port = "80" - to_port = "80" + to_port = "80" } egress { - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = [ - "0.0.0.0/0"] + from_port = 0 + to_port = 0 + protocol = "-1" + cidr_blocks = [ + "0.0.0.0/0" + ] ipv6_cidr_blocks = [ - "::/0"] + "::/0" + ] } } resource "aws_instance" "aws_ecs_clusters_ec2_instance" { - ami = data.aws_ami.aws_ecs_clusters_ami_ubuntu.id - subnet_id = aws_subnet.aws_vpc_subnet.id - instance_type = "t2.nano" - iam_instance_profile = aws_iam_instance_profile.aws_ecs_clusters_ec2-instance-profile.name + ami = data.aws_ami.aws_ecs_clusters_ami_ubuntu.id + subnet_id = aws_subnet.aws_vpc_subnet.id + instance_type = "t2.nano" + iam_instance_profile = aws_iam_instance_profile.aws_ecs_clusters_ec2-instance-profile.name vpc_security_group_ids = [ - aws_security_group.aws_ecs_clusters_security_group.id] - ebs_optimized = "false" - source_dest_check = "false" - user_data = data.template_file.aws_ecs_clusters_user_data.rendered + aws_security_group.aws_ecs_clusters_security_group.id + ] + ebs_optimized = "false" + source_dest_check = "false" + user_data = data.template_file.aws_ecs_clusters_user_data.rendered root_block_device { - volume_type = "gp2" - volume_size = "30" + volume_type = "gp2" + volume_size = "30" delete_on_termination = "true" } @@ -67,7 +70,8 @@ resource "aws_instance" "aws_ecs_clusters_ec2_instance" { subnet_id, key_name, ebs_optimized, - private_ip] + private_ip + ] } tags = { @@ -79,41 +83,46 @@ data "aws_ami" "aws_ecs_clusters_ami_ubuntu" { most_recent = true filter { - name = "name" + name = "name" values = [ - "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"] + "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*" + ] } filter { - name = "virtualization-type" + name = "virtualization-type" values = [ - "hvm"] + "hvm" + ] } owners = [ - "099720109477"] + "099720109477" + ] } data "aws_iam_policy_document" "aws_ecs_clusters_ecs-instance-policy" { statement { actions = [ - "sts:AssumeRole"] + "sts:AssumeRole" + ] principals { - type = "Service" + type = "Service" identifiers = [ - "ec2.amazonaws.com"] + "ec2.amazonaws.com" + ] } } } resource "aws_iam_role" "aws_ecs_clusters_ecs-instance-role" { - name = "ecs-instance-role_${var.test_prefix}${var.test_suffix}" - path = "/" + name = "ecs-instance-role_${var.test_prefix}${var.test_suffix}" + path = "/" assume_role_policy = data.aws_iam_policy_document.aws_ecs_clusters_ecs-instance-policy.json } resource "aws_iam_role_policy_attachment" "aws_ecs_clusters_ecs-instance-role-attachment" { - role = aws_iam_role.aws_ecs_clusters_ecs-instance-role.name + role = aws_iam_role.aws_ecs_clusters_ecs-instance-role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" } @@ -126,34 +135,36 @@ resource "aws_iam_instance_profile" "aws_ecs_clusters_instance-profile" { data "aws_iam_policy_document" "aws_ecs_clusters_service-policy" { statement { actions = [ - "sts:AssumeRole"] + "sts:AssumeRole" + ] principals { - type = "Service" + type = "Service" identifiers = [ - "ecs.amazonaws.com"] + "ecs.amazonaws.com" + ] } } } resource "aws_iam_role" "aws_ecs_clusters_service-role" { - name = "ecs_service_role_${var.test_prefix}${var.test_suffix}" - path = "/" + name = "ecs_service_role_${var.test_prefix}${var.test_suffix}" + path = "/" assume_role_policy = data.aws_iam_policy_document.aws_ecs_clusters_service-policy.json } resource "aws_iam_role_policy_attachment" "aws_ecs_clusters_service-role-attachment" { - role = aws_iam_role.aws_ecs_clusters_service-role.name + role = aws_iam_role.aws_ecs_clusters_service-role.name policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" } resource "aws_ecs_cluster" "aws_ecs_clusters_cluster" { name = "ecs_cluster_${var.test_prefix}${var.test_suffix}" setting { - name = "containerInsights" + name = "containerInsights" value = "enabled" } tags = { - name = "ecs_cluster_${var.test_prefix}${var.test_suffix}" + name = "ecs_cluster_${var.test_prefix}${var.test_suffix}" stage = "test" } } @@ -176,7 +187,7 @@ EOF } resource "aws_ecs_task_definition" "aws_ecs_clusters_task_definition" { - container_definitions = jsonencode([ + container_definitions = jsonencode([ { "name" : "web-server", "image" : "nginx", @@ -206,13 +217,17 @@ resource "aws_ecs_task_definition" "aws_ecs_clusters_task_definition" { "volumesFrom" : [] } ]) - family = "openapi-task-defination" - network_mode = "awsvpc" - memory = "2048" - cpu = "1024" + family = "openapi-task-definition" + network_mode = "awsvpc" + memory = "2048" + cpu = "1024" requires_compatibilities = [ - "EC2"] + "EC2" + ] # TASK running role + tags = { + "name" = "td-${var.test_prefix}${var.test_suffix}" + } } data "aws_ecs_task_definition" "aws_ecs_clusters_task_definition" { @@ -220,28 +235,31 @@ data "aws_ecs_task_definition" "aws_ecs_clusters_task_definition" { } resource "aws_ecs_service" "aws_ecs_clusters_service" { - cluster = aws_ecs_cluster.aws_ecs_clusters_cluster.id - desired_count = 1 - launch_type = "EC2" - name = "ecs_service_${var.test_prefix}${var.test_suffix}" + cluster = aws_ecs_cluster.aws_ecs_clusters_cluster.id + desired_count = 1 + launch_type = "EC2" + name = "ecs_service_${var.test_prefix}${var.test_suffix}" task_definition = "${aws_ecs_task_definition.aws_ecs_clusters_task_definition.family}:${max(aws_ecs_task_definition.aws_ecs_clusters_task_definition.revision, data.aws_ecs_task_definition.aws_ecs_clusters_task_definition.revision)}" load_balancer { - container_name = "web-server" - container_port = "8080" + container_name = "web-server" + container_port = "8080" target_group_arn = aws_lb_target_group.aws_elbv2_lb_target_group.arn } network_configuration { - security_groups = [ - aws_security_group.aws_ecs_clusters_security_group.id] - subnets = [ + security_groups = [ + aws_security_group.aws_ecs_clusters_security_group.id + ] + subnets = [ aws_subnet.aws_vpc_subnet.id, - aws_subnet.aws_vpc_subnet2.id] + aws_subnet.aws_vpc_subnet2.id + ] assign_public_ip = "false" } depends_on = [ - aws_lb_target_group.aws_elbv2_lb_target_group] + aws_lb_target_group.aws_elbv2_lb_target_group + ] } // TODO - move to separate file diff --git a/resources/provider.go b/resources/provider.go index 3f3ad95c9..2536575fa 100644 --- a/resources/provider.go +++ b/resources/provider.go @@ -72,6 +72,7 @@ func Provider() *provider.Provider { "ec2.vpn_gateways": Ec2VpnGateways(), "ecr.repositories": EcrRepositories(), "ecs.clusters": EcsClusters(), + "ecs.task_definitions": EcsTaskDefinitions(), "efs.filesystems": EfsFilesystems(), "eks.clusters": EksClusters(), "elasticbeanstalk.environments": ElasticbeanstalkEnvironments(), From e90640f4a4227e8d637d5fd987efcb7c2fb195e5 Mon Sep 17 00:00:00 2001 From: Andrii Romanenko Date: Wed, 1 Dec 2021 13:33:51 +0200 Subject: [PATCH 2/2] columns adjusted --- ...ecs_task_definition_requires_attributes.md | 11 -- docs/tables/aws_ecs_task_definitions.md | 3 +- resources/ecs_task_definitions.go | 113 +++++++----------- 3 files changed, 47 insertions(+), 80 deletions(-) delete mode 100644 docs/tables/aws_ecs_task_definition_requires_attributes.md diff --git a/docs/tables/aws_ecs_task_definition_requires_attributes.md b/docs/tables/aws_ecs_task_definition_requires_attributes.md deleted file mode 100644 index b8dd22612..000000000 --- a/docs/tables/aws_ecs_task_definition_requires_attributes.md +++ /dev/null @@ -1,11 +0,0 @@ - -# Table: aws_ecs_task_definition_requires_attributes -An attribute is a name-value pair associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources -## Columns -| Name | Type | Description | -| ------------- | ------------- | ----- | -|task_definition_cq_id|uuid|Unique CloudQuery ID of aws_ecs_task_definitions table (FK)| -|name|text|The name of the attribute| -|target_id|text|The ID of the target| -|target_type|text|The type of the target with which to attach the attribute| -|value|text|The value of the attribute| diff --git a/docs/tables/aws_ecs_task_definitions.md b/docs/tables/aws_ecs_task_definitions.md index 73eb7bbf9..348b9083c 100644 --- a/docs/tables/aws_ecs_task_definitions.md +++ b/docs/tables/aws_ecs_task_definitions.md @@ -6,7 +6,7 @@ The details of a task definition which describes the container and volume defini | ------------- | ------------- | ----- | |account_id|text|The AWS Account ID of the resource.| |region|text|The AWS Region of the resource.| -|tags|jsonb|| +|tags|jsonb|The metadata that you apply to the service to help you categorize and organize them| |compatibilities|text[]|The task launch types the task definition validated against during task definition registration| |cpu|text|The number of cpu units used by the task| |deregistered_at|timestamp without time zone|The Unix timestamp for when the task definition was deregistered.| @@ -23,6 +23,7 @@ The details of a task definition which describes the container and volume defini |proxy_configuration_type|text|The proxy type| |registered_at|timestamp without time zone|The Unix timestamp for when the task definition was registered.| |registered_by|text|The principal that registered the task definition.| +|requires_attributes|jsonb|The container instance attributes required by your task| |requires_compatibilities|text[]|The task launch types the task definition was validated against| |revision|integer|The revision of the task in a particular family| |status|text|The status of the task definition.| diff --git a/resources/ecs_task_definitions.go b/resources/ecs_task_definitions.go index c9463248e..4725ad8f3 100644 --- a/resources/ecs_task_definitions.go +++ b/resources/ecs_task_definitions.go @@ -34,9 +34,10 @@ func EcsTaskDefinitions() *schema.Table { Resolver: client.ResolveAWSRegion, }, { - Name: "tags", - Type: schema.TypeJSON, - Resolver: resolveEcsTask_definitionTags, + Name: "tags", + Description: "The metadata that you apply to the service to help you categorize and organize them", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionTags, }, { Name: "compatibilities", @@ -123,6 +124,12 @@ func EcsTaskDefinitions() *schema.Table { Description: "The principal that registered the task definition.", Type: schema.TypeString, }, + { + Name: "requires_attributes", + Description: "The container instance attributes required by your task", + Type: schema.TypeJSON, + Resolver: resolveEcsTaskDefinitionsRequiresAttributes, + }, { Name: "requires_compatibilities", Description: "The task launch types the task definition was validated against", @@ -459,39 +466,6 @@ func EcsTaskDefinitions() *schema.Table { }, }, }, - { - Name: "aws_ecs_task_definition_requires_attributes", - Description: "An attribute is a name-value pair associated with an Amazon ECS object. Attributes enable you to extend the Amazon ECS data model by adding custom metadata to your resources", - Resolver: fetchEcsTaskDefinitionRequiresAttributes, - Columns: []schema.Column{ - { - Name: "task_definition_cq_id", - Description: "Unique CloudQuery ID of aws_ecs_task_definitions table (FK)", - Type: schema.TypeUUID, - Resolver: schema.ParentIdResolver, - }, - { - Name: "name", - Description: "The name of the attribute", - Type: schema.TypeString, - }, - { - Name: "target_id", - Description: "The ID of the target", - Type: schema.TypeString, - }, - { - Name: "target_type", - Description: "The type of the target with which to attach the attribute", - Type: schema.TypeString, - }, - { - Name: "value", - Description: "The value of the attribute", - Type: schema.TypeString, - }, - }, - }, { Name: "aws_ecs_task_definition_volumes", Description: "A data volume used in a task definition", @@ -648,30 +622,6 @@ func fetchEcsTaskDefinitions(ctx context.Context, meta schema.ClientMeta, parent } return nil } -func resolveEcsTask_definitionTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { - r, ok := resource.Item.(types.TaskDefinition) - if !ok { - return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) - } - - region := meta.(*client.Client).Region - svc := meta.(*client.Client).Services().ECS - - tags, err := svc.ListTagsForResource(ctx, &ecs.ListTagsForResourceInput{ - ResourceArn: r.TaskDefinitionArn, - }, func(options *ecs.Options) { - options.Region = region - }) - if err != nil { - return err - } - - j := map[string]interface{}{} - for _, a := range tags.Tags { - j[*a.Key] = *a.Value - } - return resource.Set(c.Name, j) -} func resolveEcsTaskDefinitionsInferenceAccelerators(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { r, ok := resource.Item.(types.TaskDefinition) if !ok { @@ -708,6 +658,17 @@ func resolveEcsTaskDefinitionsProxyConfigurationProperties(ctx context.Context, } return resource.Set(c.Name, j) } +func resolveEcsTaskDefinitionsRequiresAttributes(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) + if !ok { + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) + } + data, err := json.Marshal(r.RequiresAttributes) + if err != nil { + return err + } + return resource.Set(c.Name, data) +} func fetchEcsTaskDefinitionContainerDefinitions(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { r, ok := parent.Item.(types.TaskDefinition) if !ok { @@ -895,20 +856,36 @@ func resolveEcsTaskDefinitionContainerDefinitionsVolumesFrom(ctx context.Context } return resource.Set(c.Name, j) } -func fetchEcsTaskDefinitionRequiresAttributes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { - +func fetchEcsTaskDefinitionVolumes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { r, ok := parent.Item.(types.TaskDefinition) if !ok { return fmt.Errorf("expected to have types.TaskDefinition but got %T", parent.Item) } - res <- r.RequiresAttributes + res <- r.Volumes return nil } -func fetchEcsTaskDefinitionVolumes(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error { - r, ok := parent.Item.(types.TaskDefinition) + +func resolveEcsTaskDefinitionTags(ctx context.Context, meta schema.ClientMeta, resource *schema.Resource, c schema.Column) error { + r, ok := resource.Item.(types.TaskDefinition) if !ok { - return fmt.Errorf("expected to have types.TaskDefinition but got %T", parent.Item) + return fmt.Errorf("expected to have types.TaskDefinition but got %T", resource.Item) } - res <- r.Volumes - return nil + + region := meta.(*client.Client).Region + svc := meta.(*client.Client).Services().ECS + + tags, err := svc.ListTagsForResource(ctx, &ecs.ListTagsForResourceInput{ + ResourceArn: r.TaskDefinitionArn, + }, func(options *ecs.Options) { + options.Region = region + }) + if err != nil { + return err + } + + j := map[string]interface{}{} + for _, a := range tags.Tags { + j[*a.Key] = *a.Value + } + return resource.Set(c.Name, j) }