def test_valid_data(self): t = Template() cd = ecs.ContainerDefinition.from_dict("mycontainer", self.d) self.assertEqual(cd.Links[0], "containerA") td = ecs.TaskDefinition( "taskdef", ContainerDefinitions=[cd], Volumes=[ecs.Volume(Name="myvol")], TaskRoleArn=Ref(iam.Role("myecsrole")), ) t.add_resource(td) t.to_json()
def test_fargate_launch_type(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, PlacementStrategies=[ ecs.PlacementStrategy( Type="random", ) ], LaunchType='FARGATE', NetworkConfiguration=ecs.NetworkConfiguration( AwsvpcConfiguration=ecs.AwsvpcConfiguration( AssignPublicIp='DISABLED', SecurityGroups=['sg-1234'], Subnets=['subnet-1234'] ) ), PlacementConstraints=[ ecs.PlacementConstraint( Type="distinctInstance", ) ], TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def test_allow_string_cluster(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, TaskDefinition=Ref(task_definition), ) ecs_service.JSONrepr()
def test_allow_scheduling_strategy(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) ecs_service = ecs.Service( 'Service', Cluster='cluster', DesiredCount=2, TaskDefinition=Ref(task_definition), SchedulingStrategy=ecs.SCHEDULING_STRATEGY_DAEMON) ecs_service.to_dict()
def test_docker_volume_configuration(self): docker_volume_configuration = ecs.DockerVolumeConfiguration( Autoprovision=True, Scope="task", Labels=dict(label="ok"), DriverOpts=dict(option="ok")) task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume( Name="my-vol", DockerVolumeConfiguration=docker_volume_configuration), ], ) task_definition.to_dict()
def test_allow_ref_cluster(self): task_definition = ecs.TaskDefinition( "mytaskdef", ContainerDefinitions=[ ecs.ContainerDefinition( Image="myimage", Memory="300", Name="mycontainer", ) ], Volumes=[ ecs.Volume(Name="my-vol"), ], ) cluster = ecs.Cluster("mycluster") ecs_service = ecs.Service( 'Service', Cluster=Ref(cluster), DesiredCount=2, TaskDefinition=Ref(task_definition), ) ecs_service.to_dict()
def test_exclusive(self): d = { "Cpu": 1, "Environment": [{ "Name": "REGISTRY_STORAGE", "Value": "s3" }, { "Name": "REGISTRY_STORAGE_S3_REGION", "Value": "eu-west-1" }], "Essential": True, "Image": "registry:2", "Memory": 500, "Name": "registry", "PortMappings": [{ "ContainerPort": 5000, "HostPort": 5000 }, { "ContainerPort": 5001, "HostPort": 5001 }] } t = Template() cd = ecs.ContainerDefinition.from_dict("mycontainer", d) td = ecs.TaskDefinition("taskdef", ContainerDefinitions=[cd], Volumes=[ecs.Volume(Name="myvol")], TaskRoleArn=Ref(iam.Role("myecsrole"))) t.add_resource(td) t.to_json()
def create_ecs_resources(self): t = self.template # Give the instances access that the Empire daemon needs. t.add_resource( PolicyType( "AccessPolicy", PolicyName="empire", PolicyDocument=empire_policy({ "Environment": Ref("Environment"), "CustomResourcesTopic": Ref("CustomResourcesTopic"), "CustomResourcesQueue": (GetAtt("CustomResourcesQueue", "Arn")), "TemplateBucket": (Join("", ["arn:aws:s3:::", Ref("TemplateBucket"), "/*"])) }), Roles=[Ref("InstanceRole")])) t.add_resource( sns.Topic( EVENTS_TOPIC, DisplayName="Empire events", Condition="CreateSNSTopic", )) t.add_output( Output("EventsSNSTopic", Value=Ref(EVENTS_TOPIC), Condition="CreateSNSTopic")) # Add SNS Events policy if Events are enabled t.add_resource( PolicyType("SNSEventsPolicy", PolicyName="EmpireSNSEventsPolicy", Condition="EnableSNSEvents", PolicyDocument=sns_events_policy( If("CreateSNSTopic", Ref(EVENTS_TOPIC), Ref("EventsSNSTopicName"))), Roles=[Ref("InstanceRole")])) # Add run logs policy if run logs are enabled t.add_resource( PolicyType("RunLogsPolicy", PolicyName="EmpireRunLogsPolicy", Condition="EnableCloudwatchLogs", PolicyDocument=runlogs_policy( If("CreateRunLogsGroup", Ref(RUN_LOGS), Ref("RunLogsCloudwatchGroup"))), Roles=[Ref("InstanceRole")])) # Allow the controller to write empire events to kinesis if kinesis is # enabled. t.add_resource( PolicyType("AppEventStreamPolicy", PolicyName="EmpireAppEventStreamPolicy", Condition="EnableAppEventStream", PolicyDocument=logstream_policy(), Roles=[Ref("InstanceRole")])) t.add_resource( ecs.TaskDefinition( "TaskDefinition", Volumes=[ ecs.Volume( Name="dockerSocket", Host=ecs.Host(SourcePath="/var/run/docker.sock")), ecs.Volume(Name="dockerCfg", Host=ecs.Host(SourcePath="/root/.dockercfg")) ], ContainerDefinitions=[ ecs.ContainerDefinition( Command=["server", "-automigrate=true"], Name="empire", Environment=self.get_empire_environment(), Essential=True, Image=Ref("DockerImage"), MountPoints=[ ecs.MountPoint( SourceVolume="dockerSocket", ContainerPath="/var/run/docker.sock", ReadOnly=False), ecs.MountPoint(SourceVolume="dockerCfg", ContainerPath="/root/.dockercfg", ReadOnly=False) ], PortMappings=[ ecs.PortMapping(HostPort=8081, ContainerPort=8081) ], Cpu=Ref("TaskCPU"), Memory=Ref("TaskMemory")) ])) t.add_resource( Role("ServiceRole", AssumeRolePolicyDocument=get_ecs_assumerole_policy(), Path="/", Policies=[ Policy(PolicyName="ecs-service-role", PolicyDocument=service_role_policy()) ])) t.add_resource( ecs.Service( "Service", Cluster=Ref("ControllerCluster"), DeploymentConfiguration=ecs.DeploymentConfiguration( MaximumPercent=Ref("ServiceMaximumPercent"), MinimumHealthyPercent=Ref("ServiceMinimumHealthyPercent"), ), DesiredCount=Ref("DesiredCount"), LoadBalancers=[ ecs.LoadBalancer(ContainerName="empire", ContainerPort=8081, LoadBalancerName=Ref("LoadBalancer")) ], Role=Ref("ServiceRole"), TaskDefinition=Ref("TaskDefinition")))