From 48f5647aac773871b75ccf433b71343af2ad9c1e Mon Sep 17 00:00:00 2001 From: Yunchi Luo Date: Tue, 6 Jun 2023 12:34:12 -0400 Subject: [PATCH] fix external task definition must exist before first run (#204) * fix external task definition must exist before first run * update readme * fix lint warnings --- README.md | 2 +- docs/terraform.md | 2 +- main.tf | 11 ++++++----- variables.tf | 12 +++++++++--- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 5e1db6e8..9ffaa229 100644 --- a/README.md +++ b/README.md @@ -366,7 +366,7 @@ Available targets: | [subnet\_ids](#input\_subnet\_ids) | Subnet IDs used in Service `network_configuration` if `var.network_mode = "awsvpc"` | `list(string)` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match [supported memory values](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `256` | no | -| [task\_definition](#input\_task\_definition) | Reuse an existing task definition family and revision for the ecs service instead of creating one | `string` | `null` | no | +| [task\_definition](#input\_task\_definition) | A `list(string)` of zero or one ARNs of task definitions, to reuse
reuse an existing task definition family and revision for the ecs
service instead of creating one
DEPRECATED: you can also pass a `string` with the ARN, but that
string must be known a "plan" time. | `any` | `[]` | no | | [task\_exec\_policy\_arns](#input\_task\_exec\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task execution role.
Changes to the list will have ripple effects, so use `task_exec_policy_arns_map` if possible. | `list(string)` | `[]` | no | | [task\_exec\_policy\_arns\_map](#input\_task\_exec\_policy\_arns\_map) | A map of name to IAM Policy ARNs to attach to the generated task execution role.
The names are arbitrary, but must be known at plan time. The purpose of the name
is so that changes to one ARN do not cause a ripple effect on the other ARNs.
If you cannot provide unique names known at plan time, use `task_exec_policy_arns` instead. | `map(string)` | `{}` | no | | [task\_exec\_role\_arn](#input\_task\_exec\_role\_arn) | A `list(string)` of zero or one ARNs of IAM roles that allows the
ECS/Fargate agent to make calls to the ECS API on your behalf.
If the list is empty, a role will be created for you.
DEPRECATED: you can also pass a `string` with the ARN, but that
string must be known a "plan" time. | `any` | `[]` | no | diff --git a/docs/terraform.md b/docs/terraform.md index 7e91f7b4..5225066e 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -119,7 +119,7 @@ | [subnet\_ids](#input\_subnet\_ids) | Subnet IDs used in Service `network_configuration` if `var.network_mode = "awsvpc"` | `list(string)` | `null` | no | | [tags](#input\_tags) | Additional tags (e.g. `{'BusinessUnit': 'XYZ'}`).
Neither the tag keys nor the tag values will be modified by this module. | `map(string)` | `{}` | no | | [task\_cpu](#input\_task\_cpu) | The number of CPU units used by the task. If using `FARGATE` launch type `task_cpu` must match [supported memory values](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size) | `number` | `256` | no | -| [task\_definition](#input\_task\_definition) | Reuse an existing task definition family and revision for the ecs service instead of creating one | `string` | `null` | no | +| [task\_definition](#input\_task\_definition) | A `list(string)` of zero or one ARNs of task definitions, to reuse
reuse an existing task definition family and revision for the ecs
service instead of creating one
DEPRECATED: you can also pass a `string` with the ARN, but that
string must be known a "plan" time. | `any` | `[]` | no | | [task\_exec\_policy\_arns](#input\_task\_exec\_policy\_arns) | A list of IAM Policy ARNs to attach to the generated task execution role.
Changes to the list will have ripple effects, so use `task_exec_policy_arns_map` if possible. | `list(string)` | `[]` | no | | [task\_exec\_policy\_arns\_map](#input\_task\_exec\_policy\_arns\_map) | A map of name to IAM Policy ARNs to attach to the generated task execution role.
The names are arbitrary, but must be known at plan time. The purpose of the name
is so that changes to one ARN do not cause a ripple effect on the other ARNs.
If you cannot provide unique names known at plan time, use `task_exec_policy_arns` instead. | `map(string)` | `{}` | no | | [task\_exec\_role\_arn](#input\_task\_exec\_role\_arn) | A `list(string)` of zero or one ARNs of IAM roles that allows the
ECS/Fargate agent to make calls to the ECS API on your behalf.
If the list is empty, a role will be created for you.
DEPRECATED: you can also pass a `string` with the ARN, but that
string must be known a "plan" time. | `any` | `[]` | no | diff --git a/main.tf b/main.tf index 95d49473..8285e7b9 100644 --- a/main.tf +++ b/main.tf @@ -7,6 +7,7 @@ locals { create_exec_role = local.enabled && length(var.task_exec_role_arn) == 0 enable_ecs_service_role = module.this.enabled && var.network_mode != "awsvpc" && length(var.ecs_load_balancers) >= 1 create_security_group = local.enabled && var.network_mode == "awsvpc" && var.security_group_enabled + create_task_definition = local.enabled && length(var.task_definition) == 0 volumes = concat(var.docker_volumes, var.efs_volumes, var.fsx_volumes, var.bind_mount_volumes) @@ -46,7 +47,7 @@ module "exec_label" { } resource "aws_ecs_task_definition" "default" { - count = local.enabled && var.task_definition == null ? 1 : 0 + count = local.create_task_definition ? 1 : 0 family = module.this.id container_definitions = var.container_definition_json requires_compatibilities = [var.launch_type] @@ -360,7 +361,7 @@ resource "aws_security_group_rule" "nlb" { resource "aws_ecs_service" "ignore_changes_task_definition" { count = local.ecs_service_enabled && var.ignore_changes_task_definition && !var.ignore_changes_desired_count ? 1 : 0 name = module.this.id - task_definition = coalesce(var.task_definition, "${join("", aws_ecs_task_definition.default.*.family)}:${join("", aws_ecs_task_definition.default.*.revision)}") + task_definition = local.create_task_definition ? "${join("", aws_ecs_task_definition.default[*].family)}:${join("", aws_ecs_task_definition.default[*].revision)}" : var.task_definition[0] desired_count = var.desired_count deployment_maximum_percent = var.deployment_maximum_percent deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent @@ -459,7 +460,7 @@ resource "aws_ecs_service" "ignore_changes_task_definition" { resource "aws_ecs_service" "ignore_changes_task_definition_and_desired_count" { count = local.ecs_service_enabled && var.ignore_changes_task_definition && var.ignore_changes_desired_count ? 1 : 0 name = module.this.id - task_definition = coalesce(var.task_definition, "${join("", aws_ecs_task_definition.default.*.family)}:${join("", aws_ecs_task_definition.default.*.revision)}") + task_definition = local.create_task_definition ? "${join("", aws_ecs_task_definition.default[*].family)}:${join("", aws_ecs_task_definition.default[*].revision)}" : var.task_definition[0] desired_count = var.desired_count deployment_maximum_percent = var.deployment_maximum_percent deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent @@ -558,7 +559,7 @@ resource "aws_ecs_service" "ignore_changes_task_definition_and_desired_count" { resource "aws_ecs_service" "ignore_changes_desired_count" { count = local.ecs_service_enabled && !var.ignore_changes_task_definition && var.ignore_changes_desired_count ? 1 : 0 name = module.this.id - task_definition = coalesce(var.task_definition, "${join("", aws_ecs_task_definition.default.*.family)}:${join("", aws_ecs_task_definition.default.*.revision)}") + task_definition = local.create_task_definition ? "${join("", aws_ecs_task_definition.default[*].family)}:${join("", aws_ecs_task_definition.default[*].revision)}" : var.task_definition[0] desired_count = var.desired_count deployment_maximum_percent = var.deployment_maximum_percent deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent @@ -657,7 +658,7 @@ resource "aws_ecs_service" "ignore_changes_desired_count" { resource "aws_ecs_service" "default" { count = local.ecs_service_enabled && !var.ignore_changes_task_definition && !var.ignore_changes_desired_count ? 1 : 0 name = module.this.id - task_definition = coalesce(var.task_definition, "${join("", aws_ecs_task_definition.default.*.family)}:${join("", aws_ecs_task_definition.default.*.revision)}") + task_definition = local.create_task_definition ? "${join("", aws_ecs_task_definition.default[*].family)}:${join("", aws_ecs_task_definition.default[*].revision)}" : var.task_definition[0] desired_count = var.desired_count deployment_maximum_percent = var.deployment_maximum_percent deployment_minimum_healthy_percent = var.deployment_minimum_healthy_percent diff --git a/variables.tf b/variables.tf index 8b87e23e..1e6de6e9 100644 --- a/variables.tf +++ b/variables.tf @@ -439,9 +439,15 @@ variable "wait_for_steady_state" { } variable "task_definition" { - type = string - description = "Reuse an existing task definition family and revision for the ecs service instead of creating one" - default = null + type = any + description = <<-EOT + A `list(string)` of zero or one ARNs of task definitions, to reuse + reuse an existing task definition family and revision for the ecs + service instead of creating one + DEPRECATED: you can also pass a `string` with the ARN, but that + string must be known a "plan" time. + EOT + default = [] } variable "force_new_deployment" {