classify vpc subnets

Signed-off-by: Pascal Euhus <[email protected]>
docker-archive · Feb 14, 2021 · f2493af · f2493af
1 parent a19e9b2
commit f2493af
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 23 deletions.
diff --git a/ecs/aws.go b/ecs/aws.go
@@ -69,7 +69,7 @@ type API interface {
 	getURLWithPortMapping(ctx context.Context, targetGroupArns []string) ([]compose.PortPublisher, error)
 	ListTasks(ctx context.Context, cluster string, family string) ([]string, error)
 	GetPublicIPs(ctx context.Context, interfaces ...string) (map[string]string, error)
-	ResolveLoadBalancer(ctx context.Context, nameOrArn string) (awsResource, string, string, []awsResource, error)
+	ResolveLoadBalancer(ctx context.Context, nameOrArn string) (awsResource, string, string, vpcSubNets, error)
 	GetLoadBalancerURL(ctx context.Context, arn string) (string, error)
 	GetParameter(ctx context.Context, name string) (string, error)
 	SecurityGroupExists(ctx context.Context, sg string) (bool, error)

diff --git a/ecs/awsResources.go b/ecs/awsResources.go
@@ -37,10 +37,16 @@ import (
 	"github.com/sirupsen/logrus"
 )
 
+// vpcSubNets classification
+type vpcSubNets struct {
+	public []awsResource
+	private []awsResource
+}
+
 // awsResources hold the AWS component being used or created to support services definition
 type awsResources struct {
 	vpc              string // shouldn't this also be an awsResource ?
-	subnets          []awsResource
+	subnets          vpcSubNets
 	cluster          awsResource
 	loadBalancer     awsResource
 	loadBalancerType string
@@ -66,7 +72,7 @@ func (r *awsResources) allSecurityGroups() []string {
 
 func (r *awsResources) subnetsIDs() []string {
 	var ids []string
-	for _, r := range r.subnets {
+	for _, r := range append(r.subnets.private, r.subnets.public...) {
 		ids = append(ids, r.ID())
 	}
 	return ids
@@ -207,13 +213,16 @@ func (b *ecsAPIService) parseVPCExtension(ctx context.Context, project *types.Pr
 	}
 
 	var publicSubNets []awsResource
+	var privateSubNets []awsResource
 	for _, subNet := range subNets {
 		isPublic, err := b.aws.IsPublicSubnet(ctx, subNet.ID())
 		if err != nil {
 			return err
 		}
 		if isPublic {
 			publicSubNets = append(publicSubNets, subNet)
+		} else {
+			privateSubNets = append(privateSubNets, subNet)
 		}
 	}
 
@@ -222,7 +231,8 @@ func (b *ecsAPIService) parseVPCExtension(ctx context.Context, project *types.Pr
 	}
 
 	r.vpc = vpc
-	r.subnets = subNets
+	r.subnets.public = publicSubNets
+	r.subnets.private = privateSubNets
 	return nil
 }
 
@@ -451,14 +461,8 @@ func (b *ecsAPIService) ensureLoadBalancer(r *awsResources, project *types.Proje
 	}
 
 	var publicSubNetIDs []string
-	for _, subNetID := range r.subnetsIDs() {
-        isPublic, err := b.aws.IsPublicSubnet(context.Background(), subNetID)
-        if err != nil {
-            return err
-        }
-        if isPublic {
-            publicSubNetIDs = append(publicSubNetIDs, subNetID)
-        }
+	for _, subNetID := range r.subnetsIDs() {	
+        publicSubNetIDs = append(publicSubNetIDs, subNetID)
     }
 
 	template.Resources["LoadBalancer"] = &elasticloadbalancingv2.LoadBalancer{

diff --git a/ecs/aws_mock.go b/ecs/aws_mock.go
diff --git a/ecs/sdk.go b/ecs/sdk.go
@@ -1045,7 +1045,7 @@ func (s sdk) GetPublicIPs(ctx context.Context, interfaces ...string) (map[string
 	}
 }
 
-func (s sdk) ResolveLoadBalancer(ctx context.Context, nameOrArn string) (awsResource, string, string, []awsResource, error) {
+func (s sdk) ResolveLoadBalancer(ctx context.Context, nameOrArn string) (awsResource, string, string, vpcSubNets, error) {
 	logrus.Debug("Check if LoadBalancer exists: ", nameOrArn)
 	var arns []*string
 	var names []*string
@@ -1060,17 +1060,27 @@ func (s sdk) ResolveLoadBalancer(ctx context.Context, nameOrArn string) (awsReso
 		Names:            names,
 	})
 	if err != nil {
-		return nil, "", "", nil, err
+		return nil, "", "", vpcSubNets{}, err
 	}
 	if len(lbs.LoadBalancers) == 0 {
-		return nil, "", "", nil, errors.Wrapf(errdefs.ErrNotFound, "load balancer %q does not exist", nameOrArn)
+		return nil, "", "", vpcSubNets{}, errors.Wrapf(errdefs.ErrNotFound, "load balancer %q does not exist", nameOrArn)
 	}
 	it := lbs.LoadBalancers[0]
-	var subNets []awsResource
+	var subNets vpcSubNets
 	for _, az := range it.AvailabilityZones {
-		subNets = append(subNets, existingAWSResource{
-			id: aws.StringValue(az.SubnetId),
-		})
+		isPublic, err := s.IsPublicSubnet(ctx,aws.StringValue(az.SubnetId));
+		if err != nil {
+			return nil, "", "", subNets, err
+		}
+		if isPublic {
+			subNets.public = append(subNets.public, existingAWSResource{
+				id: aws.StringValue(az.SubnetId),
+			})
+		} else {
+			subNets.private = append(subNets.private, existingAWSResource{
+				id: aws.StringValue(az.SubnetId),
+			})
+		}
 	}
 	return existingAWSResource{
 		arn: aws.StringValue(it.LoadBalancerArn),

diff --git a/ecs/volumes.go b/ecs/volumes.go
@@ -32,7 +32,7 @@ import (
 
 func (b *ecsAPIService) createNFSMountTarget(project *types.Project, resources awsResources, template *cloudformation.Template) {
 	for volume := range project.Volumes {
-		for _, subnet := range resources.subnets {
+		for _, subnet := range append(resources.subnets.public, resources.subnets.private...) {
 			name := fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(subnet.ID()))
 			template.Resources[name] = &efs.MountTarget{
 				FileSystemId:   resources.filesystems[volume].ID(),
@@ -45,7 +45,7 @@ func (b *ecsAPIService) createNFSMountTarget(project *types.Project, resources a
 
 func (b *ecsAPIService) mountTargets(volume string, resources awsResources) []string {
 	var refs []string
-	for _, subnet := range resources.subnets {
+	for _, subnet := range append(resources.subnets.public, resources.subnets.private...) {
 		refs = append(refs, fmt.Sprintf("%sNFSMountTargetOn%s", normalizeResourceName(volume), normalizeResourceName(subnet.ID())))
 	}
 	return refs