fix templates for ecs -> efs (#799)

klothoplatform · Dec 1, 2023 · 4c020a0 · 4c020a0
1 parent a85ee54
commit 4c020a0
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 3 deletions.
diff --git a/pkg/infra/iac3/templates/aws/efs_file_system/factory.ts b/pkg/infra/iac3/templates/aws/efs_file_system/factory.ts
@@ -54,5 +54,6 @@ function create(args: Args): aws.efs.FileSystem {
 function properties(object: aws.efs.FileSystem, args: Args) {
     return {
         Id: object.id,
+        Arn: object.arn,
     }
 }
diff --git a/pkg/templates/aws/edges/iam_role-efs_file_system.yaml b/pkg/templates/aws/edges/iam_role-efs_file_system.yaml
@@ -0,0 +1,17 @@
+source: aws:iam_role
+target: aws:efs_file_system
+operational_rules:
+  - configuration_rules:
+      - resource: '{{ .Source }}'
+        configuration:
+          field: InlinePolicies
+          value:
+            - Name: '{{ .Target.Name }}-policy'
+              Policy:
+                Version: '2012-10-17'
+                Statement:
+                  - Action:
+                      - efs:Client*
+                    Effect: Allow
+                    Resource:
+                      - '{{ .Target  }}#Arn'
diff --git a/pkg/templates/aws/resources/ecs_task_definition.yaml b/pkg/templates/aws/resources/ecs_task_definition.yaml
@@ -11,7 +11,7 @@ properties:
             - aws:ecr_image:{{ .Self.Name }}-image
           unique: true
   MountPoints:
-    type: list
+    type: set
     properties:
       ContainerPath:
         type: string
@@ -57,7 +57,7 @@ properties:
     type: string
     default_value: awsvpc
   PortMappings:
-    type: list
+    type: set
     default_value:
       - ContainerPort: 80
         HostPort: 80
@@ -74,7 +74,7 @@ properties:
     default_value:
       - FARGATE
   EfsVolumes:
-    type: list
+    type: set
     properties:
       Name:
         type: string

diff --git a/pkg/templates/aws/resources/efs_file_system.yaml b/pkg/templates/aws/resources/efs_file_system.yaml
@@ -35,11 +35,16 @@ properties:
     type: string
     configuration_disabled: true
     deploy_time: true
+  Arn:
+    type: string
+    configuration_disabled: true
+    deploy_time: true
 
 path_satisfaction:
   as_target:
     - network
     - efs_access
+    - permissions
 
 classification:
   is:

diff --git a/pkg/templates/aws/resources/subnet.yaml b/pkg/templates/aws/resources/subnet.yaml
@@ -55,6 +55,10 @@ properties:
     type: bool
     default_value: false
 
+path_satisfaction:
+  as_source:
+    - network
+
 classification:
   is:
     - network