-
-
Notifications
You must be signed in to change notification settings - Fork 555
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Replacing hack with track_latest task definition attribute #171
feat: Replacing hack with track_latest task definition attribute #171
Conversation
@bryantbiggs @antonbabenko I'm marking the PR as a draft because this functionality doesn't work as expected. details:
|
Wait, what do you mean by "default" tag? 😵💫 |
I guess it's obvious that I replaced the real names of my project with those values, including the image tag. Did you try to create a new task definition revision, deploy a service after the initial creation using Terraform, and then run |
@ivan-sukhomlyn I've been testing this functionality as well. It doesn't seem to work as expected, as Terraform still regards the resource as changed because the revision and thereby the arn has changed. I can force it to work as expected by adding a ignore_changes = [container_definitions] lifecycle block, but that has the consequence that changes to the container_definition will not be applied. Seems it's not possible to only ignore the image, since container_definitions is simply one big string. |
Yes, but which project? Is there some nice, minimal, but complete example to quickly reproduce the problem? Regarding the "default" tag - OK, also from what I see in your scenario, when you run So, actually, maybe there is nothing to reproduce, and it's just a misunderstanding.
But again, it works a bit differently; to have zero diff, you still have to match your resource config with the reality. @kaarejoergensen - so, you have the same |
@kaarejoergensen Yes, I think the single option to get an expected result of not tracking BTW the current hack implemented through the data source does its job because, in case of changes made by CI/CD, we just use the latest task definition and don't touch the |
There is at least one more: track_latest = true
image = data.aws_ecs_container_definition.this.image |
thanks! That's why I'm not sure that it's an acceptable solution for this module; it will cause a lot of questions from the community while trying to create resources from scratch with the module. |
Well, in the worst case, can't we wrap it into something like: variable "force_new_image" {
type = bool
default = true
# ...
}
variable "new_image" {
type = string
# ...
}
data "aws_ecs_container_definition" "this" {
count = var.force_new_image ? 0 : 1
# ...
}
locals {
current_image = data.aws_ecs_container_definition.this.image
image = var.force_new_image ? var.new_image : local.current_image
# ...
} |
would something like this work (haven't tried myself) coalesce(try(data.aws_ecs_container_definition.this.image, ""), "latest") |
And a design note - I think it would be much more user-friendly to hide both variable "external_image_deployment" {
type = bool
# ...
} Or at least via something like Because what is the desired behavior, actually? What was the original motivation behind all these workarounds, hack, issues and the recently merged PR? |
while that may be the most common use case, it will definitely raise issues around users not being able to make other changes since its the entire task definition thats ignored. so the variable |
This comment was marked as resolved.
This comment was marked as resolved.
I'm settings my image tag using this syntax : image = "${module.ecr.repository_url}:${data.aws_ecr_repository.this.most_recent_image_tags[0]}" It would be great to add the ability to turn on Did anyone come with news since the last discutions? |
@bolshakoff Hey! |
Hi @remiflament
yes, the current hacky approach provides the ability to use external tools during the CI/CD process and deploy new task definition revisions with an image tag without triggering Terraform. And one more possible method of resolving an issue is to use SSM parameters with an image tag updated by CI/CD while registering a new ECS task definition too. But I think the best solution, in that case, is to have an additional resource on the AWS provider side, with the possibility of ignoring only image changes by Terraform. Otherwise, all other methods (SSM parameters, ECR image data source, latest ECS task definition from data source) are just workarounds. Moreover, some people can use this module not only with ECR as a Docker registry but also with Dockerhub, Artifactory, etc., which eliminates the usage of only the ECR data source method as a replacement for the current behavior with tracking the latest task definition. |
@fextr yes, you're right 👍 For example, considering containers can be more than one at task definition. module "container_definition" {
# ...
image = try(data.aws_ecs_container_definition.this[each.key].image, each.value.image, var.container_definition_defaults.image, null)
# ...
}
locals {
create_task_definition = var.create && var.create_task_definition
task_definition = local.create_task_definition ? "${aws_ecs_task_definition.this[0].family}:${aws_ecs_task_definition.this[0].revision}" : var.task_definition_arn
}
data "aws_ecs_container_definition" "this" {
for_each = { for k, v in var.container_definitions : k => v if local.create_task_definition && try(v.create, true) }
task_definition = local.task_definition
container_name = try(each.value.name, each.key)
}
resource "aws_ecs_task_definition" "this" {
count = local.create_task_definition ? 1 : 0
# Convert map of maps to array of maps before JSON encoding
container_definitions = jsonencode([for k, v in module.container_definition : v.container_definition])
# ...
track_latest = true
} $ terraform validate
╷
│ Error: Cycle: module.container_definition (close), data.aws_ecs_container_definition.this, module.container_definition.var.image (expand), module.container_definition.local.definition (expand), module.container_definition.local.container_definition (expand), module.container_definition.output.container_definition (expand), aws_ecs_task_definition.this, local.task_definition (expand) |
@bryantbiggs @antonbabenko what do you think about this situation? Should we invest in using the Currently, task def revisions are tracked via data source for both module-managed and outside task definitions for the ECS service via the Personally, I would rather wait for a possible separate |
there is no rush to make a breaking change - if we make a breaking change, I'd love for it to be something really useful. I know the CI/CD story in ECS is not very smooth and a major pain point |
@fextr Good question! Indeed, the example you cite assumes that the container already exists. If I were to generalize it a bit, for a simple workflow with one image, I would probably go with something like this: variable "force_new_image" {
type = bool
description = "Force new image deployment"
default = false
}
data "aws_ecs_container_definition" "this" {
count = var.force_new_image ? 0 : 1
task_definition = local.task_definition_name
container_name = local.container_name
}
locals {
image = var.force_new_image ? var.new_image : data.aws_ecs_container_definition.this.0.image
} With
|
This PR has been automatically marked as stale because it has been open 30 days |
This PR was automatically closed because of stale in 10 days |
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
Description
Replacing calculation of the latest ECS task definition revision using the
track_latest
task definition resource attribute.Motivation and Context
Resolving #164
Breaking Changes
Yes, the minimal AWS provider version is
>=5.37
How Has This Been Tested?
examples/*
to demonstrate and validate my change(s)examples/*
projectspre-commit run -a
on my pull request