From 9d1e3ebc9aedb212379e63c70712e2b7f1e5f3c2 Mon Sep 17 00:00:00 2001 From: Hans Hasselberg Date: Wed, 18 Jan 2023 17:00:49 +0100 Subject: [PATCH 1/3] update mesh-task --- modules/hcp-ecs-client/services.tf | 37 +++++++++++++++++------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index b0a1df6..4d8aefb 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -1,6 +1,6 @@ module "acl-controller" { source = "hashicorp/consul-ecs/aws//modules/acl-controller" - version = "0.4.2" + version = "~> 0.5.0" log_configuration = { logDriver = "awslogs" @@ -56,11 +56,13 @@ resource "aws_iam_role" "frontend-execution-role" { module "frontend" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.5.0" family = "frontend" task_role = aws_iam_role.frontend-task-role + create_task_role = false execution_role = aws_iam_role.frontend-execution-role + create_execution_role = false container_definitions = [ { name = "frontend" @@ -109,6 +111,7 @@ module "frontend" { retry_join = var.client_retry_join consul_datacenter = var.datacenter + consul_http_addr = var.consul_url consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" tls = true @@ -116,8 +119,6 @@ module "frontend" { gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "frontend" { @@ -178,11 +179,13 @@ resource "aws_iam_role" "public-api-execution-role" { module "public-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.5.0" family = "public-api" task_role = aws_iam_role.public-api-task-role + create_task_role = false execution_role = aws_iam_role.public-api-execution-role + create_execution_role = false container_definitions = [ { name = "public-api" @@ -250,6 +253,7 @@ module "public-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter + consul_http_addr = var.consul_url consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" tls = true @@ -257,8 +261,6 @@ module "public-api" { gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "public-api" { @@ -319,11 +321,13 @@ resource "aws_iam_role" "payment-api-execution-role" { module "payment-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.5.0" family = "payment-api" task_role = aws_iam_role.payment-api-task-role + create_task_role = false execution_role = aws_iam_role.payment-api-execution-role + create_execution_role = false container_definitions = [ { name = "payment-api" @@ -364,6 +368,7 @@ module "payment-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter + consul_http_addr = var.consul_url consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" tls = true @@ -371,8 +376,6 @@ module "payment-api" { gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "payment-api" { @@ -427,11 +430,13 @@ resource "aws_iam_role" "product-api-execution-role" { module "product-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.5.0" family = "product-api" task_role = aws_iam_role.product-api-task-role + create_task_role = false execution_role = aws_iam_role.product-api-execution-role + create_execution_role = false container_definitions = [ { name = "product-api" @@ -489,6 +494,7 @@ module "product-api" { retry_join = var.client_retry_join consul_datacenter = var.datacenter + consul_http_addr = var.consul_url consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" tls = true @@ -496,8 +502,6 @@ module "product-api" { gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-api" { @@ -552,11 +556,13 @@ resource "aws_iam_role" "product-db-execution-role" { module "product-db" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" - version = "~> 0.3.0" + version = "~> 0.5.0" family = "product-db" task_role = aws_iam_role.product-db-task-role + create_task_role = false execution_role = aws_iam_role.product-db-execution-role + create_execution_role = false container_definitions = [ { name = "product-db" @@ -611,6 +617,7 @@ module "product-db" { retry_join = var.client_retry_join consul_datacenter = var.datacenter + consul_http_addr = var.consul_url consul_image = "public.ecr.aws/hashicorp/consul:${var.consul_version}" tls = true @@ -618,8 +625,6 @@ module "product-db" { gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn acls = true - consul_client_token_secret_arn = module.acl-controller.client_token_secret_arn - acl_secret_name_prefix = local.secret_prefix } resource "aws_ecs_service" "product-db" { From 8b77d8186a2f79bcdeaebdf9baeb9ee7976cf883 Mon Sep 17 00:00:00 2001 From: Hans Hasselberg Date: Wed, 18 Jan 2023 17:03:12 +0100 Subject: [PATCH 2/3] make --- modules/hcp-ecs-client/services.tf | 50 +++++++++++++++--------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index 4d8aefb..2a87153 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -58,10 +58,10 @@ module "frontend" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "~> 0.5.0" - family = "frontend" - task_role = aws_iam_role.frontend-task-role - create_task_role = false - execution_role = aws_iam_role.frontend-execution-role + family = "frontend" + task_role = aws_iam_role.frontend-task-role + create_task_role = false + execution_role = aws_iam_role.frontend-execution-role create_execution_role = false container_definitions = [ { @@ -118,7 +118,7 @@ module "frontend" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - acls = true + acls = true } resource "aws_ecs_service" "frontend" { @@ -181,10 +181,10 @@ module "public-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "~> 0.5.0" - family = "public-api" - task_role = aws_iam_role.public-api-task-role - create_task_role = false - execution_role = aws_iam_role.public-api-execution-role + family = "public-api" + task_role = aws_iam_role.public-api-task-role + create_task_role = false + execution_role = aws_iam_role.public-api-execution-role create_execution_role = false container_definitions = [ { @@ -260,7 +260,7 @@ module "public-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - acls = true + acls = true } resource "aws_ecs_service" "public-api" { @@ -323,10 +323,10 @@ module "payment-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "~> 0.5.0" - family = "payment-api" - task_role = aws_iam_role.payment-api-task-role - create_task_role = false - execution_role = aws_iam_role.payment-api-execution-role + family = "payment-api" + task_role = aws_iam_role.payment-api-task-role + create_task_role = false + execution_role = aws_iam_role.payment-api-execution-role create_execution_role = false container_definitions = [ { @@ -375,7 +375,7 @@ module "payment-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - acls = true + acls = true } resource "aws_ecs_service" "payment-api" { @@ -432,10 +432,10 @@ module "product-api" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "~> 0.5.0" - family = "product-api" - task_role = aws_iam_role.product-api-task-role - create_task_role = false - execution_role = aws_iam_role.product-api-execution-role + family = "product-api" + task_role = aws_iam_role.product-api-task-role + create_task_role = false + execution_role = aws_iam_role.product-api-execution-role create_execution_role = false container_definitions = [ { @@ -501,7 +501,7 @@ module "product-api" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - acls = true + acls = true } resource "aws_ecs_service" "product-api" { @@ -558,10 +558,10 @@ module "product-db" { source = "hashicorp/consul-ecs/aws//modules/mesh-task" version = "~> 0.5.0" - family = "product-db" - task_role = aws_iam_role.product-db-task-role - create_task_role = false - execution_role = aws_iam_role.product-db-execution-role + family = "product-db" + task_role = aws_iam_role.product-db-task-role + create_task_role = false + execution_role = aws_iam_role.product-db-execution-role create_execution_role = false container_definitions = [ { @@ -624,7 +624,7 @@ module "product-db" { consul_server_ca_cert_arn = aws_secretsmanager_secret.ca_cert.arn gossip_key_secret_arn = aws_secretsmanager_secret.gossip_key.arn - acls = true + acls = true } resource "aws_ecs_service" "product-db" { From 2344eb3e7eb167b927f0229e1d76b9a1f1b76f44 Mon Sep 17 00:00:00 2001 From: Hans Hasselberg Date: Thu, 19 Jan 2023 12:00:28 +0100 Subject: [PATCH 3/3] rename secret_prefix to prefix --- modules/hcp-ecs-client/loadbalancer.tf | 6 +++--- modules/hcp-ecs-client/main.tf | 12 ++++++------ modules/hcp-ecs-client/services.tf | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/hcp-ecs-client/loadbalancer.tf b/modules/hcp-ecs-client/loadbalancer.tf index 0190558..7c3fedb 100644 --- a/modules/hcp-ecs-client/loadbalancer.tf +++ b/modules/hcp-ecs-client/loadbalancer.tf @@ -1,5 +1,5 @@ resource "aws_lb" "ingress" { - name = "${local.secret_prefix}-ingress" + name = "${local.prefix}-ingress" internal = false load_balancer_type = "application" security_groups = [var.security_group_id] @@ -7,7 +7,7 @@ resource "aws_lb" "ingress" { } resource "aws_lb_target_group" "frontend" { - name = "${local.secret_prefix}-frontend" + name = "${local.prefix}-frontend" port = local.frontend_port protocol = "HTTP" vpc_id = var.vpc_id @@ -16,7 +16,7 @@ resource "aws_lb_target_group" "frontend" { } resource "aws_lb_target_group" "public-api" { - name = "${local.secret_prefix}-api" + name = "${local.prefix}-api" port = local.public_api_port protocol = "HTTP" vpc_id = var.vpc_id diff --git a/modules/hcp-ecs-client/main.tf b/modules/hcp-ecs-client/main.tf index d191682..638fbf8 100644 --- a/modules/hcp-ecs-client/main.tf +++ b/modules/hcp-ecs-client/main.tf @@ -1,6 +1,6 @@ locals { - secret_prefix = random_id.id.dec - scope = random_id.id.dec + prefix = random_id.id.dec + scope = random_id.id.dec lb_port = 80 frontend_port = 3000 @@ -49,7 +49,7 @@ resource "random_id" "id" { } resource "aws_secretsmanager_secret" "bootstrap_token" { - name = "${local.secret_prefix}-bootstrap-token" + name = "${local.prefix}-bootstrap-token" recovery_window_in_days = 0 } @@ -59,7 +59,7 @@ resource "aws_secretsmanager_secret_version" "bootstrap_token" { } resource "aws_secretsmanager_secret" "ca_cert" { - name = "${local.secret_prefix}-client-ca-cert" + name = "${local.prefix}-client-ca-cert" recovery_window_in_days = 0 } @@ -69,7 +69,7 @@ resource "aws_secretsmanager_secret_version" "ca_cert" { } resource "aws_secretsmanager_secret" "gossip_key" { - name = "${local.secret_prefix}-gossip-encryption-key" + name = "${local.prefix}-gossip-encryption-key" recovery_window_in_days = 0 } @@ -79,5 +79,5 @@ resource "aws_secretsmanager_secret_version" "gossip_key" { } resource "aws_cloudwatch_log_group" "log_group" { - name = "${local.secret_prefix}-ecs-client" + name = "${local.prefix}-ecs-client" } diff --git a/modules/hcp-ecs-client/services.tf b/modules/hcp-ecs-client/services.tf index 2a87153..8dff2d3 100644 --- a/modules/hcp-ecs-client/services.tf +++ b/modules/hcp-ecs-client/services.tf @@ -17,7 +17,7 @@ module "acl-controller" { region = var.region subnets = var.private_subnet_ids - name_prefix = local.secret_prefix + name_prefix = local.prefix } resource "aws_iam_role" "frontend-task-role" {