Add user, fix negative numbers (#28)

* Add user * Correctly parse quoted negative numbers * Add warning about using master branch `make readme` added this.
cloudposse · Apr 29, 2019 · d68dfa0 · d68dfa0
1 parent 6b8d87a
commit d68dfa0
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -44,6 +44,11 @@ We literally have [*hundreds of terraform modules*][terraform_modules] that are
 
 ## Usage
 
+
+**IMPORTANT:** The `master` branch is used in `source` just as an example. In your code, do not pin to `master` because there may be breaking changes between releases.
+Instead pin to the release tag (e.g. `?ref=tags/x.y.z`) of one of our [latest releases](https://github.com/cloudposse/terraform-aws-ecs-container-definition/releases).
+
+
 This module is meant to be used as output only, meaning it will be used to create outputs which are consumed as a parameter by Terraform resources or other modules.
 
 For complete examples, see
@@ -92,6 +97,7 @@ Available targets:
 | repository_credentials | Container repository credentials; required when using a private repo.  This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map | `<map>` | no |
 | secrets | The secrets to pass to the container. This is a list of maps | list | `<list>` | no |
 | ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list | `<list>` | no |
+| user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group | string | `` | no |
 | volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume). | list | `<list>` | no |
 | working_directory | The working directory to run commands inside the container | string | `` | no |
 

diff --git a/docs/terraform.md b/docs/terraform.md
@@ -22,6 +22,7 @@
 | repository_credentials | Container repository credentials; required when using a private repo.  This map currently supports a single key; "credentialsParameter", which should be the ARN of a Secrets Manager's secret holding the credentials | map | `<map>` | no |
 | secrets | The secrets to pass to the container. This is a list of maps | list | `<list>` | no |
 | ulimits | Container ulimit settings. This is a list of maps, where each map should contain "name", "hardLimit" and "softLimit" | list | `<list>` | no |
+| user | The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group | string | `` | no |
 | volumes_from | A list of VolumesFrom maps which contain "sourceContainer" (name of the container that has the volumes to mount) and "readOnly" (whether the container can write to the volume). | list | `<list>` | no |
 | working_directory | The working directory to run commands inside the container | string | `` | no |
 

diff --git a/main.tf b/main.tf
@@ -17,6 +17,7 @@ locals {
     repositoryCredentials  = "${var.repository_credentials}"
     links                  = "${var.links}"
     volumesFrom            = "${var.volumes_from}"
+    user                   = "${var.user}"
 
     portMappings = "${var.port_mappings}"
 

diff --git a/outputs.tf b/outputs.tf
@@ -10,7 +10,7 @@ locals {
   encoded_cpu                   = "${var.container_cpu > 0 ? var.container_cpu : "null"}"
   encoded_memory                = "${var.container_memory > 0 ? var.container_memory : "null"}"
   encoded_memory_reservation    = "${var.container_memory_reservation > 0 ? var.container_memory_reservation : "null"}"
-  encoded_container_definition  = "${replace(replace(replace(jsonencode(local.container_definition), "/(\\[\\]|\\[\"\"\\]|\"\"|{})/", "null"), "/\"(true|false)\"/", "$1"), "/\"([0-9]+\\.?[0-9]*)\"/", "$1")}"
+  encoded_container_definition  = "${replace(replace(replace(jsonencode(local.container_definition), "/(\\[\\]|\\[\"\"\\]|\"\"|{})/", "null"), "/\"(true|false)\"/", "$1"), "/\"(-?[0-9]+\\.?[0-9]*)\"/", "$1")}"
 
   json_with_environment        = "${replace(local.encoded_container_definition, "/\"environment_sentinel_value\"/", local.encoded_environment_variables)}"
   json_with_secrets            = "${replace(local.json_with_environment, "/\"secrets_sentinel_value\"/", local.encoded_secrets)}"

diff --git a/variables.tf b/variables.tf
@@ -143,3 +143,8 @@ variable "links" {
   description = "List of container names this container can communicate with without port mappings."
   default     = []
 }
+
+variable "user" {
+  description = "The user to run as inside the container. Can be any of these formats: user, user:group, uid, uid:gid, user:gid, uid:group"
+  default     = ""
+}