From a11349f1dd1ed1b13dee45bb75b710e7a5899108 Mon Sep 17 00:00:00 2001 From: philmcmahon Date: Thu, 19 Dec 2024 15:20:07 +0000 Subject: [PATCH 1/3] Expose ecsruntask, taskdefinition and containerdefinition --- .changeset/wet-pillows-judge.md | 5 +++++ package.json | 2 +- .../ecs/__snapshots__/ecs-task.test.ts.snap | 4 ++-- src/constructs/ecs/ecs-task.ts | 18 +++++++++--------- 4 files changed, 17 insertions(+), 12 deletions(-) create mode 100644 .changeset/wet-pillows-judge.md diff --git a/.changeset/wet-pillows-judge.md b/.changeset/wet-pillows-judge.md new file mode 100644 index 0000000000..01a7a9eec0 --- /dev/null +++ b/.changeset/wet-pillows-judge.md @@ -0,0 +1,5 @@ +--- +"@guardian/cdk": minor +--- + +Expose taskDefinition, containerDefinition and task in ecsruntask diff --git a/package.json b/package.json index 4503822ca1..2eba93ac06 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "prettier:check": "prettier --check \"src/**/*.ts\"", "format": "prettier --write \"src/**/*.ts\"", "watch": "tsc -w", - "test": "jest --detectOpenHandles --runInBand", + "test": "jest -u --detectOpenHandles --runInBand", "test:custom-lint-rule": "eslint tools/eslint/rules/*.test.ts", "test:dev": "jest --detectOpenHandles --runInBand --watch", "prepare": "tsc", diff --git a/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap b/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap index aaa6ea5b4d..1f770f7ac5 100644 --- a/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap +++ b/src/constructs/ecs/__snapshots__/ecs-task.test.ts.snap @@ -480,7 +480,7 @@ exports[`The GuEcsTask pattern should create the correct resources with lots of }, "Memory": 1024, "Name": "test-ecs-task-ecs-test-TaskContainer", - "ReadonlyRootFilesystem": false, + "ReadonlyRootFilesystem": true, }, ], "Cpu": "1024", @@ -1192,7 +1192,7 @@ exports[`The GuEcsTask pattern should support overriding the subnets used by the }, "Memory": 1024, "Name": "test-ecs-task-ecs-test-TaskContainer", - "ReadonlyRootFilesystem": false, + "ReadonlyRootFilesystem": true, }, ], "Cpu": "1024", diff --git a/src/constructs/ecs/ecs-task.ts b/src/constructs/ecs/ecs-task.ts index 56fa1a7c79..83f355ca20 100644 --- a/src/constructs/ecs/ecs-task.ts +++ b/src/constructs/ecs/ecs-task.ts @@ -3,7 +3,7 @@ import { Alarm, TreatMissingData } from "aws-cdk-lib/aws-cloudwatch"; import { SnsAction } from "aws-cdk-lib/aws-cloudwatch-actions"; import type { ISecurityGroup, ISubnet, IVpc } from "aws-cdk-lib/aws-ec2"; import type { IRepository } from "aws-cdk-lib/aws-ecr"; -import type { RepositoryImageProps } from "aws-cdk-lib/aws-ecs"; +import type { ContainerDefinition, RepositoryImageProps } from "aws-cdk-lib/aws-ecs"; import { Cluster, Compatibility, @@ -128,11 +128,6 @@ export interface GuEcsTaskProps extends AppIdentity { * shoud set this value to `false`. */ enableDistributablePolicy?: boolean; - /** - * When this parameter is true, the container is given read-only access to its root file system. - * @default false - */ - readonlyRootFilesystem?: boolean; /** * If `true`, CloudWatch Container Insights will be enabled for the cluster * @default false @@ -164,7 +159,10 @@ const getContainer = (config: ContainerConfiguration) => { * */ export class GuEcsTask extends Construct { - stateMachine: StateMachine; + public readonly stateMachine: StateMachine; + public readonly taskDefinition: TaskDefinition; + public readonly containerDefinition: ContainerDefinition; + public readonly task: EcsRunTask; constructor(scope: GuStack, id: string, props: GuEcsTaskProps) { super(scope, id); @@ -186,7 +184,6 @@ export class GuEcsTask extends Construct { securityGroups = [], environmentOverrides, enableDistributablePolicy = true, - readonlyRootFilesystem = false, containerInsights = false, } = props; @@ -216,6 +213,7 @@ export class GuEcsTask extends Construct { operatingSystemFamily: OperatingSystemFamily.of("LINUX"), }, }); + this.taskDefinition = taskDefinition; const containerDefinition = taskDefinition.addContainer(`${id}-TaskContainer`, { image: getContainer(containerConfiguration), @@ -227,8 +225,9 @@ export class GuEcsTask extends Construct { streamPrefix: app, logRetention: 14, }), - readonlyRootFilesystem, + readonlyRootFilesystem: true, }); + this.containerDefinition = containerDefinition; if (enableDistributablePolicy) { const distPolicy = new GuGetDistributablePolicyStatement(scope, { app }); @@ -256,6 +255,7 @@ export class GuEcsTask extends Construct { }, ], }); + this.task = task; this.stateMachine = new StateMachine(scope, `${id}-StateMachine`, { definitionBody: DefinitionBody.fromChainable(task), From 179c5a7fd9bcd2c8dbd40065aca62df4a09e4e52 Mon Sep 17 00:00:00 2001 From: philmcmahon Date: Fri, 20 Dec 2024 12:18:26 +0000 Subject: [PATCH 2/3] revert change to package.json --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 2eba93ac06..4503822ca1 100644 --- a/package.json +++ b/package.json @@ -17,7 +17,7 @@ "prettier:check": "prettier --check \"src/**/*.ts\"", "format": "prettier --write \"src/**/*.ts\"", "watch": "tsc -w", - "test": "jest -u --detectOpenHandles --runInBand", + "test": "jest --detectOpenHandles --runInBand", "test:custom-lint-rule": "eslint tools/eslint/rules/*.test.ts", "test:dev": "jest --detectOpenHandles --runInBand --watch", "prepare": "tsc", From c9640056e2e6a5ad0f8dd3c70d71ec723e56a4ca Mon Sep 17 00:00:00 2001 From: Philip McMahon Date: Fri, 20 Dec 2024 14:13:44 +0000 Subject: [PATCH 3/3] Update .changeset/wet-pillows-judge.md Co-authored-by: Akash Askoolum --- .changeset/wet-pillows-judge.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/wet-pillows-judge.md b/.changeset/wet-pillows-judge.md index 01a7a9eec0..245def41b1 100644 --- a/.changeset/wet-pillows-judge.md +++ b/.changeset/wet-pillows-judge.md @@ -2,4 +2,4 @@ "@guardian/cdk": minor --- -Expose taskDefinition, containerDefinition and task in ecsruntask +Expose taskDefinition, containerDefinition and task in `GuEcsTask`