r/ecs_service: Add NetworkConfiguration

[atsushi-ishibashi]

Required: #2295
Closes #2294

make testacc TEST=./aws TESTARGS='-run=TestAccAWSEcsServiceWithNetworkConfiguration'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSEcsServiceWithNetworkConfiguration -timeout 120m
=== RUN   TestAccAWSEcsServiceWithNetworkConfiguration
--- PASS: TestAccAWSEcsServiceWithNetworkConfiguration (133.20s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	133.427s

[atsushi-ishibashi]

ae5992c#diff-51a2b869d60207ffb83c18f0daef501dR56
To solve the below error.

=== RUN   TestAccAWSEcsServiceWithNetworkConfiguration
--- FAIL: TestAccAWSEcsServiceWithNetworkConfiguration (133.10s)
	testing.go:503: Step 0 error: After applying this step, the plan was not empty:
		
		DIFF:
		
		DESTROY/CREATE: aws_ecs_service.main
		  cluster:                                   "arn:aws:ecs:us-west-2:111111111111:cluster/tf-ecs-cluster-vb3a8" => "arn:aws:ecs:us-west-2:1111111111111:cluster/tf-ecs-cluster-vb3a8"
		  deployment_maximum_percent:                "200" => "200"
		  deployment_minimum_healthy_percent:        "100" => "100"
		  desired_count:                             "1" => "1"
		  iam_role:                                  "aws-service-role" => "" (forces new resource)
		  name:                                      "tf-ecs-service-vb3a8" => "tf-ecs-service-vb3a8"
		  network_configuration.#:                   "1" => "1"
		  network_configuration.0.security_groups.#: "2" => "2"
		  network_configuration.0.security_groups.0: "sg-5ad2dd27" => "sg-5ad2dd27"
		  network_configuration.0.security_groups.1: "sg-00d2dd7d" => "sg-00d2dd7d"
		  network_configuration.0.subnets.#:         "2" => "2"
		  network_configuration.0.subnets.0:         "subnet-a7dbb8ef" => "subnet-a7dbb8ef"
		  network_configuration.0.subnets.1:         "subnet-892b69ef" => "subnet-892b69ef"
		  task_definition:                           "arn:aws:ecs:us-west-2:111111111111:task-definition/mongodb:8" => "arn:aws:ecs:us-west-2:11111111111111:task-definition/mongodb:8"

[atsushi-ishibashi]

Add awsvpc to valid network modes of task definition.
ae5992c#diff-cca2f484af572d380d4255e649d57d1dR121

[FernandoMiguel]

any idea when this could be merged ?
We are waiting to have support for awsvpc in our infra.

thanks for the quick PR

[atsushi-ishibashi]

@radeksimko @Ninir It'd be great if you could review this PR:bow:
I'm eager to use this feature!

[atsushi-ishibashi]

This conflicts with #2483 so please review in advance:bow: @radeksimko @Ninir

[apricote]

The error message at https://github.com/atsushi-ishibashi/terraform-provider-aws/blob/703a7927ac3f2135845f248896b5a96fe4888df5/aws/resource_aws_ecs_task_definition.go#L126 is still missing awsvpc as a valid network mode.

// Current
errors = append(errors, fmt.Errorf("ECS Task Definition network_mode %q is invalid, must be `bridge`, `host` or `none`", value))
// Correct
errors = append(errors, fmt.Errorf("ECS Task Definition network_mode %q is invalid, must be `awsvpc`, `bridge`, `host` or `none`", value))

[radeksimko]

I left you some comments there, nothing too critical. The most important ones are about TypeList vs TypeSet.

I'm interested in getting this merged asap as there's high community interest in Fargate support, so I'd like to unblock that other PR. Let me know if you need any help here.

[radeksimko]

Any reason why we should silently fail here instead of returning error?

[radeksimko]

It's not necessarily a blocker for this PR, but I'm pondering with an idea of removing this validation completely as theoretically the list may grow again (knowing how complex and big the container networking "market" is). What do you think?

[atsushi-ishibashi]

In my opinion, it's better to prevent error as early as possible. When constructing state is better than when requesting API.
So I disagree with you.
Of course, I understood your concern but it won't release new network mode as soon as modifying codes coudn't follow it.

[atsushi-ishibashi]

My opinion comes from users' perspective but you have to consider maintainability more than me...
Finally I respect your decision👍

[radeksimko]

As the ordering of SGs is not significant shouldn't this field be TypeSet to avoid potential spurious diffs in case the list of SGs comes back in a different order from the API?

[radeksimko]

As the ordering of subnets is not significant shouldn't this field be TypeSet to avoid potential spurious diffs in case the list of subnets comes back in a different order from the API?

[atsushi-ishibashi]

@radeksimko Ok👍

make testacc TEST=./aws TESTARGS='-run=TestAccAWSEcsServiceWithNetworkConfiguration'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSEcsServiceWithNetworkConfiguration -timeout 120m
=== RUN   TestAccAWSEcsServiceWithNetworkConfiguration
--- PASS: TestAccAWSEcsServiceWithNetworkConfiguration (105.22s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	105.288s

[radeksimko]

Thanks, LGTM. 👍

[FernandoMiguel]

thanks @radeksimko and @atsushi-ishibashi

[ozbillwang]

@atsushi-ishibashi

The link is wrong, correct url is:

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html

[bflad]

The documentation has already been fixed in #2694

[ozbillwang]

ok, but it is still wrong, in fact, the link is https.

[atsushi-ishibashi]

@ozbillwang Sure. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!