From 91d0168b121575c36dff749387b2d5b150f35550 Mon Sep 17 00:00:00 2001 From: pradeepbhadani Date: Tue, 2 Apr 2019 09:20:27 +0100 Subject: [PATCH] fixes #53, Add support to interact with private docker registry (#54) * fixes #53, Add support to interact with private Docker registry --- CHANGELOG.md | 1 + README.md | 3 ++- common.tf | 5 +++++ main.tf | 18 ++++++++++++++++++ templates/waggledance.json | 1 + variables.tf | 8 +++++++- version.tf | 6 +++--- 7 files changed, 37 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e6b1d4f..15a917a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) a ### Added - Improved error handling in scripts/endpoint_dns_name.sh - see [#17](https://github.com/ExpediaInc/apiary-federation/issues/17). +- Support for Docker private registry. ## [1.0.5] - 2019-03-12 diff --git a/README.md b/README.md index af59e49..22c6743 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ For more information please refer to the main [Apiary](https://github.com/Expedi | bastion_ssh_key_secret_name | Secret name in AWS Secrets Manager which stores the private key used to log in to bastions. The secret's key should be `private_key` and the value should be stored as a base64 encoded string. Max character limit for a secret's value is 4096. | string | `` | no | | cpu | The number of CPU units to reserve for the Waggle Dance container. Valid values can be 256, 512, 1024, 2048 and 4096. Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-cpu-memory-error.html | string | `1024` | no | | docker_image | Full path Waggle Dance Docker image. | string | - | yes | +| docker_registry_auth_secret_name | Docker Registry authentication SecretManager secret name. | string | `` | no | | docker_version | Waggle Dance Docker image version. | string | - | yes | | domain_extension | Domain name to use for Route 53 entry and service discovery. | string | `lcl` | no | | enable_remote_metastore_dns | Option to enable creating DNS records for remote metastores. | string | `` | no | @@ -24,7 +25,7 @@ For more information please refer to the main [Apiary](https://github.com/Expedi | primary_metastore_port | Primary Hive Metastore port | string | `9083` | no | | primary_metastore_whitelist | List of Hive databases to whitelist on primary Metastore. | list | `` | no | | remote_metastores | List of VPC endpoint services to federate Metastores in other accounts. | list | `` | no | -| secondary_vpcs | List of VPCs to associate with Service Discovery namespace | list | `` | no | +| secondary_vpcs | List of VPCs to associate with Service Discovery namespace. | list | `` | no | | ssh_metastores | List of federated Metastores to connect to over SSH via bastion. | list | `` | no | | subnets | ECS container subnets. | list | - | yes | | tags | A map of tags to apply to resources. | map | `` | no | diff --git a/common.tf b/common.tf index 76ce894..f638b0e 100644 --- a/common.tf +++ b/common.tf @@ -17,3 +17,8 @@ data "aws_secretsmanager_secret" "bastion_ssh_key" { count = "${ var.bastion_ssh_key_secret_name == "" ? 0 : 1}" name = "${var.bastion_ssh_key_secret_name}" } + +data "aws_secretsmanager_secret" "docker_registry" { + count = "${ var.docker_registry_auth_secret_name == "" ? 0 : 1 }" + name = "${ var.docker_registry_auth_secret_name }" +} diff --git a/main.tf b/main.tf index 429eb24..033d5c1 100644 --- a/main.tf +++ b/main.tf @@ -36,6 +36,23 @@ resource "aws_iam_role_policy_attachment" "task_exec_managed" { policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" } +resource "aws_iam_role_policy" "secretsmanager_for_ecs_task_exec" { + count = "${var.docker_registry_auth_secret_name == "" ? 0 : 1}" + name = "secretsmanager-exec" + role = "${aws_iam_role.waggledance_task_exec.id}" + + policy = <