Redo: support pidMode and ipcMode in ECS Params. Addresses #667

aws · Nov 20, 2018 · d2ed28e · d2ed28e
1 parent 0c45d5f
commit d2ed28e
Show file tree

Hide file tree

Showing 6 changed files with 93 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -444,6 +444,8 @@ task_definition:
   task_size:                             // Required for running tasks with Fargate launch type
     cpu_limit: string
     mem_limit: string
+  pid_mode: string                            // Supported string values: task or host
+  ipc_mode: string                            // Supported string values: task, host, or none
   services:
     <service_name>:
       essential: boolean
@@ -533,6 +535,10 @@ Fields listed under `task_definition` correspond to fields that will be included
 
 * `task_size` Contains two fields, CPU and Memory. These fields are required for launching tasks with Fargate launch type. See [the documentation on ECS Task Definition Parameters](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) for more information.
 
+* `pid_mode` allows you to control the process namespace in which your containers run. Valid values are `task` or `host`. See the [ECS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_pidmode) for more information.
+
+* `ipc_mode` allows you to control the IPC resource namespace in which your containers run. Valid values are `task`, `host`, or `none`. See the [ECS documentation](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_definition_ipcmode) for more information.
+
 **Run Params**
 Fields listed under `run_params` are for values needed as options to API calls not related to a Task Definition, such as `compose up` (RunTask) and `compose service up` (CreateService).
 Currently, the only parameter supported under `run_params` is `network_configuration`. This is required to run tasks with [Task Networking](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html), as well as with Fargate launch type.

diff --git a/ecs-cli/modules/cli/compose/entity/entity_helper.go b/ecs-cli/modules/cli/compose/entity/entity_helper.go
@@ -123,6 +123,8 @@ func createRegisterTaskDefinitionRequest(taskDefinition *ecs.TaskDefinition) *ec
 		TaskRoleArn:             taskDefinition.TaskRoleArn,
 		RequiresCompatibilities: taskDefinition.RequiresCompatibilities,
 		ExecutionRoleArn:        taskDefinition.ExecutionRoleArn,
+		PidMode:                 taskDefinition.PidMode,
+		IpcMode:                 taskDefinition.IpcMode,
 	}
 
 	if networkMode := taskDefinition.NetworkMode; aws.StringValue(networkMode) != "" {

diff --git a/ecs-cli/modules/utils/compose/convert_task_definition.go b/ecs-cli/modules/utils/compose/convert_task_definition.go
@@ -34,6 +34,8 @@ type TaskDefParams struct {
 	taskRoleArn      string
 	cpu              string
 	memory           string
+	pidMode          string
+	ipcMode          string
 	containerDefs    ContainerDefs
 	executionRoleArn string
 }
@@ -123,6 +125,7 @@ func ConvertToTaskDefinition(params ConvertTaskDefParams) (*ecs.TaskDefinition,
 		}
 	}
 
+	// Note: this is later converted into an ecs.RegisterTaskDefinitionInput in entity_helper.go
 	taskDefinition := &ecs.TaskDefinition{
 		Family:               aws.String(params.TaskDefName),
 		ContainerDefinitions: containerDefinitions,
@@ -138,7 +141,12 @@ func ConvertToTaskDefinition(params ConvertTaskDefParams) (*ecs.TaskDefinition,
 	if params.RequiredCompatibilites != "" {
 		taskDefinition.RequiresCompatibilities = []*string{aws.String(params.RequiredCompatibilites)}
 	}
-
+	if taskDefParams.pidMode != "" {
+		taskDefinition.SetPidMode(taskDefParams.pidMode)
+	}
+	if taskDefParams.ipcMode != "" {
+		taskDefinition.SetIpcMode(taskDefParams.ipcMode)
+	}
 	return taskDefinition, nil
 }
 
@@ -449,6 +457,8 @@ func convertTaskDefParams(ecsParams *ECSParams) (params TaskDefParams, e error)
 	params.cpu = taskDef.TaskSize.Cpu
 	params.memory = taskDef.TaskSize.Memory
 	params.executionRoleArn = taskDef.ExecutionRole
+	params.ipcMode = taskDef.IPCMode
+	params.pidMode = taskDef.PIDMode
 
 	return params, nil
 }

diff --git a/ecs-cli/modules/utils/compose/convert_task_definition_test.go b/ecs-cli/modules/utils/compose/convert_task_definition_test.go
@@ -239,6 +239,9 @@ func TestConvertToTaskDefinition(t *testing.T) {
 	// verify task def fields
 	assert.Equal(t, taskRoleArn, aws.StringValue(taskDefinition.TaskRoleArn), "Expected taskRoleArn to match")
 	assert.Empty(t, taskDefinition.RequiresCompatibilities, "Did not expect RequiresCompatibilities to be set")
+	// PID and IPC should be unset
+	assert.Nil(t, taskDefinition.IpcMode, "Expected IpcMode to be nil")
+	assert.Nil(t, taskDefinition.PidMode, "Expected PidMode to be nil")
 
 	// verify container def fields
 	assert.Equal(t, aws.String(name), containerDef.Name, "Expected container def name to match")
@@ -432,6 +435,10 @@ task_definition:
 	taskDefinition, err := convertToTaskDefinitionForTest(t, containerConfigs, "", "", ecsParams, nil)
 
 	if assert.NoError(t, err) {
+		// PID and IPC should be unset
+		assert.Nil(t, taskDefinition.IpcMode, "Expected IpcMode to be nil")
+		assert.Nil(t, taskDefinition.PidMode, "Expected PidMode to be nil")
+
 		assert.Equal(t, "host", aws.StringValue(taskDefinition.NetworkMode), "Expected network mode to match")
 		assert.Equal(t, "arn:aws:iam::123456789012:role/my_role", aws.StringValue(taskDefinition.TaskRoleArn), "Expected task role ARN to match")
 
@@ -1201,6 +1208,43 @@ func TestMemReservationHigherThanMemLimit(t *testing.T) {
 	assert.EqualError(t, err, "mem_limit must be greater than mem_reservation")
 }
 
+func TestConvertToTaskDefinitionWithECSParams_PIDandIPC(t *testing.T) {
+	containerConfig := &adapter.ContainerConfig{
+		Name:  "web",
+		Image: "httpd",
+	}
+
+	ecsParamsString := `version: 1
+task_definition:
+  pid_mode: task
+  ipc_mode: host`
+
+	content := []byte(ecsParamsString)
+
+	tmpfile, err := ioutil.TempFile("", "ecs-params")
+	assert.NoError(t, err, "Could not create ecs params tempfile")
+
+	defer os.Remove(tmpfile.Name())
+
+	_, err = tmpfile.Write(content)
+	assert.NoError(t, err, "Could not write data to ecs params tempfile")
+
+	err = tmpfile.Close()
+	assert.NoError(t, err, "Could not close tempfile")
+
+	ecsParamsFileName := tmpfile.Name()
+	ecsParams, err := ReadECSParams(ecsParamsFileName)
+	assert.NoError(t, err, "Could not read ECS Params file")
+
+	containerConfigs := []adapter.ContainerConfig{*containerConfig}
+	taskDefinition, err := convertToTaskDefinitionForTest(t, containerConfigs, "", "", ecsParams, nil)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, "task", aws.StringValue(taskDefinition.PidMode))
+		assert.Equal(t, "host", aws.StringValue(taskDefinition.IpcMode))
+	}
+}
+
 func TestConvertToTaskDefinitionWithVolumes(t *testing.T) {
 	volumeConfigs := &adapter.Volumes{
 		VolumeWithHost: map[string]string{

diff --git a/ecs-cli/modules/utils/compose/ecs_params_reader.go b/ecs-cli/modules/utils/compose/ecs_params_reader.go
@@ -45,6 +45,8 @@ type ECSParams struct {
 type EcsTaskDef struct {
 	NetworkMode          string         `yaml:"ecs_network_mode"`
 	TaskRoleArn          string         `yaml:"task_role_arn"`
+	PIDMode              string         `yaml:"pid_mode"`
+	IPCMode              string         `yaml:"ipc_mode"`
 	ContainerDefinitions ContainerDefs  `yaml:"services"`
 	ExecutionRole        string         `yaml:"task_execution_role"`
 	TaskSize             TaskSize       `yaml:"task_size"` // Needed to run FARGATE tasks

diff --git a/ecs-cli/modules/utils/compose/ecs_params_reader_test.go b/ecs-cli/modules/utils/compose/ecs_params_reader_test.go
@@ -356,6 +356,34 @@ task_definition:
 	}
 }
 
+func TestReadECSParams_WithPIDandIPC(t *testing.T) {
+	ecsParamsString := `version: 1
+task_definition:
+  pid_mode: host
+  ipc_mode: task`
+
+	content := []byte(ecsParamsString)
+
+	tmpfile, err := ioutil.TempFile("", "ecs-params")
+	assert.NoError(t, err, "Could not create ecs-params tempfile")
+
+	ecsParamsFileName := tmpfile.Name()
+	defer os.Remove(ecsParamsFileName)
+
+	_, err = tmpfile.Write(content)
+	assert.NoError(t, err, "Could not write data to ecs-params tempfile")
+
+	err = tmpfile.Close()
+	assert.NoError(t, err, "Could not close tempfile")
+
+	ecsParams, err := ReadECSParams(ecsParamsFileName)
+
+	if assert.NoError(t, err) {
+		assert.Equal(t, "host", ecsParams.TaskDefinition.PIDMode, "Expected PIDMode to be set")
+		assert.Equal(t, "task", ecsParams.TaskDefinition.IPCMode, "Expected IPCMode to be set")
+	}
+}
+
 /** ConvertToECSNetworkConfiguration tests **/
 
 func TestConvertToECSNetworkConfiguration(t *testing.T) {