provider/aws: Add support for network_mode to `aws_ecs_task_definit…

…ion` (#8391) * provider/aws: Add support for `network_mode` to `aws_ecs_task_definition` Fixes #8281 ``` ``` make testacc TEST=./builtin/providers/aws TESTARGS='-run=TestAccAWSEcsTaskDefinition_' ==> Checking that code complies with gofmt requirements... /Users/stacko/Code/go/bin/stringer go generate $(go list ./... | grep -v /terraform/vendor/) 2016/08/22 18:12:20 Generated command/internal_plugin_list.go TF_ACC=1 go test ./builtin/providers/aws -v -run=TestAccAWSEcsTaskDefinition_ -timeout 120m === RUN TestAccAWSEcsTaskDefinition_basic --- PASS: TestAccAWSEcsTaskDefinition_basic (29.02s) === RUN TestAccAWSEcsTaskDefinition_withScratchVolume --- PASS: TestAccAWSEcsTaskDefinition_withScratchVolume (16.75s) === RUN TestAccAWSEcsTaskDefinition_withEcsService --- PASS: TestAccAWSEcsTaskDefinition_withEcsService (147.77s) === RUN TestAccAWSEcsTaskDefinition_withTaskRoleArn --- PASS: TestAccAWSEcsTaskDefinition_withTaskRoleArn (19.49s) === RUN TestAccAWSEcsTaskDefinition_withNetworkMode --- PASS: TestAccAWSEcsTaskDefinition_withNetworkMode (19.52s) PASS ok github.com/hashicorp/terraform/builtin/providers/aws 232.588 * Update resource_aws_ecs_task_definition.go * Update ecs_task_definition.html.markdown
hashicorp · Aug 23, 2016 · 2f936ea · 2f936ea
1 parent db5091a
commit 2f936ea
Show file tree

Hide file tree

Showing 3 changed files with 137 additions and 1 deletion.
diff --git a/builtin/providers/aws/resource_aws_ecs_task_definition.go b/builtin/providers/aws/resource_aws_ecs_task_definition.go
@@ -6,6 +6,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"log"
+	"strings"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ecs"
@@ -52,6 +53,14 @@ func resourceAwsEcsTaskDefinition() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"network_mode": &schema.Schema{
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ForceNew:     true,
+				ValidateFunc: validateAwsEcsTaskDefinitionNetworkMode,
+			},
+
 			"volume": &schema.Schema{
 				Type:     schema.TypeSet,
 				Optional: true,
@@ -75,6 +84,20 @@ func resourceAwsEcsTaskDefinition() *schema.Resource {
 	}
 }
 
+func validateAwsEcsTaskDefinitionNetworkMode(v interface{}, k string) (ws []string, errors []error) {
+	value := strings.ToLower(v.(string))
+	validTypes := map[string]struct{}{
+		"bridge": struct{}{},
+		"host":   struct{}{},
+		"none":   struct{}{},
+	}
+
+	if _, ok := validTypes[value]; !ok {
+		errors = append(errors, fmt.Errorf("ECS Task Definition network_mode %q is invalid, must be `bridge`, `host` or `none`", value))
+	}
+	return
+}
+
 func resourceAwsEcsTaskDefinitionCreate(d *schema.ResourceData, meta interface{}) error {
 	conn := meta.(*AWSClient).ecsconn
 
@@ -93,6 +116,10 @@ func resourceAwsEcsTaskDefinitionCreate(d *schema.ResourceData, meta interface{}
 		input.TaskRoleArn = aws.String(v.(string))
 	}
 
+	if v, ok := d.GetOk("network_mode"); ok {
+		input.NetworkMode = aws.String(v.(string))
+	}
+
 	if v, ok := d.GetOk("volume"); ok {
 		volumes, err := expandEcsVolumes(v.(*schema.Set).List())
 		if err != nil {
@@ -138,6 +165,7 @@ func resourceAwsEcsTaskDefinitionRead(d *schema.ResourceData, meta interface{})
 	d.Set("revision", *taskDefinition.Revision)
 	d.Set("container_definitions", taskDefinition.ContainerDefinitions)
 	d.Set("task_role_arn", taskDefinition.TaskRoleArn)
+	d.Set("network_mode", taskDefinition.NetworkMode)
 	d.Set("volumes", flattenEcsVolumes(taskDefinition.Volumes))
 
 	return nil

diff --git a/builtin/providers/aws/resource_aws_ecs_task_definition_test.go b/builtin/providers/aws/resource_aws_ecs_task_definition_test.go
@@ -90,6 +90,49 @@ func TestAccAWSEcsTaskDefinition_withTaskRoleArn(t *testing.T) {
 	})
 }
 
+func TestAccAWSEcsTaskDefinition_withNetworkMode(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSEcsTaskDefinitionDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSEcsTaskDefinitionWithNetworkMode,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSEcsTaskDefinitionExists("aws_ecs_task_definition.sleep"),
+					resource.TestCheckResourceAttr(
+						"aws_ecs_task_definition.sleep", "network_mode", "bridge"),
+				),
+			},
+		},
+	})
+}
+
+func TestValidateAwsEcsTaskDefinitionNetworkMode(t *testing.T) {
+	validNames := []string{
+		"bridge",
+		"host",
+		"none",
+	}
+	for _, v := range validNames {
+		_, errors := validateAwsEcsTaskDefinitionNetworkMode(v, "network_mode")
+		if len(errors) != 0 {
+			t.Fatalf("%q should be a valid AWS ECS Task Definition Network Mode: %q", v, errors)
+		}
+	}
+
+	invalidNames := []string{
+		"bridged",
+		"-docker",
+	}
+	for _, v := range invalidNames {
+		_, errors := validateAwsEcsTaskDefinitionNetworkMode(v, "network_mode")
+		if len(errors) == 0 {
+			t.Fatalf("%q should be an invalid AWS ECS Task Definition Network Mode", v)
+		}
+	}
+}
+
 func testAccCheckAWSEcsTaskDefinitionDestroy(s *terraform.State) error {
 	conn := testAccProvider.Meta().(*AWSClient).ecsconn
 
@@ -261,6 +304,70 @@ TASK_DEFINITION
 }
 `
 
+var testAccAWSEcsTaskDefinitionWithNetworkMode = `
+resource "aws_iam_role" "role_test" {
+  name = "tf_old_name"
+  path = "/test/"
+  assume_role_policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": "sts:AssumeRole",
+      "Principal": {
+        "Service": "ec2.amazonaws.com"
+      },
+      "Effect": "Allow",
+      "Sid": ""
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy" "role_test" {
+  name = "role_update_test"
+  role = "${aws_iam_role.role_test.id}"
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:GetBucketLocation",
+        "s3:ListAllMyBuckets"
+      ],
+      "Resource": "arn:aws:s3:::*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_ecs_task_definition" "sleep" {
+  family = "terraform-acc-sc-volume-test-network-mode"
+  task_role_arn = "${aws_iam_role.role_test.arn}"
+  network_mode = "bridge"
+  container_definitions = <<TASK_DEFINITION
+[
+  {
+    "name": "sleep",
+    "image": "busybox",
+    "cpu": 10,
+    "command": ["sleep","360"],
+    "memory": 10,
+    "essential": true
+  }
+]
+TASK_DEFINITION
+
+  volume {
+    name = "database_scratch"
+  }
+}
+`
+
 var testAccAWSEcsTaskDefinitionWithEcsService = `
 resource "aws_ecs_cluster" "default" {
   name = "terraform-acc-test"

diff --git a/website/source/docs/providers/aws/r/ecs_task_definition.html.markdown b/website/source/docs/providers/aws/r/ecs_task_definition.html.markdown
@@ -52,7 +52,8 @@ The following arguments are supported:
 
 * `family` - (Required) The family, unique name for your task definition.
 * `container_definitions` - (Required) A list of container definitions in JSON format. See [AWS docs](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/create-task-definition.html) for syntax. Note, you only need the containerDefinitions array, not the parent hash including the family and volumes keys.
-* `task_role_arn` - (Optional) The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services. 
+* `task_role_arn` - (Optional) The ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.
+* `network_mode` - (Optional) The Docker networking mode to use for the containers in the task. The valid values are `none`, `bridge`, and `host`.
 * `volume` - (Optional) A volume block. Volumes documented below.
 
 Volumes support the following: