RubyGems - ciinabox-ecs - Versions diffs - 0.3.1.alpha.1622695860 → 0.3.1.alpha.1622698898 - Mend

ciinabox-ecs 0.3.1.alpha.1622695860 → 0.3.1.alpha.1622698898

Files changed (3) hide show

checksums.yaml +4 -4
data/templates/services/sonarqube.rb +87 -48
metadata +1 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1fba847852f3f33d382b88331f1e515c94d78deb4a8dbd94b11a2de6adfd128b
-  data.tar.gz: d6a046c17fc32c6ac67071e7046ba6bd469e73ffe6b2ae0612b80480d895d0e6
+  metadata.gz: 0abdb55ba421e1ca32b4863da34398e6b301cb1b8aa26c804f434603e540a18f
+  data.tar.gz: 19524b3f753dcea4077f0ac65f6af8848e711d410407afcee38776d989900c69
 SHA512:
-  metadata.gz: 1e3c27b8bff9b261fba646cb43eac0047f477fb67f4b604416aa644a9ccd26ae2a882546bd0a88a95e524e2b2d9d90389fa87f73c2271140a94360b956fea939
-  data.tar.gz: 2ae6ce0b9cf7bf880f8bcddbedb98067ed5b2f3cfc145072ca4734c19da76f12e1aebbfde1062aed751981099a3ee5611795c9eb6d3ea38b2a9a7f6ddace8dea
+  metadata.gz: 31b14e819855f75aa59569765c74777355dc409213c44a8dc85aba1148037df2d56b618ce90b72700092279d41a9afe6bdaf554e7af93115b46e81b54d736153
+  data.tar.gz: 72228109787271ddc4961c185af54dfce7810263b4931c9417641424982de4f562eeda8c099f80cbdd9997630e8b9aa4487b51f496765d2c23870c3e30f5cc3e

data/templates/services/sonarqube.rb CHANGED Viewed

@@ -17,6 +17,9 @@ if service
   memory = service['ContainerMemory'] || 2048
   cpu = service['ContainerCPU'] || 300
   container_port = service['InstancePort'] || 0
+  postgres_url_param_arn = service['PostgresUrlParamArn'] || nil
+  postgres_user_param_arn = service['PostgresUserParamArn'] || nil
+  postgres_password_param_arn = service['PostgresPasswordParamArn'] || nil
 end
 CloudFormation {
@@ -30,54 +33,70 @@ CloudFormation {
   Resource('SonarQubeTask') {
     Type "AWS::ECS::TaskDefinition"
-    Property('ContainerDefinitions', [
-      {
-        Name: 'sonarqube',
-        MemoryReservation: memory,
-        Cpu: cpu,
-        Image: image,
-        Environment: [
-          {
-            Name: 'VIRTUAL_HOST',
-            Value: "sonar.#{dns_domain}"
-          },
-          {
-            Name: 'VIRTUAL_PORT',
-            Value: '9000'
-          }
-        ],
-        Ulimits: [
-          {
-            Name: "nofile",
-            SoftLimit: 65536,
-            HardLimit: 65536
-          }
-        ],
-        Essential: true,
-        MountPoints: [
-          {
-            ContainerPath: '/etc/localtime',
-            SourceVolume: 'timezone',
-            ReadOnly: true
-          },
-          {
-            ContainerPath: '/opt/sonarqube/extensions',
-            SourceVolume: 'sonarqube_extensions',
-            ReadOnly: false
-          },
-          {
-            ContainerPath: '/opt/sonarqube/logs',
-            SourceVolume: 'sonarqube_logs',
-            ReadOnly: false
-          },
-          {
-            ContainerPath: '/opt/sonarqube/data',
-            SourceVolume: 'sonarqube_data',
-            ReadOnly: false
-          }
-        ]
-      }
-    ])
+    Property('ExecutionRoleArn', FnGetAtt('TaskExecutionRole', 'Arn'))
+    sonarqube_container_def = {
+      Name: 'sonarqube',
+      MemoryReservation: memory,
+      Cpu: cpu,
+      Image: image,
+      Environment: [
+        {
+          Name: 'VIRTUAL_HOST',
+          Value: "sonar.#{dns_domain}"
+        },
+        {
+          Name: 'VIRTUAL_PORT',
+          Value: '9000'
+        }
+      ],
+      Ulimits: [
+        {
+          Name: "nofile",
+          SoftLimit: 65536,
+          HardLimit: 65536
+        }
+      ],
+      Essential: true,
+      MountPoints: [
+        {
+          ContainerPath: '/etc/localtime',
+          SourceVolume: 'timezone',
+          ReadOnly: true
+        },
+        {
+          ContainerPath: '/opt/sonarqube/extensions',
+          SourceVolume: 'sonarqube_extensions',
+          ReadOnly: false
+        },
+        {
+          ContainerPath: '/opt/sonarqube/logs',
+          SourceVolume: 'sonarqube_logs',
+          ReadOnly: false
+        },
+        {
+          ContainerPath: '/opt/sonarqube/data',
+          SourceVolume: 'sonarqube_data',
+          ReadOnly: false
+        }
+      ]
+    }
+    if postgres_user_param_arn then
+      sonarqube_container_def[:Secrets] = [
+        {
+          Name: 'SONARQUBE_JDBC_URL',
+          ValueFrom: postgres_url_param_arn
+        },
+        {
+          Name: 'SONARQUBE_JDBC_USERNAME',
+          ValueFrom: postgres_user_param_arn
+        },
+        {
+          Name: 'SONARQUBE_JDBC_PASSWORD',
+          ValueFrom: postgres_password_param_arn
+        }
+      ]
+    end
+    Property('ContainerDefinitions', [sonarqube_container_def])
     Property('Volumes', [
       {
         Name: 'timezone',
@@ -112,6 +131,26 @@ CloudFormation {
     ])
   }
+  Resource('TaskExecutionRole') {
+    Type 'AWS::IAM::Role'
+    Property('AssumeRolePolicyDocument', {
+      "Version": "2012-10-17",
+      "Statement": [
+        {
+          "Effect": "Allow",
+          "Principal": {
+            "Service": "ecs-tasks.amazonaws.com"
+          },
+          "Action": "sts:AssumeRole"
+        }
+      ]
+    })
+    Property('ManagedPolicyArns', [
+      'arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess',
+      'arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy'
+    ])
+  }
   Resource('SonarQubeService') {
     Type 'AWS::ECS::Service'
     Property('Cluster', Ref('ECSCluster'))

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ciinabox-ecs
 version: !ruby/object:Gem::Version
-  version: 0.3.1.alpha.1622695860
+  version: 0.3.1.alpha.1622698898
 platform: ruby
 authors:
 - Base2Services