Task execution role not set in new task revision
mhuebner opened this issue · 7 comments
mhuebner commented
When ecs-deloy creates a new revision of a taks the Task execution role is not set in the new revision of the task definition.
When i look into the ecs-deploy script it seems that the executionRoleArn is only set if Type is FARGATE and not EC2. It would be great when EC2 also had executionRoleArn set for the new task def!
mhuebner commented
Line 311 to 329 could be replaced with
# Default JQ filter for new task definition
NEW_DEF_JQ_FILTER="family: .family, volumes: .volumes, containerDefinitions: .containerDefinitions, placementConstraints: .placementConstraints"
# Some options in task definition should only be included in new definition if present in
# current definition. If found in current definition, append to JQ filter.
CONDITIONAL_OPTIONS=(networkMode taskRoleArn placementConstraints executionRoleArn requiresCompatibilities)
for i in "${CONDITIONAL_OPTIONS[@]}"; do
re=".*${i}.*"
if [[ "$DEF" =~ $re ]]; then
NEW_DEF_JQ_FILTER="${NEW_DEF_JQ_FILTER}, ${i}: .${i}"
fi
done
# Updated jq filters for AWS Fargate
REQUIRES_COMPATIBILITIES=$(echo "${DEF}" | jq -r '. | select(.requiresCompatibilities != null) | .requiresCompatibilities[]')
if [[ "${REQUIRES_COMPATIBILITIES}" == 'FARGATE' ]]; then
FARGATE_JQ_FILTER='cpu: .cpu, memory: .memory'
NEW_DEF_JQ_FILTER="${NEW_DEF_JQ_FILTER}, ${FARGATE_JQ_FILTER}"
fi
EC2 and FARGATE both have the same constraints but FARGATE needs to have cpu and memory set.
mhuebner commented
Relevant Specs must be refactored as well
mhuebner commented
Yeah, but merge seems to be blocked.
olivierto commented
+1 my CI is broken now that i'm using private registry auth in my task definitions :'(
abaranovv commented
+1 same case for private registry auth
fillup commented
This has been fixed and released as version 3.7.0.