Summary
re #808 -
this doesnt cover all of the possible valid ARN formats for secrets:
arn:aws:secretsmanager:us-east-1:11111111111:secret:alpha/efe/local::: (1, 2, or 3 :)
arn:aws:secretsmanager:us-east-1:11111111111:parameter/TEST_DB_PASSWORD:: (1 or 2 :)
(in both arn service name formats, obviously)
the tests in https://github.com/efekarakus/amazon-ecs-cli/blob/6d2b2a62dde166269e6d540133581a8842929ccd/ecs-cli/modules/cli/local/secrets/secrets_test.go#L48 don't include these.
these are valid to ECS when it consumes the TD.
I haven't dug further than this - but I suspect the version-id isn't supported, since it isnt in the tests.
a complete secretsmanager arn per https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html is
arn:aws:secretsmanager:region:aws_account_id:secret:secret-name:json-key:version-stage:version-id
Description
- Which specific command was run? (Example:
ecs-cli up --capability-iam --size 2 --launch-type EC2)
ecs-cli local up -f task_definition_external.json
- Which version of the CLI you are using? (Run:
ecs-cli --version)
brew installed 8/7/24:
ecs-cli version 1.21.0 (*UNKNOWN)```
* Which version of Go are you using? (Run: `go version`)
not installed
* What platform are you using to run ECS CLI commands? (E.g. Linux, macOS, Windows)
macos
```%% uname -a
Darwin BMI-105054.local 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:12:37 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6031 arm64
%% sw_vers -productVersion
14.4.1
Config files
- docker-compose.yml
- ecs-params.yml
- ~/.ecs/config
none of these exist
The td.json has:
"name": "JSON_KEY",
"valueFrom": "arn:aws:secretsmanager:us-east-1:11111111111:secret:name-dm1z8y:JSON_KEY::"
},
Expected Behavior
Observed Behavior
%% ecs-cli local up -f task_definition_external.json
...
failed to retrieve decrypted secret from arn:aws:secretsmanager:us-east-1:11111111111:secret:name-dm1z8y:JSON_KEY:: due to ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
status code: 400, request id: eed6b9b4-762c-4a98-9b17-846cd6c537bf: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
status code: 400, request id: eed6b9b4-762c-4a98-9b17-846cd6c537bf
Summary
re #808 -
this doesnt cover all of the possible valid ARN formats for secrets:
arn:aws:secretsmanager:us-east-1:11111111111:secret:alpha/efe/local::: (1, 2, or 3 :)
arn:aws:secretsmanager:us-east-1:11111111111:parameter/TEST_DB_PASSWORD:: (1 or 2 :)
(in both arn service name formats, obviously)
the tests in https://github.com/efekarakus/amazon-ecs-cli/blob/6d2b2a62dde166269e6d540133581a8842929ccd/ecs-cli/modules/cli/local/secrets/secrets_test.go#L48 don't include these.
these are valid to ECS when it consumes the TD.
I haven't dug further than this - but I suspect the version-id isn't supported, since it isnt in the tests.
a complete secretsmanager arn per https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html is
arn:aws:secretsmanager:region:aws_account_id:secret:secret-name:json-key:version-stage:version-idDescription
ecs-cli up --capability-iam --size 2 --launch-type EC2)ecs-cli local up -f task_definition_external.jsonecs-cli --version)brew installed 8/7/24:
Config files
none of these exist
The td.json has:
Expected Behavior
Observed Behavior