Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

local up with secretsmanager secrets doesnt support all valid arn formats #1169

Open
keen99 opened this issue Aug 7, 2024 · 0 comments
Open

local up with secretsmanager secrets doesnt support all valid arn formats #1169

keen99 opened this issue Aug 7, 2024 · 0 comments

Comments

@keen99
Copy link

keen99 commented Aug 7, 2024

Summary

re #808 -

this doesnt cover all of the possible valid ARN formats for secrets:

arn:aws:secretsmanager:us-east-1:11111111111:secret:alpha/efe/local::: (1, 2, or 3 :)
arn:aws:secretsmanager:us-east-1:11111111111:parameter/TEST_DB_PASSWORD:: (1 or 2 :)

(in both arn service name formats, obviously)

the tests in https://github.com/efekarakus/amazon-ecs-cli/blob/6d2b2a62dde166269e6d540133581a8842929ccd/ecs-cli/modules/cli/local/secrets/secrets_test.go#L48 don't include these.

these are valid to ECS when it consumes the TD.

I haven't dug further than this - but I suspect the version-id isn't supported, since it isnt in the tests.

a complete secretsmanager arn per https://docs.aws.amazon.com/AmazonECS/latest/developerguide/secrets-envvar-secrets-manager.html is

arn:aws:secretsmanager:region:aws_account_id:secret:secret-name:json-key:version-stage:version-id

Description

  • Which specific command was run? (Example: ecs-cli up --capability-iam --size 2 --launch-type EC2)
    ecs-cli local up -f task_definition_external.json
  • Which version of the CLI you are using? (Run: ecs-cli --version)
    brew installed 8/7/24:
ecs-cli version 1.21.0 (*UNKNOWN)```
* Which version of Go are you using? (Run: `go version`)
not installed
* What platform are you using to run ECS CLI commands? (E.g. Linux, macOS, Windows)
macos
```%% uname -a
Darwin BMI-105054.local 23.4.0 Darwin Kernel Version 23.4.0: Fri Mar 15 00:12:37 PDT 2024; root:xnu-10063.101.17~1/RELEASE_ARM64_T6031 arm64
%% sw_vers -productVersion
14.4.1

Config files

  • docker-compose.yml
  • ecs-params.yml
  • ~/.ecs/config
    none of these exist

The td.json has:

          "name": "JSON_KEY",
          "valueFrom": "arn:aws:secretsmanager:us-east-1:11111111111:secret:name-dm1z8y:JSON_KEY::"
        },

Expected Behavior

Observed Behavior

%% ecs-cli local up -f task_definition_external.json
...
failed to retrieve decrypted secret from arn:aws:secretsmanager:us-east-1:11111111111:secret:name-dm1z8y:JSON_KEY:: due to ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
	status code: 400, request id: eed6b9b4-762c-4a98-9b17-846cd6c537bf: ValidationException: Invalid name. Must be a valid name containing alphanumeric characters, or any of the following: -/_+=.@!
	status code: 400, request id: eed6b9b4-762c-4a98-9b17-846cd6c537bf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@keen99