feat(sidecar): add env vars and secrets

aws · Nov 25, 2020 · 1a5c46e · 1a5c46e
1 parent ce836bd
commit 1a5c46e
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 13 deletions.
diff --git a/e2e/sidecars/nginx/nginx.conf b/e2e/sidecars/nginx/nginx.conf
@@ -10,7 +10,7 @@ http {
   gzip_min_length 1000;
 
   server {
-    listen 80;
+    listen ${NGINX_PORT};
 
     # Nginx will reject anything not matching /api
     location /api {

diff --git a/e2e/sidecars/sidecars_test.go b/e2e/sidecars/sidecars_test.go
@@ -49,14 +49,18 @@ sidecars:
   nginx:
     port: 80
     image: %s    # Image URL for sidecar container.
+    variables:
+      NGINX_PORT: %s
 logging:
   destination:
     Name: cloudwatch
-    region: us-west-2
+    region: us-east-1
     log_group_name: /copilot/%s
     log_stream_prefix: copilot/
 `
 
+const nginxPort = "80"
+
 var _ = Describe("sidecars flow", func() {
 	Context("when creating a new app", func() {
 		var (
@@ -170,7 +174,7 @@ var _ = Describe("sidecars flow", func() {
 		var newManifest string
 		It("overwrite existing manifest", func() {
 			logGroupName := fmt.Sprintf("%s-test-%s", appName, svcName)
-			newManifest = fmt.Sprintf(manifest, sidecarImageURI, logGroupName)
+			newManifest = fmt.Sprintf(manifest, sidecarImageURI, nginxPort, logGroupName)
 			err := ioutil.WriteFile("./copilot/hello/manifest.yml", []byte(newManifest), 0644)
 			Expect(err).NotTo(HaveOccurred(), "overwrite manifest")
 		})

diff --git a/internal/pkg/manifest/workload.go b/internal/pkg/manifest/workload.go
@@ -234,16 +234,20 @@ func (s *Sidecar) Options() ([]*template.SidecarOpts, error) {
 			Port:       port,
 			Protocol:   protocol,
 			CredsParam: config.CredsParam,
+			Secrets:    config.Secrets,
+			Variables:  config.Variables,
 		})
 	}
 	return sidecars, nil
 }
 
 // SidecarConfig represents the configurable options for setting up a sidecar container.
 type SidecarConfig struct {
-	Port       *string `yaml:"port"`
-	Image      *string `yaml:"image"`
-	CredsParam *string `yaml:"credentialsParameter"`
+	Port       *string           `yaml:"port"`
+	Image      *string           `yaml:"image"`
+	CredsParam *string           `yaml:"credentialsParameter"`
+	Variables  map[string]string `yaml:"variables"`
+	Secrets    map[string]string `yaml:"secrets"`
 }
 
 // Valid sidecar portMapping example: 2000/udp, or 2000 (default to be tcp).

diff --git a/internal/pkg/manifest/workload_test.go b/internal/pkg/manifest/workload_test.go
@@ -213,6 +213,9 @@ func TestBuildConfig(t *testing.T) {
 }
 
 func TestSidecar_Options(t *testing.T) {
+	mockImage := aws.String("mockImage")
+	mockMap := map[string]string{"foo": "bar"}
+	mockCredsParam := aws.String("mockCredsParam")
 	testCases := map[string]struct {
 		inPort string
 
@@ -228,15 +231,25 @@ func TestSidecar_Options(t *testing.T) {
 			inPort: "2000",
 
 			wanted: &template.SidecarOpts{
-				Port: aws.String("2000"),
+				Name:       aws.String("foo"),
+				Port:       aws.String("2000"),
+				CredsParam: mockCredsParam,
+				Image:      mockImage,
+				Secrets:    mockMap,
+				Variables:  mockMap,
 			},
 		},
 		"good port with protocol": {
 			inPort: "2000/udp",
 
 			wanted: &template.SidecarOpts{
-				Port:     aws.String("2000"),
-				Protocol: aws.String("udp"),
+				Name:       aws.String("foo"),
+				Port:       aws.String("2000"),
+				Protocol:   aws.String("udp"),
+				CredsParam: mockCredsParam,
+				Image:      mockImage,
+				Secrets:    mockMap,
+				Variables:  mockMap,
 			},
 		},
 	}
@@ -245,8 +258,10 @@ func TestSidecar_Options(t *testing.T) {
 			sidecar := Sidecar{
 				Sidecars: map[string]*SidecarConfig{
 					"foo": {
-						CredsParam: aws.String("mockCredsParam"),
-						Image:      aws.String("mockImage"),
+						CredsParam: mockCredsParam,
+						Image:      mockImage,
+						Secrets:    mockMap,
+						Variables:  mockMap,
 						Port:       aws.String(tc.inPort),
 					},
 				},
@@ -257,8 +272,7 @@ func TestSidecar_Options(t *testing.T) {
 				require.EqualError(t, err, tc.wantedErr.Error())
 			} else {
 				require.NoError(t, err)
-				require.Equal(t, got[0].Port, tc.wanted.Port)
-				require.Equal(t, got[0].Protocol, tc.wanted.Protocol)
+				require.Equal(t, got[0], tc.wanted)
 			}
 		})
 	}

diff --git a/internal/pkg/template/workload.go b/internal/pkg/template/workload.go
@@ -68,6 +68,8 @@ type SidecarOpts struct {
 	Port       *string
 	Protocol   *string
 	CredsParam *string
+	Variables  map[string]string
+	Secrets    map[string]string
 }
 
 // LogConfigOpts holds configuration that's needed if the service is configured with Firelens to route

diff --git a/templates/workloads/common/cf/sidecars.yml b/templates/workloads/common/cf/sidecars.yml
@@ -17,6 +17,16 @@
   PortMappings:
     - ContainerPort: {{$sidecar.Port}}{{if $sidecar.Protocol}}
       Protocol: {{$sidecar.Protocol}}{{end}}{{end}}
+{{- if $sidecar.Variables}}
+  Environment:
+{{- range $name, $value := $sidecar.Variables}}
+  - Name: {{$name}}
+    Value: {{$value | printf "%q"}}{{end}}{{end}}
+{{- if $sidecar.Secrets}}
+  Secrets:
+{{- range $name, $valueFrom := $sidecar.Secrets}}
+  - Name: {{$name}}
+    ValueFrom: {{$valueFrom}}{{end}}{{end}}
   LogConfiguration:
     LogDriver: awslogs
     Options: