search

CircleCI-Public / aws-ecs-orb

An orb that simplifies deployment to Amazon's Elastic Container Service (ECS). Supports both EC2 and Fargate launch types.
https://circleci.com/orbs/registry/orb/circleci/aws-ecs
MIT License
51 stars 80 forks source link

commands/update-service does not pass the `profile-name` parameter to the `update-task-definition` step #176

Closed laurent-leconte closed 2 years ago

laurent-leconte commented 2 years ago

Orb version:

2.3.0 (although this should also be broken in 3.0.0 as the code is the same)

What happened:

Running the following job in Circle CI, with specific AWS credentials and a specific profile name:

      - aws-ecs/deploy-service-update:
          requires:
            - aws-ecr/build-and-push-image
          family: "production-backend-api"
          service-name: "production-backend-api-service"
          cluster-name: "production-backend-ecs-cluster"
          aws-access-key-id: "PROD_AWS_ACCESS_KEY_ID"
          aws-secret-access-key: "PROD_AWS_SECRET_ACCESS_KEY"
          profile-name: "default"

The pipeline fails at the step Retrieve previous task definition and prepare new task definition values with the following error:

An error occurred (ClientException) when calling the DescribeTaskDefinition operation: Unable to describe task definition.

For reference, the command log for this task (up to the command that throws the error) is:

#!/bin/bash -eo pipefail
set -o noglob

# These variables are evaluated so the config file may contain and pass in environment variables to the parameters.
ECS_PARAM_FAMILY=$(eval echo "$ECS_PARAM_FAMILY")
ECS_PARAM_CONTAINER_IMAGE_NAME_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_IMAGE_NAME_UPDATES")
ECS_PARAM_CONTAINER_ENV_VAR_UPDATES=$(eval echo "$ECS_PARAM_CONTAINER_ENV_VAR_UPDATES")
ECS_PARAM_PROFILE_NAME=$(eval echo "$ECS_PARAM_PROFILE_NAME")

if [ -n "${ECS_PARAM_PROFILE_NAME}" ]; then
    set -- "$@" --profile "${ECS_PARAM_PROFILE_NAME}"   
fi

if [ -z "${ECS_PARAM_PREVIOUS_REVISION}" ]; then
  ECS_TASK_DEFINITION_NAME="$ECS_PARAM_FAMILY"
else
  ECS_TASK_DEFINITION_NAME="$ECS_PARAM_FAMILY:$ECS_PARAM_PREVIOUS_REVISION_NUMBER"
fi

# shellcheck disable=SC2034
PREVIOUS_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition "${ECS_TASK_DEFINITION_NAME}" --include TAGS "$@")

(which is the content of src/scripts/get-prev-task.sh)

If I SSH into the machine, I can see that running aws ecs describe-task-definition --task-definition production-backend-api throws the same error, whereas aws ecs describe-task-definition --task-definition production-backend-api **--profile default** works as expected.

It turns out that the profile-name parameter is propagated from jobs/deploy-service-update to commands/update-service, but not to commands/update-task-definitions : in src/commands/update-service.yml, lines 164 to 167, the profile-name parameter is missing.

Note that removing the profile-name parameter would not fix this issue, for the reason originally described in issue #148 (which led to PR #155).

Expected behavior:

The profile-name parameter should be passed to the get-prev-task.sh task, so that the aws ecs describe-task-definition command gets called with the correct --profile parameter. This can be fixed by adding profile-name: << parameters.profile-name >> to the invocation of commands/update-task-definitions in update-service.yml

Additional Information:

I can share more details about the failed job if necessary, but it's a private pipeline which I can't share directly in this issue.

I believe the fix I describe above should work, but I don't know how I can test it myself. If someone can provide guidance, I'll be happy to test the fix works and create a PR for it.

This issue is due to a slight oversight in PR #155 so perhaps @brivu would be the right person to address it.

brivu commented 2 years ago

Hey @laurent-leconte!

Great catch. Thanks for the nice details. I'm taking a look at this now and should have a release ready by Friday.

Thanks again! Brian