Closed thorfi closed 10 months ago
Hi @JohnPreston - I don't have a fix for this one, but if you are busy and can point me at the right files where the Environment substitution might be happening, I can sort it.
@JohnPreston Hm, I sent a PR for a bit of a dirty hack - feel free to reject in favour of pointing out a better way to fix :-)
@JohnPreston Hm, I sent a PR for a bit of a dirty hack - feel free to reject in favour of pointing out a better way to fix :-)
Thanks for this again. The issue comes from your secret name POSTGRES_PASSWORD
being the same as the env var that you want. To avoid that, from your compose sample, you need only to set VarName: POSTGRES_PASSWORD_ARN
and that will change the key of the environment variable
Environment:
- Name: POSTGRES_DB
Value: foo
- Name: POSTGRES_PASSWORD_ARN
Value:
Fn::Sub:
- arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretName}
- SecretName:
Fn::FindInMap:
- secrets
- POSTGRESPASSWORD
- Name
Secrets:
- Name: POSTGRES_PASSWORD
ValueFrom:
Fn::Sub:
- 'arn:${AWS::Partition}:secretsmanager:${AWS::Region}:${AWS::AccountId}:secret:${SecretName}:POSTGRES_PASSWORD::'
- SecretName:
Fn::FindInMap:
- secrets
- POSTGRESPASSWORD
- Name
I have long been thinking of automatically updating the value for VarName
if already found in the secrets
What do you think?
@JohnPreston Hm, I sent a PR for a bit of a dirty hack - feel free to reject in favour of pointing out a better way to fix :-)
Thanks for this again. The issue comes from your secret name
POSTGRES_PASSWORD
being the same as the env var that you want. To avoid that, from your compose sample, you need only to setVarName: POSTGRES_PASSWORD_ARN
and that will change the key of the environment variable
I don't have POSTGRES_PASSWORD environment set in my docker-compose.yml file at all - it's a duplicate being generated somehow during the ecs-composex render...
I have long been thinking of automatically updating the value for
VarName
if already found in thesecrets
What do you think?
As in, if there is an environment entry that's duplicated by a secrets entry, rename the Environment? I think it's probably a good idea, along with generating a warning message.
@JohnPreston OK, Environment renaming fix pushed
Thanks @thorfi
The POSTGRES_PASSWORD
is not defined in your env vars, but it is the name of your secret, which itself becomes an env var, hence why the VarName
overrides that.
ECS Task Definition has Environment variable and Secrets variable set.
CloudFormation crashes on the task sub-stack with:
To Reproduce Steps to reproduce the behavior:
Note:
fred/barney
is the secretsmanager secret id for a JSON secretGenerated CloudFormation Sub Stack postgres.yaml
The
Environment:
list has entries for theSecrets:
entries which should not be there. They are strangely also different to theSecrets:
entries.Expected behavior The ECS TaskDefinition should be created without Environment entries for the Secrets entries.
Logs N/A
Desktop (please complete the following information):