Executor Improvements Part 01 (#71)

mpvgithub · web-flow · commit e962732c8bb6 · 2024-02-23T08:33:13.000-05:00
* generate random UUID for prefix variable

* Update CHANGELOG.md
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [UNRELEASED]
 
+### Added
+
+- Generate random UUID for prefix variable to avoid name conflicting deployed resources
+
 ## [0.33.0] - 2023-11-21
 
 ### Changed
diff --git a/covalent_ecs_plugin/assets/infra/iam.tf b/covalent_ecs_plugin/assets/infra/iam.tf
@@ -10,7 +10,7 @@ data "aws_iam_policy_document" "ecs_tasks_execution_role" {
 }
 
 resource "aws_iam_role" "ecs_tasks_execution_role" {
-  name               = "${var.prefix}-task-execution-role"
+  name               = "${local.prefix}-task-execution-role"
   assume_role_policy = data.aws_iam_policy_document.ecs_tasks_execution_role.json
 }
 
@@ -20,7 +20,7 @@ resource "aws_iam_role_policy_attachment" "ecs_tasks_execution_role" {
 }
 
 resource "aws_iam_role_policy" "task_policy" {
-  name = "${var.prefix}-task-policy"
+  name = "${local.prefix}-task-policy"
   role = aws_iam_role.task_role.id
 
   policy = jsonencode({
@@ -49,7 +49,7 @@ resource "aws_iam_role_policy" "task_policy" {
 }
 
 resource "aws_iam_role" "task_role" {
-  name = "${var.prefix}-task-role"
+  name = "${local.prefix}-task-role"
 
   assume_role_policy = jsonencode({
     "Version" : "2012-10-17",
diff --git a/covalent_ecs_plugin/assets/infra/main.tf b/covalent_ecs_plugin/assets/infra/main.tf
@@ -14,12 +14,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-provider "aws" {
-  region = var.aws_region
+provider "aws" {}
+
+data "aws_region" "current" {}
+
+resource "random_string" "default_prefix" {
+  length  = 9
+  upper   = false
+  special = false
+}
+
+locals {
+  prefix      = var.prefix == "" ? random_string.default_prefix.result : var.prefix
+  subnet_id   = var.subnet_id == "" ? aws_default_subnet.default.id : var.subnet_id
+  credentials = var.credentials == "" ? pathexpand("~/.aws/credentials") : var.credentials
+  profile     = var.profile == "" ? "default" : var.profile
+  region      = var.region == "" ? data.aws_region.current.name : var.region
 }
 
 resource "aws_s3_bucket" "bucket" {
-  bucket = "${var.prefix}-bucket"
+  bucket        = "${local.prefix}-bucket"
   force_destroy = true
 }
 
@@ -38,7 +52,7 @@ resource "aws_s3_bucket_acl" "bucket_acl" {
 }
 
 resource "aws_ecr_repository" "ecr_repository" {
-  name                 = "${var.prefix}-ecr-repo"
+  name                 = "${local.prefix}-ecr-repo"
   image_tag_mutability = "IMMUTABLE"
 
   force_delete = true
@@ -49,45 +63,45 @@ resource "aws_ecr_repository" "ecr_repository" {
 }
 
 resource "aws_cloudwatch_log_group" "log_group" {
-  name = "${var.prefix}-log-group"
+  name = "${local.prefix}-log-group"
 }
 
 resource "aws_ecs_cluster" "ecs_cluster" {
-  name = "${var.prefix}-ecs-cluster"
+  name = "${local.prefix}-ecs-cluster"
 
   configuration {
     execute_command_configuration {
-      logging    = "OVERRIDE"
+      logging = "OVERRIDE"
       log_configuration {
-        cloud_watch_log_group_name     = aws_cloudwatch_log_group.log_group.name
+        cloud_watch_log_group_name = aws_cloudwatch_log_group.log_group.name
       }
     }
   }
 }
 
 # Executor Covalent config section
-data template_file executor_config {
-  template = "${file("${path.module}/ecs.conf.tftpl")}"
+data "template_file" "executor_config" {
+  template = file("${path.module}/ecs.conf.tftpl")
 
   vars = {
-    credentials=var.credentials
-    profile=var.profile
-    region=var.aws_region
-    s3_bucket_name=aws_s3_bucket.bucket.id
-    ecs_cluster_name=aws_ecs_cluster.ecs_cluster.name
-    ecs_task_execution_role_name=aws_iam_role.ecs_tasks_execution_role.name
-    ecs_task_role_name=aws_iam_role.task_role.name
-    ecs_task_subnet_id=module.vpc.public_subnets[0]
-    ecs_task_security_group_id=aws_security_group.sg.id
-    ecs_task_log_group_name=aws_cloudwatch_log_group.log_group.name
-    vcpu=var.vcpus
-    memory=var.memory
-    cache_dir=var.cache_dir
-    poll_freq=var.poll_freq
+    credentials                  = var.credentials
+    profile                      = var.profile
+    region                       = var.region
+    s3_bucket_name               = aws_s3_bucket.bucket.id
+    ecs_cluster_name             = aws_ecs_cluster.ecs_cluster.name
+    ecs_task_execution_role_name = aws_iam_role.ecs_tasks_execution_role.name
+    ecs_task_role_name           = aws_iam_role.task_role.name
+    ecs_task_subnet_id           = module.vpc.public_subnets[0]
+    ecs_task_security_group_id   = aws_security_group.sg.id
+    ecs_task_log_group_name      = aws_cloudwatch_log_group.log_group.name
+    vcpu                         = var.vcpus
+    memory                       = var.memory
+    cache_dir                    = var.cache_dir
+    poll_freq                    = var.poll_freq
   }
 }
 
-resource local_file executor_config {
-  content = data.template_file.executor_config.rendered
+resource "local_file" "executor_config" {
+  content  = data.template_file.executor_config.rendered
   filename = "${path.module}/ecs.conf"
 }
diff --git a/covalent_ecs_plugin/assets/infra/networking.tf b/covalent_ecs_plugin/assets/infra/networking.tf
@@ -22,7 +22,7 @@ module "vpc" {
   name = "${var.prefix}-vpc"
   cidr = var.vpc_cidr
 
-  azs = ["${var.aws_region}a"]
+  azs = ["${var.region}a"]
 
   public_subnets = [
     cidrsubnet(var.vpc_cidr, 0, 0)
diff --git a/covalent_ecs_plugin/assets/infra/variables.tf b/covalent_ecs_plugin/assets/infra/variables.tf
@@ -15,11 +15,11 @@
 # limitations under the License.
 
 variable "prefix" {
-  default     = "covalent-ecs-ft"
+  default     = ""
   description = "Name used to prefix AWS resources"
 }
 
-variable "aws_region" {
+variable "region" {
   default     = "us-east-1"
   description = "Region in which Covalent is deployed"
 }

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@ data "aws_iam_policy_document" "ecs_tasks_execution_role" {`
`10`	`10`	`}`
`11`	`11`
`12`	`12`	`resource "aws_iam_role" "ecs_tasks_execution_role" {`
`13`		`- name = "${var.prefix}-task-execution-role"`
	`13`	`+ name = "${local.prefix}-task-execution-role"`
`14`	`14`	`assume_role_policy = data.aws_iam_policy_document.ecs_tasks_execution_role.json`
`15`	`15`	`}`
`16`	`16`
`@@ -20,7 +20,7 @@ resource "aws_iam_role_policy_attachment" "ecs_tasks_execution_role" {`
`20`	`20`	`}`
`21`	`21`
`22`	`22`	`resource "aws_iam_role_policy" "task_policy" {`
`23`		`- name = "${var.prefix}-task-policy"`
	`23`	`+ name = "${local.prefix}-task-policy"`
`24`	`24`	`role = aws_iam_role.task_role.id`
`25`	`25`
`26`	`26`	`policy = jsonencode({`
`@@ -49,7 +49,7 @@ resource "aws_iam_role_policy" "task_policy" {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`resource "aws_iam_role" "task_role" {`
`52`		`- name = "${var.prefix}-task-role"`
	`52`	`+ name = "${local.prefix}-task-role"`
`53`	`53`
`54`	`54`	`assume_role_policy = jsonencode({`
`55`	`55`	`"Version" : "2012-10-17",`
Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,11 @@`
`15`	`15`	`# limitations under the License.`
`16`	`16`
`17`	`17`	`variable "prefix" {`
`18`		`- default = "covalent-ecs-ft"`
	`18`	`+ default = ""`
`19`	`19`	`description = "Name used to prefix AWS resources"`
`20`	`20`	`}`
`21`	`21`
`22`		`-variable "aws_region" {`
	`22`	`+variable "region" {`
`23`	`23`	`default = "us-east-1"`
`24`	`24`	`description = "Region in which Covalent is deployed"`
`25`	`25`	`}`