Skip to content

Commit

Permalink
prevent asterisk expansion
Browse files Browse the repository at this point in the history
  • Loading branch information
@lokst
lokst committed Jan 10, 2020
1 parent 394d15e commit 10db3c1
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 4 deletions.
10 changes: 8 additions & 2 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,10 @@ commands:
cluster-name:
description: "Name of the cluster"
type: string
test-asterisk-expansion:
description: "Checks that asterisk expansion is prevented"
type: boolean
default: false
delete-load-balancer:
description: "Whether to delete the load balancer after the test"
type: boolean
Expand All @@ -426,7 +430,8 @@ commands:
ELB_ARN=$(aws elbv2 describe-target-groups --target-group-arns $TARGET_GROUP_ARN | jq -r '.TargetGroups[0].LoadBalancerArns[0]')
ELB_DNS_NAME=$(aws elbv2 describe-load-balancers --load-balancer-arns $ELB_ARN | jq -r '.LoadBalancers[0].DNSName')
for attempt in {1..25}; do
curl -s --retry 10 http://$ELB_DNS_NAME | grep -E "Hello World!.*${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}"
curl -s --retry 10 http://$ELB_DNS_NAME \
| grep -E "Hello World!.*${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}" <<#parameters.test-asterisk-expansion>> | grep "Asterisk \* expansion test"<</parameters.test-asterisk-expansion>>
done
if [ "<< parameters.delete-load-balancer >>" == "true" ]; then
aws elbv2 delete-load-balancer --load-balancer-arn $ELB_ARN
Expand Down Expand Up @@ -558,13 +563,14 @@ workflows:
family: "${AWS_RESOURCE_NAME_PREFIX_EC2}-family"
service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service"
cluster-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster"
container-env-var-updates: "container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value=\"${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}\",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)"
container-env-var-updates: "container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=VERSION_INFO,value=\"Asterisk * expansion test ${CIRCLE_SHA1}_${CIRCLE_BUILD_NUM}\",container=${AWS_RESOURCE_NAME_PREFIX_EC2}-service,name=BUILD_DATE,value=$(date)"
verify-revision-is-deployed: true
fail-on-verification-timeout: false
post-steps:
- test-deployment:
service-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-service"
cluster-name: "${AWS_RESOURCE_NAME_PREFIX_EC2}-cluster"
test-asterisk-expansion: true

- aws-ecs/deploy-service-update:
name: fargate_test-update-service-job
Expand Down
8 changes: 6 additions & 2 deletions src/orb.yml.hbs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -641,6 +641,7 @@ commands:
- run:
name: Retrieve previous task definition and prepare new task definition values
command: |
set -o noglob
PREVIOUS_TASK_DEFINITION=$(aws ecs describe-task-definition --task-definition << parameters.family >> --include TAGS)
CONTAINER_IMAGE_NAME_UPDATES="$(echo << parameters.container-image-name-updates >>)"
CONTAINER_ENV_VAR_UPDATES="$(echo << parameters.container-env-var-updates >>)"
Expand All @@ -655,9 +656,9 @@ commands:

# Prepare container definitions
CONTAINER_DEFS=$(python $UPDATE_CONTAINER_DEFS_SCRIPT_FILE "$PREVIOUS_TASK_DEFINITION" "$CONTAINER_IMAGE_NAME_UPDATES" "$CONTAINER_ENV_VAR_UPDATES")

# Escape single quotes from environment variables for BASH_ENV
CLEANED_CONTAINER_DEFS=$(echo $CONTAINER_DEFS | sed -E "s:':'\\\'':g")
CLEANED_CONTAINER_DEFS=$(echo "$CONTAINER_DEFS" | sed -E "s:':'\\\'':g")

# Prepare script for getting task definition values
GET_TASK_DFN_VAL_SCRIPT_FILE=$(mktemp _get_task_def_value.py.XXXXXX)
Expand Down Expand Up @@ -700,6 +701,7 @@ commands:
- run:
name: Register new task definition
command: |
set -o noglob
if [ -n "${CCI_ORB_AWS_ECS_TASK_ROLE}" ]; then
set -- "$@" --task-role-arn "${CCI_ORB_AWS_ECS_TASK_ROLE}"
fi
Expand Down Expand Up @@ -856,6 +858,7 @@ commands:
- run:
name: Update service with registered task definition
command: |
set -o noglob
DEPLOYMENT_CONTROLLER="$(echo << parameters.deployment-controller >>)"

if [ "${DEPLOYMENT_CONTROLLER}" = "CODE_DEPLOY" ]; then
Expand Down Expand Up @@ -1021,6 +1024,7 @@ commands:
- run:
name: Run Task
command: |
set -o noglob
if [ "<<parameters.launch-type>>" == "FARGATE" ]; then
echo "Setting --platform-version"
set -- "$@" --platform-version "<<parameters.platform-version>>"
Expand Down

0 comments on commit 10db3c1

Please sign in to comment.