[#3613] EFS resource for volumes

### What is the feature/fix? A new way to have a persistent volume can be accessed between services (across instances and AZs). The EFS resource will allocate a new EFS volume that can be linked to services and used in the volumes. ### Add screenshot or video (optional) ``` resources: sharedvolume: type: efs options: path: "/bitnami" environment: - PORT=3000 - ENVIRONMENT=master services: web: build: . port: 3000 volumes: - /my/shared/data - /var/www/html - /sys/fs/cgroup/:/host/sys/fs/cgroup/ - /proc/:/host/proc/ - /var/run/docker.sock:/var/run/docker.sock - testvolume:/app - sharedvolume:/bitnami resources: - sharedvolume ``` ### Does it has a breaking change? No. ### How to use/test it? Install a rack with the RC version (to be created, declare the EFS resource, link the resource in the service and use it in the volumes. You can see a snippet above. ### Checklist - [ ] New coverage tests - [ ] Unit tests passing - [ ] E2E tests passing - [ ] E2E downgrade/update test passing - [ ] Documentation updated - [ ] No warnings or errors on Deepsource/Codecov
convox · Dec 14, 2022 · e36facf · e36facf
1 parent 4b76c3b
commit e36facf
Show file tree

Hide file tree

Showing 8 changed files with 477 additions and 79 deletions.
diff --git a/examples/httpd/convox.yml b/examples/httpd/convox.yml
@@ -17,16 +17,31 @@ resources:
     type: memcached
   redis:
     type: redis
+  sharedvolume:
+    type: efs
+    options:
+      path: "/app/httpd"
 services:
   web:
     build: .
     port: 80
+    volumes:
+      # Persistent volumes
+      - /my/shared/data
+      - /var/www/html
+      # Host Volumes
+      - /sys/fs/cgroup/:/host/sys/fs/cgroup/
+      - /proc/:/host/proc/
+      - /var/run/docker.sock:/var/run/docker.sock
+      # EFS Resource (shared volumes)
+      - sharedvolume:/app/httpd
     resources:
       - postgres
       - mysql
       - mariadb
       - memcached
       - redis
+      - sharedvolume
 timers:
   example:
     command: /usr/local/apache2/timer-cmd.sh

diff --git a/provider/aws/formation/app.json.tmpl b/provider/aws/formation/app.json.tmpl
@@ -379,13 +379,22 @@
           "RackUrl": { "Ref": "RackUrl" },
           "RedirectHttps": { "Ref": "RedirectHttps" },
           "Registry": { "Ref": "Registry" },
-          {{ range .Resources }}
-            "Resource{{ upper . }}": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Url" ] },
-            "Resource{{ upper . }}User": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.User" ] },
-            "Resource{{ upper . }}Pass": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Pass" ] },
-            "Resource{{ upper . }}Host": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Host" ] },
-            "Resource{{ upper . }}Port": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Port" ] },
-            "Resource{{ upper . }}Name": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Name" ] },
+          {{ range $name := .Resources }}
+            {{ range $resource := $.Manifest.Resources }}
+              {{ if eq $name $resource.Name }}
+                {{ if eq $resource.Type "efs" }}
+                  "Resource{{ upper $name }}FileSystemId": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.FileSystemId" ] },
+                  "Resource{{ upper $name }}AccessPointId": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.AccessPointId" ] },
+                {{ else }}
+                  "Resource{{ upper $name }}": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Url" ] },
+                  "Resource{{ upper $name }}User": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.User" ] },
+                  "Resource{{ upper $name }}Pass": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Pass" ] },
+                  "Resource{{ upper $name }}Host": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Host" ] },
+                  "Resource{{ upper $name }}Port": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Port" ] },
+                  "Resource{{ upper $name }}Name": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Name" ] },
+                {{ end }}
+              {{ end }}
+            {{ end }}
           {{ end }}
           "Role": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] },
           "Settings": { "Ref": "Settings" },
@@ -527,13 +536,22 @@
           "Rack": { "Ref": "Rack" },
           "RackUrl": { "Ref": "RackUrl" },
           "Registry": { "Ref": "Registry" },
-          {{ range ($.Manifest.Service .Service).Resources }}
-            "Resource{{ upper . }}": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Url" ] },
-            "Resource{{ upper . }}User": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.User" ] },
-            "Resource{{ upper . }}Pass": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Pass" ] },
-            "Resource{{ upper . }}Host": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Host" ] },
-            "Resource{{ upper . }}Port": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Port" ] },
-            "Resource{{ upper . }}Name": { "Fn::GetAtt": [ "Resource{{ upper . }}", "Outputs.Name" ] },
+          {{ range $name := ($.Manifest.Service .Service).Resources }}
+            {{ range $resource := $.Manifest.Resources }}
+              {{ if eq $name $resource.Name }}
+                {{ if eq $resource.Type "efs" }}
+                  "Resource{{ upper $name }}FileSystemId": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.FileSystemId" ] },
+                  "Resource{{ upper $name }}AccessPointId": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.AccessPointId" ] },
+                {{ else }}
+                  "Resource{{ upper $name }}": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Url" ] },
+                  "Resource{{ upper $name }}User": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.User" ] },
+                  "Resource{{ upper $name }}Pass": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Pass" ] },
+                  "Resource{{ upper $name }}Host": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Host" ] },
+                  "Resource{{ upper $name }}Port": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Port" ] },
+                  "Resource{{ upper $name }}Name": { "Fn::GetAtt": [ "Resource{{ upper $name }}", "Outputs.Name" ] },
+                {{ end }}
+              {{ end }}
+            {{ end }}
           {{ end }}
           "Role": { "Fn::GetAtt": [ "TimerRole", "Arn" ] },
           "ServiceRole": { "Fn::GetAtt": [ "ServiceRole", "Arn" ] },

diff --git a/provider/aws/formation/resource/efs.json.tmpl b/provider/aws/formation/resource/efs.json.tmpl
@@ -0,0 +1,224 @@
+{
+  "AWSTemplateFormatVersion": "2010-09-09",
+  "Conditions": {
+    "Encrypted": {
+      "Fn::Equals": [
+        {
+          "Ref": "Encrypted"
+        },
+        "true"
+      ]
+    }
+  },
+  "Parameters": {
+    "AutoMinorVersionUpgrade": {
+      "Type": "String",
+      "Default": ""
+    },
+    "Encrypted": {
+      "Type": "String",
+      "Default": "false",
+      "AllowedValues": [
+        "true",
+        "false"
+      ]
+    },
+    "OwnerGid": {
+      "Type": "String",
+      "Default": "1000"
+    },
+    "OwnerUid": {
+      "Type": "String",
+      "Default": "1000"
+    },
+    "Password": {
+      "Type": "String",
+      "Default": ""
+    },
+    "Path": {
+      "Type": "String",
+      "Default": "/"
+    },
+    "Permissions": {
+      "Type": "String",
+      "Default": "0777"
+    },
+    "Rack": {
+      "Type": "String"
+    }
+  },
+  "Outputs": {
+    "AccessPointId": {
+      "Value": {
+        "Fn::GetAtt": [
+          "AccessPoint",
+          "AccessPointId"
+        ]
+      }
+    },
+    "FileSystemId": {
+      "Value": {
+        "Fn::GetAtt": [
+          "FileSystem",
+          "FileSystemId"
+        ]
+      }
+    }
+  },
+  "Resources": {
+    "AccessPoint": {
+      "Type": "AWS::EFS::AccessPoint",
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "FileSystem"
+        },
+        "RootDirectory": {
+          "CreationInfo": {
+            "OwnerGid": { "Ref": "OwnerGid" },
+            "OwnerUid": { "Ref": "OwnerUid" },
+            "Permissions": { "Ref": "Permissions" }
+          },
+          "Path": {
+            "Ref": "Path"
+          }
+        }
+      }
+    },
+    "EncryptionKey": {
+      "Type": "AWS::KMS::Key",
+      "Condition": "Encrypted",
+      "Properties": {
+        "Description": {
+          "Ref": "AWS::StackName"
+        },
+        "KeyPolicy": {
+          "Version": "2012-10-17",
+          "Statement": [
+            {
+              "Sid": "Allow administration of the key",
+              "Effect": "Allow",
+              "Principal": {
+                "AWS": {
+                  "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:root"
+                }
+              },
+              "Action": [
+                "kms:*"
+              ],
+              "Resource": "*"
+            }
+          ]
+        },
+        "PendingWindowInDays": "7"
+      }
+    },
+    "FileSystem": {
+      "Type": "AWS::EFS::FileSystem",
+      "Properties": {
+        "Encrypted": {
+          "Ref": "Encrypted"
+        },
+        "FileSystemTags": [
+          {
+            "Key": "Rack",
+            "Value": {
+              "Ref": "Rack"
+            }
+          }
+        ],
+        "KmsKeyId": {
+          "Fn::If": [
+            "Encrypted",
+            {
+              "Ref": "EncryptionKey"
+            },
+            {
+              "Ref": "AWS::NoValue"
+            }
+          ]
+        }
+      }
+    },
+    "MountTargetSecurityGroup": {
+      "Type": "AWS::EC2::SecurityGroup",
+      "Properties": {
+        "GroupDescription": {
+          "Fn::Sub": "${Rack} ${AWS::StackName} EFS SG"
+        },
+        "VpcId": {
+          "Fn::ImportValue": {
+            "Fn::Sub": "${Rack}:Vpc"
+          }
+        },
+        "SecurityGroupIngress": [
+          {
+            "IpProtocol": "tcp",
+            "FromPort": 2049,
+            "ToPort": 2049,
+            "CidrIp": {
+              "Fn::ImportValue": {
+                "Fn::Sub": "${Rack}:VpcCidr"
+              }
+            }
+          }
+        ]
+      }
+    },
+    "MountTarget0": {
+      "Type": "AWS::EFS::MountTarget",
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "FileSystem"
+        },
+        "SubnetId": {
+          "Fn::ImportValue": {
+            "Fn::Sub": "${Rack}:Subnet0"
+          }
+        },
+        "SecurityGroups": [
+          {
+            "Ref": "MountTargetSecurityGroup"
+          }
+        ]
+      }
+    },
+    "MountTarget1": {
+      "Type": "AWS::EFS::MountTarget",
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "FileSystem"
+        },
+        "SubnetId": {
+          "Fn::ImportValue": {
+            "Fn::Sub": "${Rack}:Subnet1"
+          }
+        },
+        "SecurityGroups": [
+          {
+            "Ref": "MountTargetSecurityGroup"
+          }
+        ]
+      }
+    },
+    {{ if .ThirdAvailabilityZone }}
+    "MountTarget2": {
+      "Type": "AWS::EFS::MountTarget",
+      "Properties": {
+        "FileSystemId": {
+          "Ref": "FileSystem"
+        },
+        "SubnetId": {
+          "Fn::ImportValue": {
+            "Fn::Sub": "${Rack}:Subnet2"
+          }
+        },
+        "SecurityGroups": [
+          {
+            "Ref": "MountTargetSecurityGroup"
+          }
+        ]
+      }
+    }
+    {{ end }}
+  }
+}