From 57d7474f7d3dc97b41755a4497d5fde4168f7923 Mon Sep 17 00:00:00 2001
From: aiordache <anca.iordache@docker.com>
Date: Thu, 30 Apr 2020 17:31:25 +0200
Subject: [PATCH] set secrets in cloudformation template

Signed-off-by: aiordache <anca.iordache@docker.com>
Signed-off-by: Nicolas De Loof <nicolas.deloof@gmail.com>
---
 ecs/pkg/amazon/convert.go | 42 ++++++++++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 3 deletions(-)

diff --git a/ecs/pkg/amazon/convert.go b/ecs/pkg/amazon/convert.go
index 6021b882..4d75072c 100644
--- a/ecs/pkg/amazon/convert.go
+++ b/ecs/pkg/amazon/convert.go
@@ -19,7 +19,14 @@ func Convert(project *compose.Project, service types.ServiceConfig) (*ecs.TaskDe
 	if err != nil {
 		return nil, err
 	}
-
+	credential, err := getRepoCredentials(service)
+	if err != nil {
+		return nil, err
+	}
+	secrets, err := getSecrets(service)
+	if err != nil {
+		return nil, err
+	}
 	return &ecs.TaskDefinition{
 		ContainerDefinitions: []ecs.TaskDefinition_ContainerDefinition{
 			// Here we can declare sidecars and init-containers using https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#container_definition_dependson
@@ -55,9 +62,9 @@ func Convert(project *compose.Project, service types.ServiceConfig) (*ecs.TaskDe
 				Privileged:             service.Privileged,
 				PseudoTerminal:         service.Tty,
 				ReadonlyRootFilesystem: service.ReadOnly,
-				RepositoryCredentials:  nil,
+				RepositoryCredentials:  credential,
 				ResourceRequirements:   nil,
-				Secrets:                nil,
+				Secrets:                secrets,
 				StartTimeout:           0,
 				StopTimeout:            durationToInt(service.StopGracePeriod),
 				SystemControls:         nil,
@@ -274,3 +281,32 @@ func toKeyValuePair(environment types.MappingWithEquals) []ecs.TaskDefinition_Ke
 	}
 	return pairs
 }
+
+func getRepoCredentials(service types.ServiceConfig) (*ecs.TaskDefinition_RepositoryCredentials, error) {
+	// extract registry and namespace string from image name
+	fields := strings.Split(service.Image, "/")
+	regPath := ""
+	for i, field := range fields {
+		if i < len(fields)-1 {
+			regPath = regPath + field
+		}
+	}
+	if regPath == "" || len(service.Secrets) == 0 {
+		return nil, nil
+	}
+	for _, secret := range service.Secrets {
+		if secret.Source == regPath {
+			return &ecs.TaskDefinition_RepositoryCredentials{CredentialsParameter: secret.Target}, nil
+		}
+	}
+	return nil, nil
+}
+
+func getSecrets(service types.ServiceConfig) ([]ecs.TaskDefinition_Secret, error) {
+	secrets := []ecs.TaskDefinition_Secret{}
+
+	for _, secret := range service.Secrets {
+		secrets = append(secrets, ecs.TaskDefinition_Secret{Name: secret.Target})
+	}
+	return secrets, nil
+}