Skip to content
This repository has been archived by the owner on Nov 27, 2023. It is now read-only.
This repository has been archived by the owner on Nov 27, 2023. It is now read-only.

ECS: TaskRoleARN + service.volumes -- wrong Node Kind for expected: MappingNode was ScalarNode #2236

Jump to bottom
Jump to bottom
Open
Open
ECS: TaskRoleARN + service.volumes -- wrong Node Kind for expected: MappingNode was ScalarNode#2236
@R4N

Description

@R4N
R4N
opened on Mar 21, 2023

Description

When attempting to convert a docker-compose.yml file to a Cloud Formation template with a service with volumes defined in conjunction with x-aws-cloudformation > Resources > task definition for TaskRoleArn if fails to generate a CloudFormation template.

Example docker-compose.yml file:

x-aws-vpc: <vpc id>
services:
  postgres-server:
    image: postgres
    volumes: 
      - postgres-db:/var/lib/postgresql/data
volumes:
  postgres-db:
x-aws-cloudformation:
  Resources:
    PostgresserverTaskDefinition:
      Type: AWS::ECS::TaskDefinition
      Properties:
        TaskRoleArn: arn:aws:iam:123456789012:role/foo-bar

When removing the volumes block it properly generates the CloudFormation template.

Example command:

docker compose -f docker-compose.yml --verbose config > test.cloudformation

Error received (when volumes block is present):

wrong Node Kind for  expected: MappingNode was ScalarNode: value: {arn:aws:iam:123456789012:role/foo-bar}

Steps to reproduce the issue:

  1. Follow the steps on this documentation page to create an ecs context: https://docs.docker.com/cloud/ecs-integration/
  2. Create a vpc and copy the id
  3. Use the docker-compose.yml file posted in the description inputting the vpc id for x-aws-vpc
  4. run docker compose -f docker-compose.yml --verbose config > test.cloudformation to attempt to generate a CloudFormation template from the docker compose file.

Describe the results you received:

Cloud formation failed to generate

Error:

wrong Node Kind for  expected: MappingNode was ScalarNode: value: {arn:aws:iam:123456789012:role/foo-bar}

Describe the results you expected:

Cloud Formation template to be properly generated when the volumes are defined in the service.

Additional information you deem important (e.g. issue happens only occasionally):

It seems like this is related to having something after the TaskRoleArn definition in the CloudFormation template ServiceTaskDefinition (i.e. the only thing alphabetically which would be present is the volumes block).

As a workaround for now, we've defined an inline role with the correct policies and then used a reference to that within the x-aws-cloudformation > Resources > ServiceTaskDefinitoin > Properties > TaskRoleArn

i.e.:

DeploymentTaskRole:
  Type: AWS::IAM:Role
    Properties:
      Policies:
...

And then reference it like so:

TaskRoleArn:
  Ref: DeploymentTaskRole

Output of docker-compose --version:

docker-compose version 1.29.2, build 5becea4c

Output of docker version:

Docker version 20.10.23, build 7155243

Output of docker context show:
You can also run docker context inspect context-name to give us more details but don't forget to remove sensitive content.

myecscontext

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc., v0.10.3)
  compose: Docker Compose (Docker Inc., v2.15.1)
  dev: Docker Dev Environments (Docker Inc., v0.1.0)
  extension: Manages Docker extensions (Docker Inc., v0.2.18)
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0)
  scan: Docker Scan (Docker Inc., v0.25.0)
  scout: Command line tool for Docker Scout (Docker Inc., v0.6.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 35
 Server Version: 20.10.23
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 2456e983eb9e37e47538f59ea18f2043c9a73640
 runc version: v1.1.4-0-g5fd4c4d
 init version: de40ad0
 Security Options:
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.49-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 6
 Total Memory: 7.772GiB
 Name: docker-desktop
 ID: K4EP:FMGQ:CCBH:CN67:MAYR:6PKZ:KFTE:HMW3:X3JY:MTBG:UZ4T:K665
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 44
  Goroutines: 50
  System Time: 2023-03-21T18:00:19.079054178Z
  EventsListeners: 7
 HTTP Proxy: http.docker.internal:3128
 HTTPS Proxy: http.docker.internal:3128
 No Proxy: hubproxy.docker.internal
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: true
 Insecure Registries:
  hubproxy.docker.internal:5000
  127.0.0.0/8
 Live Restore Enabled: false

Additional environment details (AWS ECS, Azure ACI, local, etc.):

AWS ECS

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions