Skip to content

Commit a44dd16

Browse files
Fix logging and security group for LDAP Add Roles to Users workflow (#423)
1 parent ca4cad7 commit a44dd16

File tree

1 file changed

+12
-5
lines changed

1 file changed

+12
-5
lines changed

.github/workflows/ldap-add-roles-to-users.yml

+12-5
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
- name: Get security groups and subnet ids
3939
id: get-ids
4040
run: |
41-
echo "SEC_GROUPS=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=*${{ github.event.inputs.environment }}-ldap-sg*" --query "SecurityGroups[].GroupId" --output json | jq -s -c '.[]')" >> $GITHUB_OUTPUT
41+
echo "SEC_GROUPS=$(aws ec2 describe-security-groups --filters "Name=group-name,Values=ecs-service-ldap-${{ github.event.inputs.environment }}" --query "SecurityGroups[].GroupId" --output json | jq -s -c '.[]')" >> $GITHUB_OUTPUT
4242
echo "SUBNET_IDS=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=*-general-private-*" --query "Subnets[].SubnetId" --output json | jq -s -c '.[]')" >> $GITHUB_OUTPUT
4343
4444
- name: Template task def
@@ -60,9 +60,9 @@ jobs:
6060
6161
$.containerDefinitions[0].secrets: [{"name": "VAR_LDAP_HOST", "valueFrom": "arn:aws:ssm:${{secrets.AWS_REGION}}:${{vars.AWS_ACCOUNT_ID}}:parameter/delius-core-${{ github.event.inputs.environment }}/LDAP_HOST"}, {"name": "VAR_LDAP_USER", "valueFrom": "arn:aws:ssm:${{secrets.AWS_REGION}}:${{vars.AWS_ACCOUNT_ID}}:parameter/delius-core-${{ github.event.inputs.environment }}/LDAP_PRINCIPAL"}, {"name": "SECRET_LDAP_BIND_PASSWORD", "valueFrom": "arn:aws:ssm:${{secrets.AWS_REGION}}:${{vars.AWS_ACCOUNT_ID}}:parameter/delius-core-${{ github.event.inputs.environment }}/LDAP_BIND_PASSWORD"}]
6262
63-
$.containerDefinitions[0].logConfiguration.logDriver.options."awslogs-group": "/ecs/ldap-automation"
64-
$.containerDefinitions[0].logConfiguration.logDriver.options."awslogs-region": "${{secrets.AWS_REGION}}"
65-
$.containerDefinitions[0].logConfiguration.logDriver.options."awslogs-stream-prefix": "${{ github.run_id }}"
63+
$.containerDefinitions[0].logConfiguration.options."awslogs-group": "/ecs/ldap-automation-${{ github.event.inputs.environment }}"
64+
$.containerDefinitions[0].logConfiguration.options."awslogs-region": "${{secrets.AWS_REGION}}"
65+
$.containerDefinitions[0].logConfiguration.options."awslogs-stream-prefix": "${{ github.run_id }}"
6666
6767
- name: Show rendered user service task
6868
if: github.ref != 'refs/heads/main'
@@ -95,4 +95,11 @@ jobs:
9595
fi
9696
done
9797
98-
aws logs tail /ecs/ldap-automation --log-stream-names "ecs/ldap-automation/${{steps.run-task.outputs.TASK_ID}}"
98+
task_definition_arn=$(echo "$task_info" | jq -r '.tasks[0].taskDefinitionArn')
99+
task_definition=$(aws ecs describe-task-definition --task-definition $task_definition_arn)
100+
log_group_name=$(echo "$task_definition" | jq -r '.taskDefinition.containerDefinitions[0].logConfiguration.options."awslogs-group"')
101+
102+
log_stream_prefix=$(echo "$task_definition" | jq -r '.taskDefinition.containerDefinitions[0].logConfiguration.options."awslogs-stream-prefix"')
103+
container_name=$(echo "$task_definition" | jq -r '.taskDefinition.containerDefinitions[0].name')
104+
log_stream_name="${log_stream_prefix}/${container_name}/${{steps.run-task.outputs.TASK_ID}}"
105+
aws logs tail "$log_group_name" --log-stream-names "$log_stream_name"

0 commit comments

Comments
 (0)