fix(misconf): ecs include enhanced for container insights (#8326)

Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
2025-12-05 20:40:16 -08:00 · 2025-02-01 06:06:33 +11:00
parent bd5baaf930
commit 39789fff43
4 changed files with 59 additions and 20 deletions
--- a/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go
+++ b/pkg/iac/adapters/cloudformation/aws/ecs/cluster.go
@@ -50,7 +50,7 @@ func checkProperty(setting *parser.Property, clusterSettings *ecs.ClusterSetting
 	name := settingMap["Name"]
 	if name.IsNotNil() && name.EqualTo("containerInsights") {
 		value := settingMap["Value"]
-		if value.IsNotNil() && value.EqualTo("enabled") {
+		if value.IsNotNil() && !value.EqualTo("disabled") {
 			clusterSettings.ContainerInsightsEnabled = types.Bool(true, value.Metadata())
 		}
 	}
--- a/pkg/iac/adapters/cloudformation/aws/ecs/ecs_test.go
+++ b/pkg/iac/adapters/cloudformation/aws/ecs/ecs_test.go
@@ -25,11 +25,11 @@ Resources:
      ClusterSettings:
        - Name: containerInsights
          Value: enabled
-  taskdefinition: 
+  taskdefinition:
    Type: AWS::ECS::TaskDefinition
-    Properties: 
-      ContainerDefinitions: 
-        - 
+    Properties:
+      ContainerDefinitions:
+        -
          Name: "busybox"
          Image: "busybox"
          Cpu: "256"
@@ -39,9 +39,9 @@ Resources:
          Environment:
            - Name: entryPoint
              Value: 'sh, -c'
-      Volumes: 
-        - 
-          Host: 
+      Volumes:
+        -
+          Host:
            SourcePath: "/var/lib/docker/vfs/dir/"
          Name: "my-vol"
          EFSVolumeConfiguration:
@@ -84,13 +84,35 @@ Resources:
 				},
 			},
 		},
+		{
+			name: "ecs Cluster Enhanced Container Insights",
+			source: `AWSTemplateFormatVersion: '2010-09-09'
+Resources:
+  ECSCluster:
+    Type: 'AWS::ECS::Cluster'
+    Properties:
+      ClusterName: MyFargateCluster
+      ClusterSettings:
+        - Name: containerInsights
+          Value: enhanced
+`,
+			expected: ecs.ECS{
+				Clusters: []ecs.Cluster{
+					{
+						Settings: ecs.ClusterSettings{
+							ContainerInsightsEnabled: types.BoolTest(true),
+						},
+					},
+				},
+			},
+		},
 		{
 			name: "empty",
 			source: `AWSTemplateFormatVersion: 2010-09-09
 Resources:
  ECSCluster:
    Type: 'AWS::ECS::Cluster'
-  taskdefinition: 
+  taskdefinition:
    Type: AWS::ECS::TaskDefinition
  `,
 			expected: ecs.ECS{
--- a/pkg/iac/adapters/terraform/aws/ecs/adapt.go
+++ b/pkg/iac/adapters/terraform/aws/ecs/adapt.go
@@ -40,9 +40,9 @@ func adaptClusterSettings(resourceBlock *terraform.Block) ecs.ClusterSettings {
 		settings.Metadata = settingBlock.GetMetadata()
 		if settingBlock.GetAttribute("name").Equals("containerInsights") {
 			insightsAttr := settingBlock.GetAttribute("value")
-			settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), settingBlock.GetMetadata())
+			settings.ContainerInsightsEnabled = types.Bool(!insightsAttr.Equals("disabled"), settingBlock.GetMetadata())
 			if insightsAttr.IsNotNil() {
-				settings.ContainerInsightsEnabled = types.Bool(insightsAttr.Equals("enabled"), insightsAttr.GetMetadata())
+				settings.ContainerInsightsEnabled = types.Bool(!insightsAttr.Equals("disabled"), insightsAttr.GetMetadata())
 			}
 		}
 	}
--- a/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go
+++ b/pkg/iac/adapters/terraform/aws/ecs/adapt_test.go
@@ -23,12 +23,29 @@ func Test_adaptClusterSettings(t *testing.T) {
 			terraform: `
 			resource "aws_ecs_cluster" "example" {
 				name = "services-cluster"
-			  
+
 				setting {
 				  name  = "containerInsights"
 				  value = "enabled"
 				}
 			}
+`,
+			expected: ecs.ClusterSettings{
+				Metadata:                 iacTypes.NewTestMetadata(),
+				ContainerInsightsEnabled: iacTypes.Bool(true, iacTypes.NewTestMetadata()),
+			},
+		},
+		{
+			name: "container insights enhanced",
+			terraform: `
+			resource "aws_ecs_cluster" "example" {
+				name = "services-cluster"
+
+				setting {
+				  name  = "containerInsights"
+				  value = "enhanced"
+				}
+			}
 `,
 			expected: ecs.ClusterSettings{
 				Metadata:                 iacTypes.NewTestMetadata(),
@@ -40,7 +57,7 @@ func Test_adaptClusterSettings(t *testing.T) {
 			terraform: `
 			resource "aws_ecs_cluster" "example" {
 				name = "services-cluster"
-			  
+
 				setting {
 				  name  = "invalidName"
 				  value = "enabled"
@@ -55,7 +72,7 @@ func Test_adaptClusterSettings(t *testing.T) {
 		{
 			name: "defaults",
 			terraform: `
-			resource "aws_ecs_cluster" "example" {			
+			resource "aws_ecs_cluster" "example" {
 			}
 `,
 			expected: ecs.ClusterSettings{
@@ -99,10 +116,10 @@ func Test_adaptTaskDefinitionResource(t *testing.T) {
 	}
 ]
 				EOF
-			  
+
 				volume {
 				  name = "service-storage"
-			  
+
 				  efs_volume_configuration {
 					transit_encryption      = "ENABLED"
 				  }
@@ -145,7 +162,7 @@ func Test_adaptTaskDefinitionResource(t *testing.T) {
 			resource "aws_ecs_task_definition" "example" {
 				volume {
 					name = "service-storage"
-				
+
 					efs_volume_configuration {
 					}
 				  }
@@ -181,7 +198,7 @@ func TestLines(t *testing.T) {
 	src := `
 	resource "aws_ecs_cluster" "example" {
 		name = "services-cluster"
-	  
+
 		setting {
 		  name  = "containerInsights"
 		  value = "enabled"
@@ -202,10 +219,10 @@ func TestLines(t *testing.T) {
 		}
 	]
 		EOF
-	  
+
 		volume {
 		  name = "service-storage"
-	  
+
 		  efs_volume_configuration {
 			transit_encryption      = "ENABLED"
 		  }