feat: add service connect mft

internal/pkg/deploy/cloudformation/stack/backend_svc.go

@@ -33,7 +33,8 @@ type BackendService struct {
 	httpsEnabled bool
 	albEnabled   bool
 
-	parser backendSvcReadParser
+	parser        backendSvcReadParser
+	SCFeatureFlag bool
 }
 
 // BackendServiceConfig contains data required to initialize a backend service stack.
@@ -141,8 +142,11 @@ func (s *BackendService) Template() (string, error) {
 	for _, ipNet := range s.manifest.RoutingRule.AllowedSourceIps {
 		allowedSourceIPs = append(allowedSourceIPs, string(ipNet))
 	}
-
-	_, targetContainerPort := s.httpLoadBalancerTarget()
+	var scConfig *template.ServiceConnect
+	if s.manifest.ServiceConnectEnabled() {
+		scConfig = convertServiceConnect(s.manifest.Network.Connect)
+	}
+	targetContainer, targetContainerPort := s.httpLoadBalancerTarget()
 	content, err := s.parser.ParseBackendService(template.WorkloadOpts{
 		AppName:            s.app,
 		EnvName:            s.env,
@@ -166,7 +170,9 @@ func (s *BackendService) Template() (string, error) {
 		HealthCheck:        convertContainerHealthCheck(s.manifest.BackendServiceConfig.ImageConfig.HealthCheck),
 		HTTPTargetContainer: template.HTTPTargetContainer{
 			Port: aws.StringValue(targetContainerPort),
+			Name: aws.StringValue(targetContainer),
 		},
+		ServiceConnect:           scConfig,
 		HTTPHealthCheck:          convertHTTPHealthCheck(&s.manifest.RoutingRule.HealthCheck),
 		DeregistrationDelay:      deregistrationDelay,
 		AllowedSourceIps:         allowedSourceIPs,
@@ -190,6 +196,7 @@ func (s *BackendService) Template() (string, error) {
 		},
 		HostedZoneAliases:   hostedZoneAliases,
 		PermissionsBoundary: s.permBound,
+		SCFeatureFlag:       s.SCFeatureFlag,
 	})
 	if err != nil {
 		return "", fmt.Errorf("parse backend service template: %w", err)

internal/pkg/deploy/cloudformation/stack/backend_svc_test.go

@@ -271,6 +271,7 @@ Outputs:
 			HostedZoneAliases: make(template.AliasesForHostedZone),
 			HTTPTargetContainer: template.HTTPTargetContainer{
 				Port: "8080",
+				Name: "api",
 			},
 			HTTPHealthCheck: template.HTTPHealthCheckOpts{
 				HealthCheckPath: manifest.DefaultHealthCheckPath,
@@ -287,6 +288,7 @@ Outputs:
 					Key:    "sha2/count.zip",
 				},
 			},
+			ServiceConnect: &template.ServiceConnect{},
 			ExecuteCommand: &template.ExecuteCommandOpts{},
 			NestedStack: &template.WorkloadNestedStackOpts{
 				StackName:       addon.StackName,
@@ -430,13 +432,15 @@ Outputs:
 			},
 			Sidecars: []*template.SidecarOpts{
 				{
-					Name: aws.String("envoy"),
+					Name: "envoy",
 					Port: aws.String("443"),
 				},
 			},
 			HTTPTargetContainer: template.HTTPTargetContainer{
+				Name: "envoy",
 				Port: "443",
 			},
+			ServiceConnect: &template.ServiceConnect{},
 			HTTPHealthCheck: template.HTTPHealthCheckOpts{
 				HealthCheckPath:    "/healthz",
 				Port:               "4200",
@@ -537,14 +541,6 @@ func TestBackendService_Parameters(t *testing.T) {
 			ParameterKey:   aws.String(WorkloadContainerPortParamKey),
 			ParameterValue: aws.String("8080"),
 		},
-		{
-			ParameterKey:   aws.String(WorkloadTargetContainerParamKey),
-			ParameterValue: aws.String("frontend"),
-		},
-		{
-			ParameterKey:   aws.String(WorkloadTargetPortParamKey),
-			ParameterValue: aws.String("8080"),
-		},
 		{
 			ParameterKey:   aws.String(WorkloadTaskCPUParamKey),
 			ParameterValue: aws.String("256"),
@@ -569,6 +565,14 @@ func TestBackendService_Parameters(t *testing.T) {
 			ParameterKey:   aws.String(WorkloadEnvFileARNParamKey),
 			ParameterValue: aws.String(""),
 		},
+		{
+			ParameterKey:   aws.String(WorkloadTargetContainerParamKey),
+			ParameterValue: aws.String("frontend"),
+		},
+		{
+			ParameterKey:   aws.String(WorkloadTargetPortParamKey),
+			ParameterValue: aws.String("8080"),
+		},
 	}, params)
 }
 
@@ -650,6 +654,7 @@ func TestBackendService_TemplateAndParamsGeneration(t *testing.T) {
 					EnvVersion:               "v1.42.0",
 				},
 			})
+			serializer.SCFeatureFlag = true
 			require.NoError(t, err)
 
 			// mock parser for lambda functions

internal/pkg/deploy/cloudformation/stack/lb_network_web_service_integration_test.go

@@ -105,6 +105,7 @@ func TestNetworkLoadBalancedWebService_Template(t *testing.T) {
 			},
 			RootUserARN: "arn:aws:iam::123456789123:root",
 		}, stack.WithNLB([]string{"10.0.0.0/24", "10.1.0.0/24"}))
+		serializer.SCFeatureFlag = true
 		tpl, err := serializer.Template()
 		require.NoError(t, err, "template should render")
 		regExpGUID := regexp.MustCompile(`([a-f\d]{8}-)([a-f\d]{4}-){3}([a-f\d]{12})`) // Matches random guids

internal/pkg/deploy/cloudformation/stack/lb_web_service_integration_test.go

@@ -105,6 +105,7 @@ func TestLoadBalancedWebService_Template(t *testing.T) {
 				EnvVersion:               "v1.42.0",
 			},
 		})
+		serializer.SCFeatureFlag = true
 		tpl, err := serializer.Template()
 		require.NoError(t, err, "template should render")
 		regExpGUID := regexp.MustCompile(`([a-f\d]{8}-)([a-f\d]{4}-){3}([a-f\d]{12})`) // Matches random guids

internal/pkg/deploy/cloudformation/stack/lb_web_svc.go

@@ -38,7 +38,8 @@ type LoadBalancedWebService struct {
 	publicSubnetCIDRBlocks []string
 	appInfo                deploy.AppInformation
 
-	parser loadBalancedWebSvcReadParser
+	parser        loadBalancedWebSvcReadParser
+	SCFeatureFlag bool
 }
 
 // LoadBalancedWebServiceOption is used to configuring an optional field for LoadBalancedWebService.
@@ -190,6 +191,10 @@ func (s *LoadBalancedWebService) Template() (string, error) {
 	if s.manifest.RoutingRule.RedirectToHTTPS != nil {
 		httpRedirect = aws.BoolValue(s.manifest.RoutingRule.RedirectToHTTPS)
 	}
+	var scConfig *template.ServiceConnect
+	if s.manifest.ServiceConnectEnabled() {
+		scConfig = convertServiceConnect(s.manifest.Network.Connect)
+	}
 	targetContainer, targetContainerPort := s.httpLoadBalancerTarget()
 	content, err := s.parser.ParseLoadBalancedWebService(template.WorkloadOpts{
 		AppName:            s.app,
@@ -214,9 +219,10 @@ func (s *LoadBalancedWebService) Template() (string, error) {
 		ExecuteCommand:     convertExecuteCommand(&s.manifest.ExecuteCommand),
 		WorkloadType:       manifest.LoadBalancedWebServiceType,
 		HTTPTargetContainer: template.HTTPTargetContainer{
-			Port:      aws.StringValue(targetContainerPort),
-			Container: aws.StringValue(targetContainer),
+			Port: aws.StringValue(targetContainerPort),
+			Name: aws.StringValue(targetContainer),
 		},
+		ServiceConnect:           scConfig,
 		HealthCheck:              convertContainerHealthCheck(s.manifest.ImageConfig.HealthCheck),
 		HTTPHealthCheck:          convertHTTPHealthCheck(&s.manifest.RoutingRule.HealthCheck),
 		DeregistrationDelay:      deregistrationDelay,
@@ -242,6 +248,7 @@ func (s *LoadBalancedWebService) Template() (string, error) {
 		},
 		HostedZoneAliases:   aliasesFor,
 		PermissionsBoundary: s.permBound,
+		SCFeatureFlag:       s.SCFeatureFlag,
 	})
 	if err != nil {
 		return "", err

internal/pkg/deploy/cloudformation/stack/lb_web_svc_test.go

@@ -207,6 +207,11 @@ Outputs:
 			String:      nil,
 			StringSlice: []string{"world"},
 		}
+		mft.Network.Connect = manifest.ServiceConnectBoolOrArgs{
+			ServiceConnectArgs: manifest.ServiceConnectArgs{
+				Alias: aws.String("frontend"),
+			},
+		}
 
 		var actual template.WorkloadOpts
 		parser := mocks.NewMockloadBalancedWebSvcReadParser(ctrl)
@@ -262,8 +267,11 @@ Outputs:
 			HTTPRedirect:        true,
 			DeregistrationDelay: aws.Int64(60),
 			HTTPTargetContainer: template.HTTPTargetContainer{
-				Container: "frontend",
-				Port:      "80",
+				Name: "frontend",
+				Port: "80",
+			},
+			ServiceConnect: &template.ServiceConnect{
+				Alias: aws.String("frontend"),
 			},
 			HealthCheck: &template.ContainerHealthCheck{
 				Command:     []string{"CMD-SHELL", "curl -f http://localhost/ || exit 1"},
@@ -415,8 +423,8 @@ Outputs:
 		// THEN
 		require.NoError(t, err)
 		require.Equal(t, template.HTTPTargetContainer{
-			Port:      "443",
-			Container: "envoy",
+			Port: "443",
+			Name: "envoy",
 		}, actual.HTTPTargetContainer)
 	})
 }

internal/pkg/deploy/cloudformation/stack/testdata/stacklocal/manifest.yml

@@ -31,6 +31,8 @@ count:
   memory_percentage: 80
 # Enable running commands in your container.
 exec: true
+network:
+  connect: false
 
 taskdef_overrides:
   - path: "ContainerDefinitions[0].Ulimits[-].Name"

internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/http-autoscaling-manifest.yml

@@ -10,6 +10,9 @@ image:
   # Port exposed through your container to route traffic to it.
   port: 8080
 
+network:
+  connect: false
+
 cpu: 512 # Number of CPU units for the task.
 memory: 1024 # Amount of memory in MiB used by the task.
 exec: true # Enable running commands in your container.

internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/http-full-config-manifest.yml

@@ -16,6 +16,9 @@ http:
     timeout: 10s
     grace_period: 45s
 
+network:
+  connect: false
+
 image:
   # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/backend-service/#image-build
   build: Dockerfile

internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/http-only-path-manifest.yml

@@ -10,6 +10,9 @@ image:
   # Port exposed through your container to route traffic to it.
   port: 8080
 
+network:
+  connect: false
+
 cpu: 512 # Number of CPU units for the task.
 memory: 1024 # Amount of memory in MiB used by the task.
 count: 1 # Number of tasks that should be running in your service.

internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/https-path-alias-manifest.yml

@@ -10,6 +10,9 @@ http:
     - name: "*.foobar.com"
   hosted_zone: mockHostedZone1
 
+network:
+  connect: false
+
 image:
   # Docker build arguments. For additional overrides: https://aws.github.io/copilot-cli/docs/manifest/backend-service/#image-build
   build: Dockerfile

internal/pkg/deploy/cloudformation/stack/testdata/workloads/backend/simple-template.yml

@@ -89,12 +89,7 @@ Resources:
               awslogs-region: !Ref AWS::Region
               awslogs-group: !Ref LogGroup
               awslogs-stream-prefix: copilot
-          PortMappings:
-            !If [
-              ExposePort,
-              [{ ContainerPort: !Ref ContainerPort }],
-              !Ref "AWS::NoValue",
-            ]
+          PortMappings: !If [ExposePort, [{ContainerPort: !Ref ContainerPort, Name: target}], !Ref "AWS::NoValue"]
   ExecutionRole:
     Metadata:
       "aws:copilot:description": "An IAM Role for the Fargate agent to make AWS API calls on your behalf"
@@ -279,6 +274,22 @@ Resources:
       PropagateTags: SERVICE
       EnableExecuteCommand: true
       LaunchType: FARGATE
+      ServiceConnectConfiguration:
+        Enabled: True
+        Namespace: my-env.my-app.local
+        LogConfiguration:
+          LogDriver: awslogs
+          Options:
+            awslogs-region: !Ref AWS::Region
+            awslogs-group: !Ref LogGroup
+            awslogs-stream-prefix: copilot
+        Services:
+          - PortName: target
+            # Avoid using the same service with Service Discovery in a namespace.
+            DiscoveryName: !Join ["-", [!Ref WorkloadName, "sc"]]
+            ClientAliases:
+              - Port: !Ref TargetPort
+                DnsName: !Ref WorkloadName
       NetworkConfiguration:
         AwsvpcConfiguration:
           AssignPublicIp: ENABLED

internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-grpc-manifest.yml

@@ -37,6 +37,9 @@ publish:
   topics:
     - name: givesdogs
 
+network:
+  connect: false
+
 # Optional fields for more advanced use-cases.
 #
 variables:                    # Pass environment variables as key value pairs.

internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-manifest.yml

@@ -60,6 +60,8 @@ environments:
         path: /
         grace_period: 30s
       deregistration_delay: 30s
+    network:
+      connect: false
   prod:
     count:
       range:
@@ -80,9 +82,16 @@ environments:
         TEST: TEST
       secrets:
         GITHUB_TOKEN: GITHUB_TOKEN
+    http:
+      path: '/'
+      alias: example.com
+      target_container: nginx
+    network:
+      connect:
+        alias: api
     sidecars:
       nginx:
-        port: 80
+        port: 8080
         image: 1234567890.dkr.ecr.us-west-2.amazonaws.com/reverse-proxy:revision_1
         variables:
           NGINX_PORT: 80

internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-nlb-manifest.yml

@@ -10,6 +10,8 @@ image:
   build: ./Dockerfile
   port: 80
 http: false
+network:
+  connect: false
 nlb:
   port: 443/tls
 count: 5
@@ -26,6 +28,8 @@ environments:
     nlb:
       healthcheck:
         port: 80
+    network:
+      connect: true
   dev:
     http:
       path: '/'

internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-nlb-test.stack.yml

@@ -95,6 +95,7 @@ Resources: # If a bucket URL is specified, that means the template exists.
               awslogs-stream-prefix: copilot
           PortMappings:
             - ContainerPort: !Ref ContainerPort
+              Name: target
             - ContainerPort: 443
               Protocol: tcp
   ExecutionRole:
@@ -294,6 +295,22 @@ Resources: # If a bucket URL is specified, that means the template exists.
         MaximumPercent: 200
       PropagateTags: SERVICE
       LaunchType: FARGATE
+      ServiceConnectConfiguration:
+        Enabled: True
+        Namespace: test.my-app.local
+        LogConfiguration:
+          LogDriver: awslogs
+          Options:
+            awslogs-region: !Ref AWS::Region
+            awslogs-group: !Ref LogGroup
+            awslogs-stream-prefix: copilot
+        Services:
+          - PortName: target
+            # Avoid using the same service with Service Discovery in a namespace.
+            DiscoveryName: !Join ["-", [!Ref WorkloadName, "sc"]]
+            ClientAliases:
+              - Port: !Ref TargetPort
+                DnsName: !Ref WorkloadName
       NetworkConfiguration:
         AwsvpcConfiguration:
           AssignPublicIp: ENABLED

internal/pkg/deploy/cloudformation/stack/testdata/workloads/svc-prod.params.json

@@ -11,8 +11,8 @@
     "LogRetention": "1",
     "RulePath": "/",
     "Stickiness": "false",
-    "TargetContainer": "fe",
-    "TargetPort": "4000",
+    "TargetContainer": "nginx",
+    "TargetPort": "8080",
     "TaskCPU": "256",
     "TaskCount": "3",
     "TaskMemory": "512",