feat: add ECS Exec debug sessions browser (M3.11)#75
Conversation
- Add ECS service layer: ListClusters, ListServices, ListTasks, DescribeTaskContainers - Add ECSClientAPI interface and ECSClient field to AwsRepository - Add BuildECSExecCommand wrapping `aws ecs execute-command --interactive` - Add TUI drill-down: Cluster → Service → Task → Container - Show exec readiness (exec:✓/✗) per container; surface actionable error if disabled - Launch exec session via tea.ExecProcess, return cleanly to TUI on exit - Add unit tests with mockECSClient (5 test cases) - Update README features table and key bindings
![amazon-q-developer[bot]](https://avatars.githubusercontent.com/in/1220912?s=60&v=4){kind=small}
There was a problem hiding this comment.
Summary
This PR adds ECS Exec debug sessions to the unic TUI, allowing users to browse ECS resources and launch interactive exec sessions. The implementation follows established patterns from the EC2 SSM feature.
Critical Issues Found
I've identified 3 blocking issues that must be fixed before merge:
- Crash Risk (ecs.go:124-125): Array index out of bounds when parsing malformed service ARNs
- Crash Risk (ecs.go:189-193): Array index out of bounds when parsing task ARNs
- Logic Error (screen_ecs.go:389): Context cancellation not propagated from parent context
Positive Aspects
- Clean separation of concerns with dedicated files for exec commands, models, and business logic
- Comprehensive unit tests with mock ECS client
- Clear error messages for exec readiness
- Consistent UX patterns matching existing EC2 implementation
Please address the critical issues to ensure the code handles edge cases safely.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
- Extract service name from ARN before pagination loop (was repeated per iteration) - Guard serviceARN extraction: only use suffix when slash exists and is not the last char - Guard taskARN task ID extraction with same idx < len-1 bounds check - Replace context.Background() with 30s timeout context in all four ECS load commands
|
/q review |
There was a problem hiding this comment.
Summary
This PR successfully adds ECS Exec debug session support to the TUI, enabling users to browse and interact with ECS containers. The implementation follows the existing patterns for EC2 SSM sessions and includes comprehensive testing.
Critical Issue
- Link Policy Violation: The error message in
ecs_exec.gocontains an unapproved external link. Only links to https://cwe.mitre.org are permitted in code.
Positive Aspects
- Well-structured code following existing TUI patterns
- Comprehensive unit tests with mock ECS client
- Proper error handling and pagination for AWS API calls
- Clean separation of concerns with dedicated files for exec, models, and tests
- Appropriate use of context timeouts (30s) for API operations
- Good UX with exec readiness indicators and clear error messages
Once the link issue is addressed, this PR will be ready for merge.
You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.
- Inject assume-role temporary credentials into aws CLI subprocess env to fix AccountIDs mismatch when using assume_role contexts - Add CredentialEnv() helper and ResolveCredentialEnv() method to strip AWS_PROFILE and inject SDK credentials into subprocess - Remove redundant filteredECSTasks alias (filter was never applied) - Route ECS exec errors through global errMsg handler instead of directly setting m.errMsg / m.screen - Fix scroll viewport overhead constant: task/container lists use 7, not 8; add overhead breakdown comments to all ECS list views - Align ecs_exec.go AWS SDK import alias to awssdk (matches codebase) - Ignore cs.json (SSM session-manager-plugin temp files) in .gitignore Co-Authored-By: Claude Sonnet 4.6 <[email protected]>
2 participants
Summary
Add ECS Exec debug sessions to the unic TUI. Users can now browse ECS Clusters → Services → Tasks → Containers and launch an interactive exec session (
/bin/sh) viaaws ecs execute-command— the same audited-session pattern as EC2 SSM.Key design decisions:
aws ecs execute-commandCLI (requiresawsCLI in PATH) rather than raw SDK WebSocket, matching the pattern used for EC2 withsession-manager-pluginexec:✓/exec:✗); selecting a non-exec-enabled container shows a clear error with remediation stepstea.ExecProcessso Bubbletea suspends cleanly and resumes on exitRelated Issues
Closes #68
Validation
make test— all 9 packages pass including 5 new ECS unit tests withmockECSClientmake build— binary compiles cleanlyunic→ ECS → ECS Exec Sessions → browse clusters/services/tasks/containers → exec session launches and returns to TUIChecklist