fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995)

Author: simar7

pkg/iac/adapters/cloudformation/aws/ecs/ecs_test.go

@@ -32,8 +32,8 @@ Resources:
         - 
           Name: "busybox"
           Image: "busybox"
-          Cpu: 256
-          Memory: 512
+          Cpu: "256"
+          Memory: "512"
           Essential: true
           Privileged: true
           Environment:
@@ -68,8 +68,8 @@ Resources:
 							{
 								Name:       types.StringTest("busybox"),
 								Image:      types.StringTest("busybox"),
-								CPU:        types.IntTest(256),
-								Memory:     types.IntTest(512),
+								CPU:        types.StringTest("256"),
+								Memory:     types.StringTest("512"),
 								Essential:  types.BoolTest(true),
 								Privileged: types.BoolTest(true),
 								Environment: []ecs.EnvVar{

pkg/iac/adapters/cloudformation/aws/ecs/task_definition.go

@@ -45,8 +45,8 @@ func getContainerDefinitions(r *parser.Resource) ([]ecs.ContainerDefinition, err
 			Metadata:     containerDef.Metadata(),
 			Name:         containerDef.GetStringProperty("Name"),
 			Image:        containerDef.GetStringProperty("Image"),
-			CPU:          containerDef.GetIntProperty("Cpu"),
-			Memory:       containerDef.GetIntProperty("Memory"),
+			CPU:          containerDef.GetStringProperty("Cpu"),
+			Memory:       containerDef.GetStringProperty("Memory"),
 			Essential:    containerDef.GetBoolProperty("Essential"),
 			Privileged:   containerDef.GetBoolProperty("Privileged"),
 			Environment:  envVars,

pkg/iac/adapters/terraform/aws/ecs/adapt_test.go

@@ -91,8 +91,8 @@ func Test_adaptTaskDefinitionResource(t *testing.T) {
 	"name": "my_service",
 	"image": "my_image",
 	"essential": true,
-	"memory": 256,
-	"cpu": 2,
+	"memory": "256",
+	"cpu": "2",
 	"environment": [
 		{ "name": "ENVIRONMENT", "value": "development" }
 	]
@@ -125,8 +125,8 @@ func Test_adaptTaskDefinitionResource(t *testing.T) {
 						Metadata:   iacTypes.NewTestMetadata(),
 						Name:       iacTypes.String("my_service", iacTypes.NewTestMetadata()),
 						Image:      iacTypes.String("my_image", iacTypes.NewTestMetadata()),
-						CPU:        iacTypes.Int(2, iacTypes.NewTestMetadata()),
-						Memory:     iacTypes.Int(256, iacTypes.NewTestMetadata()),
+						CPU:        iacTypes.String("2", iacTypes.NewTestMetadata()),
+						Memory:     iacTypes.String("256", iacTypes.NewTestMetadata()),
 						Essential:  iacTypes.Bool(true, iacTypes.NewTestMetadata()),
 						Privileged: iacTypes.Bool(false, iacTypes.NewTestMetadata()),
 						Environment: []ecs.EnvVar{

pkg/iac/providers/aws/ecs/ecs.go

@@ -43,8 +43,8 @@ func CreateDefinitionsFromString(metadata iacTypes.Metadata, str string) ([]Cont
 type containerDefinitionJSON struct {
 	Name         string            `json:"name"`
 	Image        string            `json:"image"`
-	CPU          int               `json:"cpu"`
-	Memory       int               `json:"memory"`
+	CPU          string            `json:"cpu"`
+	Memory       string            `json:"memory"`
 	Essential    bool              `json:"essential"`
 	PortMappings []portMappingJSON `json:"portMappings"`
 	EnvVars      []envVarJSON      `json:"environment"`
@@ -77,8 +77,8 @@ func (j containerDefinitionJSON) convert(metadata iacTypes.Metadata) ContainerDe
 		Metadata:     metadata,
 		Name:         iacTypes.String(j.Name, metadata),
 		Image:        iacTypes.String(j.Image, metadata),
-		CPU:          iacTypes.Int(j.CPU, metadata),
-		Memory:       iacTypes.Int(j.Memory, metadata),
+		CPU:          iacTypes.String(j.CPU, metadata),
+		Memory:       iacTypes.String(j.Memory, metadata),
 		Essential:    iacTypes.Bool(j.Essential, metadata),
 		PortMappings: mappings,
 		Environment:  envVars,
@@ -87,13 +87,11 @@ func (j containerDefinitionJSON) convert(metadata iacTypes.Metadata) ContainerDe
 }
 
 type ContainerDefinition struct {
-	Metadata iacTypes.Metadata
-	Name     iacTypes.StringValue
-	Image    iacTypes.StringValue
-	// TODO: CPU and Memory are strings
-	// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-taskdefinition.html#cfn-ecs-taskdefinition-cpu
-	CPU          iacTypes.IntValue
-	Memory       iacTypes.IntValue
+	Metadata     iacTypes.Metadata
+	Name         iacTypes.StringValue
+	Image        iacTypes.StringValue
+	CPU          iacTypes.StringValue
+	Memory       iacTypes.StringValue
 	Essential    iacTypes.BoolValue
 	PortMappings []PortMapping
 	Environment  []EnvVar

pkg/iac/rego/schemas/cloud.json

@@ -1859,7 +1859,7 @@
         },
         "cpu": {
           "type": "object",
-          "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue"
+          "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
         },
         "environment": {
           "type": "array",
@@ -1878,7 +1878,7 @@
         },
         "memory": {
           "type": "object",
-          "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.IntValue"
+          "$ref": "#/definitions/github.com.aquasecurity.trivy.pkg.iac.types.StringValue"
         },
         "name": {
           "type": "object",

pkg/iac/scanners/terraform/scanner_test.go

@@ -284,15 +284,15 @@ resource "aws_ecs_task_definition" "test" {
 [
   {
 	"privileged": true,
-    "cpu": 10,
+    "cpu": "10",
     "command": ["sleep", "10"],
     "entryPoint": ["/"],
     "environment": [
       {"name": "VARNAME", "value": "VARVAL"}
     ],
     "essential": true,
     "image": "jenkins",
-    "memory": 128,
+    "memory": "128",
     "name": "jenkins",
     "portMappings": [
       {