Skip to content

Commit

Permalink
fix(elasticloadbalancingv2): can not set sessionTimeout (#24457)
Browse files Browse the repository at this point in the history 
## Summary
Application LoadBalancer can not set `sessionTimeout` on `authenticateOidc` except in `defaultActions`. 
This PR fixes this bug.

## Cause of the bug
This is because the CDK uses the same structures for [ListenerRule.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html) and [Listener.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html). These structures have almost the same structure, but validation fails during synthesize because the data type of `sessionTimeout` is different for String and Integer.

```diff
  AuthenticationRequestExtraParams: 
    Key : Value
  AuthorizationEndpoint: String
  ClientId: String
  ClientSecret: String
  Issuer: String
  OnUnauthenticatedRequest: String
  Scope: String
  SessionCookieName: String
- SessionTimeout: String
+ SessionTimeout: Integer
  TokenEndpoint: String
  UseExistingClientSecret: Boolean
  UserInfoEndpoint: String
```

## How to fix?
Add `addRuleAction()` to register an Action for a ListenerRule so that it can hold both config for `Listener` and config for `ListenerRule`. Also, separate `renderActions()` into one for the `Listener` (`defaultActions`) and one for the `ListenerRule` (`actions`) and have them use their own configs.

This allows changes to be made without destroying existing published interfaces.

Closes #12843, #21768.

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@WinterYukky
WinterYukky authored Apr 20, 2023
1 parent 925c9ba commit cefbb33
Show file tree
Hide file tree
Showing 15 changed files with 467 additions and 100 deletions.
6 changes: 3 additions & 3 deletions ...s-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ-cognito.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"version": "20.0.0",
"version": "30.1.0",
"files": {
"9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9": {
"0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51": {
"source": {
"path": "integ-cognito.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9.json",
"objectKey": "0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
50 changes: 50 additions & 0 deletions ...elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ-cognito.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -459,6 +459,7 @@
"DefaultActions": [
{
"AuthenticateCognitoConfig": {
"SessionTimeout": "86400",
"UserPoolArn": {
"Fn::GetAtt": [
"UserPool6BA7E5F2",
Expand Down Expand Up @@ -497,6 +498,55 @@
"Protocol": "HTTPS"
}
},
"LBListenerAction2RuleDEE172B4": {
"Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
"Properties": {
"Actions": [
{
"AuthenticateCognitoConfig": {
"SessionTimeout": 86400,
"UserPoolArn": {
"Fn::GetAtt": [
"UserPool6BA7E5F2",
"Arn"
]
},
"UserPoolClientId": {
"Ref": "Client4A7F64DF"
},
"UserPoolDomain": {
"Ref": "Domain66AC69E0"
}
},
"Order": 1,
"Type": "authenticate-cognito"
},
{
"FixedResponseConfig": {
"ContentType": "text/plain",
"MessageBody": "Authenticated",
"StatusCode": "200"
},
"Order": 2,
"Type": "fixed-response"
}
],
"Conditions": [
{
"Field": "path-pattern",
"PathPatternConfig": {
"Values": [
"action2*"
]
}
}
],
"ListenerArn": {
"Ref": "LBListener49E825B4"
},
"Priority": 1
}
},
"UserPool6BA7E5F2": {
"Type": "AWS::Cognito::UserPool",
"Properties": {
Expand Down
5 changes: 3 additions & 2 deletions ...k-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ.json
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
{
"version": "20.0.0",
"version": "30.1.0",
"testCases": {
"integ-test-cognito/DefaultTest": {
"stacks": [
"integ-cognito"
],
"assertionStack": "integ-test-cognito/DefaultTest/DeployAssert"
"assertionStack": "integ-test-cognito/DefaultTest/DeployAssert",
"assertionStackName": "integtestcognitoDefaultTestDeployAssert6F2623C9"
}
}
}
2 changes: 1 addition & 1 deletion ...est/integ.cognito.js.snapshot/integtestcognitoDefaultTestDeployAssert6F2623C9.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "20.0.0",
"version": "30.1.0",
"files": {
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
"source": {
Expand Down
22 changes: 14 additions & 8 deletions ...nteg/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/manifest.json
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,6 @@
{
"version": "20.0.0",
"version": "30.1.0",
"artifacts": {
"Tree": {
"type": "cdk:tree",
"properties": {
"file": "tree.json"
}
},
"integ-cognito.assets": {
"type": "cdk:asset-manifest",
"properties": {
Expand All @@ -23,7 +17,7 @@
"validateOnSynth": false,
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9.json",
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51.json",
"requiresBootstrapStackVersion": 6,
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
"additionalDependencies": [
Expand Down Expand Up @@ -195,6 +189,12 @@
"data": "LBListener49E825B4"
}
],
"/integ-cognito/LB/Listener/Action2Rule/Resource": [
{
"type": "aws:cdk:logicalId",
"data": "LBListenerAction2RuleDEE172B4"
}
],
"/integ-cognito/UserPool/Resource": [
{
"type": "aws:cdk:logicalId",
Expand Down Expand Up @@ -280,6 +280,12 @@
]
},
"displayName": "integ-test-cognito/DefaultTest/DeployAssert"
},
"Tree": {
"type": "cdk:tree",
"properties": {
"file": "tree.json"
}
}
}
}
154 changes: 128 additions & 26 deletions ...rk-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/tree.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,6 @@
"id": "App",
"path": "",
"children": {
"Tree": {
"id": "Tree",
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
}
},
"integ-cognito": {
"id": "integ-cognito",
"path": "integ-cognito",
Expand Down Expand Up @@ -91,8 +83,8 @@
"id": "Acl",
"path": "integ-cognito/Stack/PublicSubnet1/Acl",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Resource",
"version": "0.0.0"
}
},
"RouteTable": {
Expand Down Expand Up @@ -258,8 +250,8 @@
"id": "Acl",
"path": "integ-cognito/Stack/PublicSubnet2/Acl",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Resource",
"version": "0.0.0"
}
},
"RouteTable": {
Expand Down Expand Up @@ -425,8 +417,8 @@
"id": "Acl",
"path": "integ-cognito/Stack/PrivateSubnet1/Acl",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Resource",
"version": "0.0.0"
}
},
"RouteTable": {
Expand Down Expand Up @@ -544,8 +536,8 @@
"id": "Acl",
"path": "integ-cognito/Stack/PrivateSubnet2/Acl",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Resource",
"version": "0.0.0"
}
},
"RouteTable": {
Expand Down Expand Up @@ -770,7 +762,8 @@
},
"userPoolDomain": {
"Ref": "Domain66AC69E0"
}
},
"sessionTimeout": "86400"
},
"order": 1
},
Expand Down Expand Up @@ -800,6 +793,73 @@
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListener",
"version": "0.0.0"
}
},
"Action2Rule": {
"id": "Action2Rule",
"path": "integ-cognito/LB/Listener/Action2Rule",
"children": {
"Resource": {
"id": "Resource",
"path": "integ-cognito/LB/Listener/Action2Rule/Resource",
"attributes": {
"aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::ListenerRule",
"aws:cdk:cloudformation:props": {
"actions": [
{
"type": "authenticate-cognito",
"authenticateCognitoConfig": {
"userPoolArn": {
"Fn::GetAtt": [
"UserPool6BA7E5F2",
"Arn"
]
},
"userPoolClientId": {
"Ref": "Client4A7F64DF"
},
"userPoolDomain": {
"Ref": "Domain66AC69E0"
},
"sessionTimeout": 86400
},
"order": 1
},
{
"type": "fixed-response",
"fixedResponseConfig": {
"statusCode": "200",
"contentType": "text/plain",
"messageBody": "Authenticated"
},
"order": 2
}
],
"conditions": [
{
"field": "path-pattern",
"pathPatternConfig": {
"values": [
"action2*"
]
}
}
],
"listenerArn": {
"Ref": "LBListener49E825B4"
},
"priority": 1
}
},
"constructInfo": {
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListenerRule",
"version": "0.0.0"
}
}
},
"constructInfo": {
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationListenerRule",
"version": "0.0.0"
}
}
},
"constructInfo": {
Expand Down Expand Up @@ -950,14 +1010,30 @@
"id": "DNS",
"path": "integ-cognito/DNS",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.CfnOutput",
"version": "0.0.0"
}
},
"BootstrapVersion": {
"id": "BootstrapVersion",
"path": "integ-cognito/BootstrapVersion",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
}
},
"CheckBootstrapVersion": {
"id": "CheckBootstrapVersion",
"path": "integ-cognito/CheckBootstrapVersion",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnRule",
"version": "0.0.0"
}
}
},
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Stack",
"version": "0.0.0"
}
},
"integ-test-cognito": {
Expand All @@ -973,15 +1049,33 @@
"path": "integ-test-cognito/DefaultTest/Default",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"version": "10.1.264"
}
},
"DeployAssert": {
"id": "DeployAssert",
"path": "integ-test-cognito/DefaultTest/DeployAssert",
"children": {
"BootstrapVersion": {
"id": "BootstrapVersion",
"path": "integ-test-cognito/DefaultTest/DeployAssert/BootstrapVersion",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnParameter",
"version": "0.0.0"
}
},
"CheckBootstrapVersion": {
"id": "CheckBootstrapVersion",
"path": "integ-test-cognito/DefaultTest/DeployAssert/CheckBootstrapVersion",
"constructInfo": {
"fqn": "@aws-cdk/core.CfnRule",
"version": "0.0.0"
}
}
},
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.Stack",
"version": "0.0.0"
}
}
},
Expand All @@ -995,11 +1089,19 @@
"fqn": "@aws-cdk/integ-tests.IntegTest",
"version": "0.0.0"
}
},
"Tree": {
"id": "Tree",
"path": "Tree",
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.264"
}
}
},
"constructInfo": {
"fqn": "constructs.Construct",
"version": "10.1.85"
"fqn": "@aws-cdk/core.App",
"version": "0.0.0"
}
}
}
Loading

0 comments on commit cefbb33

Please sign in to comment.