(aws_elasticloadbalancingv2): authenticate_oidc SessionTimeout requires different type if used in Listener or ListenerRule #21768
Comments
|
Hey @peterfranzen, I'm unable to reproduce this with Python on the same version. Can you try reinstalling your packages, or are you able to reproduce this on a fresh project? Thanks. Here's my code which synthesizes elbv2.ListenerAction.authenticate_oidc(
authorization_endpoint='asdfasdf',
client_id='asfasdf',
client_secret=secrets.Secret(self, 'Secret').secret_value,
issuer='asdfas',
token_endpoint='asdgseg',
user_info_endpoint='fsdgaeg',
next=elbv2.ListenerAction.forward([group]),
session_timeout=Duration.minutes(60)
) |
|
Thanks, I isolated this a bit more and I have a little more context. When I create just that construct alone it does work with no errors. However, I'm creating a number of elbv2.ApplicationListenerRules in a Am I approaching creating this wrong? Is there something about Duration that doesn't allow it to be used within a loop? The Duration error comes up even if the loop only runs once. |
|
Ok I think I figured out what's going wrong We take in the Duration passed by the user, convert it to seconds, and pass it as a string here CloudFormation specifies that However CloudFormation specifies that We are trying to pass in this duration as a string into |
|
Same issue as here -> #12843 ?? |
## Summary Application LoadBalancer can not set `sessionTimeout` on `authenticateOidc` except in `defaultActions`. This PR fixes this bug. ## Cause of the bug This is because the CDK uses the same structures for [ListenerRule.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html) and [Listener.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html). These structures have almost the same structure, but validation fails during synthesize because the data type of `sessionTimeout` is different for String and Integer. ```diff AuthenticationRequestExtraParams: Key : Value AuthorizationEndpoint: String ClientId: String ClientSecret: String Issuer: String OnUnauthenticatedRequest: String Scope: String SessionCookieName: String - SessionTimeout: String + SessionTimeout: Integer TokenEndpoint: String UseExistingClientSecret: Boolean UserInfoEndpoint: String ``` ## How to fix? Add `addRuleAction()` to register an Action for a ListenerRule so that it can hold both config for `Listener` and config for `ListenerRule`. Also, separate `renderActions()` into one for the `Listener` (`defaultActions`) and one for the `ListenerRule` (`actions`) and have them use their own configs. This allows changes to be made without destroying existing published interfaces. Closes #12843, #21768. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
@peterwoodworth |
|
thanks! |
|
Describe the bug
I'm creating an elbv2 ListenerAction with CDK v2.38.1 as follows:
No matter what I put in for the session_timeout parameter it gives an error. If I use an int or a string then it asks for a Duration, but if I use a Duration I get an error saying it "should be a number".
Expected Behavior
Allow me to use a Duration (e.g. Duration.minutes(60)) object for session_timeout.
Current Behavior
When I use a Duration object (e.g. Duration.minutes(60)) I get the following error:
authenticateOidcConfig: supplied properties not correct for "AuthenticateOidcConfigProperty" sessionTimeout: "3600" should be a number.Reproduction Steps
Use a Duration object in the sesttion_timeout parameter field in a elbv2.ListenerAction.authenticate_oidc.
Possible Solution
No response
Additional Information/Context
No response
CDK CLI Version
2.38.1
Framework Version
No response
Node.js Version
n/a
OS
MacOS
Language
Python
Language Version
No response
Other information
No response
The text was updated successfully, but these errors were encountered: