fix(elasticloadbalancingv2): can not set sessionTimeout #24457
Conversation
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
4d20a55 to
5bfbf78
Compare
| @@ -1,2 +1,3 @@ | |||
| const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); | |||
| baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; | |||
There was a problem hiding this comment.
Can you clarify why this change was made?
There was a problem hiding this comment.
The reason behind making this change was that following the error message was displayed during linting.
$ yarn eslint packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts
yarn run v1.22.19
$ /workspaces/aws-cdk/node_modules/.bin/eslint packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts
=============
WARNING: You are currently running a version of TypeScript which is not officially supported by @typescript-eslint/typescript-estree.
You may find that it works just fine, or you may not.
SUPPORTED TYPESCRIPT VERSIONS: >=3.3.1 <4.5.0
YOUR TYPESCRIPT VERSION: 4.9.5
Please only submit bug reports when using the officially supported version.
=============
/workspaces/aws-cdk/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts
0:0 error Parsing error: "parserOptions.project" has been set for @typescript-eslint/parser.
The file does not match your project config: packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener.ts.
The file must be included in at least one of the projects provided
✖ 1 problem (1 error, 0 warnings)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
Please focus on errors, not warnings. This issue fixed by #7880 . However, @aws-cdk/aws-elasticloadbalancingv2-actions is not included then, so I changed it.
There was a problem hiding this comment.
Ah, OK. Thanks for letting me know. No problems with this change.
There was a problem hiding this comment.
Thank you @TheRealAmazonKendra !
However, all .eslintrc.js has removed from individual packages by #24376 🫥. Naturally, I erased it from this PR.
|
This PR has been in the MERGE CONFLICTS state for 3 weeks, and looks abandoned. To keep this PR from being closed, please continue work on it. If not, it will automatically be closed in a week. |
…x/elbv2/can-not-set-session-timeout
…x/elbv2/can-not-set-session-timeout
Pull request has been modified.
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
✅ Updated pull request passes all PRLinter validations. Dissmissing previous PRLinter review.
|
Will take another look at this tomorrow. |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
|
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you @corymhall for reviewing this PR 🥰 |
|
could someone please clarify the implementation of the fix here because I am still seeing the same behavior in v2.79.0 (build e4a2c01) python 3.11.0 |
|
Thank you @EysaN for your reporting. This fix makes it possible to apply configuration to different structures by retaining the respective information (numbers and strings) for the I've tried creating a simple Python (v3.11.3) example with v2.79.0 and it seems like I can Synth without a problem. Can you give me a minimal reproduction to reproduce? from aws_cdk import (
Duration,
SecretValue,
Stack,
aws_ec2 as ec2,
aws_elasticloadbalancingv2 as elbv2,
)
from constructs import Construct
class ExampleStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
vpc = ec2.Vpc(self, "Vpc")
lb = elbv2.ApplicationLoadBalancer(self, "Lb",
vpc=vpc,
)
action = elbv2.ListenerAction.authenticate_oidc(
issuer="dummy",
authorization_endpoint="dummy",
token_endpoint="dummy",
user_info_endpoint="dummy",
client_id="dummy",
client_secret=SecretValue.secrets_manager("dummy"),
next=elbv2.ListenerAction.fixed_response(200,
content_type="text/plain",
message_body="Authenticated",
),
session_cookie_name="dummy",
session_timeout=Duration.seconds(14400),
scope='dummy',
on_unauthenticated_request=elbv2.UnauthenticatedAction.AUTHENTICATE
)
listener = lb.add_listener("Listener",
protocol=elbv2.ApplicationProtocol.HTTP,
default_action=action,
)
listener.add_action("Action",
priority=1,
conditions=[elbv2.ListenerCondition.path_patterns(["/page*"])],
action=action,
) |
|
Is that something with OIDC, the timeout will be set in String format? I am still facing with this issue with sdk version 2. Anyone solved this problem with typescript?!
|
|
@f1nl0wt3ch I could synth the following code. import { Duration, SecretValue, Stack, StackProps } from "aws-cdk-lib";
import { Vpc } from "aws-cdk-lib/aws-ec2";
import {
ApplicationLoadBalancer,
ListenerAction,
ListenerCondition,
} from "aws-cdk-lib/aws-elasticloadbalancingv2";
import { Construct } from "constructs";
export class ExampleStack extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const vpc = new Vpc(this, "Vpc");
const alb = new ApplicationLoadBalancer(this, "Alb", {
vpc,
});
const listener = alb.addListener("Listener", {
port: 80,
defaultAction: ListenerAction.authenticateOidc({
authorizationEndpoint: "Dummy",
clientId: "Dummy",
clientSecret: SecretValue.unsafePlainText("Dummy"),
issuer: "Dummy",
tokenEndpoint: "Dummy",
userInfoEndpoint: "Dummy",
sessionTimeout: Duration.days(1),
next: ListenerAction.fixedResponse(200),
}),
});
listener.addAction("AdditionalOidcAuthenticationAction", {
priority: 1,
conditions: [ListenerCondition.pathPatterns(["/page*"])],
action: ListenerAction.authenticateOidc({
authorizationEndpoint: "Dummy",
clientId: "Dummy",
clientSecret: SecretValue.unsafePlainText("Dummy"),
issuer: "Dummy",
tokenEndpoint: "Dummy",
userInfoEndpoint: "Dummy",
sessionTimeout: Duration.days(1),
next: ListenerAction.fixedResponse(200),
}),
});
}
}When you using |
|
Hi @WinterYukky ! Thank for your answer. I am using v.2.14.0. Let me try again. |
Summary
Application LoadBalancer can not set
sessionTimeoutonauthenticateOidcexcept indefaultActions.This PR fixes this bug.
Cause of the bug
This is because the CDK uses the same structures for ListenerRule.AuthenticateOidcConfig and Listener.AuthenticateOidcConfig. These structures have almost the same structure, but validation fails during synthesize because the data type of
sessionTimeoutis different for String and Integer.AuthenticationRequestExtraParams: Key : Value AuthorizationEndpoint: String ClientId: String ClientSecret: String Issuer: String OnUnauthenticatedRequest: String Scope: String SessionCookieName: String - SessionTimeout: String + SessionTimeout: Integer TokenEndpoint: String UseExistingClientSecret: Boolean UserInfoEndpoint: StringHow to fix?
Add
addRuleAction()to register an Action for a ListenerRule so that it can hold both config forListenerand config forListenerRule. Also, separaterenderActions()into one for theListener(defaultActions) and one for theListenerRule(actions) and have them use their own configs.This allows changes to be made without destroying existing published interfaces.
Closes #12843, #21768.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license