Skip to content

Commit cefbb33

Browse files
WinterYukkyWinterYukky
authored
fix(elasticloadbalancingv2): can not set sessionTimeout (#24457)
## Summary Application LoadBalancer can not set `sessionTimeout` on `authenticateOidc` except in `defaultActions`. This PR fixes this bug. ## Cause of the bug This is because the CDK uses the same structures for [ListenerRule.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listenerrule-authenticateoidcconfig.html) and [Listener.AuthenticateOidcConfig](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-elasticloadbalancingv2-listener-authenticateoidcconfig.html). These structures have almost the same structure, but validation fails during synthesize because the data type of `sessionTimeout` is different for String and Integer. ```diff AuthenticationRequestExtraParams: Key : Value AuthorizationEndpoint: String ClientId: String ClientSecret: String Issuer: String OnUnauthenticatedRequest: String Scope: String SessionCookieName: String - SessionTimeout: String + SessionTimeout: Integer TokenEndpoint: String UseExistingClientSecret: Boolean UserInfoEndpoint: String ``` ## How to fix? Add `addRuleAction()` to register an Action for a ListenerRule so that it can hold both config for `Listener` and config for `ListenerRule`. Also, separate `renderActions()` into one for the `Listener` (`defaultActions`) and one for the `ListenerRule` (`actions`) and have them use their own configs. This allows changes to be made without destroying existing published interfaces. Closes #12843, #21768. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 925c9ba commit cefbb33

File tree

15 files changed

+467
-100
lines changed

15 files changed

+467
-100
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ-cognito.assets.json

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
{
2-
"version": "20.0.0",
2+
"version": "30.1.0",
33
"files": {
4-
"9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9": {
4+
"0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51": {
55
"source": {
66
"path": "integ-cognito.template.json",
77
"packaging": "file"
88
},
99
"destinations": {
1010
"current_account-current_region": {
1111
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12-
"objectKey": "9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9.json",
12+
"objectKey": "0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51.json",
1313
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
1414
}
1515
}

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ-cognito.template.json

+50
Original file line numberDiff line numberDiff line change
@@ -459,6 +459,7 @@
459459
"DefaultActions": [
460460
{
461461
"AuthenticateCognitoConfig": {
462+
"SessionTimeout": "86400",
462463
"UserPoolArn": {
463464
"Fn::GetAtt": [
464465
"UserPool6BA7E5F2",
@@ -497,6 +498,55 @@
497498
"Protocol": "HTTPS"
498499
}
499500
},
501+
"LBListenerAction2RuleDEE172B4": {
502+
"Type": "AWS::ElasticLoadBalancingV2::ListenerRule",
503+
"Properties": {
504+
"Actions": [
505+
{
506+
"AuthenticateCognitoConfig": {
507+
"SessionTimeout": 86400,
508+
"UserPoolArn": {
509+
"Fn::GetAtt": [
510+
"UserPool6BA7E5F2",
511+
"Arn"
512+
]
513+
},
514+
"UserPoolClientId": {
515+
"Ref": "Client4A7F64DF"
516+
},
517+
"UserPoolDomain": {
518+
"Ref": "Domain66AC69E0"
519+
}
520+
},
521+
"Order": 1,
522+
"Type": "authenticate-cognito"
523+
},
524+
{
525+
"FixedResponseConfig": {
526+
"ContentType": "text/plain",
527+
"MessageBody": "Authenticated",
528+
"StatusCode": "200"
529+
},
530+
"Order": 2,
531+
"Type": "fixed-response"
532+
}
533+
],
534+
"Conditions": [
535+
{
536+
"Field": "path-pattern",
537+
"PathPatternConfig": {
538+
"Values": [
539+
"action2*"
540+
]
541+
}
542+
}
543+
],
544+
"ListenerArn": {
545+
"Ref": "LBListener49E825B4"
546+
},
547+
"Priority": 1
548+
}
549+
},
500550
"UserPool6BA7E5F2": {
501551
"Type": "AWS::Cognito::UserPool",
502552
"Properties": {

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integ.json

+3-2
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,12 @@
11
{
2-
"version": "20.0.0",
2+
"version": "30.1.0",
33
"testCases": {
44
"integ-test-cognito/DefaultTest": {
55
"stacks": [
66
"integ-cognito"
77
],
8-
"assertionStack": "integ-test-cognito/DefaultTest/DeployAssert"
8+
"assertionStack": "integ-test-cognito/DefaultTest/DeployAssert",
9+
"assertionStackName": "integtestcognitoDefaultTestDeployAssert6F2623C9"
910
}
1011
}
1112
}

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/integtestcognitoDefaultTestDeployAssert6F2623C9.assets.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
2-
"version": "20.0.0",
2+
"version": "30.1.0",
33
"files": {
44
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
55
"source": {

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/manifest.json

+14-8
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,6 @@
11
{
2-
"version": "20.0.0",
2+
"version": "30.1.0",
33
"artifacts": {
4-
"Tree": {
5-
"type": "cdk:tree",
6-
"properties": {
7-
"file": "tree.json"
8-
}
9-
},
104
"integ-cognito.assets": {
115
"type": "cdk:asset-manifest",
126
"properties": {
@@ -23,7 +17,7 @@
2317
"validateOnSynth": false,
2418
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
2519
"cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
26-
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/9271c99fa7fd8d6ae26202fec69aaabba91d343b835d6cdc41a76f14fb6462d9.json",
20+
"stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/0c2d0def6db3389453a3efadab8db4804f46dd1e84431da6a970923085b33a51.json",
2721
"requiresBootstrapStackVersion": 6,
2822
"bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
2923
"additionalDependencies": [
@@ -195,6 +189,12 @@
195189
"data": "LBListener49E825B4"
196190
}
197191
],
192+
"/integ-cognito/LB/Listener/Action2Rule/Resource": [
193+
{
194+
"type": "aws:cdk:logicalId",
195+
"data": "LBListenerAction2RuleDEE172B4"
196+
}
197+
],
198198
"/integ-cognito/UserPool/Resource": [
199199
{
200200
"type": "aws:cdk:logicalId",
@@ -280,6 +280,12 @@
280280
]
281281
},
282282
"displayName": "integ-test-cognito/DefaultTest/DeployAssert"
283+
},
284+
"Tree": {
285+
"type": "cdk:tree",
286+
"properties": {
287+
"file": "tree.json"
288+
}
283289
}
284290
}
285291
}

packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2-actions/test/integ.cognito.js.snapshot/tree.json

+128-26
Original file line numberDiff line numberDiff line change
@@ -4,14 +4,6 @@
44
"id": "App",
55
"path": "",
66
"children": {
7-
"Tree": {
8-
"id": "Tree",
9-
"path": "Tree",
10-
"constructInfo": {
11-
"fqn": "constructs.Construct",
12-
"version": "10.1.85"
13-
}
14-
},
157
"integ-cognito": {
168
"id": "integ-cognito",
179
"path": "integ-cognito",
@@ -91,8 +83,8 @@
9183
"id": "Acl",
9284
"path": "integ-cognito/Stack/PublicSubnet1/Acl",
9385
"constructInfo": {
94-
"fqn": "constructs.Construct",
95-
"version": "10.1.85"
86+
"fqn": "@aws-cdk/core.Resource",
87+
"version": "0.0.0"
9688
}
9789
},
9890
"RouteTable": {
@@ -258,8 +250,8 @@
258250
"id": "Acl",
259251
"path": "integ-cognito/Stack/PublicSubnet2/Acl",
260252
"constructInfo": {
261-
"fqn": "constructs.Construct",
262-
"version": "10.1.85"
253+
"fqn": "@aws-cdk/core.Resource",
254+
"version": "0.0.0"
263255
}
264256
},
265257
"RouteTable": {
@@ -425,8 +417,8 @@
425417
"id": "Acl",
426418
"path": "integ-cognito/Stack/PrivateSubnet1/Acl",
427419
"constructInfo": {
428-
"fqn": "constructs.Construct",
429-
"version": "10.1.85"
420+
"fqn": "@aws-cdk/core.Resource",
421+
"version": "0.0.0"
430422
}
431423
},
432424
"RouteTable": {
@@ -544,8 +536,8 @@
544536
"id": "Acl",
545537
"path": "integ-cognito/Stack/PrivateSubnet2/Acl",
546538
"constructInfo": {
547-
"fqn": "constructs.Construct",
548-
"version": "10.1.85"
539+
"fqn": "@aws-cdk/core.Resource",
540+
"version": "0.0.0"
549541
}
550542
},
551543
"RouteTable": {
@@ -770,7 +762,8 @@
770762
},
771763
"userPoolDomain": {
772764
"Ref": "Domain66AC69E0"
773-
}
765+
},
766+
"sessionTimeout": "86400"
774767
},
775768
"order": 1
776769
},
@@ -800,6 +793,73 @@
800793
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListener",
801794
"version": "0.0.0"
802795
}
796+
},
797+
"Action2Rule": {
798+
"id": "Action2Rule",
799+
"path": "integ-cognito/LB/Listener/Action2Rule",
800+
"children": {
801+
"Resource": {
802+
"id": "Resource",
803+
"path": "integ-cognito/LB/Listener/Action2Rule/Resource",
804+
"attributes": {
805+
"aws:cdk:cloudformation:type": "AWS::ElasticLoadBalancingV2::ListenerRule",
806+
"aws:cdk:cloudformation:props": {
807+
"actions": [
808+
{
809+
"type": "authenticate-cognito",
810+
"authenticateCognitoConfig": {
811+
"userPoolArn": {
812+
"Fn::GetAtt": [
813+
"UserPool6BA7E5F2",
814+
"Arn"
815+
]
816+
},
817+
"userPoolClientId": {
818+
"Ref": "Client4A7F64DF"
819+
},
820+
"userPoolDomain": {
821+
"Ref": "Domain66AC69E0"
822+
},
823+
"sessionTimeout": 86400
824+
},
825+
"order": 1
826+
},
827+
{
828+
"type": "fixed-response",
829+
"fixedResponseConfig": {
830+
"statusCode": "200",
831+
"contentType": "text/plain",
832+
"messageBody": "Authenticated"
833+
},
834+
"order": 2
835+
}
836+
],
837+
"conditions": [
838+
{
839+
"field": "path-pattern",
840+
"pathPatternConfig": {
841+
"values": [
842+
"action2*"
843+
]
844+
}
845+
}
846+
],
847+
"listenerArn": {
848+
"Ref": "LBListener49E825B4"
849+
},
850+
"priority": 1
851+
}
852+
},
853+
"constructInfo": {
854+
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.CfnListenerRule",
855+
"version": "0.0.0"
856+
}
857+
}
858+
},
859+
"constructInfo": {
860+
"fqn": "@aws-cdk/aws-elasticloadbalancingv2.ApplicationListenerRule",
861+
"version": "0.0.0"
862+
}
803863
}
804864
},
805865
"constructInfo": {
@@ -950,14 +1010,30 @@
9501010
"id": "DNS",
9511011
"path": "integ-cognito/DNS",
9521012
"constructInfo": {
953-
"fqn": "constructs.Construct",
954-
"version": "10.1.85"
1013+
"fqn": "@aws-cdk/core.CfnOutput",
1014+
"version": "0.0.0"
1015+
}
1016+
},
1017+
"BootstrapVersion": {
1018+
"id": "BootstrapVersion",
1019+
"path": "integ-cognito/BootstrapVersion",
1020+
"constructInfo": {
1021+
"fqn": "@aws-cdk/core.CfnParameter",
1022+
"version": "0.0.0"
1023+
}
1024+
},
1025+
"CheckBootstrapVersion": {
1026+
"id": "CheckBootstrapVersion",
1027+
"path": "integ-cognito/CheckBootstrapVersion",
1028+
"constructInfo": {
1029+
"fqn": "@aws-cdk/core.CfnRule",
1030+
"version": "0.0.0"
9551031
}
9561032
}
9571033
},
9581034
"constructInfo": {
959-
"fqn": "constructs.Construct",
960-
"version": "10.1.85"
1035+
"fqn": "@aws-cdk/core.Stack",
1036+
"version": "0.0.0"
9611037
}
9621038
},
9631039
"integ-test-cognito": {
@@ -973,15 +1049,33 @@
9731049
"path": "integ-test-cognito/DefaultTest/Default",
9741050
"constructInfo": {
9751051
"fqn": "constructs.Construct",
976-
"version": "10.1.85"
1052+
"version": "10.1.264"
9771053
}
9781054
},
9791055
"DeployAssert": {
9801056
"id": "DeployAssert",
9811057
"path": "integ-test-cognito/DefaultTest/DeployAssert",
1058+
"children": {
1059+
"BootstrapVersion": {
1060+
"id": "BootstrapVersion",
1061+
"path": "integ-test-cognito/DefaultTest/DeployAssert/BootstrapVersion",
1062+
"constructInfo": {
1063+
"fqn": "@aws-cdk/core.CfnParameter",
1064+
"version": "0.0.0"
1065+
}
1066+
},
1067+
"CheckBootstrapVersion": {
1068+
"id": "CheckBootstrapVersion",
1069+
"path": "integ-test-cognito/DefaultTest/DeployAssert/CheckBootstrapVersion",
1070+
"constructInfo": {
1071+
"fqn": "@aws-cdk/core.CfnRule",
1072+
"version": "0.0.0"
1073+
}
1074+
}
1075+
},
9821076
"constructInfo": {
983-
"fqn": "constructs.Construct",
984-
"version": "10.1.85"
1077+
"fqn": "@aws-cdk/core.Stack",
1078+
"version": "0.0.0"
9851079
}
9861080
}
9871081
},
@@ -995,11 +1089,19 @@
9951089
"fqn": "@aws-cdk/integ-tests.IntegTest",
9961090
"version": "0.0.0"
9971091
}
1092+
},
1093+
"Tree": {
1094+
"id": "Tree",
1095+
"path": "Tree",
1096+
"constructInfo": {
1097+
"fqn": "constructs.Construct",
1098+
"version": "10.1.264"
1099+
}
9981100
}
9991101
},
10001102
"constructInfo": {
1001-
"fqn": "constructs.Construct",
1002-
"version": "10.1.85"
1103+
"fqn": "@aws-cdk/core.App",
1104+
"version": "0.0.0"
10031105
}
10041106
}
10051107
}

0 commit comments

Comments
 (0)