feat(elbv2): full Action support#7741
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| @@ -0,0 +1,27 @@ | |||
| -----BEGIN RSA PRIVATE KEY----- | |||
There was a problem hiding this comment.
Put these files under a fixtures directory perhaps?
There was a problem hiding this comment.
Uh whoops. This shouldn't have been committed.
| /** | ||
| * Default action to take for requests to this listener | ||
| * | ||
| * This allows full control of the default Action of the load balancer, |
There was a problem hiding this comment.
| * This allows full control of the default Action of the load balancer, | |
| * This allows full control of the default action of the load balancer, |
There was a problem hiding this comment.
Why is this called "default action"? Is there a non-default one? Why not just action
There was a problem hiding this comment.
The default action is the one that doesn't have any conditions.
| /** | ||
| * Forward to one or more Target Groups which are weighted differently | ||
| */ | ||
| public static weightedForward(options: WeightedForwardOptions): ApplicationListenerAction { |
There was a problem hiding this comment.
Why isn't this just an option to forward?
| * | ||
| * Must be a 2xx, 4xx or 5xx response code. | ||
| */ | ||
| readonly statusCode: number; |
There was a problem hiding this comment.
I think this should be a positional argument (e.g. fixedResponse(200) and the rest as options)
| /** | ||
| * The list of target groups to forward to | ||
| */ | ||
| readonly targetGroups: IApplicationTargetGroup[]; |
There was a problem hiding this comment.
I think this should be a positional argument
There was a problem hiding this comment.
Yep, that actually makes sense.
| * | ||
| * @experimental | ||
| */ | ||
| export interface WeightedForwardOptions { |
There was a problem hiding this comment.
Why is this a different type from ForwardOptions?
There was a problem hiding this comment.
One just takes a list of target groups (common case), the other one takes a list of structures of targetgroups and weights (more complex, only when you need it).
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
nija-at
left a comment
nija-at
left a comment
There was a problem hiding this comment.
Comments so far. To be continued...
| @@ -0,0 +1,2 @@ | |||
| const baseConfig = require('../../../tools/cdk-build-tools/config/eslintrc'); | |||
|
|
||
| Here's an example: | ||
|
|
||
| [Example of using AuthenticateCognitoAction](test/integ.cognito.lit.ts) |
There was a problem hiding this comment.
Does this work on our documentation page?
Would be nice to put a small code snippet inline, along with the link to the full example.
There was a problem hiding this comment.
I guess. That's a feature request to jsii at the moment.
There was a problem hiding this comment.
But we can still add an inline example manually.
There was a problem hiding this comment.
I've tried this example and it seems not to work for me while trying to use this with ApplicationLoadBalancedFargateService
| /** | ||
| * The Amazon Cognito user pool. | ||
| */ | ||
| readonly userPool: cognito.IUserPool; |
There was a problem hiding this comment.
Both the userpool domain and userpool clients can get you the underlying user pool. Might need to add a getter in the cognito module.
It's probably not correct to pass domain and clients of a different user pool from this, so omitting this might reduce human error.
There was a problem hiding this comment.
I am wondering whether a better solution is to make the client optional and automatically generate it if not supplied, as its configuration is quite finicky.
But for now, I just want to get this out there and start collecting feedback and bug reports.
There was a problem hiding this comment.
Also, IUserPool definitely does not have a method to get all clients (could it even?), nor does an IUserPoolClient have a way to get the UserPool associated with it.
There was a problem hiding this comment.
does an IUserPoolClient have a way to get the UserPool associated with it.
This is the first use case, so we'll need to add it.
I am wondering whether a better solution is to make the client optional and automatically generate it if not supplied, as its configuration is quite finicky.
I like it. Let's do this.
| to the Target Groups yourself (or access one of the other ELB routing features). | ||
|
|
||
| Using `addAction()` gives you access to some of the features of an Elastic Load | ||
| Balancer that the convenience methods don't: |
There was a problem hiding this comment.
| Balancer that the convenience methods don't: | |
| Balancer that the other two convenience methods don't: |
| */ | ||
| export class ListenerAction implements IListenerAction { | ||
| /** | ||
| * Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) |
There was a problem hiding this comment.
| * Authenticate using an identity provide (IdP) that is compliant with OpenID Connect (OIDC) | |
| * Authenticate using an identity provider (IdP) that is compliant with OpenID Connect (OIDC) |
…to-action.ts Co-authored-by: Niranjan Jayakar <nija@amazon.com>
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
nija-at
left a comment
nija-at
left a comment
There was a problem hiding this comment.
I strongly suggest breaking similar PRs in the future into smaller chunks that can be reviewed.
It did feel like this could be broken up or at least an initial slimmed down PR that sets up the right patterns, followed on by ones that can build this up.
| * You can reuse URI components using the following reserved keywords: | ||
| * | ||
| * - `#{protocol}` | ||
| * - `#{host}` | ||
| * - `#{port}` | ||
| * - `#{path}` (the leading "/" is removed) | ||
| * - `#{query}` | ||
| * | ||
| * For example, you can change the path to "/new/#{path}", the hostname to | ||
| * "example.#{host}", or the query to "#{query}&value=xyz". | ||
| * | ||
| * @experimental | ||
| */ | ||
| export interface RedirectOptions { |
There was a problem hiding this comment.
Would be useful to provide a property called url and parses out these, besides having to define each of these explicitly.
| // I'd like to throw here but there might be existing programs that happen | ||
| // to work even though they followed an illegal call pattern. Just add a warning. | ||
| if (this.action) { | ||
| this.node.addWarning('An Action already existed on this ListenerRule and was replaced. Configure exactly one default Action.'); | ||
| } |
There was a problem hiding this comment.
Not sure I follow why you're not throwing here.
There was a problem hiding this comment.
Added more explanation.
| if (props.defaultAction && props.defaultTargetGroups) { | ||
| throw new Error('Specify at most one of \'defaultAction\' and \'defaultTargetGroups\''); | ||
| } |
There was a problem hiding this comment.
can't find tests. sorry, if they're somewhere and I just can't spot them. I blame the PR size 😉
| public bindToListener(scope: Construct, listener: IApplicationListener, associatingConstruct?: IConstruct) { | ||
| // Empty on purpose | ||
| Array.isArray(scope); | ||
| Array.isArray(listener); | ||
| Array.isArray(associatingConstruct); | ||
| } |
There was a problem hiding this comment.
Why not just call this bind() like we usually do in other places?
Also why not abstract?
https://github.com/aws/aws-cdk/search?q=%22bind%22&unscoped_q=%22bind%22
There was a problem hiding this comment.
Because it is empty on purpose, for most of the actions.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
I know the build is broken, will fix it with the next round of change requests (or on approval) |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
5 participants
Commit Message
feat(elbv2): full Action support
Add support for more complex Action setups. Adds authentication
using OIDC or Cognito, and proper support for fixed responses,
redirects, and weighted TargetGroup forwarding and stickiness.
Fixes #2563, fixes #6310, fixes #6308.
End Commit Message
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license