feat(elbv2): listeners + rules + certificates (Batch 3)#748
Merged
vieiralucas merged 6 commits intomainfrom Apr 25, 2026
Merged
feat(elbv2): listeners + rules + certificates (Batch 3)#748vieiralucas merged 6 commits intomainfrom
vieiralucas merged 6 commits intomainfrom
Conversation
Adds 9 ops to the ELBv2 surface: - CreateTargetGroup, DescribeTargetGroups, ModifyTargetGroup, DeleteTargetGroup - RegisterTargets, DeregisterTargets, DescribeTargetHealth - ModifyTargetGroupAttributes, DescribeTargetGroupAttributes Real validation: target type enum (instance/ip/lambda/alb), idempotent CreateTargetGroup, DeleteTargetGroup blocked when referenced by listeners or rules, default attributes match AWS (deregistration_delay = 300s, stickiness disabled, round_robin, slow_start = 0). Conformance: 9 new tests with Smithy checksums. Docs: README op count 12 -> 21, llms.txt op count 1,810 -> 1,819.
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 4 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/fakecloud-elbv2/src/service.rs">
<violation number="1" location="crates/fakecloud-elbv2/src/service.rs:1189">
P1: DeleteTargetGroup misses rule ForwardConfig references, allowing deletion of in-use target groups.</violation>
<violation number="2" location="crates/fakecloud-elbv2/src/service.rs:1619">
P2: Priority validation accepts zero/negative values even though this path requires a positive integer.</violation>
<violation number="3" location="crates/fakecloud-elbv2/src/service.rs:1628">
P1: CreateRule does not validate action target-group references, so rules can persist ARNs for missing target groups.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| if conditions.is_empty() { | ||
| return Err(invalid_param("Conditions is required")); | ||
| } | ||
| let actions = parse_actions(req, "Actions"); |
There was a problem hiding this comment.
P1: CreateRule does not validate action target-group references, so rules can persist ARNs for missing target groups.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At crates/fakecloud-elbv2/src/service.rs, line 1628:
<comment>CreateRule does not validate action target-group references, so rules can persist ARNs for missing target groups.</comment>
<file context>
@@ -923,6 +969,1396 @@ impl Elbv2Service {
+ if conditions.is_empty() {
+ return Err(invalid_param("Conditions is required"));
+ }
+ let actions = parse_actions(req, "Actions");
+ if actions.is_empty() {
+ return Err(invalid_param("Actions is required"));
</file context>
Comment on lines
+1189
to
+1193
| }) || st.rules.values().any(|r| { | ||
| r.actions | ||
| .iter() | ||
| .any(|a| a.target_group_arn.as_deref() == Some(arn.as_str())) | ||
| }); |
There was a problem hiding this comment.
P1: DeleteTargetGroup misses rule ForwardConfig references, allowing deletion of in-use target groups.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At crates/fakecloud-elbv2/src/service.rs, line 1189:
<comment>DeleteTargetGroup misses rule ForwardConfig references, allowing deletion of in-use target groups.</comment>
<file context>
@@ -923,6 +969,1396 @@ impl Elbv2Service {
+ .map(|f| f.target_groups.iter().any(|t| t.target_group_arn == arn))
+ .unwrap_or(false)
+ })
+ }) || st.rules.values().any(|r| {
+ r.actions
+ .iter()
</file context>
Suggested change
| }) || st.rules.values().any(|r| { | |
| r.actions | |
| .iter() | |
| .any(|a| a.target_group_arn.as_deref() == Some(arn.as_str())) | |
| }); | |
| }) || st.rules.values().any(|r| { | |
| r.actions | |
| .iter() | |
| .any(|a| a.target_group_arn.as_deref() == Some(arn.as_str())) | |
| || r.actions.iter().any(|a| { | |
| a.forward | |
| .as_ref() | |
| .map(|f| f.target_groups.iter().any(|t| t.target_group_arn == arn)) | |
| .unwrap_or(false) | |
| }) | |
| }); |
| fn create_rule(&self, req: &AwsRequest) -> Result<AwsResponse, AwsServiceError> { | ||
| let listener_arn = required_query_param(req, "ListenerArn")?; | ||
| let priority = required_query_param(req, "Priority")?; | ||
| if priority.parse::<i32>().is_err() { |
There was a problem hiding this comment.
P2: Priority validation accepts zero/negative values even though this path requires a positive integer.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At crates/fakecloud-elbv2/src/service.rs, line 1619:
<comment>Priority validation accepts zero/negative values even though this path requires a positive integer.</comment>
<file context>
@@ -923,6 +969,1396 @@ impl Elbv2Service {
+ fn create_rule(&self, req: &AwsRequest) -> Result<AwsResponse, AwsServiceError> {
+ let listener_arn = required_query_param(req, "ListenerArn")?;
+ let priority = required_query_param(req, "Priority")?;
+ if priority.parse::<i32>().is_err() {
+ return Err(invalid_param(format!(
+ "Priority must be a positive integer, got '{priority}'"
</file context>
Suggested change
| if priority.parse::<i32>().is_err() { | |
| if priority.parse::<i32>().ok().filter(|p| *p > 0).is_none() { |
- DeleteTargetGroup now also rejects when a rule action's ForwardConfig references the target group (previously only checked default actions and the legacy single-TG action shape on rules). - render_target_group_xml now emits Matcher.GrpcCode when the target group has a stored gRPC code, matching what AWS returns for HTTP/2 target groups.
Adds 14 ops to the ELBv2 surface: - CreateListener, DescribeListeners, ModifyListener, DeleteListener - DescribeListenerAttributes, ModifyListenerAttributes - AddListenerCertificates, RemoveListenerCertificates, DescribeListenerCertificates - CreateRule, DescribeRules, ModifyRule, DeleteRule, SetRulePriorities CreateListener validates referenced target groups exist, marks them attached to the LB, parses default actions (forward + redirect + fixed-response + forward-config). CreateRule validates priority is a positive integer and is unique per-listener. DeleteListener cascades to rules; DeleteLoadBalancer was already cascading. Conformance: 14 new tests with Smithy checksums (35 total now). Docs: README ops 21 -> 35, llms.txt ops 1,819 -> 1,833.
- CreateRule now rejects priority values <= 0; previously the i32 parse accepted '0' and negative integers even though Priority must be a positive integer per the AWS API. - CreateRule now validates that any target_group_arn referenced by the rule's actions (both top-level and inside ForwardConfig.TargetGroups) exists in the same account, returning TargetGroupNotFound when missing.
vieiralucas
force-pushed
the
worktree-elbv2-batch3
branch
from
284af3c to
936a2c3
Compare
Previously used "CreateListener" which is now implemented in this batch, so the assertion that the dispatcher returns ActionNotImplemented fired through to the real handler and panicked on missing query params. Switching to "ThisActionDoesNotExist" keeps the test asserting the catch-all dispatch arm without coupling to whatever ops are landed.
Codecov Report❌ Patch coverage is
📢 Thoughts on this report? Let us know! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Batch 3 of the ELBv2 rollout — completes the request-routing surface (listeners attach to LBs; rules route requests to target groups).
14 new ops:
CreateListener,DescribeListeners,ModifyListener,DeleteListener,DescribeListenerAttributes,ModifyListenerAttributes,AddListenerCertificates,RemoveListenerCertificates,DescribeListenerCertificates,CreateRule,DescribeRules,ModifyRule,DeleteRule,SetRulePriorities.CreateListenervalidates referenced target groups exist and marks them attached to the LB (LoadBalancerArnsis now populated for every TG used as a default action target — needed for Batch 5's auto-register flow).forward(single TG and multi-TGForwardConfig),redirect,fixed-response.CreateRulevalidates priority is a positive integer and is unique per-listener; same-priority returnsPriorityInUsematching AWS.path-pattern,host-header,http-header,http-request-method,source-ipconfigs.DeleteListenercascades to rules;DeleteLoadBalanceralready cascaded to listeners + rules in Batch 1.This is Batch 3 of 6. Stack: PR #746 (Batch 1, merged) -> PR #747 (Batch 2, in CI) -> this PR -> Batch 4 (LB attrs + trust stores + capacity) -> Batch 5 (real HTTP routing + ECS auto-register) -> Batch 6 (final docs).
Test plan
cargo test -p fakecloud-conformance --test elbv2— 35 tests pass (12 + 9 + 14)cargo clippy --workspace --all-targets -- -D warningsclean (Batch 3 crate)cargo fmt --all -- --checkcleanSummary by cubic
Adds ELBv2 target groups + targets + health and listeners + rules + certificates to complete request routing and health reporting. ELBv2 now exposes 35 operations with stricter validation, cascading deletes, and updated docs/tests.
New Features
ForwardConfig).ForwardConfig), redirect, fixed-response; referenced target groups are validated and default-action TGs are attached to the LB; rule priorities are per-listener unique; supported conditions: path-pattern, host-header, http-header, http-request-method, source-ip;DeleteListenercascades to rules.website/static/llms.txtupdated with 35 ops.Bug Fixes
ForwardConfig).ForwardConfigreferences the TG.Matcher.GrpcCodewhen present.Written for commit ded1216. Summary will update on new commits.