feat(elbv2): in-process HTTP data plane for ALBs#775
Merged
vieiralucas merged 2 commits intomainfrom Apr 26, 2026
Merged
Conversation
For each ALB whose state_code is "active", the supervisor binds a TCP listener on 127.0.0.1:0 and serves HTTP/1.1 requests through the listener-rule chain. NLB/GWLB and HTTPS termination are explicit next-batch items. Routing: - Rule conditions: host-header, path-pattern (case-sensitive globs), http-request-method, http-header (glob), query-string, source-ip (IPv4 + IPv6 CIDR). - Rule selection: priority asc; default rules considered last; falls back to listener default_actions when no rule matches. Actions: - forward: weighted round-robin across target groups, per-TG round- robin across healthy targets, AWSALB sticky cookie when stickiness is enabled. Adds X-Forwarded-For/Proto/Port + X-Amzn-Trace-Id. - fixed-response: returns the configured status/body/content-type. - redirect: HTTP_301 / HTTP_302 with a Location built from the redirect config + request fallback. - authenticate-oidc / authenticate-cognito: 501 (next batch). Wiring: - LoadBalancer state gains bound_port: Option<u16> (skipped on serialize — restart re-binds). - Service::new spawns the supervisor alongside the existing prober. - Introspection /_fakecloud/elbv2/load-balancers exposes boundPort. - FAKECLOUD_ELBV2_DISABLE_DATAPLANE=true turns the data plane off for tests that only assert control-plane behavior. Tests: - 7 new router unit tests (glob, host/path/method/header globs, CIDR). - 2 new E2E tests (forward to a registered target + fixed-response status code) using a tiny echo HTTP server as the upstream. Docs: - README, services/_index, services/elbv2, llms.txt updated.
Codecov Report❌ Patch coverage is 📢 Thoughts on this report? Let us know! |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
4 issues found across 14 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="crates/fakecloud-elbv2/src/router.rs">
<violation number="1" location="crates/fakecloud-elbv2/src/router.rs:76">
P2: Query-string condition matching is case-sensitive, but ALB query-string evaluation is case-insensitive.</violation>
</file>
<file name="crates/fakecloud-elbv2/src/dataplane.rs">
<violation number="1" location="crates/fakecloud-elbv2/src/dataplane.rs:426">
P1: `.to_lowercase()` on the entire redirect URL corrupts case-sensitive path and query components. Only the scheme and host are case-insensitive; the path and query must preserve their original casing.</violation>
<violation number="2" location="crates/fakecloud-elbv2/src/dataplane.rs:565">
P2: `X-Forwarded-Port` should be the listener port the client connected to, not the upstream target port. AWS ALB populates this header with the listener's port (e.g. 80, 443).</violation>
</file>
<file name="crates/fakecloud-e2e/tests/elbv2_dataplane.rs">
<violation number="1" location="crates/fakecloud-e2e/tests/elbv2_dataplane.rs:145">
P2: Wait for the target to become healthy before issuing the request. Otherwise this test can race the health checker and flake with a 503.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- redirect_action: only lowercase scheme + host in Location header, preserve original case for path/query (RFC 3986). - router query-string: case-insensitive key + value matching to match AWS ALB semantics. - forward_action: X-Forwarded-Port now reflects the listener port the client connected to, not the upstream target port. - elbv2_dataplane_forwards_to_target: wait for target to reach `healthy` state before issuing the forward request, eliminating the race with the prober.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
activeALB, supervisor binds a TCP listener on127.0.0.1:0and serves HTTP/1.1 requests through the listener-rule chain.host-header,path-pattern,http-request-method,http-header,query-string,source-ip(IPv4 + IPv6 CIDR), with*/?glob wildcards.forward(weighted round-robin + AWSALB sticky cookie +X-Forwarded-*headers),fixed-response,redirect(301/302).authenticate-oidc/authenticate-cognitoreturn501(next-batch item).boundPortfield onGET /_fakecloud/elbv2/load-balancers. Disable withFAKECLOUD_ELBV2_DISABLE_DATAPLANE=true.Test plan
cargo test -p fakecloud-elbv2— 18/18 unit tests pass (router glob, CIDR, host/path/method/header conditions).cargo test -p fakecloud-e2e --test elbv2_dataplane— 2/2 (forward to registered target + fixed-response 418/teapot).cargo test -p fakecloud-conformance --test elbv2— 51/51, no regressions.cargo clippy --workspace --all-targets -- -D warningsclean.Summary by cubic
Adds an in-process HTTP data plane for ELBv2 ALBs: each active ALB binds a localhost port and routes HTTP/1.1 requests through its listener/rule chain with forward, fixed-response, and redirect actions. Enabled by default (set
FAKECLOUD_ELBV2_DISABLE_DATAPLANE=trueto disable); scope is ALBs only, with HTTPS termination and NLB TCP forwarding planned next-batch.New Features
boundPortonGET /_fakecloud/elbv2/load-balancers.host-header,path-pattern(*/?),http-request-method,http-header,query-string,source-ip(IPv4/IPv6 CIDR).forward(weighted TGs, per-TG RR, skips unhealthy/unused targets,AWSALBsticky cookie,X-Forwarded-*+X-Amzn-Trace-Id),fixed-response,redirect(301/302).authenticate-oidc/authenticate-cognitoreturn 501 for now.Bug Fixes
X-Forwarded-Portnow reflects the listener port (client-facing), not the upstream target port.Written for commit c882fde. Summary will update on new commits.