search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.71k stars 3.93k forks source link

(aws_elasticloadbalancingv2): TargetGroupListenerAction.bind not called when chained with another ListenerAction #18944

Open franswah opened 2 years ago

franswah commented 2 years ago

What is the problem?

I am trying to add a default action to my Application Listener which uses OIDC authentication before forwarding to a target group. This is the code snippet copied exactly from the CDK documentation:

declare const listener: elbv2.ApplicationListener;
declare const myTargetGroup: elbv2.ApplicationTargetGroup;

listener.addAction('DefaultAction', {
  action: elbv2.ListenerAction.authenticateOidc({
    authorizationEndpoint: 'https://example.com/openid',
    // Other OIDC properties here
    clientId: '...',
    clientSecret: SecretValue.secretsManager('...'),
    issuer: '...',
    tokenEndpoint: '...',
    userInfoEndpoint: '...',

    // Next
    next: elbv2.ListenerAction.forward([myTargetGroup]),
  }),
});

However, since addAction is not called directly with the TargetGroupListenerAction, the listener never calls bind on the Forward action, and so the target group is not registered with the listener.

bind is only called on the action directly passed to addAction, and the OIDC Listener Action has the default no-op bind implementation without calling bind on the "next" action.

This doesn't seem to be a problem for deploying the application listener with the expected set of actions. However, if I want to reference this target group elsewhere in my CDK, for example to create a dashboard with metrics, CDK throws an error due to no listener being registered with the target group.

Reproduction Steps

Follow example for creating OIDC default action chained with a forward action https://github.com/aws/aws-cdk/blob/master/packages/%40aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-target-group.ts#L242.

Call myTargetGroup.metric(...) after doing so.

What did you expect to happen?

Target group is registered with the Application Listener and I can use the TargetGroup.metric convenience method.

What actually happened?

TargetGroup.metric throws an error stating it is not bound to an application load balancer/listener.

CDK CLI Version

1.139.0

Framework Version

No response

Node.js Version

12.19.0

OS

macOS

Language

Typescript

Language Version

No response

Other information

No response

nihakue commented 2 years ago

Are there any workarounds? I'm still wrapping my head around the problem but it seems like connections are also missing in this case. When I added a ListenerAction.authenticateOidc in front of a forward action, I saw that my cloudformation template removed the connections to and from my target security group.

nihakue commented 2 years ago

Possibly related to https://github.com/aws/aws-cdk/issues/19035

nihakue commented 2 years ago

The workaround (a dummy action) in #19035 worked around this issue as well.

ashishdhingra commented 5 months ago

@franswah Good afternoon. I noticed that the relates issue https://github.com/aws/aws-cdk/issues/19035 is closed. Could you please confirm if this is still an issue with CDK v2; OR if this could be closed.

Thanks, Ashish

github-actions[bot] commented 5 months ago

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.