search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.58k stars 3.88k forks source link

cdk synth : prints undefined for portless protocols #27874

Open john-aws opened 11 months ago

john-aws commented 11 months ago

Describe the bug

cdk synth prints a table of resources. For security groups, this table comprises:

The protocol printed for GRE is 47 undefined. At a guess, it is printing the protocol name followed by the uninitialized port number. Because GRE, as with numerous other protocols, has no concepts of ports, it would be better to simply print 47 or ideally some variant of GRE (47).

Expected Behavior

Expected security group with inbound protocol 47 (GRE) printout:

┌───┬─────────────────────────────────┬─────┬──────────────┬──────────────────────┐
│   │ Group                           │ Dir │ Protocol     │ Peer                 │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
│ + │ ${sg1.GroupId}                  │ In  │ All ICMP     │ Everyone (IPv4)      │
│ + │ ${sg1.GroupId}                  │ In  │ TCP 22       │ Everyone (IPv4)      │
│ + │ ${sg1.GroupId}                  │ In  │ GRE 47       │ ${sg2.GroupId}       │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤

Current Behavior

Example of security group with inbound protocol 47 (GRE) allowed:

┌───┬─────────────────────────────────┬─────┬──────────────┬──────────────────────┐
│   │ Group                           │ Dir │ Protocol     │ Peer                 │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤
│ + │ ${sg1.GroupId}                  │ In  │ All ICMP     │ Everyone (IPv4)      │
│ + │ ${sg1.GroupId}                  │ In  │ TCP 22       │ Everyone (IPv4)      │
│ + │ ${sg1.GroupId}                  │ In  │ 47 undefined │ ${sg2.GroupId}       │
├───┼─────────────────────────────────┼─────┼──────────────┼──────────────────────┤

Reproduction Steps

Pre-create an ec2.VPC and ec2.SecurityGroup and associate the following ingress rule with the latter:

    const gre_ingress= new ec2.CfnSecurityGroupIngress(this, "gre01", {
      ipProtocol: "47",
      description: "Allow inbound GRE",
      cidrIp: "192.168.1.0/24",
      groupId: "yyy",
    });

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.104.0

Framework Version

No response

Node.js Version

v18.17.1

OS

Max OS X Sonoma

Language

TypeScript

Language Version

No response

Other information

No response

khushail commented 11 months ago

thanks @john-aws for reporting this.