Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

interface required when enabling SSL in NLB listener does not exist #5330

Closed
tommycha opened this issue Dec 6, 2019 · 2 comments · Fixed by #5405
Closed

interface required when enabling SSL in NLB listener does not exist #5330

tommycha opened this issue Dec 6, 2019 · 2 comments · Fixed by #5405
Assignees
@rix0rrr
Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p1

Comments

@tommycha
Copy link

tommycha commented Dec 6, 2019

When enabling SSL in NLB listener interface INetworkListenerCertificateProps is required:

add_listener(id, *, port, certificates=None, default_target_groups=None, protocol=None, ssl_policy=None)
    Add a listener to this load balancer.
    Parameters
            id (str) –
            props –
            port (Union[int, float]) – The port on which the listener listens for requests.
            certificates (Optional[List[INetworkListenerCertificateProps]]) – Certificate list of ACM cert ARNs. Default: - No certificates.
            default_target_groups (Optional[List[INetworkTargetGroup]]) – Default target groups to load balance to. Default: - None.
            protocol (Optional[Protocol]) – Protocol for listener, expects TCP or TLS. Default: - TLS if certificates are provided. TCP otherwise.
            ssl_policy (Optional[SslPolicy]) – SSL Policy. Default: - Current predefined security policy.

However there is nothing that creates that interface.

Reproduction Steps

        listener = some_nlb.add_listener(
            'SslListener',
            port=443,
            certificates=[certmanager_ssl],
            default_target_groups=[target_group],
            protocol = elbv2.Protocol.TLS,
        )

Error Log

Error: Resolution error: Resolution error: Trying to resolve() a Construct at ../Properties/certificates/0/node

Environment

  • **CLI Version : aws-cli/1.16.100 Python/3.7.2 Darwin/18.5.0 botocore/1.12.90 **
  • Framework Version: 1.18
  • OS : mac
  • **Language : Python **

Other

This is 🐛 Bug Report
@tommycha tommycha added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Dec 6, 2019
@SomayaB SomayaB added the @aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing label Dec 9, 2019
@hossein-aminaiee
Copy link

I have the same problem. Is there any workaround until the bug gets fixed?

@rix0rrr
Copy link
Contributor

rix0rrr commented Dec 13, 2019

Something like the following should tide you over:

@jsii.implements(elbv2.INetworkListenerCertificateProps)
class Certificate:
  def __init__(self, arn):
    self.arn = arn

  @property
  def certificate_arn(self):
    return self.arn

rix0rrr added a commit that referenced this issue Dec 13, 2019
@rix0rrr
refactor(elbv2): introduce ListenerCertificate
7ef7f6c 
Finally model certificates in a consistent way, using an
`IListenerCertificate` interface (it has to be an interface
to be able to maintain backwards compatibility with the
erroneously introduced `INetworkListenerCertificateProps` interface)
and an implemention of it called `ListenerCertificate`.

`ListenerCertificate` can currently be created from an ACM certificate,
and in the future should also be creatable from an IAM certificate.

Make it the same for ALB and NLBs.

Fixes #5330.
@rix0rrr rix0rrr mentioned this issue Dec 13, 2019
Merged
@rix0rrr rix0rrr added the p1 label Dec 13, 2019
@mergify mergify bot closed this as completed in #5405 Dec 13, 2019
mergify bot pushed a commit that referenced this issue Dec 13, 2019
@rix0rrr @mergify
refactor(elbv2): introduce ListenerCertificate (#5405)
32b98a8 
Finally model certificates in a consistent way, using an
`IListenerCertificate` interface (it has to be an interface
to be able to maintain backwards compatibility with the
erroneously introduced `INetworkListenerCertificateProps` interface)
and an implemention of it called `ListenerCertificate`.

`ListenerCertificate` can currently be created from an ACM certificate,
and in the future should also be creatable from an IAM certificate.

Make it the same for ALB and NLBs.

Fixes #5330.
ed-at-work pushed a commit to ed-at-work/aws-cdk that referenced this issue Dec 17, 2019
@rix0rrr
refactor(elbv2): introduce ListenerCertificate (aws#5405)
34ad4c0 
Finally model certificates in a consistent way, using an
`IListenerCertificate` interface (it has to be an interface
to be able to maintain backwards compatibility with the
erroneously introduced `INetworkListenerCertificateProps` interface)
and an implemention of it called `ListenerCertificate`.

`ListenerCertificate` can currently be created from an ACM certificate,
and in the future should also be creatable from an IAM certificate.

Make it the same for ALB and NLBs.

Fixes aws#5330.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rix0rrr rix0rrr

Labels
@aws-cdk/aws-elasticloadbalancing Related to Amazon Elastic Load Balancing bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. p1
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

refactor(elbv2): introduce ListenerCertificate aws/aws-cdk
4 participants
@rix0rrr @tommycha @SomayaB @hossein-aminaiee