From 89cc14088fd5c1d4054b7b6e3f9f979933ef6a86 Mon Sep 17 00:00:00 2001 From: Michael CC <333mmcc@gmail.com> Date: Thu, 25 Apr 2024 01:33:57 +0000 Subject: [PATCH 1/5] Handle denyAllIgwTraffic for Ipv4 LB --- .../lib/shared/base-load-balancer.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts index c04757e4cd11b..b97119187fc05 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts @@ -1,4 +1,5 @@ import { Construct } from 'constructs'; +import { IpAddressType } from './enums'; import { Attributes, ifUndefined, mapTagMapToCxschema, renderAttributes } from './util'; import * as ec2 from '../../../aws-ec2'; import * as iam from '../../../aws-iam'; @@ -250,7 +251,9 @@ export abstract class BaseLoadBalancer extends Resource { this.setAttribute('load_balancing.cross_zone.enabled', baseProps.crossZoneEnabled === true ? 'true' : 'false'); } - if (baseProps.denyAllIgwTraffic !== undefined) { + if (additionalProps.ipAddressType === IpAddressType.IPV4 && baseProps.denyAllIgwTraffic === false) { + throw new Error('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); + } else if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK && baseProps.denyAllIgwTraffic !== undefined) { this.setAttribute('ipv6.deny_all_igw_traffic', baseProps.denyAllIgwTraffic.toString()); } From 291c665c50282ef6a1265cb7532448592ab5cad2 Mon Sep 17 00:00:00 2001 From: Michael CC <333mmcc@gmail.com> Date: Thu, 25 Apr 2024 21:02:33 +1000 Subject: [PATCH 2/5] Added testing --- .../aws-cdk-nlb-attributes-integ.assets.json | 4 ++-- ...aws-cdk-nlb-attributes-integ.template.json | 4 ---- .../cdk.out | 0 .../integ.json | 0 .../manifest.json | 2 +- ...efaultTestDeployAssert2D727654.assets.json | 0 ...aultTestDeployAssert2D727654.template.json | 0 .../tree.json | 4 ---- ...-attributes.ts => integ.nlb.attributes.ts} | 0 .../test/alb/load-balancer.test.ts | 19 +++++++++++++++---- .../test/nlb/load-balancer.test.ts | 19 +++++++++++++++---- 11 files changed, 33 insertions(+), 19 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.assets.json (74%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.template.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/cdk.out (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/integ.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/manifest.json (98%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/tree.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.ts => integ.nlb.attributes.ts} (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json similarity index 74% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json index e77f03c32cea8..735a50310b09e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358": { + "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868": { "source": { "path": "aws-cdk-nlb-attributes-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", + "objectKey": "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json index 92f24238a0511..6b0938a571195 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json @@ -403,10 +403,6 @@ "Key": "load_balancing.cross_zone.enabled", "Value": "true" }, - { - "Key": "ipv6.deny_all_igw_traffic", - "Value": "true" - }, { "Key": "dns_record.client_routing_policy", "Value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json similarity index 98% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json index 7e9b4e6aa18a8..a1c96857eb6ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json index dfe987eaa13bc..0d0cf8680c4d7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json @@ -670,10 +670,6 @@ "key": "load_balancing.cross_zone.enabled", "value": "true" }, - { - "key": "ipv6.deny_all_igw_traffic", - "value": "true" - }, { "key": "dns_record.client_routing_policy", "value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index bb3293a799d5b..db23ab34b246d 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -99,10 +99,6 @@ describe('tests', () => { Key: 'deletion_protection.enabled', Value: 'true', }, - { - Key: 'ipv6.deny_all_igw_traffic', - Value: 'true', - }, { Key: 'routing.http2.enabled', Value: 'false', @@ -171,6 +167,21 @@ describe('tests', () => { }).toThrow('\'clientKeepAlive\' must be between 60 and 604800 seconds. Got: 100 milliseconds'); }); + test('throw error for denyAllIgwTraffic set to false for Ipv4 adressing.', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // THEN + expect(() => { + new elbv2.ApplicationLoadBalancer(stack, 'LB', { + vpc, + denyAllIgwTraffic: false, + ipAddressType: elbv2.IpAddressType.IPV4, + }); + }).toThrow('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); + }); + describe('Desync mitigation mode', () => { test('Defensive', () => { // GIVEN diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts index 06aedaadf5be4..f28d7bacff1f5 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts @@ -91,10 +91,6 @@ describe('tests', () => { Key: 'load_balancing.cross_zone.enabled', Value: 'true', }, - { - Key: 'ipv6.deny_all_igw_traffic', - Value: 'true', - }, { Key: 'dns_record.client_routing_policy', Value: 'partial_availability_zone_affinity', @@ -488,6 +484,21 @@ describe('tests', () => { }).toThrow('Load balancer name: "my load balancer" must contain only alphanumeric characters or hyphens.'); }); + test('loadBalancerName unallowed: denyAllIgwTraffic set to false for Ipv4 adressing', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // THEN + expect(() => { + new elbv2.NetworkLoadBalancer(stack, 'NLB', { + vpc, + denyAllIgwTraffic: false, + ipAddressType: elbv2.IpAddressType.IPV4, + }); + }).toThrow('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); + }); + test('imported network load balancer with no vpc specified throws error when calling addTargets', () => { // GIVEN const stack = new cdk.Stack(); From 3b9ab476f8585a343a61c7b9a777dc2600a5d868 Mon Sep 17 00:00:00 2001 From: Michael CC <333mmcc@gmail.com> Date: Fri, 26 Apr 2024 15:11:47 +1000 Subject: [PATCH 3/5] revert integration test changes --- .../aws-cdk-nlb-attributes-integ.assets.json | 4 ++-- .../aws-cdk-nlb-attributes-integ.template.json | 4 ++++ .../cdk.out | 0 .../integ.json | 0 .../manifest.json | 2 +- ...attlibutesintegDefaultTestDeployAssert2D727654.assets.json | 0 ...tlibutesintegDefaultTestDeployAssert2D727654.template.json | 0 .../tree.json | 4 ++++ .../test/{integ.nlb.attributes.ts => integ.nlb-attributes.ts} | 0 9 files changed, 11 insertions(+), 3 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.assets.json (74%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.template.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/cdk.out (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/integ.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/manifest.json (98%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.js.snapshot => integ.nlb-attributes.js.snapshot}/tree.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb.attributes.ts => integ.nlb-attributes.ts} (100%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json similarity index 74% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json index 735a50310b09e..e77f03c32cea8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868": { + "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358": { "source": { "path": "aws-cdk-nlb-attributes-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", + "objectKey": "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json index 6b0938a571195..92f24238a0511 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json @@ -403,6 +403,10 @@ "Key": "load_balancing.cross_zone.enabled", "Value": "true" }, + { + "Key": "ipv6.deny_all_igw_traffic", + "Value": "true" + }, { "Key": "dns_record.client_routing_policy", "Value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json similarity index 98% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json index a1c96857eb6ba..7e9b4e6aa18a8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json index 0d0cf8680c4d7..dfe987eaa13bc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json @@ -670,6 +670,10 @@ "key": "load_balancing.cross_zone.enabled", "value": "true" }, + { + "key": "ipv6.deny_all_igw_traffic", + "value": "true" + }, { "key": "dns_record.client_routing_policy", "value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts From abd1ff2e513d2f6a4a05a8daad0e7d8b1ba4a749 Mon Sep 17 00:00:00 2001 From: Michael CC <333mmcc@gmail.com> Date: Fri, 26 Apr 2024 17:15:19 +1000 Subject: [PATCH 4/5] logic and unit test changes --- .../lib/shared/base-load-balancer.ts | 10 ++-- .../test/alb/load-balancer.test.ts | 56 +++++++++++++++++-- .../test/nlb/load-balancer.test.ts | 39 +++++++++++-- 3 files changed, 90 insertions(+), 15 deletions(-) diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts index b97119187fc05..03cc66dc1744b 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/lib/shared/base-load-balancer.ts @@ -251,10 +251,12 @@ export abstract class BaseLoadBalancer extends Resource { this.setAttribute('load_balancing.cross_zone.enabled', baseProps.crossZoneEnabled === true ? 'true' : 'false'); } - if (additionalProps.ipAddressType === IpAddressType.IPV4 && baseProps.denyAllIgwTraffic === false) { - throw new Error('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); - } else if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK && baseProps.denyAllIgwTraffic !== undefined) { - this.setAttribute('ipv6.deny_all_igw_traffic', baseProps.denyAllIgwTraffic.toString()); + if (baseProps.denyAllIgwTraffic !== undefined) { + if (additionalProps.ipAddressType === IpAddressType.DUAL_STACK) { + this.setAttribute('ipv6.deny_all_igw_traffic', baseProps.denyAllIgwTraffic.toString()); + } else { + throw new Error(`'denyAllIgwTraffic' may only be set on load balancers with ${IpAddressType.DUAL_STACK} addressing.`); + } } this.loadBalancerCanonicalHostedZoneId = resource.attrCanonicalHostedZoneId; diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts index db23ab34b246d..930f3a2a18923 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/alb/load-balancer.test.ts @@ -84,7 +84,6 @@ describe('tests', () => { idleTimeout: cdk.Duration.seconds(1000), dropInvalidHeaderFields: true, clientKeepAlive: cdk.Duration.seconds(200), - denyAllIgwTraffic: true, preserveHostHeader: true, xAmznTlsVersionAndCipherSuiteHeaders: true, preserveXffClientPort: true, @@ -167,7 +166,12 @@ describe('tests', () => { }).toThrow('\'clientKeepAlive\' must be between 60 and 604800 seconds. Got: 100 milliseconds'); }); - test('throw error for denyAllIgwTraffic set to false for Ipv4 adressing.', () => { + test.each([ + [false, undefined], + [true, undefined], + [false, elbv2.IpAddressType.IPV4], + [true, elbv2.IpAddressType.IPV4], + ])('throw error for denyAllIgwTraffic set to %s for Ipv4 (default) addressing.', (denyAllIgwTraffic, ipAddressType) => { // GIVEN const stack = new cdk.Stack(); const vpc = new ec2.Vpc(stack, 'Stack'); @@ -176,10 +180,10 @@ describe('tests', () => { expect(() => { new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc, - denyAllIgwTraffic: false, - ipAddressType: elbv2.IpAddressType.IPV4, + denyAllIgwTraffic: denyAllIgwTraffic, + ipAddressType: ipAddressType, }); - }).toThrow('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); + }).toThrow(`'denyAllIgwTraffic' may only be set on load balancers with ${elbv2.IpAddressType.DUAL_STACK} addressing.`); }); describe('Desync mitigation mode', () => { @@ -982,6 +986,27 @@ describe('tests', () => { }); }); + test('Can create internet-facing dualstack ApplicationLoadBalancer with denyAllIgwTraffic set to false', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // WHEN + new elbv2.ApplicationLoadBalancer(stack, 'LB', { + vpc, + denyAllIgwTraffic: false, + internetFacing: true, + ipAddressType: elbv2.IpAddressType.DUAL_STACK, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internet-facing', + Type: 'application', + IpAddressType: 'dualstack', + }); + }); + test('Can create internal dualstack ApplicationLoadBalancer', () => { // GIVEN const stack = new cdk.Stack(); @@ -1000,5 +1025,26 @@ describe('tests', () => { IpAddressType: 'dualstack', }); }); + + test.each([undefined, false])('Can create internal dualstack ApplicationLoadBalancer with denyAllIgwTraffic set to true', (internetFacing) => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // WHEN + new elbv2.ApplicationLoadBalancer(stack, 'LB', { + vpc, + denyAllIgwTraffic: true, + internetFacing: internetFacing, + ipAddressType: elbv2.IpAddressType.DUAL_STACK, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internal', + Type: 'application', + IpAddressType: 'dualstack', + }); + }); }); }); diff --git a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts index f28d7bacff1f5..95bc432eb022a 100644 --- a/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts +++ b/packages/aws-cdk-lib/aws-elasticloadbalancingv2/test/nlb/load-balancer.test.ts @@ -80,7 +80,6 @@ describe('tests', () => { new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc, crossZoneEnabled: true, - denyAllIgwTraffic: true, clientRoutingPolicy: elbv2.ClientRoutingPolicy.PARTIAL_AVAILABILITY_ZONE_AFFINITY, }); @@ -484,7 +483,12 @@ describe('tests', () => { }).toThrow('Load balancer name: "my load balancer" must contain only alphanumeric characters or hyphens.'); }); - test('loadBalancerName unallowed: denyAllIgwTraffic set to false for Ipv4 adressing', () => { + test.each([ + [false, undefined], + [true, undefined], + [false, elbv2.IpAddressType.IPV4], + [true, elbv2.IpAddressType.IPV4], + ])('throw error for denyAllIgwTraffic set to %s for Ipv4 (default) addressing.', (denyAllIgwTraffic, ipAddressType) => { // GIVEN const stack = new cdk.Stack(); const vpc = new ec2.Vpc(stack, 'Stack'); @@ -493,10 +497,10 @@ describe('tests', () => { expect(() => { new elbv2.NetworkLoadBalancer(stack, 'NLB', { vpc, - denyAllIgwTraffic: false, - ipAddressType: elbv2.IpAddressType.IPV4, + denyAllIgwTraffic: denyAllIgwTraffic, + ipAddressType: ipAddressType, }); - }).toThrow('\'denyAllIgwTraffic\' cannot be false on load balancers with IPv4 addressing.'); + }).toThrow(`'denyAllIgwTraffic' may only be set on load balancers with ${elbv2.IpAddressType.DUAL_STACK} addressing.`); }); test('imported network load balancer with no vpc specified throws error when calling addTargets', () => { @@ -1085,7 +1089,28 @@ describe('tests', () => { }); }); - test('Can create internal dualstack NetworkLoadBalancer', () => { + test('Can create internet-facing dualstack NetworkLoadBalancer with denyAllIgwTraffic set to false', () => { + // GIVEN + const stack = new cdk.Stack(); + const vpc = new ec2.Vpc(stack, 'Stack'); + + // WHEN + new elbv2.NetworkLoadBalancer(stack, 'LB', { + vpc, + denyAllIgwTraffic: false, + internetFacing: true, + ipAddressType: elbv2.IpAddressType.DUAL_STACK, + }); + + // THEN + Template.fromStack(stack).hasResourceProperties('AWS::ElasticLoadBalancingV2::LoadBalancer', { + Scheme: 'internet-facing', + Type: 'network', + IpAddressType: 'dualstack', + }); + }); + + test.each([undefined, false])('Can create internal dualstack NetworkLoadBalancer with denyAllIgwTraffic set to true', (internetFacing) => { // GIVEN const stack = new cdk.Stack(); const vpc = new ec2.Vpc(stack, 'Stack'); @@ -1093,6 +1118,8 @@ describe('tests', () => { // WHEN new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc, + denyAllIgwTraffic: true, + internetFacing: internetFacing, ipAddressType: elbv2.IpAddressType.DUAL_STACK, }); From 8542f60555593032fe95c432ed11048a42a23d72 Mon Sep 17 00:00:00 2001 From: Michael CC <333mmcc@gmail.com> Date: Sat, 27 Apr 2024 10:29:17 +1000 Subject: [PATCH 5/5] Add back integration testing --- .../aws-cdk-nlb-attributes-integ.assets.json | 4 ++-- .../aws-cdk-nlb-attributes-integ.template.json | 4 ---- .../cdk.out | 0 .../integ.json | 0 .../manifest.json | 2 +- ...ibutesintegDefaultTestDeployAssert2D727654.assets.json | 0 ...utesintegDefaultTestDeployAssert2D727654.template.json | 0 .../tree.json | 4 ---- .../{integ.nlb-attributes.ts => integ.nlb.attributes.ts} | 1 - ...ternalIntegDefaultTestDeployAssertEEBE69CB.assets.json | 2 +- .../aws-cdk-nlb-dualstack-internal.assets.json | 6 +++--- .../aws-cdk-nlb-dualstack-internal.template.json | 4 ++++ .../test/integ.nlb.dualstack.internal.js.snapshot/cdk.out | 2 +- .../integ.nlb.dualstack.internal.js.snapshot/integ.json | 2 +- .../manifest.json | 4 ++-- .../integ.nlb.dualstack.internal.js.snapshot/tree.json | 8 ++++++-- .../test/integ.nlb.dualstack.internal.ts | 1 + 17 files changed, 22 insertions(+), 22 deletions(-) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.assets.json (74%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/aws-cdk-nlb-attributes-integ.template.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/cdk.out (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/integ.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/manifest.json (98%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json (100%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.js.snapshot => integ.nlb.attributes.js.snapshot}/tree.json (99%) rename packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/{integ.nlb-attributes.ts => integ.nlb.attributes.ts} (96%) diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json similarity index 74% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json index e77f03c32cea8..735a50310b09e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.assets.json @@ -1,7 +1,7 @@ { "version": "36.0.0", "files": { - "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358": { + "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868": { "source": { "path": "aws-cdk-nlb-attributes-integ.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", + "objectKey": "07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json index 92f24238a0511..6b0938a571195 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/aws-cdk-nlb-attributes-integ.template.json @@ -403,10 +403,6 @@ "Key": "load_balancing.cross_zone.enabled", "Value": "true" }, - { - "Key": "ipv6.deny_all_igw_traffic", - "Value": "true" - }, { "Key": "dns_record.client_routing_policy", "Value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/cdk.out rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/cdk.out diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/integ.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/integ.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json similarity index 98% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json index 7e9b4e6aa18a8..a1c96857eb6ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/manifest.json @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/fde94b9ee2e36931660662e5ad6718e40f59c205fc43297b7480bf3e57157358.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/07d7b501e39a18940f72d7c69e969b9cbae9ae21f85424c29235d75d73d23868.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.assets.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/nlbattlibutesintegDefaultTestDeployAssert2D727654.template.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json similarity index 99% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json index dfe987eaa13bc..0d0cf8680c4d7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.js.snapshot/tree.json @@ -670,10 +670,6 @@ "key": "load_balancing.cross_zone.enabled", "value": "true" }, - { - "key": "ipv6.deny_all_igw_traffic", - "value": "true" - }, { "key": "dns_record.client_routing_policy", "value": "partial_availability_zone_affinity" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts similarity index 96% rename from packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts rename to packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts index 2e83d346c4095..83e16ffc528fb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb-attributes.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.attributes.ts @@ -15,7 +15,6 @@ new elbv2.NetworkLoadBalancer(stack, 'NLB', { vpc, crossZoneEnabled: true, deletionProtection: false, - denyAllIgwTraffic: true, clientRoutingPolicy: elbv2.ClientRoutingPolicy.PARTIAL_AVAILABILITY_ZONE_AFFINITY, }); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/NlbDualstackInternalIntegDefaultTestDeployAssertEEBE69CB.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/NlbDualstackInternalIntegDefaultTestDeployAssertEEBE69CB.assets.json index 7e57dba7c952d..95c2a18a0ed15 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/NlbDualstackInternalIntegDefaultTestDeployAssertEEBE69CB.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/NlbDualstackInternalIntegDefaultTestDeployAssertEEBE69CB.assets.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.assets.json index 5b5dd05701922..7b0baaeaa53c3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.assets.json @@ -1,7 +1,7 @@ { - "version": "33.0.0", + "version": "36.0.0", "files": { - "64398efb6ed2890dc81c5e8a78e224af3c1405160bdb68c84b0536ee84347f02": { + "5e1cb71a2ebbd6ad655a1f43c8a197eb6843007ae7194b8c2fdc559d4699d13a": { "source": { "path": "aws-cdk-nlb-dualstack-internal.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "64398efb6ed2890dc81c5e8a78e224af3c1405160bdb68c84b0536ee84347f02.json", + "objectKey": "5e1cb71a2ebbd6ad655a1f43c8a197eb6843007ae7194b8c2fdc559d4699d13a.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.template.json index 68c70c40d5f6e..3d80ec8f9a6db 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/aws-cdk-nlb-dualstack-internal.template.json @@ -210,6 +210,10 @@ { "Key": "deletion_protection.enabled", "Value": "false" + }, + { + "Key": "ipv6.deny_all_igw_traffic", + "Value": "true" } ], "Scheme": "internal", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/cdk.out index 560dae10d018f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"33.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/integ.json index 07a78b1505bf6..c7657b896692a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/integ.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "testCases": { "NlbDualstackInternalInteg/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/manifest.json index 17d35be6e3256..b3922336a291f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "33.0.0", + "version": "36.0.0", "artifacts": { "aws-cdk-nlb-dualstack-internal.assets": { "type": "cdk:asset-manifest", @@ -18,7 +18,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/64398efb6ed2890dc81c5e8a78e224af3c1405160bdb68c84b0536ee84347f02.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/5e1cb71a2ebbd6ad655a1f43c8a197eb6843007ae7194b8c2fdc559d4699d13a.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/tree.json index 5556d279c8312..a97ba4b53756c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.js.snapshot/tree.json @@ -317,6 +317,10 @@ { "key": "deletion_protection.enabled", "value": "false" + }, + { + "key": "ipv6.deny_all_igw_traffic", + "value": "true" } ], "scheme": "internal", @@ -446,7 +450,7 @@ "path": "NlbDualstackInternalInteg/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } }, "DeployAssert": { @@ -492,7 +496,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.70" + "version": "10.3.0" } } }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.ts index f58ef54ee3178..cbb5ebe76d77c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-elasticloadbalancingv2/test/integ.nlb.dualstack.internal.ts @@ -31,6 +31,7 @@ const subnetIpv6CidrBlocks = cdk.Fn.cidr(vpcIpv6CidrBlock, 256, '64'); const lb = new elbv2.NetworkLoadBalancer(stack, 'LB', { vpc, + denyAllIgwTraffic: true, ipAddressType: elbv2.IpAddressType.DUAL_STACK, });