Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: redirect default action for https listener #187

Merged

Conversation

oycyc
Copy link
Contributor

@oycyc oycyc commented Nov 7, 2024

what

  • Adds the ability for a HTTPS listener to have an default action of "redirect" in addition to the current two existing "fixed-response" and "target group".

  • Create a new variable to support this with default of null.

  • Ran make readme

why

There are use cases when the default action to be redirect that we want for an ALB listener if it doesn't match any rules to redirect. See image below for the action in AWS console.

This would be good to have in the module, otherwise when there is a case that this needs to be configured, this specific resource has to be stripped out.

image
image

@oycyc oycyc requested review from a team as code owners November 7, 2024 12:42
@oycyc oycyc requested review from kevcube and joe-niland November 7, 2024 12:42
@mergify mergify bot added the triage Needs triage label Nov 7, 2024
@gberenice
Copy link

/terratest

Copy link

@gberenice gberenice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@oycyc looks good, I added a couple of suggestions.
Also, could you please fix the test following this example cloudposse/terraform-aws-ecs-alb-service-task#252?
Thanks in advance 🙌

variables.tf Outdated Show resolved Hide resolved
main.tf Outdated Show resolved Hide resolved
@gberenice
Copy link

/terratest

@gberenice
Copy link

/terratest

Copy link

@gberenice gberenice left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @oycyc 👍

@gberenice gberenice merged commit d9eb6f4 into cloudposse:main Nov 7, 2024
16 checks passed
@mergify mergify bot removed the triage Needs triage label Nov 7, 2024
Copy link
Contributor

github-actions bot commented Nov 7, 2024

These changes were released in v1.11.2.

@oycyc
Copy link
Contributor Author

oycyc commented Nov 7, 2024

Awesome, thanks!

@mschfh
Copy link
Contributor

mschfh commented Nov 7, 2024

JFYI, it seems the readme was not updated after the latest commit that added the defaults:

-| <a name="input_listener_https_redirect"></a> [listener\_https\_redirect](#input\_listener\_https\_redirect) | Have the HTTPS listener return a redirect response for the default action. | <pre>object({<br/>    host        = optional(string)<br/>    path        = optional(string)<br/>    port        = optional(string)<br/>    protocol    = optional(string)<br/>    query       = optional(string)<br/>    status_code = optional(string)<br/>  })</pre> | `null` | no |
+| <a name="input_listener_https_redirect"></a> [listener\_https\_redirect](#input\_listener\_https\_redirect) | Have the HTTPS listener return a redirect response for the default action. | <pre>object({<br/>    host        = optional(string)<br/>    path        = optional(string)<br/>    port        = optional(string)<br/>    protocol    = optional(string)<br/>    query       = optional(string)<br/>    status_code = string<br/>  })</pre> | <pre>{<br/>  "host": null,<br/>  "path": null,<br/>  "port": null,<br/>  "protocol": null,<br/>  "query": null,<br/>  "status_code": "HTTP_301"<br/>}</pre> | no |

IIRC there was a CI check for this in the past, was it removed?

@oycyc
Copy link
Contributor Author

oycyc commented Nov 7, 2024

JFYI, it seems the readme was not updated after the latest commit that added the defaults:

-| <a name="input_listener_https_redirect"></a> [listener\_https\_redirect](#input\_listener\_https\_redirect) | Have the HTTPS listener return a redirect response for the default action. | <pre>object({<br/>    host        = optional(string)<br/>    path        = optional(string)<br/>    port        = optional(string)<br/>    protocol    = optional(string)<br/>    query       = optional(string)<br/>    status_code = optional(string)<br/>  })</pre> | `null` | no |
+| <a name="input_listener_https_redirect"></a> [listener\_https\_redirect](#input\_listener\_https\_redirect) | Have the HTTPS listener return a redirect response for the default action. | <pre>object({<br/>    host        = optional(string)<br/>    path        = optional(string)<br/>    port        = optional(string)<br/>    protocol    = optional(string)<br/>    query       = optional(string)<br/>    status_code = string<br/>  })</pre> | <pre>{<br/>  "host": null,<br/>  "path": null,<br/>  "port": null,<br/>  "protocol": null,<br/>  "query": null,<br/>  "status_code": "HTTP_301"<br/>}</pre> | no |

IIRC there was a CI check for this in the past, was it removed?

Thanks! Somehow got missed. I'm creating a new PR just to update the README. #188

@vonZeppelin
Copy link

Looks like #184 can be closed now, thank you for implementing this!

@oycyc
Copy link
Contributor Author

oycyc commented Nov 10, 2024

Looks like #184 can be closed now, thank you for implementing this!

Ah didn't see this issue. Thanks for linking this!

@mschfh
Copy link
Contributor

mschfh commented Nov 11, 2024

It seems this adds a redirect by default, as the default for the variable is an object, not null.

terraform-aws-alb/main.tf

Lines 231 to 232 in cb8fa65

dynamic "redirect" {
for_each = var.listener_https_redirect != null ? [var.listener_https_redirect] : []

variable "listener_https_redirect" {
description = "Have the HTTPS listener return a redirect response for the default action."
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener#status_code-2
type = object({
host = optional(string)
path = optional(string)
port = optional(string)
protocol = optional(string)
query = optional(string)
status_code = string
})
default = {
host = null
path = null
port = null
protocol = null
query = null
status_code = "HTTP_301"
}
}

Plan:

      ~ default_action {
          ~ type             = "forward" -> "redirect"
            # (2 unchanged attributes hidden)

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "#{port}"
              + protocol    = "#{protocol}"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }

Explicitly passing listener_https_redirect = null to the module does prevent this change, please update the default or adjust the for_each.

@oycyc
Copy link
Contributor Author

oycyc commented Nov 11, 2024

It seems this adds a redirect by default, as the default for the variable is an object, not null.

terraform-aws-alb/main.tf

Lines 231 to 232 in cb8fa65

dynamic "redirect" {
for_each = var.listener_https_redirect != null ? [var.listener_https_redirect] : []

variable "listener_https_redirect" {
description = "Have the HTTPS listener return a redirect response for the default action."
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_listener#status_code-2
type = object({
host = optional(string)
path = optional(string)
port = optional(string)
protocol = optional(string)
query = optional(string)
status_code = string
})
default = {
host = null
path = null
port = null
protocol = null
query = null
status_code = "HTTP_301"
}
}

Plan:

      ~ default_action {
          ~ type             = "forward" -> "redirect"
            # (2 unchanged attributes hidden)

          + redirect {
              + host        = "#{host}"
              + path        = "/#{path}"
              + port        = "#{port}"
              + protocol    = "#{protocol}"
              + query       = "#{query}"
              + status_code = "HTTP_301"
            }
        }

Explicitly passing listener_https_redirect = null to the module does prevent this change, please update the default or adjust the for_each.

@mschfh thanks for bringing this up, this would be quite an issue since it'll affect the default. Made a PR for this: #190

Really appreciate you putting this here!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants