Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: account for tls termination in exposed port validation #5549

Merged
merged 3 commits into from
Dec 11, 2023
Merged

fix: account for tls termination in exposed port validation #5549

merged 3 commits into from
Dec 11, 2023

Conversation

CaptainCarpensir
Copy link
Contributor

Addresses #5536

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the Apache 2.0 License.

@CaptainCarpensir CaptainCarpensir requested a review from a team as a code owner December 11, 2023 19:22
@CaptainCarpensir CaptainCarpensir requested review from efekarakus and removed request for a team December 11, 2023 19:22
@codecov-commenter
Copy link

codecov-commenter commented Dec 11, 2023
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (d42cf47) 70.04% compared to head (af50d26) 70.03%.
Report is 1 commits behind head on mainline.

Additional details and impacted files 
@@             Coverage Diff              @@
##           mainline    #5549      +/-   ##
============================================
- Coverage     70.04%   70.03%   -0.01%     
============================================
  Files           302      302              
  Lines         46331    46355      +24     
  Branches        309      309              
============================================
+ Hits          32453    32466      +13     
- Misses        12300    12309       +9     
- Partials       1578     1580       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 11, 2023
edited
Loading

🍕 Here are the new binary sizes!

Name New size (kiB) size (kiB) Delta (%)
macOS (amd) 56788 55192 🥺 +2.89
macOS (arm) 57800 56144 🥺 +2.95
linux (amd) 49796 48440 🥺 +2.80
linux (arm) 49088 47748 🥺 +2.81
windows (amd) 46920 45672 🥺 +2.73

Lou1415926
Lou1415926 approved these changes Dec 11, 2023
View reviewed changes
internal/pkg/manifest/validate.go
Comment on lines 2243 to +2249
targetProtocol = strings.ToUpper(aws.StringValue(nlbProtocol))
}

// Handle TLS termination of container exposed port protocol
if targetProtocol == TLS {
targetProtocol = TCP
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really am not a fan of nested if-block, but I think it's more obvious this way that we set the target protocol to TCP if the listener protocol is TLS, not necessarily if the target protocol is "tls". Imagine if we expand target_port to accept a string of form 443/tls (for example to let people configure e2e encryption), then this code might become slightly confusing to refactor.

Suggested change
targetProtocol = strings.ToUpper(aws.StringValue(nlbProtocol))
}
// Handle TLS termination of container exposed port protocol
if targetProtocol == TLS {
targetProtocol = TCP
}
if strings.EqualFold(aws.StringValue(nlbProtocol), "tls") {
targetProtocol = TCP
} else {
targetProtocol = strings.ToUpper(aws.StringValue(nlbProtocol))
}

@mergify mergify bot merged commit 048c067 into aws:mainline Dec 11, 2023
@KollaAdithya KollaAdithya added do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. and removed do-not-merge Pull requests that mergify shouldn't merge until the requester allows it. labels Dec 11, 2023
@CaptainCarpensir CaptainCarpensir deleted the manifest/fix-nlb-port-validation branch January 2, 2024 17:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iamhopaul123 iamhopaul123 iamhopaul123 approved these changes

@Lou1415926 Lou1415926 Lou1415926 approved these changes

@efekarakus efekarakus Awaiting requested review from efekarakus efekarakus is a code owner automatically assigned from aws/aws-ecs-devx

Assignees
No one assigned
Labels
None yet
Projects
Sprint 🏃‍♀️
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@CaptainCarpensir @codecov-commenter @iamhopaul123 @Lou1415926 @KollaAdithya