Skip to content

Commit

Permalink
prototype: e2e encryption all the way to the task
Browse files Browse the repository at this point in the history
  • Loading branch information
efekarakus committed Sep 20, 2022
1 parent ad2f4ad commit 7b2a5e3
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 4 deletions.
13 changes: 9 additions & 4 deletions internal/pkg/deploy/cloudformation/stack/lb_web_svc.go
Original file line number Diff line number Diff line change
Expand Up @@ -189,17 +189,22 @@ func (s *LoadBalancedWebService) Template() (string, error) {
if s.manifest.RoutingRule.RedirectToHTTPS != nil {
httpRedirect = aws.BoolValue(s.manifest.RoutingRule.RedirectToHTTPS)
}
tgContainer, tgPort := s.httpLoadBalancerTarget()
content, err := s.parser.ParseLoadBalancedWebService(template.WorkloadOpts{
AppName: s.app,
EnvName: s.env,
WorkloadName: s.name,
SerializedManifest: string(s.rawManifest),
EnvVersion: s.rc.EnvVersion,

Variables: s.manifest.TaskConfig.Variables,
Secrets: convertSecrets(s.manifest.TaskConfig.Secrets),
Aliases: aliases,
HTTPSListener: s.httpsEnabled,
Variables: s.manifest.TaskConfig.Variables,
Secrets: convertSecrets(s.manifest.TaskConfig.Secrets),
Aliases: aliases,
HTTPSListener: s.httpsEnabled,
TargetContainer: &template.TargetContainer{
Name: aws.StringValue(tgContainer),
Port: aws.StringValue(tgPort),
},
HTTPRedirect: httpRedirect,
NestedStack: addonsOutputs,
AddonsExtraParams: addonsParams,
Expand Down
4 changes: 4 additions & 0 deletions internal/pkg/template/templates/workloads/partials/cf/alb.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ TargetGroup:
HealthCheckTimeoutSeconds: {{.HTTPHealthCheck.Timeout}}
{{- end}}
Port: !Ref ContainerPort
{{- if eq .TargetContainer.Port "443" }}
Protocol: HTTPS
{{- else }}
Protocol: HTTP
{{- end }}
{{- if .HTTPVersion}}
ProtocolVersion: {{.HTTPVersion}}
{{- end}}
Expand Down
6 changes: 6 additions & 0 deletions internal/pkg/template/workload.go
Original file line number Diff line number Diff line change
Expand Up @@ -482,6 +482,11 @@ type S3ObjectLocation struct {
Key string // Key of the object.
}

type TargetContainer struct {
Name string
Port string
}

// WorkloadOpts holds optional data that can be provided to enable features in a workload stack template.
type WorkloadOpts struct {
AppName string
Expand Down Expand Up @@ -514,6 +519,7 @@ type WorkloadOpts struct {
DependsOn map[string]string
Publish *PublishOpts
ServiceDiscoveryEndpoint string
TargetContainer *TargetContainer
HTTPVersion *string
ALBEnabled bool
HostedZoneAliases AliasesForHostedZone
Expand Down

1 comment on commit 7b2a5e3

@coingraham
Copy link

@coingraham coingraham commented on 7b2a5e3 Sep 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this gets us an MVP working solution. Note that the same logic would need to exist for the HealthCheckProcol too since the healthcheck would also need HTTPS.

Please sign in to comment.