From 46cf825739af125ef7a7369413d8e9ec071f87aa Mon Sep 17 00:00:00 2001
From: Cory Hall <43035978+corymhall@users.noreply.github.com>
Date: Thu, 8 Sep 2022 08:14:52 -0400
Subject: [PATCH] fix(elbv2): connections not created for chained listener
 actions (#21939)

When you add an action to a listener the `bind` method is called, and one of the things that is typically done is to configure security group ingress. When you chain actions together, i.e.

```ts
listener.addAction('first-action', {
  action: ListenerAction.authenticateOidc({
    next: ListenerAction.forward([secondAction]),
    ...,
  }),
});
```

Bind is never called for the second action (i.e. `next`) which means the security group ingress rules are not created.

This PR updates the `ListenerAction.bind` method to call `bind` for any `next` action that is configured.

fixes #12994


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
---
 .../lib/alb/application-listener-action.ts    |  5 +-
 .../test/alb/listener.test.ts                 | 48 +++++++++++++++++++
 2 files changed, 49 insertions(+), 4 deletions(-)

diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-action.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-action.ts
index 6f7e72d0218ab..ed25ff04055d9 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-action.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/lib/alb/application-listener-action.ts
@@ -173,10 +173,7 @@ export class ListenerAction implements IListenerAction {
    * Called when the action is being used in a listener
    */
   public bind(scope: Construct, listener: IApplicationListener, associatingConstruct?: IConstruct) {
-    // Empty on purpose
-    Array.isArray(scope);
-    Array.isArray(listener);
-    Array.isArray(associatingConstruct);
+    this.next?.bind(scope, listener, associatingConstruct);
   }
 
   /**
diff --git a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts
index d4095c93c5525..e1e100db6e9ff 100644
--- a/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts
+++ b/packages/@aws-cdk/aws-elasticloadbalancingv2/test/alb/listener.test.ts
@@ -4,6 +4,7 @@ import { Metric } from '@aws-cdk/aws-cloudwatch';
 import * as ec2 from '@aws-cdk/aws-ec2';
 import { describeDeprecated, testDeprecated } from '@aws-cdk/cdk-build-tools';
 import * as cdk from '@aws-cdk/core';
+import { SecretValue } from '@aws-cdk/core';
 import * as constructs from 'constructs';
 import * as elbv2 from '../../lib';
 import { FakeSelfRegisteringTarget } from '../helpers';
@@ -261,6 +262,53 @@ describe('tests', () => {
     });
   });
 
+  test('bind is called for all next targets', () => {
+    // GIVEN
+    const stack = new cdk.Stack();
+    const vpc = new ec2.Vpc(stack, 'Stack');
+    const lb = new elbv2.ApplicationLoadBalancer(stack, 'LB', { vpc });
+    const listener = lb.addListener('Listener', { port: 80 });
+    const fake = new FakeSelfRegisteringTarget(stack, 'FakeTG', vpc);
+    const group = new elbv2.ApplicationTargetGroup(stack, 'TargetGroup', {
+      vpc,
+      port: 80,
+      targets: [fake],
+    });
+
+    // WHEN
+    listener.addAction('first-action', {
+      action: elbv2.ListenerAction.authenticateOidc({
+        next: elbv2.ListenerAction.forward([group]),
+        issuer: 'dummy',
+        clientId: 'dummy',
+        clientSecret: SecretValue.unsafePlainText('dummy'),
+        tokenEndpoint: 'dummy',
+        userInfoEndpoint: 'dummy',
+        authorizationEndpoint: 'dummy',
+      }),
+    });
+
+    // THEN
+    Template.fromStack(stack).hasResourceProperties('AWS::EC2::SecurityGroupIngress', {
+      IpProtocol: 'tcp',
+      Description: 'Load balancer to target',
+      FromPort: 80,
+      ToPort: 80,
+      GroupId: {
+        'Fn::GetAtt': [
+          'FakeTGSG50E257DF',
+          'GroupId',
+        ],
+      },
+      SourceSecurityGroupId: {
+        'Fn::GetAtt': [
+          'LBSecurityGroup8A41EA2B',
+          'GroupId',
+        ],
+      },
+    });
+  });
+
   testDeprecated('Can implicitly create target groups with and without conditions', () => {
     // GIVEN
     const stack = new cdk.Stack();