UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

98 lines (97 loc) 3.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
import { Construct } from 'constructs'; import { CfnVirtualNode } from './appmesh.generated'; import * as acmpca from '../../aws-acmpca'; /** * Represents the properties needed to define TLS Validation context */ interface TlsValidationCommon { /** * Represents the subject alternative names (SANs) secured by the certificate. * SANs must be in the FQDN or URI format. * * @default - If you don't specify SANs on the terminating mesh endpoint, * the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. * If you don't specify SANs on the originating mesh endpoint, * the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. */ readonly subjectAlternativeNames?: SubjectAlternativeNames; } /** * Represents the properties needed to define TLS Validation context */ export interface TlsValidation extends TlsValidationCommon { /** * Reference to where to retrieve the trust chain. */ readonly trust: TlsValidationTrust; } /** * Represents the properties needed to define TLS Validation context that is supported for mutual TLS authentication. */ export interface MutualTlsValidation extends TlsValidationCommon { /** * Reference to where to retrieve the trust chain. */ readonly trust: MutualTlsValidationTrust; } /** * All Properties for TLS Validation Trusts for both Client Policy and Listener. */ export interface TlsValidationTrustConfig { /** * VirtualNode CFN configuration for client policy's TLS Validation Trust */ readonly tlsValidationTrust: CfnVirtualNode.TlsValidationContextTrustProperty; } /** * Defines the TLS Validation Context Trust. */ export declare abstract class TlsValidationTrust { /** * Tells envoy where to fetch the validation context from */ static file(certificateChain: string): MutualTlsValidationTrust; /** * TLS Validation Context Trust for ACM Private Certificate Authority (CA). */ static acm(certificateAuthorities: acmpca.ICertificateAuthority[]): TlsValidationTrust; /** * TLS Validation Context Trust for Envoy' service discovery service. */ static sds(secretName: string): MutualTlsValidationTrust; /** * Returns Trust context based on trust type. */ abstract bind(scope: Construct): TlsValidationTrustConfig; } /** * Represents a TLS Validation Context Trust that is supported for mutual TLS authentication. */ export declare abstract class MutualTlsValidationTrust extends TlsValidationTrust { protected readonly differentiator = false; } /** * All Properties for Subject Alternative Names Matcher for both Client Policy and Listener. */ export interface SubjectAlternativeNamesMatcherConfig { /** * VirtualNode CFN configuration for subject alternative names secured by the certificate. */ readonly subjectAlternativeNamesMatch: CfnVirtualNode.SubjectAlternativeNameMatchersProperty; } /** * Used to generate Subject Alternative Names Matchers */ export declare abstract class SubjectAlternativeNames { /** * The values of the SAN must match the specified values exactly. * * @param names The exact values to test against. */ static matchingExactly(...names: string[]): SubjectAlternativeNames; /** * Returns Subject Alternative Names Matcher based on method type. */ abstract bind(scope: Construct): SubjectAlternativeNamesMatcherConfig; } export {};