UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 12.8 kB
1
2
"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.ClientVpnEndpoint=exports.ClientVpnUserBasedAuthentication=exports.ClientVpnSessionTimeout=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var constructs_1=()=>{var tmp=require("constructs");return constructs_1=()=>tmp,tmp},client_vpn_authorization_rule_1=()=>{var tmp=require("./client-vpn-authorization-rule");return client_vpn_authorization_rule_1=()=>tmp,tmp},client_vpn_route_1=()=>{var tmp=require("./client-vpn-route");return client_vpn_route_1=()=>tmp,tmp},connections_1=()=>{var tmp=require("./connections");return connections_1=()=>tmp,tmp},ec2_generated_1=()=>{var tmp=require("./ec2.generated");return ec2_generated_1=()=>tmp,tmp},network_util_1=()=>{var tmp=require("./network-util");return network_util_1=()=>tmp,tmp},security_group_1=()=>{var tmp=require("./security-group");return security_group_1=()=>tmp,tmp},logs=()=>{var tmp=require("../../aws-logs");return logs=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},ClientVpnSessionTimeout;(function(ClientVpnSessionTimeout2){ClientVpnSessionTimeout2[ClientVpnSessionTimeout2.EIGHT_HOURS=8]="EIGHT_HOURS",ClientVpnSessionTimeout2[ClientVpnSessionTimeout2.TEN_HOURS=10]="TEN_HOURS",ClientVpnSessionTimeout2[ClientVpnSessionTimeout2.TWELVE_HOURS=12]="TWELVE_HOURS",ClientVpnSessionTimeout2[ClientVpnSessionTimeout2.TWENTY_FOUR_HOURS=24]="TWENTY_FOUR_HOURS"})(ClientVpnSessionTimeout||(exports.ClientVpnSessionTimeout=ClientVpnSessionTimeout={}));class ClientVpnUserBasedAuthentication{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.ClientVpnUserBasedAuthentication",version:"2.233.0"};static activeDirectory(directoryId){return new ActiveDirectoryAuthentication(directoryId)}static federated(samlProvider,selfServiceSamlProvider){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_iam_ISAMLProviderRef(samlProvider),jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_iam_ISAMLProviderRef(selfServiceSamlProvider)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.federated),error}return new FederatedAuthentication(samlProvider,selfServiceSamlProvider)}}exports.ClientVpnUserBasedAuthentication=ClientVpnUserBasedAuthentication;class ActiveDirectoryAuthentication extends ClientVpnUserBasedAuthentication{directoryId;constructor(directoryId){super(),this.directoryId=directoryId}render(){return{type:"directory-service-authentication",activeDirectory:{directoryId:this.directoryId}}}}class FederatedAuthentication extends ClientVpnUserBasedAuthentication{samlProvider;selfServiceSamlProvider;constructor(samlProvider,selfServiceSamlProvider){super(),this.samlProvider=samlProvider,this.selfServiceSamlProvider=selfServiceSamlProvider}render(){return{type:"federated-authentication",federatedAuthentication:{samlProviderArn:this.samlProvider.samlProviderRef.samlProviderArn,selfServiceSamlProviderArn:this.selfServiceSamlProvider?.samlProviderRef.samlProviderArn}}}}let ClientVpnEndpoint=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource,_instanceExtraInitializers=[],_addAuthorizationRule_decorators,_addRoute_decorators;var ClientVpnEndpoint2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addAuthorizationRule_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addRoute_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addAuthorizationRule_decorators,{kind:"method",name:"addAuthorizationRule",static:!1,private:!1,access:{has:obj=>"addAuthorizationRule"in obj,get:obj=>obj.addAuthorizationRule},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addRoute_decorators,{kind:"method",name:"addRoute",static:!1,private:!1,access:{has:obj=>"addRoute"in obj,get:obj=>obj.addRoute},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),ClientVpnEndpoint2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_ec2.ClientVpnEndpoint",version:"2.233.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-ec2.ClientVpnEndpoint";static fromEndpointAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ClientVpnEndpointAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromEndpointAttributes),error}class Import extends core_1().Resource{endpointId=attrs.endpointId;connections=new(connections_1()).Connections({securityGroups:attrs.securityGroups});targetNetworksAssociated=new(constructs_1()).DependencyGroup;get clientVpnEndpointRef(){return{clientVpnEndpointId:this.endpointId}}}return new Import(scope,id)}endpointId=__runInitializers(this,_instanceExtraInitializers);connections;targetNetworksAssociated;_targetNetworksAssociated=new(constructs_1()).DependencyGroup;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ClientVpnEndpointProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,ClientVpnEndpoint2),error}if((0,metadata_resource_1().addConstructMetadata)(this,props),!core_1().Token.isUnresolved(props.vpc.vpcCidrBlock)){const clientCidr=new(network_util_1()).CidrBlock(props.cidr);if(new(network_util_1()).CidrBlock(props.vpc.vpcCidrBlock).containsCidr(clientCidr))throw new(core_1()).ValidationError("The client CIDR cannot overlap with the local CIDR of the VPC",this)}if(props.dnsServers&&props.dnsServers.length>2)throw new(core_1()).ValidationError("A client VPN endpoint can have up to two DNS servers",this);if(props.logging==!1&&(props.logGroup||props.logStream))throw new(core_1()).ValidationError("Cannot specify `logGroup` or `logStream` when logging is disabled",this);if(props.clientConnectionHandler&&!core_1().Token.isUnresolved(props.clientConnectionHandler.functionName)&&!props.clientConnectionHandler.functionName.startsWith("AWSClientVPN-"))throw new(core_1()).ValidationError("The name of the Lambda function must begin with the `AWSClientVPN-` prefix",this);if(props.clientLoginBanner&&!core_1().Token.isUnresolved(props.clientLoginBanner)&&props.clientLoginBanner.length>1400)throw new(core_1()).ValidationError(`The maximum length for the client login banner is 1400, got ${props.clientLoginBanner.length}`,this);if(props.clientRouteEnforcementOptions?.enforced&&props.splitTunnel)throw new(core_1()).ValidationError("Client Route Enforcement cannot be enabled when splitTunnel is true.",this);const logging=props.logging??!0,logGroup=logging?props.logGroup??new(logs()).LogGroup(this,"LogGroup"):void 0,securityGroups=props.securityGroups??[new(security_group_1()).SecurityGroup(this,"SecurityGroup",{vpc:props.vpc})];this.connections=new(connections_1()).Connections({securityGroups});const endpoint=new(ec2_generated_1()).CfnClientVpnEndpoint(this,"Resource",{authenticationOptions:renderAuthenticationOptions(props.clientCertificateArn,props.userBasedAuthentication),clientCidrBlock:props.cidr,clientConnectOptions:props.clientConnectionHandler?{enabled:!0,lambdaFunctionArn:props.clientConnectionHandler.functionArn}:void 0,connectionLogOptions:{enabled:logging,cloudwatchLogGroup:logGroup?.logGroupName,cloudwatchLogStream:props.logStream?.logStreamName},description:props.description,dnsServers:props.dnsServers,clientRouteEnforcementOptions:props.clientRouteEnforcementOptions,securityGroupIds:securityGroups.map(s=>s.securityGroupId),selfServicePortal:booleanToEnabledDisabled(props.selfServicePortal),serverCertificateArn:props.serverCertificateArn,splitTunnel:props.splitTunnel,transportProtocol:props.transportProtocol,vpcId:props.vpc.vpcId,vpnPort:props.port,sessionTimeoutHours:props.sessionTimeout,disconnectOnSessionTimeout:props.disconnectOnSessionTimeout,clientLoginBannerOptions:props.clientLoginBanner?{enabled:!0,bannerText:props.clientLoginBanner}:void 0});this.endpointId=endpoint.ref,props.userBasedAuthentication&&(props.selfServicePortal??!0)&&new(core_1()).CfnOutput(this,"SelfServicePortalUrl",{value:`https://self-service.clientvpn.amazonaws.com/endpoints/${this.endpointId}`});const subnetIds=props.vpc.selectSubnets(props.vpcSubnets).subnetIds;if(core_1().Token.isUnresolved(subnetIds))throw new(core_1()).ValidationError("Cannot associate subnets when VPC are imported from parameters or exports containing lists of subnet IDs.",this);for(const[idx,subnetId]of Object.entries(subnetIds))this._targetNetworksAssociated.add(new(ec2_generated_1()).CfnClientVpnTargetNetworkAssociation(this,`Association${idx}`,{clientVpnEndpointId:this.endpointId,subnetId}));this.targetNetworksAssociated=this._targetNetworksAssociated,(props.authorizeAllUsersToVpcCidr??!0)&&this.addAuthorizationRule("AuthorizeAll",{cidr:props.vpc.vpcCidrBlock})}get clientVpnEndpointRef(){return{clientVpnEndpointId:this.endpointId}}addAuthorizationRule(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ClientVpnAuthorizationRuleOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addAuthorizationRule),error}return new(client_vpn_authorization_rule_1()).ClientVpnAuthorizationRule(this,id,{...props,clientVpnEndpoint:this})}addRoute(id,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_ec2_ClientVpnRouteOptions(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addRoute),error}return new(client_vpn_route_1()).ClientVpnRoute(this,id,{...props,clientVpnEndpoint:this})}static{__runInitializers(_classThis,_classExtraInitializers)}};return ClientVpnEndpoint2=_classThis})();exports.ClientVpnEndpoint=ClientVpnEndpoint;function renderAuthenticationOptions(clientCertificateArn,userBasedAuthentication){const authenticationOptions=[];if(clientCertificateArn&&authenticationOptions.push({type:"certificate-authentication",mutualAuthentication:{clientRootCertificateChainArn:clientCertificateArn}}),userBasedAuthentication&&authenticationOptions.push(userBasedAuthentication.render()),authenticationOptions.length===0)throw new(core_1()).UnscopedValidationError("A client VPN endpoint must use at least one authentication option");return authenticationOptions}function booleanToEnabledDisabled(val){switch(val){case void 0:return;case!0:return"enabled";case!1:return"disabled"}}