UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 13.9 kB
1
2
"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.DomainName=exports.EndpointAccessMode=exports.SecurityPolicy=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var apigateway_generated_1=()=>{var tmp=require("./apigateway.generated");return apigateway_generated_1=()=>tmp,tmp},base_path_mapping_1=()=>{var tmp=require("./base-path-mapping");return base_path_mapping_1=()=>tmp,tmp},restapi_1=()=>{var tmp=require("./restapi");return restapi_1=()=>tmp,tmp},apigwv2=()=>{var tmp=require("../../aws-apigatewayv2");return apigwv2=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../core/lib/errors");return errors_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},SecurityPolicy;(function(SecurityPolicy2){SecurityPolicy2.TLS_1_0="TLS_1_0",SecurityPolicy2.TLS_1_2="TLS_1_2",SecurityPolicy2.TLS13_1_3_2025_09="SecurityPolicy_TLS13_1_3_2025_09",SecurityPolicy2.TLS13_1_3_FIPS_2025_09="SecurityPolicy_TLS13_1_3_FIPS_2025_09",SecurityPolicy2.TLS13_1_2_PQ_2025_09="SecurityPolicy_TLS13_1_2_PQ_2025_09",SecurityPolicy2.TLS13_1_2_PFS_PQ_2025_09="SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09",SecurityPolicy2.TLS13_2025_EDGE="SecurityPolicy_TLS13_2025_EDGE",SecurityPolicy2.TLS12_PFS_2025_EDGE="SecurityPolicy_TLS12_PFS_2025_EDGE",SecurityPolicy2.TLS12_2018_EDGE="SecurityPolicy_TLS12_2018_EDGE"})(SecurityPolicy||(exports.SecurityPolicy=SecurityPolicy={}));var EndpointAccessMode;(function(EndpointAccessMode2){EndpointAccessMode2.STRICT="STRICT",EndpointAccessMode2.BASIC="BASIC"})(EndpointAccessMode||(exports.EndpointAccessMode=EndpointAccessMode={}));let DomainName=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=core_1().Resource,_instanceExtraInitializers=[],_addBasePathMapping_decorators,_addApiMapping_decorators;var DomainName2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_addBasePathMapping_decorators=[(0,metadata_resource_1().MethodMetadata)()],_addApiMapping_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_addBasePathMapping_decorators,{kind:"method",name:"addBasePathMapping",static:!1,private:!1,access:{has:obj=>"addBasePathMapping"in obj,get:obj=>obj.addBasePathMapping},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(this,null,_addApiMapping_decorators,{kind:"method",name:"addApiMapping",static:!1,private:!1,access:{has:obj=>"addApiMapping"in obj,get:obj=>obj.addApiMapping},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),DomainName2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_apigateway.DomainName",version:"2.248.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-apigateway.DomainName";static fromDomainNameAttributes(scope,id,attrs){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_apigateway_DomainNameAttributes(attrs)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.fromDomainNameAttributes),error}class Import extends core_1().Resource{domainName=attrs.domainName;domainNameAliasDomainName=attrs.domainNameAliasTarget;domainNameAliasHostedZoneId=attrs.domainNameAliasHostedZoneId;domainNameRef={domainName:this.domainName,domainNameArn:core_1().Arn.format({service:"apigateway",resource:"domainnames",resourceName:attrs.domainName},core_1().Stack.of(scope))}}return new Import(scope,id)}static NON_EDGE_ONLY_POLICIES=[SecurityPolicy.TLS13_1_3_2025_09,SecurityPolicy.TLS13_1_3_FIPS_2025_09,SecurityPolicy.TLS13_1_2_PQ_2025_09,SecurityPolicy.TLS13_1_2_PFS_PQ_2025_09];static EDGE_ONLY_POLICIES=[SecurityPolicy.TLS13_2025_EDGE,SecurityPolicy.TLS12_PFS_2025_EDGE,SecurityPolicy.TLS12_2018_EDGE];domainName=__runInitializers(this,_instanceExtraInitializers);domainNameRef;domainNameAliasDomainName;domainNameAliasHostedZoneId;basePaths=new Set;securityPolicy;endpointType;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().aws_cdk_lib_aws_apigateway_DomainNameProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DomainName2),error}(0,metadata_resource_1().addConstructMetadata)(this,props),this.endpointType=props.endpointType||restapi_1().EndpointType.REGIONAL;const edge=this.endpointType===restapi_1().EndpointType.EDGE;if(this.securityPolicy=props.securityPolicy,!core_1().Token.isUnresolved(props.domainName)&&/[A-Z]/.test(props.domainName))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`DomainNameDoesNotSupportUppercase`,`Domain name does not support uppercase letters. Got: ${props.domainName}`,scope);if(!(core_1().Token.isUnresolved(this.securityPolicy)||core_1().Token.isUnresolved(this.endpointType)||core_1().Token.isUnresolved(props.endpointAccessMode))){if(props.mtls&&this.isEnhancedSecurityPolicy(this.securityPolicy))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`MtlsNotSupportedWithEnhancedSecurityPolicy`,"Mutual TLS (mTLS) cannot be enabled on a domain name that uses an enhanced security policy. See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html",this);if(this.isEnhancedSecurityPolicy(this.securityPolicy)&&props.endpointAccessMode===void 0)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`EndpointAccessModeRequiredForEnhancedSecurityPolicy`,"Enhanced security policies require endpointAccessMode to be specified (BASIC or STRICT). STRICT is recommended for production workloads. See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-security-policies.html#apigateway-security-policies-endpoint-access-mode",this);if(!this.isEnhancedSecurityPolicy(this.securityPolicy)&&props.endpointAccessMode!==void 0)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`EndpointAccessModeNotSupportedForLegacySecurityPolicy`,"endpointAccessMode is not supported for legacy security policies (TLS_1_0, TLS_1_2). It can only be specified when using enhanced security policies (those starting with SecurityPolicy_). See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-security-policies.html#apigateway-security-policies-endpoint-access-mode",this);this.validateSecurityPolicyEndpointType(this.securityPolicy,this.endpointType)}const mtlsConfig=this.configureMTLS(props.mtls),resource=new(apigateway_generated_1()).CfnDomainName(this,"Resource",{domainName:props.domainName,certificateArn:edge?props.certificate.certificateRef.certificateId:void 0,regionalCertificateArn:edge?void 0:props.certificate.certificateRef.certificateId,endpointConfiguration:{types:[this.endpointType]},mutualTlsAuthentication:mtlsConfig,securityPolicy:props.securityPolicy,endpointAccessMode:props.endpointAccessMode});this.domainName=resource.ref,this.domainNameRef=resource.domainNameRef,this.domainNameAliasDomainName=edge?resource.attrDistributionDomainName:resource.attrRegionalDomainName,this.domainNameAliasHostedZoneId=edge?resource.attrDistributionHostedZoneId:resource.attrRegionalHostedZoneId;const multiLevel=this.validateBasePath(props.basePath);props.mapping&&!multiLevel?this.addBasePathMapping(props.mapping,{basePath:props.basePath}):props.mapping&&multiLevel&&this.addApiMapping(props.mapping.deploymentStage,{basePath:props.basePath})}validateBasePath(path){if(this.isMultiLevel(path)){if(this.endpointType===restapi_1().EndpointType.EDGE)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`MultiLevelBasePathOnlySupported`,"multi-level basePath is only supported when endpointType is EndpointType.REGIONAL",this);if(this.securityPolicy&&!core_1().Token.isUnresolved(this.securityPolicy)&&this.securityPolicy===SecurityPolicy.TLS_1_0)throw new(errors_1()).ValidationError((0,literal_string_1().lit)`DomainNameRequiresTLS12`,"securityPolicy must be TLS 1.2 or higher for multi-level basePath. See: https://docs.aws.amazon.com/apigateway/latest/developerguide/rest-api-mappings.html",this);return!0}return!1}isMultiLevel(path){return(path?.split("/").filter(x=>!!x)??[]).length>=2}addBasePathMapping(targetApi,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_apigateway_IRestApiRef(targetApi),jsiiDeprecationWarnings().aws_cdk_lib_aws_apigateway_BasePathMappingOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addBasePathMapping),error}if(this.basePaths.has(options.basePath))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`DomainNameAlreadyMappingPath`,`DomainName ${this.node.id} already has a mapping for path ${options.basePath}`,this);if(this.isMultiLevel(options.basePath))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`BasePathMappingDoesNotSupportMultiLevel`,'BasePathMapping does not support multi-level paths. Use "addApiMapping instead.',this);this.basePaths.add(options.basePath);const id=`Map:${options.basePath||"/"}=>${core_1().Names.nodeUniqueId(targetApi.node)}`;return new(base_path_mapping_1()).BasePathMapping(this,id,{domainName:this,restApi:targetApi,...options})}addApiMapping(targetStage,options={}){try{jsiiDeprecationWarnings().aws_cdk_lib_interfaces_aws_apigateway_IStageRef(targetStage),jsiiDeprecationWarnings().aws_cdk_lib_aws_apigateway_ApiMappingOptions(options)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.addApiMapping),error}if(this.basePaths.has(options.basePath))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`DomainNameAlreadyMappingPath`,`DomainName ${this.node.id} already has a mapping for path ${options.basePath}`,this);this.validateBasePath(options.basePath),this.basePaths.add(options.basePath);const id=`Map:${options.basePath??"none"}=>${core_1().Names.nodeUniqueId(targetStage.node)}`;new(apigwv2()).CfnApiMapping(this,id,{apiId:targetStage.stageRef.restApiId,stage:targetStage.stageRef.stageName,domainName:this.domainName,apiMappingKey:options.basePath})}configureMTLS(mtlsConfig){if(mtlsConfig)return{truststoreUri:mtlsConfig.bucket.s3UrlForObject(mtlsConfig.key),truststoreVersion:mtlsConfig.version}}isEnhancedSecurityPolicy(policy){return!policy||core_1().Token.isUnresolved(policy)?!1:policy.startsWith("SecurityPolicy_")}validateSecurityPolicyEndpointType(policy,endpointType){if(!(!policy||!endpointType)){if(endpointType===restapi_1().EndpointType.EDGE&&DomainName2.NON_EDGE_ONLY_POLICIES.includes(policy))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`SecurityPolicyNotSupportedForEdgeEndpoint`,`Security policy ${policy} is not supported for edge-optimized endpoints. Use a security policy that supports edge-optimized endpoints. See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html`,this);if(endpointType!==restapi_1().EndpointType.EDGE&&DomainName2.EDGE_ONLY_POLICIES.includes(policy))throw new(errors_1()).ValidationError((0,literal_string_1().lit)`SecurityPolicyOnlySupportedForEdgeEndpoint`,`Security policy ${policy} is only supported for edge-optimized endpoints. Use a policy that supports non-edge endpoints. See: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html`,this)}}static{__runInitializers(_classThis,_classExtraInitializers)}};return DomainName2=_classThis})();exports.DomainName=DomainName;