aws-cdk-lib/aws-bedrockagentcore/lib/runtime/inbound-auth/runtime-authorizer-configuration.js

Version 2 of the AWS Cloud Development Kit library

"use strict";Object.defineProperty(exports,"__esModule",{value:!0}),exports.RuntimeAuthorizerConfiguration=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var core_1=()=>{var tmp=require("../../../../core");return core_1=()=>tmp,tmp},errors_1=()=>{var tmp=require("../../../../core/lib/errors");return errors_1=()=>tmp,tmp},helpers_internal_1=()=>{var tmp=require("../../../../core/lib/helpers-internal");return helpers_internal_1=()=>tmp,tmp};class RuntimeAuthorizerConfiguration{static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_bedrockagentcore.RuntimeAuthorizerConfiguration",version:"2.257.0"};static usingIAM(){return new IamAuthorizerConfiguration}static usingJWT(discoveryUrl,allowedClients,allowedAudience,allowedScopes,customClaims){if(!core_1().Token.isUnresolved(discoveryUrl)&&!discoveryUrl.endsWith("/.well-known/openid-configuration"))throw new(errors_1()).UnscopedValidationError((0,helpers_internal_1().lit)`InvalidJwtDiscoveryUrl`,"JWT discovery URL must end with /.well-known/openid-configuration");return new JwtAuthorizerConfiguration(discoveryUrl,allowedClients,allowedAudience,allowedScopes,customClaims)}static usingCognito(userPool,userPoolClients,allowedAudience,allowedScopes,customClaims){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_cognito_IUserPool(userPool)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.usingCognito),error}return new CognitoAuthorizerConfiguration(userPool,userPoolClients,allowedAudience,allowedScopes,customClaims)}static usingOAuth(discoveryUrl,clientId,allowedAudience,allowedScopes,customClaims){if(!core_1().Token.isUnresolved(discoveryUrl)&&!discoveryUrl.endsWith("/.well-known/openid-configuration"))throw new(errors_1()).UnscopedValidationError((0,helpers_internal_1().lit)`InvalidOAuthDiscoveryUrl`,"OAuth discovery URL must end with /.well-known/openid-configuration");return new OAuthAuthorizerConfiguration(discoveryUrl,clientId,allowedAudience,allowedScopes,customClaims)}}exports.RuntimeAuthorizerConfiguration=RuntimeAuthorizerConfiguration;class IamAuthorizerConfiguration extends RuntimeAuthorizerConfiguration{_render(){}}class JwtAuthorizerConfiguration extends RuntimeAuthorizerConfiguration{discoveryUrl;allowedClients;allowedAudience;allowedScopes;customClaims;constructor(discoveryUrl,allowedClients,allowedAudience,allowedScopes,customClaims){super(),this.discoveryUrl=discoveryUrl,this.allowedClients=allowedClients,this.allowedAudience=allowedAudience,this.allowedScopes=allowedScopes,this.customClaims=customClaims}_render(){return{customJwtAuthorizer:{discoveryUrl:this.discoveryUrl,allowedClients:this.allowedClients,allowedAudience:this.allowedAudience,allowedScopes:this.allowedScopes,customClaims:this.customClaims&&this.customClaims.length>0?this.customClaims.map(claim=>claim._render()):void 0}}}}class CognitoAuthorizerConfiguration extends RuntimeAuthorizerConfiguration{userPool;userPoolClients;allowedAudience;allowedScopes;customClaims;constructor(userPool,userPoolClients,allowedAudience,allowedScopes,customClaims){super(),this.userPool=userPool,this.userPoolClients=userPoolClients,this.allowedAudience=allowedAudience,this.allowedScopes=allowedScopes,this.customClaims=customClaims}_render(){return{customJwtAuthorizer:{discoveryUrl:`https://cognito-idp.${this.userPool.env.region}.amazonaws.com/${this.userPool.userPoolId}/.well-known/openid-configuration`,allowedClients:this.userPoolClients.map(client=>client.userPoolClientId),allowedAudience:this.allowedAudience,allowedScopes:this.allowedScopes,customClaims:this.customClaims&&this.customClaims.length>0?this.customClaims.map(claim=>claim._render()):void 0}}}}class OAuthAuthorizerConfiguration extends RuntimeAuthorizerConfiguration{discoveryUrl;clientId;allowedAudience;allowedScopes;customClaims;constructor(discoveryUrl,clientId,allowedAudience,allowedScopes,customClaims){super(),this.discoveryUrl=discoveryUrl,this.clientId=clientId,this.allowedAudience=allowedAudience,this.allowedScopes=allowedScopes,this.customClaims=customClaims}_render(){return{customJwtAuthorizer:{discoveryUrl:this.discoveryUrl,allowedClients:[this.clientId],allowedAudience:this.allowedAudience,allowedScopes:this.allowedScopes,customClaims:this.customClaims&&this.customClaims.length>0?this.customClaims.map(claim=>claim._render()):void 0}}}}