-
Notifications
You must be signed in to change notification settings - Fork 4k
/
utils.ts
144 lines (128 loc) · 5.02 KB
/
utils.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
import { Token, TokenComparison } from '@aws-cdk/core';
import { CfnVirtualNode } from '../appmesh.generated';
import { GrpcGatewayRouteMatch } from '../gateway-route-spec';
import { HeaderMatch } from '../header-match';
import { ListenerTlsOptions } from '../listener-tls-options';
import { QueryParameterMatch } from '../query-parameter-match';
import { GrpcRouteMatch } from '../route-spec';
import { TlsClientPolicy } from '../tls-client-policy';
// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
// eslint-disable-next-line no-duplicate-imports, import/order
import { Construct } from '@aws-cdk/core';
/**
* Generated Connection pool config
*/
export interface ConnectionPoolConfig {
/**
* The maximum connections in the pool
*
* @default - none
*/
readonly maxConnections?: number;
/**
* The maximum pending requests in the pool
*
* @default - none
*/
readonly maxPendingRequests?: number;
/**
* The maximum requests in the pool
*
* @default - none
*/
readonly maxRequests?: number;
}
/**
* This is the helper method to render TLS property of client policy.
*/
export function renderTlsClientPolicy(scope: Construct, tlsClientPolicy: TlsClientPolicy | undefined)
: CfnVirtualNode.ClientPolicyTlsProperty | undefined {
const certificate = tlsClientPolicy?.mutualTlsCertificate?.bind(scope).tlsCertificate;
const sans = tlsClientPolicy?.validation.subjectAlternativeNames;
return tlsClientPolicy
? {
certificate: certificate,
ports: tlsClientPolicy.ports,
enforce: tlsClientPolicy.enforce,
validation: {
subjectAlternativeNames: sans
? {
match: sans.bind(scope).subjectAlternativeNamesMatch,
}
: undefined,
trust: tlsClientPolicy.validation.trust.bind(scope).tlsValidationTrust,
},
}
: undefined;
}
/**
* This is the helper method to render the TLS config for a listener.
*/
export function renderListenerTlsOptions(scope: Construct, listenerTls: ListenerTlsOptions | undefined)
: CfnVirtualNode.ListenerTlsProperty | undefined {
const tlsValidation = listenerTls?.mutualTlsValidation;
return listenerTls
? {
certificate: listenerTls.certificate.bind(scope).tlsCertificate,
mode: listenerTls.mode,
validation: tlsValidation
? {
subjectAlternativeNames: tlsValidation.subjectAlternativeNames
? {
match: tlsValidation.subjectAlternativeNames.bind(scope).subjectAlternativeNamesMatch,
}
: undefined,
trust: tlsValidation.trust.bind(scope).tlsValidationTrust,
}
: undefined,
}
: undefined;
}
/**
* This is the helper method to populate mesh owner when it is a shared mesh scenario
*/
export function renderMeshOwner(resourceAccount: string, meshAccount: string) : string | undefined {
const comparison = Token.compareStrings(resourceAccount, meshAccount);
return comparison === TokenComparison.DIFFERENT || comparison === TokenComparison.ONE_UNRESOLVED
? meshAccount
: undefined;
}
/**
* This is the helper method to validate the length of HTTP match array when it is specified.
*/
export function validateHttpMatchArrayLength(headers?: HeaderMatch[], queryParameters?: QueryParameterMatch[]) {
const MIN_LENGTH = 1;
const MAX_LENGTH = 10;
if (headers && (headers.length < MIN_LENGTH || headers.length > MAX_LENGTH)) {
throw new Error(`Number of headers provided for matching must be between ${MIN_LENGTH} and ${MAX_LENGTH}, got: ${headers.length}`);
}
if (queryParameters && (queryParameters.length < MIN_LENGTH || queryParameters.length > MAX_LENGTH)) {
throw new Error(`Number of query parameters provided for matching must be between ${MIN_LENGTH} and ${MAX_LENGTH}, got: ${queryParameters.length}`);
}
}
/**
* This is the helper method to validate the length of gRPC match array when it is specified.
*/
export function validateGrpcMatchArrayLength(metadata?: HeaderMatch[]): void {
const MIN_LENGTH = 1;
const MAX_LENGTH = 10;
if (metadata && (metadata.length < MIN_LENGTH || metadata.length > MAX_LENGTH)) {
throw new Error(`Number of metadata provided for matching must be between ${MIN_LENGTH} and ${MAX_LENGTH}, got: ${metadata.length}`);
}
}
/**
* This is the helper method to validate at least one of gRPC route match type is defined.
*/
export function validateGrpcRouteMatch(match: GrpcRouteMatch): void {
if (match.serviceName === undefined && match.metadata === undefined && match.methodName === undefined) {
throw new Error('At least one gRPC route match property must be provided');
}
}
/**
* This is the helper method to validate at least one of gRPC gateway route match type is defined.
*/
export function validateGrpcGatewayRouteMatch(match: GrpcGatewayRouteMatch): void {
if (match.serviceName === undefined && match.metadata === undefined && match.hostname === undefined) {
throw new Error('At least one gRPC gateway route match property beside rewriteRequestHostname must be provided');
}
}