feat(appmesh): change VirtualService provider to a union-like class

packages/@aws-cdk-containers/ecs-service-extensions/lib/extensions/appmesh.ts

@@ -316,8 +316,7 @@ export class AppMeshExtension extends ServiceExtension {
     // Now create a virtual service. Relationship goes like this:
     // virtual service -> virtual router -> virtual node
     this.virtualService = new appmesh.VirtualService(this.scope, `${this.parentService.id}-virtual-service`, {
-      mesh: this.mesh,
-      virtualRouter: this.virtualRouter,
+      virtualServiceProvider: appmesh.VirtualServiceProvider.virtualRouter(this.virtualRouter),
       virtualServiceName: serviceName,
     });
   }

packages/@aws-cdk/aws-appmesh/README.md

@@ -110,22 +110,20 @@ Adding a virtual router as the provider:
 
 ```ts
 mesh.addVirtualService('virtual-service', {
-  virtualRouter: router,
   virtualServiceName: 'my-service.default.svc.cluster.local',
+  virtualServiceProvider: appmesh.VirtualServiceProvider.virtualRouter(router),
 });
 ```
 
 Adding a virtual node as the provider:
 
 ```ts
 mesh.addVirtualService('virtual-service', {
-  virtualNode: node,
   virtualServiceName: `my-service.default.svc.cluster.local`,
+  virtualServiceProvider: appmesh.VirtualServiceProvider.virtualNode(node),
 });
 ```
 
-**Note** that only one must of `virtualNode` or `virtualRouter` must be chosen.
-
 ## Adding a VirtualNode
 
 A `virtual node` acts as a logical pointer to a particular task group, such as an Amazon ECS service or a Kubernetes deployment.

packages/@aws-cdk/aws-appmesh/lib/mesh.ts

@@ -4,7 +4,7 @@ import { CfnMesh } from './appmesh.generated';
 import { VirtualGateway, VirtualGatewayBaseProps } from './virtual-gateway';
 import { VirtualNode, VirtualNodeBaseProps } from './virtual-node';
 import { VirtualRouter, VirtualRouterBaseProps } from './virtual-router';
-import { VirtualService, VirtualServiceBaseProps } from './virtual-service';
+import { VirtualService, VirtualServiceProps, VirtualServiceProvider } from './virtual-service';
 
 /**
  * A utility enum defined for the egressFilter type property, the default of DROP_ALL,
@@ -49,7 +49,7 @@ export interface IMesh extends cdk.IResource {
   /**
    * Adds a VirtualService with the given id
    */
-  addVirtualService(id: string, props?: VirtualServiceBaseProps): VirtualService;
+  addVirtualService(id: string, props?: VirtualServiceProps): VirtualService;
 
   /**
    * Adds a VirtualNode to the Mesh
@@ -89,10 +89,15 @@ abstract class MeshBase extends cdk.Resource implements IMesh {
   /**
    * Adds a VirtualService with the given id
    */
-  public addVirtualService(id: string, props: VirtualServiceBaseProps = {}): VirtualService {
+  public addVirtualService(
+    id: string, props: VirtualServiceProps = { virtualServiceProvider: VirtualServiceProvider.none(this) }): VirtualService {
+    if (props) {
+      if (props.virtualServiceProvider.mesh != this) {
+        throw new Error('Virtual Service provider must belong to mesh');
+      }
+    }
     return new VirtualService(this, id, {
       ...props,
-      mesh: this,
     });
   }
 

packages/@aws-cdk/aws-appmesh/lib/virtual-service.ts

@@ -38,7 +38,7 @@ export interface IVirtualService extends cdk.IResource {
 /**
  * The base properties which all classes in VirtualService will inherit from
  */
-export interface VirtualServiceBaseProps {
+export interface VirtualServiceProps {
   /**
    * The name of the VirtualService.
    *
@@ -51,18 +51,9 @@ export interface VirtualServiceBaseProps {
   readonly virtualServiceName?: string;
 
   /**
-   * The VirtualRouter which the VirtualService uses as provider
-   *
-   * @default - At most one of virtualRouter and virtualNode is allowed.
-   */
-  readonly virtualRouter?: IVirtualRouter;
-
-  /**
-   * The VirtualNode attached to the virtual service
-   *
-   * @default - At most one of virtualRouter and virtualNode is allowed.
+   * The VirtualNode or VirtualRouter which the VirtualService uses as its provider
    */
-  readonly virtualNode?: IVirtualNode;
+  readonly virtualServiceProvider: VirtualServiceProvider;
 
   /**
    * Client policy for this Virtual Service
@@ -72,16 +63,6 @@ export interface VirtualServiceBaseProps {
   readonly clientPolicy?: ClientPolicy;
 }
 
-/**
- * The properties applied to the VirtualService being define
- */
-export interface VirtualServiceProps extends VirtualServiceBaseProps {
-  /**
-   * The Mesh which the VirtualService belongs to
-   */
-  readonly mesh: IMesh;
-}
-
 /**
  * VirtualService represents a service inside an AppMesh
  *
@@ -135,59 +116,39 @@ export class VirtualService extends cdk.Resource implements IVirtualService {
 
   public readonly clientPolicy?: ClientPolicy;
 
-  private readonly virtualServiceProvider?: CfnVirtualService.VirtualServiceProviderProperty;
-
   constructor(scope: Construct, id: string, props: VirtualServiceProps) {
     super(scope, id, {
       physicalName: props.virtualServiceName || cdk.Lazy.string({ produce: () => cdk.Names.uniqueId(this) }),
     });
 
-    if (props.virtualNode && props.virtualRouter) {
-      throw new Error('Must provide only one of virtualNode or virtualRouter for the provider');
-    }
-
-    this.mesh = props.mesh;
     this.clientPolicy = props.clientPolicy;
+    const provider = props.virtualServiceProvider?.bind(this);
+    this.mesh = provider.mesh;
 
-    // Check which provider to use node or router (or neither)
-    if (props.virtualRouter) {
-      this.virtualServiceProvider = this.addVirtualRouter(props.virtualRouter.virtualRouterName);
-    }
-    if (props.virtualNode) {
-      this.virtualServiceProvider = this.addVirtualNode(props.virtualNode.virtualNodeName);
+    if (provider.mesh != this.mesh) {
+      throw new Error(`VirtualService ${this.physicalName} and the provider must be in the same Mesh`);
     }
 
     const svc = new CfnVirtualService(this, 'Resource', {
       meshName: this.mesh.meshName,
       virtualServiceName: this.physicalName,
       spec: {
-        provider: this.virtualServiceProvider,
+        provider: provider.virtualNodeProvider || provider.virtualRouterProvider
+          ? {
+            virtualNode: provider?.virtualNodeProvider,
+            virtualRouter: provider?.virtualRouterProvider,
+          }
+          : undefined,
       },
     });
 
     this.virtualServiceName = this.getResourceNameAttribute(svc.attrVirtualServiceName);
     this.virtualServiceArn = this.getResourceArnAttribute(svc.ref, {
       service: 'appmesh',
-      resource: `mesh/${props.mesh.meshName}/virtualService`,
+      resource: `mesh/${this.mesh.meshName}/virtualService`,
       resourceName: this.physicalName,
     });
   }
-
-  private addVirtualRouter(name: string): CfnVirtualService.VirtualServiceProviderProperty {
-    return {
-      virtualRouter: {
-        virtualRouterName: name,
-      },
-    };
-  }
-
-  private addVirtualNode(name: string): CfnVirtualService.VirtualServiceProviderProperty {
-    return {
-      virtualNode: {
-        virtualNodeName: name,
-      },
-    };
-  }
 }
 
 /**
@@ -211,3 +172,100 @@ export interface VirtualServiceAttributes {
    */
   readonly clientPolicy?: ClientPolicy;
 }
+
+/**
+ * Properties for a VirtualService provider
+ */
+export interface VirtualServiceProviderConfig {
+  /**
+   * Virtual Node based provider
+   *
+   * @default - none
+   */
+  readonly virtualNodeProvider?: CfnVirtualService.VirtualNodeServiceProviderProperty;
+
+  /**
+   * Virtual Router based provider
+   *
+   * @default - none
+   */
+  readonly virtualRouterProvider?: CfnVirtualService.VirtualRouterServiceProviderProperty;
+
+  /**
+   * Mesh the Provider is using
+   *
+   * @default - none
+   */
+  readonly mesh: IMesh;
+}
+
+/**
+ * Represents the properties needed to define the provider for a VirtualService
+ */
+export abstract class VirtualServiceProvider {
+  /**
+   * Returns a VirtualNode based Provider for a VirtualService
+   */
+  public static virtualNode(virtualNode: IVirtualNode): VirtualServiceProvider {
+    return new VirtualServiceProviderImpl(virtualNode, undefined);
+  }
+
+  /**
+   * Returns a VirtualRouter based Provider for a VirtualService
+   */
+  public static virtualRouter(virtualRouter: IVirtualRouter): VirtualServiceProvider {
+    return new VirtualServiceProviderImpl(undefined, virtualRouter);
+  }
+
+  /**
+   * Returns an Empty Provider for a VirtualService. This provides no routing capabilities
+   * and should only be used as a placeholder
+   */
+  public static none(mesh: IMesh): VirtualServiceProvider {
+    return new VirtualServiceProviderImpl(undefined, undefined, mesh);
+  }
+
+  /**
+   * Mesh the provider belongs to
+   */
+  public abstract readonly mesh: IMesh;
+
+  /**
+   * Enforces mutual exclusivity for VirtualService provider types.
+   */
+  public abstract bind(_construct: Construct): VirtualServiceProviderConfig;
+}
+
+class VirtualServiceProviderImpl extends VirtualServiceProvider {
+  private readonly virtualNode?: IVirtualNode;
+  private readonly virtualRouter?: IVirtualRouter;
+  public readonly mesh: IMesh;
+
+  constructor(virtualNode?: IVirtualNode, virtualRouter?: IVirtualRouter, mesh?: IMesh) {
+    super();
+    this.virtualNode = virtualNode;
+    this.virtualRouter = virtualRouter;
+    const providedMesh = this.virtualNode?.mesh || this.virtualRouter?.mesh || mesh;
+    // Only occurs if VirtualNode or VirtualRouter is not provided during construction
+    if (!providedMesh) {
+      throw new Error('Mesh property not defined for VirtualServiceProviderImpl');
+    }
+    this.mesh = providedMesh;
+  }
+
+  public bind(_construct: Construct): VirtualServiceProviderConfig {
+    return {
+      mesh: this.mesh,
+      virtualNodeProvider: this.virtualNode
+        ? {
+          virtualNodeName: this.virtualNode.virtualNodeName,
+        }
+        : undefined,
+      virtualRouterProvider: this.virtualRouter
+        ? {
+          virtualRouterName: this.virtualRouter.virtualRouterName,
+        }
+        : undefined,
+    };
+  }
+}

packages/@aws-cdk/aws-appmesh/test/integ.mesh.expected.json

@@ -649,17 +649,6 @@
         "VirtualServiceName": "service1.domain.local"
       }
     },
-    "cert56CA94EB": {
-      "Type": "AWS::CertificateManager::Certificate",
-      "Properties": {
-        "DomainName":"node1.domain.local",
-        "DomainValidationOptions": [{
-          "DomainName":"node1.domain.local",
-          "ValidationDomain":"local"
-        }],
-        "ValidationMethod": "EMAIL"
-      }
-    },
     "meshnode726C787D": {
       "Type": "AWS::AppMesh::VirtualNode",
       "Properties": {
@@ -706,16 +695,6 @@
               "PortMapping": {
                 "Port": 8080,
                 "Protocol": "http"
-              },
-              "TLS": {
-                "Certificate": {
-                  "ACM": {
-                    "CertificateArn": {
-                      "Ref": "cert56CA94EB"
-                    }
-                  }
-                },
-                "Mode": "STRICT"
               }
             }
           ],
@@ -743,8 +722,8 @@
               "TLS": {
                 "Validation": {
                   "Trust": {
-                    "ACM": {
-                      "CertificateAuthorityArns": ["arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"]
+                    "File": {
+                      "CertificateChain": "path/to/cert"
                     }
                   }
                 }