Skip to content

Commit

Permalink
Merge branch 'master' into remove-get-object-permission-from-delete-l…
Browse files Browse the repository at this point in the history
…ambda
  • Loading branch information
iliapolo authored May 31, 2021
2 parents 6ab8270 + 52da59c commit 75b33af
Show file tree
Hide file tree
Showing 30 changed files with 1,145 additions and 446 deletions.
162 changes: 100 additions & 62 deletions .github/workflows/issue-label-assign.yml

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion .github/workflows/pr-linter.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,4 +29,5 @@ jobs:
- name: Validate
uses: ./tools/prlint
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
REPO_ROOT: ${{ github.workspace }}
54 changes: 31 additions & 23 deletions packages/@aws-cdk/aws-appmesh/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -183,9 +183,13 @@ const node = new VirtualNode(this, 'node', {
},
})],
backendDefaults: {
clientPolicy: appmesh.ClientPolicy.fileTrust({
certificateChain: '/keys/local_cert_chain.pem',
}),
tlsClientPolicy: {
validation: {
trust: appmesh.TlsValidationTrust.file({
certificateChain: '/keys/local_cert_chain.pem',
}),
},
},
},
accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout'),
});
Expand Down Expand Up @@ -218,12 +222,8 @@ const node = new VirtualNode(this, 'node', {
});

const virtualService = new appmesh.VirtualService(stack, 'service-1', {
serviceDiscovery: appmesh.ServiceDiscovery.dns('service1.domain.local'),
mesh,
clientPolicy: appmesh.ClientPolicy.fileTrust({
certificateChain: '/keys/local_cert_chain.pem',
ports: [8080, 8081],
}),
virtualServiceProvider: appmesh.VirtualServiceProvider.virtualRouter(router),
virtualServiceName: 'service1.domain.local',
});

node.addBackend(appmesh.Backend.virtualService(virtualService));
Expand All @@ -248,13 +248,15 @@ const cert = new certificatemanager.Certificate(this, 'cert', {...});

const node = new appmesh.VirtualNode(stack, 'node', {
mesh,
dnsHostName: 'node',
serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
listeners: [appmesh.VirtualNodeListener.grpc({
port: 80,
tlsCertificate: appmesh.TlsCertificate.acm({
certificate: cert,
tlsMode: TlsMode.STRICT,
}),
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.acm({
certificate: cert,
}),
},
})],
});

Expand All @@ -263,11 +265,13 @@ const gateway = new appmesh.VirtualGateway(this, 'gateway', {
mesh: mesh,
listeners: [appmesh.VirtualGatewayListener.grpc({
port: 8080,
tlsCertificate: appmesh.TlsCertificate.file({
certificateChain: 'path/to/certChain',
privateKey: 'path/to/privateKey',
tlsMode: TlsMode.STRICT,
}),
tls: {
mode: appmesh.TlsMode.STRICT,
certificate: appmesh.TlsCertificate.file({
certificateChainPath: 'path/to/certChain',
privateKeyPath: 'path/to/privateKey',
}),
},
})],
virtualGatewayName: 'gateway',
});
Expand Down Expand Up @@ -309,7 +313,7 @@ connection pool properties per listener protocol types.
// A Virtual Node with a gRPC listener with a connection pool set
const node = new appmesh.VirtualNode(stack, 'node', {
mesh,
dnsHostName: 'node',
serviceDiscovery: appmesh.ServiceDiscovery.dns('node'),
listeners: [appmesh.VirtualNodeListener.http({
port: 80,
connectionPool: {
Expand Down Expand Up @@ -493,10 +497,14 @@ const gateway = new appmesh.VirtualGateway(stack, 'gateway', {
}),
})],
backendDefaults: {
clientPolicy: appmesh.ClientPolicy.acmTrust({
certificateAuthorities: [acmpca.CertificateAuthority.fromCertificateAuthorityArn(stack, 'certificate', certificateAuthorityArn)],
tlsClientPolicy: {
ports: [8080, 8081],
}),
validation: {
trust: appmesh.TlsValidationTrust.acm({
certificateAuthorities: [acmpca.CertificateAuthority.fromCertificateAuthorityArn(stack, 'certificate', certificateAuthorityArn)],
}),
},
},
},
accessLog: appmesh.AccessLog.fromFilePath('/dev/stdout'),
virtualGatewayName: 'virtualGateway',
Expand Down
113 changes: 0 additions & 113 deletions packages/@aws-cdk/aws-appmesh/lib/client-policy.ts

This file was deleted.

4 changes: 3 additions & 1 deletion packages/@aws-cdk/aws-appmesh/lib/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,7 @@ export * from './virtual-gateway';
export * from './virtual-gateway-listener';
export * from './gateway-route';
export * from './gateway-route-spec';
export * from './client-policy';
export * from './health-checks';
export * from './tls-listener';
export * from './tls-validation';
export * from './tls-client-policy';
27 changes: 26 additions & 1 deletion packages/@aws-cdk/aws-appmesh/lib/private/utils.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,11 @@
import { CfnVirtualNode } from '../appmesh.generated';
import { TlsClientPolicy } from '../tls-client-policy';
import { TlsValidationTrustConfig } from '../tls-validation';

// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
// eslint-disable-next-line no-duplicate-imports, import/order
import { Construct } from '@aws-cdk/core';

/**
* Generated Connection pool config
*/
Expand All @@ -22,4 +30,21 @@ export interface ConnectionPoolConfig {
* @default - none
*/
readonly maxRequests?: number;
}
}

/**
* This is the helper method to render TLS property of client policy.
*
*/
export function renderTlsClientPolicy(scope: Construct, tlsClientPolicy: TlsClientPolicy | undefined,
extractor: (c: TlsValidationTrustConfig) => CfnVirtualNode.TlsValidationContextTrustProperty): CfnVirtualNode.ClientPolicyTlsProperty | undefined {
return tlsClientPolicy
? {
ports: tlsClientPolicy.ports,
enforce: tlsClientPolicy.enforce,
validation: {
trust: extractor(tlsClientPolicy.validation.trust.bind(scope)),
},
}
: undefined;
}
23 changes: 14 additions & 9 deletions packages/@aws-cdk/aws-appmesh/lib/shared-interfaces.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import * as cdk from '@aws-cdk/core';
import { CfnVirtualGateway, CfnVirtualNode } from './appmesh.generated';
import { ClientPolicy } from './client-policy';
import { renderTlsClientPolicy } from './private/utils';
import { TlsClientPolicy } from './tls-client-policy';
import { IVirtualService } from './virtual-service';

// keep this import separate from other imports to reduce chance for merge conflicts with v2-main
Expand Down Expand Up @@ -174,9 +175,9 @@ export interface BackendDefaults {
/**
* Client policy for backend defaults
*
* @default none
* @default - none
*/
readonly clientPolicy?: ClientPolicy;
readonly tlsClientPolicy?: TlsClientPolicy;
}

/**
Expand All @@ -187,9 +188,9 @@ export interface VirtualServiceBackendOptions {
/**
* Client policy for the backend
*
* @default none
* @default - none
*/
readonly clientPolicy?: ClientPolicy;
readonly tlsClientPolicy?: TlsClientPolicy;
}

/**
Expand All @@ -211,7 +212,7 @@ export abstract class Backend {
* Construct a Virtual Service backend
*/
public static virtualService(virtualService: IVirtualService, props: VirtualServiceBackendOptions = {}): Backend {
return new VirtualServiceBackend(virtualService, props.clientPolicy);
return new VirtualServiceBackend(virtualService, props.tlsClientPolicy);
}

/**
Expand All @@ -226,19 +227,23 @@ export abstract class Backend {
class VirtualServiceBackend extends Backend {

constructor (private readonly virtualService: IVirtualService,
private readonly clientPolicy: ClientPolicy | undefined) {
private readonly tlsClientPolicy: TlsClientPolicy | undefined) {
super();
}

/**
* Return config for a Virtual Service backend
*/
public bind(_scope: Construct): BackendConfig {
public bind(scope: Construct): BackendConfig {
return {
virtualServiceBackend: {
virtualService: {
virtualServiceName: this.virtualService.virtualServiceName,
clientPolicy: this.clientPolicy?.bind(_scope).clientPolicy,
clientPolicy: this.tlsClientPolicy
? {
tls: renderTlsClientPolicy(scope, this.tlsClientPolicy, (config) => config.virtualNodeClientTlsValidationTrust),
}
: undefined,
},
},
};
Expand Down
Loading

0 comments on commit 75b33af

Please sign in to comment.