Class: AWSCDK::AppMesh::CfnVirtualNode::TLSValidationContextProperty

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
app_mesh/cfn_virtual_node.rb

Overview

An object that represents how the proxy will validate its peer during Transport Layer Security (TLS) negotiation.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(trust:, subject_alternative_names: nil) ⇒ TLSValidationContextProperty

Returns a new instance of TLSValidationContextProperty.

Parameters:



2227
2228
2229
2230
2231
2232
# File 'app_mesh/cfn_virtual_node.rb', line 2227

def initialize(trust:, subject_alternative_names: nil)
  @trust = trust.is_a?(Hash) ? ::AWSCDK::AppMesh::CfnVirtualNode::TLSValidationContextTrustProperty.new(**trust.transform_keys(&:to_sym)) : trust
  Jsii::Type.check_type(@trust, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hcHBtZXNoLkNmblZpcnR1YWxOb2RlLlRsc1ZhbGlkYXRpb25Db250ZXh0VHJ1c3RQcm9wZXJ0eSJ9XX19")), "trust")
  @subject_alternative_names = subject_alternative_names.is_a?(Hash) ? ::AWSCDK::AppMesh::CfnVirtualNode::SubjectAlternativeNamesProperty.new(**subject_alternative_names.transform_keys(&:to_sym)) : subject_alternative_names
  Jsii::Type.check_type(@subject_alternative_names, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hcHBtZXNoLkNmblZpcnR1YWxOb2RlLlN1YmplY3RBbHRlcm5hdGl2ZU5hbWVzUHJvcGVydHkifV19fQ==")), "subjectAlternativeNames") unless @subject_alternative_names.nil?
end

Instance Attribute Details

#subject_alternative_namesAWSCDK::IResolvable, ... (readonly)

A reference to an object that represents the SANs for a Transport Layer Security (TLS) validation context.

If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration. Since SPIRE vended certificates have a SPIFFE ID as a name, you must set the SAN since the name doesn't match the service discovery name.



2245
2246
2247
# File 'app_mesh/cfn_virtual_node.rb', line 2245

def subject_alternative_names
  @subject_alternative_names
end

#trustAWSCDK::IResolvable, AWSCDK::AppMesh::CfnVirtualNode::TLSValidationContextTrustProperty (readonly)

A reference to where to retrieve the trust chain when validating a peer’s Transport Layer Security (TLS) certificate.



2238
2239
2240
# File 'app_mesh/cfn_virtual_node.rb', line 2238

def trust
  @trust
end

Class Method Details

.jsii_propertiesObject



2247
2248
2249
2250
2251
2252
# File 'app_mesh/cfn_virtual_node.rb', line 2247

def self.jsii_properties
  {
    :trust => "trust",
    :subject_alternative_names => "subjectAlternativeNames",
  }
end

Instance Method Details

#to_jsiiObject



2254
2255
2256
2257
2258
2259
2260
2261
# File 'app_mesh/cfn_virtual_node.rb', line 2254

def to_jsii
  result = {}
  result.merge!({
    "trust" => @trust,
    "subjectAlternativeNames" => @subject_alternative_names,
  })
  result.compact
end