Skip to content

Commit

Permalink
Fix nested trust boundaries
Browse files Browse the repository at this point in the history
  • Loading branch information
@hupe1980
hupe1980 committed Jun 24, 2022
1 parent ae5554a commit 0985816
Show file tree
Hide file tree
Showing 5 changed files with 49 additions and 50 deletions.
72 changes: 28 additions & 44 deletions API.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ new plus_aws.ApplicationLoadBalancer(scope: Construct, id: string, props: Applic
| --- | --- |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.communicatesWith">communicatesWith</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.isTrafficForwarding">isTrafficForwarding</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.isWebApplication">isWebApplication</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.isWebService">isWebService</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.processes">processes</a></code> | *No description.* |
Expand Down Expand Up @@ -83,6 +84,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati

---

##### `isTrafficForwarding` <a name="isTrafficForwarding" id="cdktg.plus_aws.ApplicationLoadBalancer.isTrafficForwarding"></a>

```typescript
public isTrafficForwarding(): boolean
```

##### `isWebApplication` <a name="isWebApplication" id="cdktg.plus_aws.ApplicationLoadBalancer.isWebApplication"></a>

```typescript
Expand Down Expand Up @@ -182,7 +189,6 @@ Any object.
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.property.owner">owner</a></code> | <code>string</code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.property.scope">scope</a></code> | <code><a href="#cdktg.Scope">Scope</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.property.tags">tags</a></code> | <code>string[]</code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.property.trustBoundary">trustBoundary</a></code> | <code><a href="#cdktg.TrustBoundary">TrustBoundary</a></code> | *No description.* |
| <code><a href="#cdktg.plus_aws.ApplicationLoadBalancer.property.securityGroup">securityGroup</a></code> | <code>cdktg.plus_aws.SecurityGroup</code> | *No description.* |

---
Expand Down Expand Up @@ -379,16 +385,6 @@ public readonly tags: string[];

---

##### `trustBoundary`<sup>Optional</sup> <a name="trustBoundary" id="cdktg.plus_aws.ApplicationLoadBalancer.property.trustBoundary"></a>

```typescript
public readonly trustBoundary: TrustBoundary;
```

- *Type:* <a href="#cdktg.TrustBoundary">TrustBoundary</a>

---

##### `securityGroup`<sup>Required</sup> <a name="securityGroup" id="cdktg.plus_aws.ApplicationLoadBalancer.property.securityGroup"></a>

```typescript
Expand Down Expand Up @@ -442,6 +438,7 @@ new plus.Browser(scope: Construct, id: string, props: BrowserProps)
| --- | --- |
| <code><a href="#cdktg.plus.Browser.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#cdktg.plus.Browser.communicatesWith">communicatesWith</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.isTrafficForwarding">isTrafficForwarding</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.isWebApplication">isWebApplication</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.isWebService">isWebService</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.processes">processes</a></code> | *No description.* |
Expand Down Expand Up @@ -481,6 +478,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati

---

##### `isTrafficForwarding` <a name="isTrafficForwarding" id="cdktg.plus.Browser.isTrafficForwarding"></a>

```typescript
public isTrafficForwarding(): boolean
```

##### `isWebApplication` <a name="isWebApplication" id="cdktg.plus.Browser.isWebApplication"></a>

```typescript
Expand Down Expand Up @@ -580,7 +583,6 @@ Any object.
| <code><a href="#cdktg.plus.Browser.property.owner">owner</a></code> | <code>string</code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.property.scope">scope</a></code> | <code><a href="#cdktg.Scope">Scope</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.property.tags">tags</a></code> | <code>string[]</code> | *No description.* |
| <code><a href="#cdktg.plus.Browser.property.trustBoundary">trustBoundary</a></code> | <code><a href="#cdktg.TrustBoundary">TrustBoundary</a></code> | *No description.* |

---

Expand Down Expand Up @@ -776,16 +778,6 @@ public readonly tags: string[];

---

##### `trustBoundary`<sup>Optional</sup> <a name="trustBoundary" id="cdktg.plus.Browser.property.trustBoundary"></a>

```typescript
public readonly trustBoundary: TrustBoundary;
```

- *Type:* <a href="#cdktg.TrustBoundary">TrustBoundary</a>

---


### Cloud <a name="Cloud" id="cdktg.plus_aws.Cloud"></a>

Expand Down Expand Up @@ -2581,6 +2573,7 @@ new TechnicalAsset(scope: Construct, id: string, props: TechnicalAssetProps)
| --- | --- |
| <code><a href="#cdktg.TechnicalAsset.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#cdktg.TechnicalAsset.communicatesWith">communicatesWith</a></code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.isTrafficForwarding">isTrafficForwarding</a></code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.isWebApplication">isWebApplication</a></code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.isWebService">isWebService</a></code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.processes">processes</a></code> | *No description.* |
Expand Down Expand Up @@ -2620,6 +2613,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati

---

##### `isTrafficForwarding` <a name="isTrafficForwarding" id="cdktg.TechnicalAsset.isTrafficForwarding"></a>

```typescript
public isTrafficForwarding(): boolean
```

##### `isWebApplication` <a name="isWebApplication" id="cdktg.TechnicalAsset.isWebApplication"></a>

```typescript
Expand Down Expand Up @@ -2719,7 +2718,6 @@ Any object.
| <code><a href="#cdktg.TechnicalAsset.property.owner">owner</a></code> | <code>string</code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.property.scope">scope</a></code> | <code><a href="#cdktg.Scope">Scope</a></code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.property.tags">tags</a></code> | <code>string[]</code> | *No description.* |
| <code><a href="#cdktg.TechnicalAsset.property.trustBoundary">trustBoundary</a></code> | <code><a href="#cdktg.TrustBoundary">TrustBoundary</a></code> | *No description.* |

---

Expand Down Expand Up @@ -2915,16 +2913,6 @@ public readonly tags: string[];

---

##### `trustBoundary`<sup>Optional</sup> <a name="trustBoundary" id="cdktg.TechnicalAsset.property.trustBoundary"></a>

```typescript
public readonly trustBoundary: TrustBoundary;
```

- *Type:* <a href="#cdktg.TrustBoundary">TrustBoundary</a>

---


### TrustBoundary <a name="TrustBoundary" id="cdktg.TrustBoundary"></a>

Expand Down Expand Up @@ -3165,6 +3153,7 @@ new plus.Vault(scope: Construct, id: string, props: VaultProps)
| --- | --- |
| <code><a href="#cdktg.plus.Vault.toString">toString</a></code> | Returns a string representation of this construct. |
| <code><a href="#cdktg.plus.Vault.communicatesWith">communicatesWith</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.isTrafficForwarding">isTrafficForwarding</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.isWebApplication">isWebApplication</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.isWebService">isWebService</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.processes">processes</a></code> | *No description.* |
Expand Down Expand Up @@ -3205,6 +3194,12 @@ public communicatesWith(id: string, target: TechnicalAsset, options: Communicati

---

##### `isTrafficForwarding` <a name="isTrafficForwarding" id="cdktg.plus.Vault.isTrafficForwarding"></a>

```typescript
public isTrafficForwarding(): boolean
```

##### `isWebApplication` <a name="isWebApplication" id="cdktg.plus.Vault.isWebApplication"></a>

```typescript
Expand Down Expand Up @@ -3316,7 +3311,6 @@ Any object.
| <code><a href="#cdktg.plus.Vault.property.owner">owner</a></code> | <code>string</code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.property.scope">scope</a></code> | <code><a href="#cdktg.Scope">Scope</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.property.tags">tags</a></code> | <code>string[]</code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.property.trustBoundary">trustBoundary</a></code> | <code><a href="#cdktg.TrustBoundary">TrustBoundary</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.property.configurationSecrets">configurationSecrets</a></code> | <code><a href="#cdktg.DataAsset">DataAsset</a></code> | *No description.* |
| <code><a href="#cdktg.plus.Vault.property.vaultStorage">vaultStorage</a></code> | <code><a href="#cdktg.TechnicalAsset">TechnicalAsset</a></code> | *No description.* |

Expand Down Expand Up @@ -3514,16 +3508,6 @@ public readonly tags: string[];

---

##### `trustBoundary`<sup>Optional</sup> <a name="trustBoundary" id="cdktg.plus.Vault.property.trustBoundary"></a>

```typescript
public readonly trustBoundary: TrustBoundary;
```

- *Type:* <a href="#cdktg.TrustBoundary">TrustBoundary</a>

---

##### `configurationSecrets`<sup>Required</sup> <a name="configurationSecrets" id="cdktg.plus.Vault.property.configurationSecrets"></a>

```typescript
Expand Down
2 changes: 1 addition & 1 deletion src/plus-aws/application-load-balancer.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ export class ApplicationLoadBalancer extends TechnicalAsset {
customDevelopedParts: false,
});

this.securityGroup =
this.securityGroup = this.trustBoundary =
props.securityGroup ?? new SecurityGroup(this, `${id} SG`);

this.securityGroup.addTechnicalAssets(this);
Expand Down
18 changes: 17 additions & 1 deletion src/technical-asset.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,10 +45,11 @@ export class TechnicalAsset extends Resource {
public readonly ciaTriad: CIATriad;
public readonly multiTenant: boolean;
public readonly redundant: boolean;
public readonly trustBoundary?: TrustBoundary;
public readonly customDevelopedParts: boolean;
public readonly dataFormatsAccepted?: DataFormat[];

protected trustBoundary?: TrustBoundary;

private dataAssetsProcessed: Set<string>;
private dataAssetsStored: Set<string>;
private communications: Communication[];
Expand Down Expand Up @@ -119,6 +120,14 @@ export class TechnicalAsset extends Resource {
);
}

public isTrafficForwarding(): boolean {
return [
Technology.LOAD_BALANCER,
Technology.REVERSE_PROXY,
Technology.WAF,
].includes(this.technology);
}

public communicatesWith(
id: string,
target: TechnicalAsset,
Expand All @@ -135,6 +144,13 @@ export class TechnicalAsset extends Resource {
return communication;
}

/**
* @internal
*/
public get _trustBoundary() {
return this.trustBoundary;
}

/**
* @internal
*/
Expand Down
5 changes: 2 additions & 3 deletions src/trust-boundary.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,8 @@ export class TrustBoundary extends Resource {

public addTechnicalAssets(...assets: TechnicalAsset[]) {
assets.forEach((a) => {
if (a.trustBoundary) {
this.addTrustBoundary(a.trustBoundary);
return;
if (a._trustBoundary) {
return this.addTrustBoundary(a._trustBoundary);
}

this.technicalAssetsInside.add(a.uuid);
Expand Down
2 changes: 1 addition & 1 deletion test/plus-aws/application-load-balancer.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ test("synth application-load-balancer with default securit-group", () => {

const cloud = new Cloud(model, "AWS-Cloud");

cloud.addTrustBoundary(alb.securityGroup);
cloud.addTechnicalAssets(alb);

project.synth();
});

0 comments on commit 0985816

Please sign in to comment.