Interface TlsValidation
- All Superinterfaces:
software.amazon.jsii.JsiiSerializable
- All Known Implementing Classes:
TlsValidation.Jsii$Proxy
@Generated(value="jsii-pacmak/1.103.1 (build bef2dea)",
date="2024-09-11T18:01:11.320Z")
@Stability(Stable)
public interface TlsValidation
extends software.amazon.jsii.JsiiSerializable
Represents the properties needed to define TLS Validation context.
Example:
Mesh mesh; Service service; VirtualNode node = VirtualNode.Builder.create(this, "node") .mesh(mesh) .serviceDiscovery(ServiceDiscovery.cloudMap(service)) .listeners(List.of(VirtualNodeListener.http(HttpVirtualNodeListenerOptions.builder() .port(8080) .healthCheck(HealthCheck.http(HttpHealthCheckOptions.builder() .healthyThreshold(3) .interval(Duration.seconds(5)) .path("/ping") .timeout(Duration.seconds(2)) .unhealthyThreshold(2) .build())) .timeout(HttpTimeout.builder() .idle(Duration.seconds(5)) .build()) .build()))) .backendDefaults(BackendDefaults.builder() .tlsClientPolicy(TlsClientPolicy.builder() .validation(TlsValidation.builder() .trust(TlsValidationTrust.file("/keys/local_cert_chain.pem")) .build()) .build()) .build()) .accessLog(AccessLog.fromFilePath("/dev/stdout")) .build(); Tags.of(node).add("Environment", "Dev");
-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic final class
A builder forTlsValidation
static final class
An implementation forTlsValidation
-
Method Summary
Modifier and TypeMethodDescriptionstatic TlsValidation.Builder
builder()
default SubjectAlternativeNames
Represents the subject alternative names (SANs) secured by the certificate.getTrust()
Reference to where to retrieve the trust chain.Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Method Details
-
getTrust
Reference to where to retrieve the trust chain. -
getSubjectAlternativeNames
Represents the subject alternative names (SANs) secured by the certificate.SANs must be in the FQDN or URI format.
Default: - If you don't specify SANs on the terminating mesh endpoint, the Envoy proxy for that node doesn't verify the SAN on a peer client certificate. If you don't specify SANs on the originating mesh endpoint, the SAN on the certificate provided by the terminating endpoint must match the mesh endpoint service discovery configuration.
-
builder
- Returns:
- a
TlsValidation.Builder
ofTlsValidation
-