Source code for runway.module.staticsite.parameters.models

"""Runway static site Module parameters."""
# pylint: disable=no-self-argument,no-self-use
from __future__ import annotations

from typing import Dict, List, Optional, Union

from pydantic import Extra, Field, validator

from ....config.models.base import ConfigProperty


[docs]class RunwayStaticSiteCustomErrorResponseDataModel(ConfigProperty): """Model for Runway stat site Module staticsite_custom_error_responses parameter item. https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-customerrorresponse.html """ ErrorCachingMinTTL: Optional[int] = None ErrorCode: Optional[int] = None ResponseCode: Optional[int] = None ResponsePagePath: Optional[str] = None
[docs] class Config(ConfigProperty.Config): """Model configuration.""" extra = Extra.forbid title = "Runway static site Module staticsite_custom_error_responses parameter item."
[docs]class RunwayStaticSiteLambdaFunctionAssociationDataModel(ConfigProperty): """Model for Runway stat site Module staticsite_lambda_function_associations parameter item. Attributes: arn: Lambda function ARN. type: Association type. """ arn: str type: str
[docs] class Config(ConfigProperty.Config): """Model configuration.""" extra = Extra.forbid title = "Runway static site Module staticsite_lambda_function_associations parameter item." # noqa
[docs]class RunwayStaticSiteModuleParametersDataModel(ConfigProperty): """Model for Runway static site Module parameters. Attributes: acmcert_arn: The certificate arn used for any alias domains supplied. This is a requirement when supplying any custom domain. additional_redirect_domains: Additional domains (beyond the ``aliases`` domains or the CloudFront URL if no aliases are provided) that will be authorized by the [email protected] UserPool AppClient. aliases: Any custom domains that should be added to the CloudFront Distribution. auth_at_edge: [email protected] make the static site private by placing it behind an authorization wall. cf_disable: Wether deployment of the CloudFront Distribution should be disabled. compress: Whether the CloudFront default cache behavior will automatically compress certain files. cookie_settings: The default cookie settings for retrieved tokens and generated nonce's. create_user_pool: Wether to create a User Pool for the [email protected] configuration. custom_error_responses: Define custom error responses. enable_cf_logging: Enable CloudFront logging. http_headers: Headers that should be sent with each origin response. lambda_function_associations: This allows the user to deploy custom [email protected] associations with their pre-build function versions. namespace: The unique namespace for the deployment. non_spa: Wether this site is a single page application (SPA). oauth_scopes: Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. redirect_path_auth_refresh: The path that a user is redirected to when their authorization tokens have expired (1 hour). redirect_path_sign_in: The path that a user is redirected to after sign-in. redirect_path_sign_out: The path that a user is redirected to after sign-out. required_group: Name of Cognito User Pool group of which users must be a member to be granted access to the site. If ``None``, allows all UserPool users to have access. rewrite_directory_index: Deploy a [email protected] function designed to rewrite directory indexes. role_boundary_arn: Defines an IAM Managed Policy that will be set as the permissions boundary for any IAM Roles created to support the site. service_role: IAM role that CloudFormation will use. sign_out_url: The path a user should access to sign themselves out of the application. supported_identity_providers: A comma delimited list of the User Pool client identity providers. user_pool_arn: The ARN of a pre-existing Cognito User Pool to use with [email protected] web_acl: The ARN of a web access control list (web ACL) to associate with the CloudFront Distribution. """ acmcert_arn: Optional[str] = Field(default=None, alias="staticsite_acmcert_arn") additional_redirect_domains: List[str] = Field( default=[], alias="staticsite_additional_redirect_domains" ) aliases: List[str] = Field(default=[], alias="staticsite_aliases") auth_at_edge: bool = Field(default=False, alias="staticsite_auth_at_edge") cf_disable: bool = Field(default=False, alias="staticsite_cf_disable") compress: bool = Field(default=True, alias="staticsite_compress") cookie_settings: Dict[str, str] = Field( default={ "idToken": "Path=/; Secure; SameSite=Lax", "accessToken": "Path=/; Secure; SameSite=Lax", "refreshToken": "Path=/; Secure; SameSite=Lax", "nonce": "Path=/; Secure; HttpOnly; Max-Age=1800; SameSite=Lax", }, alias="staticsite_cookie_settings", ) create_user_pool: bool = Field(default=False, alias="staticsite_create_user_pool") custom_error_responses: List[RunwayStaticSiteCustomErrorResponseDataModel] = Field( default=[], alias="staticsite_custom_error_responses" ) enable_cf_logging: bool = Field(default=True, alias="staticsite_enable_cf_logging") http_headers: Dict[str, str] = Field( default={ "Content-Security-Policy": "default-src https: 'unsafe-eval' 'unsafe-inline'; " "font-src 'self' 'unsafe-inline' 'unsafe-eval' data: https:; " "object-src 'none'; " "connect-src 'self' https://*.amazonaws.com https://*.amazoncognito.com", "Strict-Transport-Security": "max-age=31536000; " "includeSubdomains; " "preload", "Referrer-Policy": "same-origin", "X-XSS-Protection": "1; mode=block", "X-Frame-Options": "DENY", "X-Content-Type-Options": "nosniff", }, alias="staticsite_http_headers", ) lambda_function_associations: List[ RunwayStaticSiteLambdaFunctionAssociationDataModel ] = Field(default=[], alias="staticsite_lambda_function_associations") namespace: str non_spa: bool = Field(default=False, alias="staticsite_non_spa") oauth_scopes: List[str] = Field( default=[ "phone", "email", "profile", "openid", "aws.cognito.signin.user.admin", ], alias="staticsite_oauth_scopes", ) redirect_path_auth_refresh: str = Field( default="/refreshauth", alias="staticsite_redirect_path_auth_refresh" ) redirect_path_sign_in: str = Field( default="/parseauth", alias="staticsite_redirect_path_sign_in" ) redirect_path_sign_out: str = Field( default="/", alias="staticsite_redirect_path_sign_out" ) required_group: Optional[str] = Field( default=None, alias="staticsite_required_group" ) rewrite_directory_index: Optional[str] = Field( default=None, alias="staticsite_rewrite_directory_index" ) role_boundary_arn: Optional[str] = Field( default=None, alias="staticsite_role_boundary_arn" ) service_role: Optional[str] = Field( default=None, alias="cloudformation_service_role" ) sign_out_url: str = Field(default="/signout", alias="staticsite_sign_out_url") supported_identity_providers: List[str] = Field( default=["COGNITO"], alias="staticsite_supported_identity_providers" ) user_pool_arn: Optional[str] = Field(default=None, alias="staticsite_user_pool_arn") web_acl: Optional[str] = Field(default=None, alias="staticsite_web_acl")
[docs] class Config(ConfigProperty.Config): """Model configuration.""" extra = Extra.ignore title = "Runway static site Module parameters."
@validator( "additional_redirect_domains", "aliases", "supported_identity_providers", pre=True, ) def _convert_comma_delimited_list(cls, v: Union[List[str], str]) -> List[str]: """Convert comma delimited lists to a string.""" if isinstance(v, str): return [i.strip() for i in v.split(",")] return v