stackoom
  简体   繁体   中英

What needs to be put into the uriPath field when creating a StatementProperty in AWS CDK (Java)?

 原文  2022-12-02 07:24:06       java/ amazon-web-services/ aws-cdk

Question

We want to create a webACL for AWS WAF, using the latest version (2.51.1) of AWS CDK and Java 17 (corretto).

One of the rules we want to define contains a URI path that is to be allowed. We use the following definition:

Object emptyUriPath; // How to define this?
StatementProperty apiV1Order = StatementProperty.builder()
    .byteMatchStatement(ByteMatchStatementProperty.builder()
        .searchString("/the/path/to/allow")
        .positionalConstraint("STARTS_WITH")
        .fieldToMatch(FieldToMatchProperty.builder()
            .uriPath(emptyUriPath)
            .build())
        .textTransformations(List.of(TextTransformationProperty.builder()
            .priority(0)
            .type("LOWERCASE")
            .build()))
        .build())
    .build();

The question is: How does the uriPath need to be defined? The documentation is quite sparse about this.

The documentation says that the uriPath field shall contain an 'empty object'. In TypeScript, this seems to be quite easy. But for Java, we get various errors for the different attempts we tried:

Object emptyUriPath = new Object();
Object emptyUriPath = new JsonObject();
Object emptyUriPath = "{}";

cause errors like this:

An exception occured while executing the Java class. No serializer found for class java.lang.Object and no properties discovered to create BeanSerializer (to avoid exception, disable SerializationFeature.FAIL_ON_EMPTY_BEANS) (through reference chain: java.util.ImmutableCollections$List12[1]) (through reference chain: software.amazon.jsii.api.CreateRequest["args"]->java.util.Arrays$ArrayList[2])

or this:

An exception occured while executing the Java class. JsonObject (through reference chain: com.google.gson.JsonObject["asBoolean"]) (through reference chain: java.util.ImmutableCollections$List12[1]) (through reference chain: software.amazon.jsii.api.CreateRequest["args"]->java.util.Arrays$ArrayList[2])

or this:

An exception occured while executing the Java class. Error: Resolution error: Supplied properties not correct for "CfnWebACLProps"
[ERROR]   rules: element 1: supplied properties not correct for "RuleProperty"
[ERROR]     statement: supplied properties not correct for "StatementProperty"
[ERROR]       byteMatchStatement: supplied properties not correct for "ByteMatchStatementProperty"
[ERROR]         fieldToMatch: supplied properties not correct for "FieldToMatchProperty"
[ERROR]           uriPath: "{}" should be an 'object'.
[ERROR] @jsii/kernel.RuntimeError: Error: Resolution error: Supplied properties not correct for "CfnWebACLProps"
[ERROR]   rules: element 1: supplied properties not correct for "RuleProperty"
[ERROR]     statement: supplied properties not correct for "StatementProperty"
[ERROR]       byteMatchStatement: supplied properties not correct for "ByteMatchStatementProperty"
[ERROR]         fieldToMatch: supplied properties not correct for "FieldToMatchProperty"
[ERROR]           uriPath: "{}" should be an 'object'.

We would have assumed something like this:

Object emptyUriPath = UriPathProperty.builder().build();

but such a property doesn't exist (only something similar for the SDK ).

Can anyone please tell us what to do? Can also be a hint on how to create such a rule/statement in a completely different way.

1 answers

solution1
 0 ACCPTED  2022-12-08 16:16:45

With the help of the CDK developers we found out that emptyUriPath needs to look like this:

Map<String, String> emptyUriPath = Map.of("UriPath", "{}");

see also the documentation about generic structures here .

For those who may have the same problem:
It turned out that we had another issue in our rule property definition: an action definition was missing. The final rule property definition now looks like this:

RuleProperty.builder()
        .name("AllowValidApiCalls")
        .priority(1)
        .statement(apiV1Order)
        .action(RuleActionProperty.builder()
            .allow(AllowActionProperty.builder()
                .build())
            .build())
        .visibilityConfig(VisibilityConfigProperty.builder()
            .cloudWatchMetricsEnabled(false)
            .metricName("metricName")
            .sampledRequestsEnabled(false)
            .build())
        .build();

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS CDK - Getting InvalidRouteTableId.Malformed when creating Route Table Creating an AWS DMS task using AWS CDK Creating a custom trust policy when creating a new IAM role using AWS-CDK When Deploying CDK to AWS via Docker, bash: cdk: command not found AWS CDK Credentials not found when Bootstrapping AWS Java CDK setting up a RDS instance AWS CDK: Put Redshift cluster into existing subnet group What is the correct format of BatchGetBuilds parameters for 'AWS CDK - StepFunction - CallAwsService' AWS Glue JDBC connection created with CDK needs password in the console before it becomes valid Creating AWS RDS Postgres with CDK and defining Security Groups
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM