1use chrono::{TimeZone, Utc};
8use rustack_cloudfront_model::{
9 CachePolicy, CachePolicyConfig, CachePolicyCookiesConfig, CachePolicyHeadersConfig,
10 CachePolicyQueryStringsConfig, OriginRequestPolicy, OriginRequestPolicyConfig,
11 OriginRequestPolicyCookiesConfig, OriginRequestPolicyHeadersConfig,
12 OriginRequestPolicyQueryStringsConfig, ParamsInCacheKey, ResponseHeadersPolicy,
13 ResponseHeadersPolicyConfig,
14};
15
16fn managed_timestamp() -> chrono::DateTime<Utc> {
18 Utc.with_ymd_and_hms(2020, 5, 31, 0, 0, 0).unwrap()
19}
20
21#[must_use]
23pub fn managed_cache_policies() -> Vec<CachePolicy> {
24 vec![
25 managed_cache_policy(
26 "658327ea-f89d-4fab-a63d-7e88639e58f6",
27 "Managed-CachingOptimized",
28 "Policy with caching enabled. Supports Gzip and Brotli compression.",
29 86400,
30 31_536_000,
31 1,
32 ),
33 managed_cache_policy(
34 "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
35 "Managed-CachingDisabled",
36 "Policy with caching disabled. All requests are sent to the origin.",
37 0,
38 0,
39 0,
40 ),
41 managed_cache_policy(
42 "83da9c7e-98b4-4e11-a168-04f0df8e2c65",
43 "Managed-CachingOptimizedForUncompressedObjects",
44 "Policy with caching enabled for uncompressed objects.",
45 86400,
46 31_536_000,
47 1,
48 ),
49 managed_cache_policy(
50 "08627262-05a9-4f76-9ded-b50ca2e3a84f",
51 "Managed-Elemental-MediaPackage",
52 "Policy for use with AWS Elemental MediaPackage.",
53 0,
54 86400,
55 0,
56 ),
57 ]
58}
59
60fn managed_cache_policy(
61 id: &str,
62 name: &str,
63 comment: &str,
64 default_ttl: i64,
65 max_ttl: i64,
66 min_ttl: i64,
67) -> CachePolicy {
68 CachePolicy {
69 id: id.to_owned(),
70 last_modified_time: managed_timestamp(),
71 config: CachePolicyConfig {
72 comment: comment.to_owned(),
73 name: name.to_owned(),
74 default_ttl,
75 max_ttl,
76 min_ttl,
77 parameters_in_cache_key_and_forwarded_to_origin: ParamsInCacheKey {
78 enable_accept_encoding_gzip: true,
79 enable_accept_encoding_brotli: true,
80 headers_config: CachePolicyHeadersConfig {
81 header_behavior: "none".to_owned(),
82 headers: Vec::new(),
83 },
84 cookies_config: CachePolicyCookiesConfig {
85 cookie_behavior: "none".to_owned(),
86 cookies: Vec::new(),
87 },
88 query_strings_config: CachePolicyQueryStringsConfig {
89 query_string_behavior: "none".to_owned(),
90 query_strings: Vec::new(),
91 },
92 },
93 },
94 etag: "MANAGED_CACHE_POLICY_ETAG".to_owned(),
95 managed: true,
96 }
97}
98
99#[must_use]
101pub fn managed_origin_request_policies() -> Vec<OriginRequestPolicy> {
102 vec![
103 managed_orp(
104 "216adef6-5c7f-47e4-b989-5492eafa07d3",
105 "Managed-AllViewer",
106 "Forwards all values from the viewer to the origin.",
107 "allViewer",
108 "all",
109 "all",
110 ),
111 managed_orp(
112 "b689b0a8-53d0-40ab-baf2-68738e2966ac",
113 "Managed-AllViewerAndCloudFrontHeaders-2022-06",
114 "Forwards all values plus CloudFront-specific headers.",
115 "allViewerAndWhitelistCloudFront",
116 "all",
117 "all",
118 ),
119 managed_orp(
120 "59781a5b-3903-41f3-afcb-af62929ccde1",
121 "Managed-CORS-CustomOrigin",
122 "Policy that forwards Origin header for CORS.",
123 "whitelist",
124 "none",
125 "none",
126 ),
127 managed_orp(
128 "88a5eaf4-2fd4-4709-b370-b4c650ea3fcf",
129 "Managed-CORS-S3Origin",
130 "Policy forwarding CORS origin-access headers to S3.",
131 "whitelist",
132 "none",
133 "none",
134 ),
135 managed_orp(
136 "33f36d7e-f396-46d9-90e0-52428a34d9dc",
137 "Managed-UserAgentRefererHeaders",
138 "Forwards User-Agent and Referer headers.",
139 "whitelist",
140 "none",
141 "none",
142 ),
143 ]
144}
145
146fn managed_orp(
147 id: &str,
148 name: &str,
149 comment: &str,
150 header_behavior: &str,
151 cookie_behavior: &str,
152 query_string_behavior: &str,
153) -> OriginRequestPolicy {
154 OriginRequestPolicy {
155 id: id.to_owned(),
156 last_modified_time: managed_timestamp(),
157 config: OriginRequestPolicyConfig {
158 comment: comment.to_owned(),
159 name: name.to_owned(),
160 headers_config: OriginRequestPolicyHeadersConfig {
161 header_behavior: header_behavior.to_owned(),
162 headers: Vec::new(),
163 },
164 cookies_config: OriginRequestPolicyCookiesConfig {
165 cookie_behavior: cookie_behavior.to_owned(),
166 cookies: Vec::new(),
167 },
168 query_strings_config: OriginRequestPolicyQueryStringsConfig {
169 query_string_behavior: query_string_behavior.to_owned(),
170 query_strings: Vec::new(),
171 },
172 },
173 etag: "MANAGED_ORIGIN_REQUEST_POLICY_ETAG".to_owned(),
174 managed: true,
175 }
176}
177
178#[must_use]
180pub fn managed_response_headers_policies() -> Vec<ResponseHeadersPolicy> {
181 vec![
184 ResponseHeadersPolicy {
185 id: "60669652-455b-4ae9-85a4-c4c02393f86c".to_owned(),
186 last_modified_time: managed_timestamp(),
187 config: ResponseHeadersPolicyConfig {
188 comment: "Managed SimpleCORS policy.".to_owned(),
189 name: "Managed-SimpleCORS".to_owned(),
190 ..Default::default()
191 },
192 etag: "MANAGED_RESPONSE_HEADERS_POLICY_ETAG".to_owned(),
193 managed: true,
194 },
195 ResponseHeadersPolicy {
196 id: "eaab4381-ed33-4a86-88ca-d9558dc6cd63".to_owned(),
197 last_modified_time: managed_timestamp(),
198 config: ResponseHeadersPolicyConfig {
199 comment: "Managed CORS-with-preflight policy.".to_owned(),
200 name: "Managed-CORS-With-Preflight".to_owned(),
201 ..Default::default()
202 },
203 etag: "MANAGED_RESPONSE_HEADERS_POLICY_ETAG".to_owned(),
204 managed: true,
205 },
206 ResponseHeadersPolicy {
207 id: "67f7725c-6f97-4210-82d7-5512b31e9d03".to_owned(),
208 last_modified_time: managed_timestamp(),
209 config: ResponseHeadersPolicyConfig {
210 comment: "Managed SecurityHeadersPolicy.".to_owned(),
211 name: "Managed-SecurityHeadersPolicy".to_owned(),
212 ..Default::default()
213 },
214 etag: "MANAGED_RESPONSE_HEADERS_POLICY_ETAG".to_owned(),
215 managed: true,
216 },
217 ]
218}