diff --git a/packages/constructs/wildcard-certificate/src/lambda/ensure-wildcard-certificate.ts b/packages/constructs/wildcard-certificate/src/lambda/ensure-wildcard-certificate.ts index cd4e7e0..5952cf9 100644 --- a/packages/constructs/wildcard-certificate/src/lambda/ensure-wildcard-certificate.ts +++ b/packages/constructs/wildcard-certificate/src/lambda/ensure-wildcard-certificate.ts @@ -116,9 +116,13 @@ export const getDomainValidationRecords = async (arn: string, attempt: number = export const ensureWildcardCertificate = async ( requestId: string, - domainMappings: { parentDomainName: string; hostedZoneId: string; roleArn?: string }[], + domainMappings: { parentDomainName: string; hostedZoneId: string; roleArn?: string; includeParent?: boolean }[], ): Promise => { - const wildcardDomainNames = domainMappings.map(({ parentDomainName }) => `*.${parentDomainName}`) + const wildcardDomainNames = domainMappings + .map(({ parentDomainName, includeParent }) => { + return includeParent ? [parentDomainName, `*.${parentDomainName}`] : [`*.${parentDomainName}`] + }) + .flat() console.log('ensureWildcardCert', wildcardDomainNames) const existing = await findCertificates(wildcardDomainNames) console.log('got existing', JSON.stringify(existing)) diff --git a/packages/constructs/wildcard-certificate/src/wildcard-certificate.ts b/packages/constructs/wildcard-certificate/src/wildcard-certificate.ts index 6bfa7fd..3c983c5 100644 --- a/packages/constructs/wildcard-certificate/src/wildcard-certificate.ts +++ b/packages/constructs/wildcard-certificate/src/wildcard-certificate.ts @@ -7,7 +7,13 @@ import { PolicyStatement } from 'aws-cdk-lib/aws-iam' import * as path from 'path' import { HostedZone } from 'aws-cdk-lib/aws-route53' -type DetailedDomain = { domainName: string; hostedZoneArn?: string; account?: string; roleArn?: string } +type DetailedDomain = { + domainName: string + hostedZoneArn?: string + account?: string + roleArn?: string + includeParent?: boolean +} type Domain = DetailedDomain | string export interface WildcardCertificateProps { domains: Domain[] diff --git a/packages/constructs/wildcard-certificate/tests/lambda.test.ts b/packages/constructs/wildcard-certificate/tests/lambda.test.ts index 366c4bb..7222b01 100644 --- a/packages/constructs/wildcard-certificate/tests/lambda.test.ts +++ b/packages/constructs/wildcard-certificate/tests/lambda.test.ts @@ -159,6 +159,82 @@ describe('wildcard-certificate', () => { expect(result.Data.certificateArn).toBe('cert-arn') }) + it('should include the parent domain in the cert if told to', async () => { + acmMock.on(ListCertificatesCommand).resolves({ + CertificateSummaryList: [], + }) + acmMock.on(RequestCertificateCommand).resolves({ + CertificateArn: 'cert-arn', + }) + acmMock.on(DescribeCertificateCommand).resolves({ + Certificate: { + DomainValidationOptions: [ + { + ValidationStatus: 'SUCCESS', + DomainName: '', + ResourceRecord: { + Name: 'first-record-name.asdf.com', + Type: 'TXT', + Value: 'first-record-value', + }, + }, + { + ValidationStatus: 'SUCCESS', + DomainName: '', + ResourceRecord: { + Name: 'second-record-name.qwerty.com', + Type: 'TXT', + Value: 'second-record-value', + }, + }, + ], + }, + }) + + route53Mock.on(ChangeResourceRecordSetsCommand).resolves({ + ChangeInfo: { + Id: 'change-batch-id', + Status: 'INSYNC', + SubmittedAt: new Date(), + }, + }) + + route53Mock.on(GetChangeCommand).resolves({ + ChangeInfo: { + Id: 'change-batch-id', + Status: 'INSYNC', + SubmittedAt: new Date(), + }, + }) + + const result = await onEvent( + genEvent('Create', [ + { + parentDomainName: 'asdf.com', + hostedZoneId: '123', + includeParent: true, + }, + { + parentDomainName: 'qwerty.com', + hostedZoneId: '456', + includeParent: true, + }, + ]), + ) + + expect(acmMock).toHaveReceivedCommandWith(RequestCertificateCommand, { + DomainName: 'asdf.com', + SubjectAlternativeNames: ['asdf.com', '*.asdf.com', 'qwerty.com', '*.qwerty.com'], + }) + + if (!result.Data) { + throw new Error('no result data') + } + expect(result.Data).toBeDefined() + expect(result.Data).toHaveProperty('certificateArn') + expect(result.Data.certificateArn).toBe('cert-arn') + }) + it('should return a cert if it already exists', async () => { acmMock.on(ListCertificatesCommand).resolves({ CertificateSummaryList: [