Skip to content

Commit

Permalink
feat: move CNAME records to DNS stack instead of cert stack
Browse files Browse the repository at this point in the history
  • Loading branch information
marnixdessing committed Mar 31, 2023
1 parent 67b1272 commit 062c3ce
Show file tree
Hide file tree
Showing 5 changed files with 37 additions and 32 deletions.
6 changes: 4 additions & 2 deletions src/ApiStage.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,9 @@ export class ApiStage extends Stage {

const keyStack = new KeyStack(this, 'key-stack');
const sessionsStack = new SessionsStack(this, 'sessions-stack', { key: keyStack.key }); // TODO fix this stack dependency
const dnsStack = new DNSStack(this, 'dns-stack');
const dnsStack = new DNSStack(this, 'dns-stack', {
configuration: this.configuration,
});

const usEastCertificateStack = new UsEastCertificateStack(this, 'us-cert-stack', {
env: { region: 'us-east-1' },
Expand All @@ -41,7 +43,7 @@ export class ApiStage extends Stage {
dnssecStack.addDependency(dnsStack);

const apistack = new ApiStack(this, 'api-stack', {
sessionsTable: sessionsStack.sessionsTable,
sessionsTable: sessionsStack.sessionsTable, // TODO fix this stack dependency?
configuration: this.configuration,
});

Expand Down
5 changes: 3 additions & 2 deletions src/Configuration.ts
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@ export interface Configuration {

/**
* A list of CNAME records to register in the hosted zone
* Note: key should be withou domain suffix (only subdomain).
*/
readonly cnameRecords?: {[key: string]: string};

Expand Down Expand Up @@ -75,7 +76,7 @@ const configurations: { [name: string] : Configuration } = {
useDemoScheme: true,
nijmegenSubdomain: 'yivi.accp', // yivi.accp.nijmegen.nl
cnameRecords: {
'_2efd09bc809f1129572f073cb0873936.yivi-issue.accp.csp-nijmegen.nl': '_37726a837615087fa929e1970e5ad7c2.hsmgrxbjqd.acm-validations.aws',
'_2efd09bc809f1129572f073cb0873936': '_37726a837615087fa929e1970e5ad7c2.hsmgrxbjqd.acm-validations.aws',
},
},
production: {
Expand All @@ -89,7 +90,7 @@ const configurations: { [name: string] : Configuration } = {
useDemoScheme: true, // For now keep this true, so we do not issue valid attributes untill everything works
nijmegenSubdomain: 'yivi', // yivi.nijmegen.nl
cnameRecords: {
'_988b6a082afeb2260ef3a85673b887c8.yivi-issue.auth-prod.csp-nijmegen.nl': '_e38b4911aa3741d5dda4456d86105c4e.btsqtkxpyp.acm-validations.aws',
'_988b6a082afeb2260ef3a85673b887c8': '_e38b4911aa3741d5dda4456d86105c4e.btsqtkxpyp.acm-validations.aws',
},
},
};
24 changes: 23 additions & 1 deletion src/DNSStack.ts
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import * as crypto from 'crypto';
import { aws_route53 as Route53, Stack, StackProps, aws_ssm as SSM } from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Configurable } from './Configuration';
Expand All @@ -9,7 +10,7 @@ export class DNSStack extends Stack {
zone: Route53.HostedZone;
accountRootZone: Route53.IHostedZone;

constructor(scope: Construct, id: string, _props?: DNSStackProps) {
constructor(scope: Construct, id: string, props: DNSStackProps) {
super(scope, id);

const rootZoneId = SSM.StringParameter.valueForStringParameter(this, Statics.accountRootHostedZoneId);
Expand All @@ -26,6 +27,10 @@ export class DNSStack extends Stack {
this.addZoneIdAndNametoParams();
this.addNSToRootCSPzone();

if (props.configuration.cnameRecords) {
this.addCnameRecords(this.zone, props.configuration.cnameRecords);
}

}

/**
Expand Down Expand Up @@ -60,4 +65,21 @@ export class DNSStack extends Stack {
});
}

/**
* Add the CNAME records to the hosted zone that are
* provided in the branch specific configuration
* @param hostedZone the hosted zone to add the records to
* @param cnameRecords configruation property containing the records
*/
addCnameRecords(hostedZone: Route53.IHostedZone, cnameRecords: { [key: string]: string }) {
Object.entries(cnameRecords).forEach(entry => {
const logicalId = crypto.createHash('md5').update(entry[0]).digest('hex').substring(0, 10);
new Route53.CnameRecord(this, `record-${logicalId}`, {
zone: hostedZone,
recordName: entry[0],
domainName: entry[1],
});
});
}

}
26 changes: 1 addition & 25 deletions src/UsEastCertificateStack.ts
Original file line number Diff line number Diff line change
@@ -1,10 +1,6 @@
import * as crypto from 'crypto';
import {
aws_certificatemanager as CertificateManager,
Stack,
aws_certificatemanager as CertificateManager, aws_ssm as SSM, Stack,
StackProps,
aws_ssm as SSM,
aws_route53 as route53,
} from 'aws-cdk-lib';
import { Construct } from 'constructs';
import { Configurable, Configuration } from './Configuration';
Expand Down Expand Up @@ -45,26 +41,6 @@ export class UsEastCertificateStack extends Stack {
parameterName: Statics.certificateArn,
});

if (configuration.cnameRecords) {
this.addCnameRecords(hostedZone, configuration.cnameRecords);
}

}

/**
* Add the CNAME records to the hosted zone that are
* provided in the branch specific configuration
* @param hostedZone the hosted zone to add the records to
* @param cnameRecords configruation property containing the records
*/
addCnameRecords(hostedZone: route53.IHostedZone, cnameRecords: { [key: string]: string }) {
Object.entries(cnameRecords).forEach(entry => {
const logicalId = crypto.createHash('md5').update(entry[0]).digest('hex').substring(0, 10);
new route53.CnameRecord(this, `record-${logicalId}`, {
zone: hostedZone,
recordName: entry[0],
domainName: entry[1],
});
});
}
}
8 changes: 6 additions & 2 deletions test/main.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,9 @@ test('StackHasApiGateway', () => {
const app = new App();
const keyStack = new KeyStack(app, 'keystack');
const sessionsStack = new SessionsStack(app, 'test', { key: keyStack.key});
new DNSStack(app, 'dns');
new DNSStack(app, 'dns', {
configuration: config,
});
const stack = new ApiStack(app, 'api', {
sessionsTable: sessionsStack.sessionsTable,
configuration: config,
Expand All @@ -96,7 +98,9 @@ test('StackHasLambdas', () => {
const app = new App();
const keyStack = new KeyStack(app, 'keystack');
const sessionsStack = new SessionsStack(app, 'test', { key: keyStack.key});
new DNSStack(app, 'dns');
new DNSStack(app, 'dns', {
configuration: config,
});
const stack = new ApiStack(app, 'api', {
sessionsTable: sessionsStack.sessionsTable,
configuration: config,
Expand Down

0 comments on commit 062c3ce

Please sign in to comment.