From c66e197f6f8840da6475383dbf2421c3b06ea417 Mon Sep 17 00:00:00 2001 From: Colin Francis <131073567+colifran@users.noreply.github.com> Date: Fri, 17 Nov 2023 13:26:38 -0800 Subject: [PATCH] chore(certificatemanager): migrate dns validated certificate handler (#27898) This PR moves the dns validated certificate handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../index.js | 1 + .../cdk.out | 2 +- ...nteg-dns-validated-certificate.assets.json | 12 +- ...eg-dns-validated-certificate.template.json | 4 +- .../integ.json | 2 +- ...efaultTestDeployAssert24D5C536.assets.json | 2 +- .../manifest.json | 6 +- .../tree.json | 8 +- .../custom-resource-handlers/.gitignore | 4 +- .../index.js | 0 .../custom-resource-handlers/package.json | 2 + ...dns-validated-certificate-handler.test.js} | 0 .../lambda-packages/.no-packagejson-validator | 0 .../.eslintrc.js | 3 - .../.gitignore | 7 - .../.node-version | 1 - .../.npmignore | 5 - .../dns_validated_certificate_handler/LICENSE | 201 -------- .../dns_validated_certificate_handler/NOTICE | 2 - .../README.md | 2 - .../jest.config.js | 19 - .../lib/index.js | 428 ------------------ .../package.json | 49 -- .../lib/dns-validated-certificate.ts | 2 +- 24 files changed, 26 insertions(+), 736 deletions(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b/index.js rename packages/{@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774 => @aws-cdk/custom-resource-handlers/lib/aws-certificatemanager/dns-validated-certificate-handler}/index.js (100%) rename packages/{aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js => @aws-cdk/custom-resource-handlers/test/aws-certificatemanager/dns-validated-certificate-handler.test.js} (100%) delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/.no-packagejson-validator delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.eslintrc.js delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.gitignore delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.node-version delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.npmignore delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/LICENSE delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/NOTICE delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/README.md delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/jest.config.js delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js delete mode 100644 packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b/index.js new file mode 100644 index 0000000000000..b7008d276ffba --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b/index.js @@ -0,0 +1 @@ +"use strict";var{ACM:C,waitUntilCertificateValidated:N}=require("@aws-sdk/client-acm"),{Route53:R,waitUntilResourceRecordSetsChanged:U}=require("@aws-sdk/client-route-53"),A=function(e){return new Promise(r=>setTimeout(r,e))},T,P,m=A,h=Math.random,d=10,w=function(e,r,o,t,s,i){return new Promise((a,c)=>{let u=require("https"),{URL:l}=require("url");var f=JSON.stringify({Status:o,Reason:i,PhysicalResourceId:t||r.logStreamName,StackId:e.StackId,RequestId:e.RequestId,LogicalResourceId:e.LogicalResourceId,Data:s});let n=new l(e.ResponseURL||T),g={hostname:n.hostname,port:443,path:n.pathname+n.search,method:"PUT",headers:{"Content-Type":"","Content-Length":f.length}};u.request(g).on("error",c).on("response",p=>{p.resume(),p.statusCode>=400?c(new Error(`Server returned error ${p.statusCode}: ${p.statusMessage}`)):a()}).end(f,"utf8")})},S=async function(e,r,o){let t=Array.from(Object.entries(o)).map(([i,a])=>({Key:i,Value:a}));await new C({region:r}).addTagsToCertificate({CertificateArn:e,Tags:t})},q=async function(e,r,o,t,s,i,a){let c=require("crypto"),u=new C({region:i}),l=a?new R({endpoint:a}):new R;console.log(`Requesting certificate for ${r}`);let f=await u.requestCertificate({DomainName:r,SubjectAlternativeNames:o,Options:{CertificateTransparencyLoggingPreference:t},IdempotencyToken:c.createHash("sha256").update(e).digest("hex").slice(0,32),ValidationMethod:"DNS"});console.log(`Certificate ARN: ${f.CertificateArn}`),console.log("Waiting for ACM to provide DNS records for validation...");let n=[];for(let g=0;g0&&r.every(o=>o&&!!o.ResourceRecord)){let o=r.map(t=>t.ResourceRecord).reduce((t,s)=>(t[s.Name]=s,t),{});return Object.keys(o).sort().map(t=>o[t])}return[]}async function I(e,r,o,t="UPSERT"){let s=await e.changeResourceRecordSets({ChangeBatch:{Changes:r.map(i=>(console.log(`${i.Name} ${i.Type} ${i.Value}`),{Action:t,ResourceRecordSet:{Name:i.Name,Type:i.Type,TTL:60,ResourceRecords:[{Value:i.Value}]}}))},HostedZoneId:o});console.log("Waiting for DNS records to commit..."),await U({client:e,delay:30,maxAttempts:10},{Id:s.ChangeInfo.Id})}function $(e,r,o){return!e||e.DomainName!==r.DomainName||e.SubjectAlternativeNames!==r.SubjectAlternativeNames||e.CertificateTransparencyLoggingPreference!==r.CertificateTransparencyLoggingPreference||e.HostedZoneId!==r.HostedZoneId||e.Region!==r.Region||!o||!o.startsWith("arn:")}exports.certificateRequestHandler=async function(e,r){var o={},t,s;async function i(){s=await q(e.RequestId,e.ResourceProperties.DomainName,e.ResourceProperties.SubjectAlternativeNames,e.ResourceProperties.CertificateTransparencyLoggingPreference,e.ResourceProperties.HostedZoneId,e.ResourceProperties.Region,e.ResourceProperties.Route53Endpoint),o.Arn=t=s}try{switch(e.RequestType){case"Create":await i(),e.ResourceProperties.Tags&&t.startsWith("arn:")&&await S(t,e.ResourceProperties.Region,e.ResourceProperties.Tags);break;case"Update":$(e.OldResourceProperties,e.ResourceProperties,e.PhysicalResourceId)?await i():o.Arn=t=e.PhysicalResourceId,e.ResourceProperties.Tags&&t.startsWith("arn:")&&await S(t,e.ResourceProperties.Region,e.ResourceProperties.Tags);break;case"Delete":t=e.PhysicalResourceId;let a=e.ResourceProperties.RemovalPolicy??"destroy";t.startsWith("arn:")&&a==="destroy"&&await b(t,e.ResourceProperties.Region,e.ResourceProperties.HostedZoneId,e.ResourceProperties.Route53Endpoint,e.ResourceProperties.CleanupRecords==="true");break;default:throw new Error(`Unsupported request type ${e.RequestType}`)}console.log("Uploading SUCCESS response to S3..."),await w(e,r,"SUCCESS",t,o),console.log("Done.")}catch(a){console.log(`Caught error ${a}. Uploading FAILED message to S3.`),await w(e,r,"FAILED",t,null,a.message)}};exports.withReporter=function(e){w=e};exports.withDefaultResponseURL=function(e){T=e};exports.withWaiter=function(e){P=e};exports.resetWaiter=function(){P=void 0};exports.withSleep=function(e){m=e};exports.resetSleep=function(){m=A};exports.withRandom=function(e){h=e};exports.resetRandom=function(){h=Math.random};exports.withMaxAttempts=function(e){d=e};exports.resetMaxAttempts=function(){d=10}; diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/cdk.out index f0b901e7c06e5..2313ab5436501 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"34.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.assets.json index 5768a33795b50..9a172e59ee693 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.assets.json @@ -1,20 +1,20 @@ { - "version": "32.0.0", + "version": "34.0.0", "files": { - "fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774": { + "8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b": { "source": { - "path": "asset.fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774", + "path": "asset.8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774.zip", + "objectKey": "8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "14e61dd74326fa816025a92898ba02959dd7100dccf670dec73afb2e3b13b29c": { + "3a883466c03b0492d00be9e5a4b91fd9e97f408b3b102d8dffc201aac52d7196": { "source": { "path": "integ-dns-validated-certificate.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "14e61dd74326fa816025a92898ba02959dd7100dccf670dec73afb2e3b13b29c.json", + "objectKey": "3a883466c03b0492d00be9e5a4b91fd9e97f408b3b102d8dffc201aac52d7196.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.template.json index fd41f55f898d7..115a329aaf734 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ-dns-validated-certificate.template.json @@ -96,15 +96,15 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774.zip" + "S3Key": "8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b.zip" }, + "Handler": "index.certificateRequestHandler", "Role": { "Fn::GetAtt": [ "CertificateCertificateRequestorFunctionServiceRoleC04C13DA", "Arn" ] }, - "Handler": "index.certificateRequestHandler", "Runtime": "nodejs18.x", "Timeout": 900 }, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ.json index 90d3634fafc77..b5a85dd61a8c5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integ.json @@ -1,6 +1,6 @@ { "enableLookups": true, - "version": "32.0.0", + "version": "34.0.0", "testCases": { "integ-test/DefaultTest": { "stacks": [ diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json index 4b008a0cae838..2b470996152e4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "34.0.0", "files": { "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { "source": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/manifest.json index 52566ae866265..ef0dbeb303d37 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "34.0.0", "artifacts": { "integ-dns-validated-certificate.assets": { "type": "cdk:asset-manifest", @@ -14,10 +14,11 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integ-dns-validated-certificate.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/14e61dd74326fa816025a92898ba02959dd7100dccf670dec73afb2e3b13b29c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3a883466c03b0492d00be9e5a4b91fd9e97f408b3b102d8dffc201aac52d7196.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -91,6 +92,7 @@ "environment": "aws://unknown-account/unknown-region", "properties": { "templateFile": "integtestDefaultTestDeployAssert24D5C536.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/tree.json index 96928b09553d3..7eec18df19060 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/tree.json @@ -193,15 +193,15 @@ "s3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "s3Key": "fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774.zip" + "s3Key": "8dd3f997ac74aa13ef09bc8bed060ecdbe3111898c6bbc0eb4f2130c9c53233b.zip" }, + "handler": "index.certificateRequestHandler", "role": { "Fn::GetAtt": [ "CertificateCertificateRequestorFunctionServiceRoleC04C13DA", "Arn" ] }, - "handler": "index.certificateRequestHandler", "runtime": "nodejs18.x", "timeout": 900 } @@ -284,7 +284,7 @@ "path": "integ-test/DefaultTest/Default", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.2.70" } }, "DeployAssert": { @@ -330,7 +330,7 @@ "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.2.70" } } }, diff --git a/packages/@aws-cdk/custom-resource-handlers/.gitignore b/packages/@aws-cdk/custom-resource-handlers/.gitignore index a630e644db989..c32d457d194b5 100644 --- a/packages/@aws-cdk/custom-resource-handlers/.gitignore +++ b/packages/@aws-cdk/custom-resource-handlers/.gitignore @@ -30,4 +30,6 @@ test/test-archive-follow/data/linked !scripts/*.ts scripts/*.d.ts -!lib/aws-cloudfront/edge-function/index.js \ No newline at end of file +!lib/aws-certificatemanager/dns-validated-certificate-handler/index.js +!test/aws-certificatemanager/dns-validated-certificate-handler.test.js +!lib/aws-cloudfront/edge-function/index.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774/index.js b/packages/@aws-cdk/custom-resource-handlers/lib/aws-certificatemanager/dns-validated-certificate-handler/index.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-certificatemanager/test/integ.dns-validated-certificate.js.snapshot/asset.fb83c347f6a5e3099f787c17ce0845a70a81fd83fdc20eb2e4e1cb01961a8774/index.js rename to packages/@aws-cdk/custom-resource-handlers/lib/aws-certificatemanager/dns-validated-certificate-handler/index.js diff --git a/packages/@aws-cdk/custom-resource-handlers/package.json b/packages/@aws-cdk/custom-resource-handlers/package.json index 4fcee006102d1..b3c239f62d318 100644 --- a/packages/@aws-cdk/custom-resource-handlers/package.json +++ b/packages/@aws-cdk/custom-resource-handlers/package.json @@ -37,6 +37,8 @@ "@aws-sdk/client-account": "3.451.0", "@aws-sdk/client-amplify": "3.451.0", "@aws-sdk/s3-request-presigner": "3.451.0", + "@aws-sdk/client-acm": "3.421.0", + "@aws-sdk/client-route-53": "3.421.0", "@aws-sdk/client-cloudwatch-logs": "3.421.0", "@smithy/util-stream": "^2.0.20", "@types/jest": "^29.5.8", diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js b/packages/@aws-cdk/custom-resource-handlers/test/aws-certificatemanager/dns-validated-certificate-handler.test.js similarity index 100% rename from packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js rename to packages/@aws-cdk/custom-resource-handlers/test/aws-certificatemanager/dns-validated-certificate-handler.test.js diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/.no-packagejson-validator b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/.no-packagejson-validator deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.eslintrc.js b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.eslintrc.js deleted file mode 100644 index 2658ee8727166..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.eslintrc.js +++ /dev/null @@ -1,3 +0,0 @@ -const baseConfig = require('@aws-cdk/cdk-build-tools/config/eslintrc'); -baseConfig.parserOptions.project = __dirname + '/tsconfig.json'; -module.exports = baseConfig; diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.gitignore b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.gitignore deleted file mode 100644 index 71976142ac3b1..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.gitignore +++ /dev/null @@ -1,7 +0,0 @@ -node_modules/ - -dist -.LAST_PACKAGE -.LAST_BUILD -*.snk -!*.js diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.node-version b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.node-version deleted file mode 100644 index 6495db7e2138e..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.node-version +++ /dev/null @@ -1 +0,0 @@ -10.3.0 \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.npmignore b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.npmignore deleted file mode 100644 index bc9fd0e49f9a1..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/.npmignore +++ /dev/null @@ -1,5 +0,0 @@ - -dist -.LAST_PACKAGE -.LAST_BUILD -*.snk \ No newline at end of file diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/LICENSE b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/LICENSE deleted file mode 100644 index 9b722c65c5481..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/NOTICE b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/NOTICE deleted file mode 100644 index a27b7dd317649..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/NOTICE +++ /dev/null @@ -1,2 +0,0 @@ -AWS Cloud Development Kit (AWS CDK) -Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/README.md b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/README.md deleted file mode 100644 index 4ae62e01089d0..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/README.md +++ /dev/null @@ -1,2 +0,0 @@ -## CloudFormation Custom Resource for generating DNS-validated ACM certificates -This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project. diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/jest.config.js b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/jest.config.js deleted file mode 100644 index a9acbf03c2b7a..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/jest.config.js +++ /dev/null @@ -1,19 +0,0 @@ -module.exports = { - "roots": [ - "/lib", - "/test" - ], - "transform": { - "^.+\\.tsx?$": "ts-jest" - }, - "testRegex": "(/test/.*|(\\.|/)(test|spec))\\.(ts|js)x?$", - "moduleFileExtensions": [ - "ts", - "tsx", - "js", - "jsx", - "json", - "node" - ], - "testEnvironment": "node" -} diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js deleted file mode 100644 index 37d68cc0addb9..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js +++ /dev/null @@ -1,428 +0,0 @@ -'use strict'; - -const { ACM, waitUntilCertificateValidated } = require('@aws-sdk/client-acm'); -const { Route53, waitUntilResourceRecordSetsChanged } = require('@aws-sdk/client-route-53'); - -const defaultSleep = function (ms) { - return new Promise(resolve => setTimeout(resolve, ms)); -}; - -// These are used for test purposes only -let defaultResponseURL; -let waiter; -let sleep = defaultSleep; -let random = Math.random; -let maxAttempts = 10; - -/** - * Upload a CloudFormation response object to S3. - * - * @param {object} event the Lambda event payload received by the handler function - * @param {object} context the Lambda context received by the handler function - * @param {string} responseStatus the response status, either 'SUCCESS' or 'FAILED' - * @param {string} physicalResourceId CloudFormation physical resource ID - * @param {object} [responseData] arbitrary response data object - * @param {string} [reason] reason for failure, if any, to convey to the user - * @returns {Promise} Promise that is resolved on success, or rejected on connection error or HTTP error response - */ -let report = function (event, context, responseStatus, physicalResourceId, responseData, reason) { - return new Promise((resolve, reject) => { - const https = require('https'); - const { URL } = require('url'); - - var responseBody = JSON.stringify({ - Status: responseStatus, - Reason: reason, - PhysicalResourceId: physicalResourceId || context.logStreamName, - StackId: event.StackId, - RequestId: event.RequestId, - LogicalResourceId: event.LogicalResourceId, - Data: responseData - }); - - const parsedUrl = new URL(event.ResponseURL || defaultResponseURL); - const options = { - hostname: parsedUrl.hostname, - port: 443, - path: parsedUrl.pathname + parsedUrl.search, - method: 'PUT', - headers: { - 'Content-Type': '', - 'Content-Length': responseBody.length - } - }; - - https.request(options) - .on('error', reject) - .on('response', res => { - res.resume(); - if (res.statusCode >= 400) { - reject(new Error(`Server returned error ${res.statusCode}: ${res.statusMessage}`)); - } else { - resolve(); - } - }) - .end(responseBody, 'utf8'); - }); -}; - -/** - * Adds tags to an existing certificate - * - * @param {string} certificateArn the ARN of the certificate to add tags to - * @param {string} region the region the certificate exists in - * @param {map} tags Tags to add to the requested certificate - */ -const addTags = async function(certificateArn, region, tags) { - const result = Array.from(Object.entries(tags)).map(([Key, Value]) => ({ Key, Value })) - const acm = new ACM({ region }); - - await acm.addTagsToCertificate({ - CertificateArn: certificateArn, - Tags: result, - }); -} - -/** - * Requests a public certificate from AWS Certificate Manager, using DNS validation. - * The hosted zone ID must refer to a **public** Route53-managed DNS zone that is authoritative - * for the suffix of the certificate's Common Name (CN). For example, if the CN is - * `*.example.com`, the hosted zone ID must point to a Route 53 zone authoritative - * for `example.com`. - * - * @param {string} requestId the CloudFormation request ID - * @param {string} domainName the Common Name (CN) field for the requested certificate - * @param {string} hostedZoneId the Route53 Hosted Zone ID - * @returns {string} Validated certificate ARN - */ -const requestCertificate = async function (requestId, domainName, subjectAlternativeNames, certificateTransparencyLoggingPreference, hostedZoneId, region, route53Endpoint) { - const crypto = require('crypto'); - const acm = new ACM({ region }); - const route53 = route53Endpoint ? new Route53({ endpoint: route53Endpoint }) : new Route53(); - - console.log(`Requesting certificate for ${domainName}`); - - const reqCertResponse = await acm.requestCertificate({ - DomainName: domainName, - SubjectAlternativeNames: subjectAlternativeNames, - Options: { - CertificateTransparencyLoggingPreference: certificateTransparencyLoggingPreference - }, - IdempotencyToken: crypto.createHash('sha256').update(requestId).digest('hex').slice(0, 32), - ValidationMethod: 'DNS' - }); - - console.log(`Certificate ARN: ${reqCertResponse.CertificateArn}`); - - console.log('Waiting for ACM to provide DNS records for validation...'); - - let records = []; - for (let attempt = 0; attempt < maxAttempts && !records.length; attempt++) { - const { Certificate } = await acm.describeCertificate({ - CertificateArn: reqCertResponse.CertificateArn - }); - - records = getDomainValidationRecords(Certificate); - if (!records.length) { - // Exponential backoff with jitter based on 200ms base - // component of backoff fixed to ensure minimum total wait time on - // slow targets. - const base = Math.pow(2, attempt); - await sleep(random() * base * 50 + base * 150); - } - } - if (!records.length) { - throw new Error(`Response from describeCertificate did not contain DomainValidationOptions after ${maxAttempts} attempts.`) - } - - console.log(`Upserting ${records.length} DNS records into zone ${hostedZoneId}:`); - - await commitRoute53Records(route53, records, hostedZoneId); - - console.log('Waiting for validation...'); - await waitUntilCertificateValidated({ - client: acm, - maxAttempts: 19, - delay: 30, - }, { - CertificateArn: reqCertResponse.CertificateArn - }) - - return reqCertResponse.CertificateArn; -}; - -/** - * Deletes a certificate from AWS Certificate Manager (ACM) by its ARN. - * If the certificate does not exist, the function will return normally. - * - * @param {string} arn The certificate ARN - */ -const deleteCertificate = async function (arn, region, hostedZoneId, route53Endpoint, cleanupRecords) { - const acm = new ACM({ region }); - const route53 = route53Endpoint ? new Route53({ endpoint: route53Endpoint }) : new Route53(); - - try { - console.log(`Waiting for certificate ${arn} to become unused`); - - let inUseByResources; - let records = []; - for (let attempt = 0; attempt < maxAttempts; attempt++) { - const { Certificate } = await acm.describeCertificate({ - CertificateArn: arn - }); - - if (cleanupRecords) { - records = getDomainValidationRecords(Certificate); - } - inUseByResources = Certificate.InUseBy || []; - - if (inUseByResources.length || !records.length) { - // Exponential backoff with jitter based on 200ms base - // component of backoff fixed to ensure minimum total wait time on - // slow targets. - const base = Math.pow(2, attempt); - await sleep(random() * base * 50 + base * 150); - } else { - break; - } - } - - if (inUseByResources.length) { - throw new Error(`Response from describeCertificate did not contain an empty InUseBy list after ${maxAttempts} attempts.`) - } - if (cleanupRecords && !records.length) { - throw new Error(`Response from describeCertificate did not contain DomainValidationOptions after ${maxAttempts} attempts.`) - } - - console.log(`Deleting certificate ${arn}`); - - await acm.deleteCertificate({ - CertificateArn: arn - }); - - if (cleanupRecords) { - console.log(`Deleting ${records.length} DNS records from zone ${hostedZoneId}:`); - - await commitRoute53Records(route53, records, hostedZoneId, 'DELETE'); - } - - } catch (err) { - if (err.name !== 'ResourceNotFoundException') { - throw err; - } - } -}; - -/** - * Retrieve the unique domain validation options as records to be upserted (or deleted) from Route53. - * - * Returns an empty array ([]) if the domain validation options is empty or the records are not yet ready. - */ -function getDomainValidationRecords(certificate) { - const options = certificate.DomainValidationOptions || []; - // Ensure all records are ready; there is (at least a theory there's) a chance of a partial response here in rare cases. - if (options.length > 0 && options.every(opt => opt && !!opt.ResourceRecord)) { - // some alternative names will produce the same validation record - // as the main domain (eg. example.com + *.example.com) - // filtering duplicates to avoid errors with adding the same record - // to the route53 zone twice - const unique = options - .map((val) => val.ResourceRecord) - .reduce((acc, cur) => { - acc[cur.Name] = cur; - return acc; - }, {}); - return Object.keys(unique).sort().map(key => unique[key]); - } - return []; -} - -/** - * Execute Route53 ChangeResourceRecordSets for a set of records within a Hosted Zone, - * and wait for the records to commit. Defaults to an 'UPSERT' action. - */ -async function commitRoute53Records(route53, records, hostedZoneId, action = 'UPSERT') { - const changeBatch = await route53.changeResourceRecordSets({ - ChangeBatch: { - Changes: records.map((record) => { - console.log(`${record.Name} ${record.Type} ${record.Value}`); - return { - Action: action, - ResourceRecordSet: { - Name: record.Name, - Type: record.Type, - TTL: 60, - ResourceRecords: [{ - Value: record.Value - }] - } - }; - }), - }, - HostedZoneId: hostedZoneId - }); - - console.log('Waiting for DNS records to commit...'); - await waitUntilResourceRecordSetsChanged({ - client: route53, - delay: 30, - maxAttempts: 10, - }, { - Id: changeBatch.ChangeInfo.Id, - }); -} - -/** - * Determines whether an update request should request a new certificate - * - * @param {map} oldParams the previously process request parameters - * @param {map} newParams the current process request parameters - * @param {string} physicalResourceId the physicalResourceId - * @returns {boolean} whether or not to request a new certificate - */ -function shouldUpdate(oldParams, newParams, physicalResourceId) { - if (!oldParams) return true; - if (oldParams.DomainName !== newParams.DomainName) return true; - if (oldParams.SubjectAlternativeNames !== newParams.SubjectAlternativeNames) return true; - if (oldParams.CertificateTransparencyLoggingPreference !== newParams.CertificateTransparencyLoggingPreference) return true; - if (oldParams.HostedZoneId !== newParams.HostedZoneId) return true; - if (oldParams.Region !== newParams.Region) return true; - if (!physicalResourceId || !physicalResourceId.startsWith('arn:')) return true; - return false; -} - -/** - * Main handler, invoked by Lambda - */ -exports.certificateRequestHandler = async function (event, context) { - var responseData = {}; - var physicalResourceId; - var certificateArn; - async function processRequest() { - certificateArn = await requestCertificate( - event.RequestId, - event.ResourceProperties.DomainName, - event.ResourceProperties.SubjectAlternativeNames, - event.ResourceProperties.CertificateTransparencyLoggingPreference, - event.ResourceProperties.HostedZoneId, - event.ResourceProperties.Region, - event.ResourceProperties.Route53Endpoint, - ); - responseData.Arn = physicalResourceId = certificateArn; - } - - try { - switch (event.RequestType) { - case 'Create': - await processRequest(); - if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { - await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); - } - break; - case 'Update': - if (shouldUpdate(event.OldResourceProperties, event.ResourceProperties, event.PhysicalResourceId)) { - await processRequest(); - } else { - responseData.Arn = physicalResourceId = event.PhysicalResourceId; - } - if (event.ResourceProperties.Tags && physicalResourceId.startsWith('arn:')) { - await addTags(physicalResourceId, event.ResourceProperties.Region, event.ResourceProperties.Tags); - } - break; - case 'Delete': - physicalResourceId = event.PhysicalResourceId; - const removalPolicy = event.ResourceProperties.RemovalPolicy ?? 'destroy'; - // If the resource didn't create correctly, the physical resource ID won't be the - // certificate ARN, so don't try to delete it in that case. - if (physicalResourceId.startsWith('arn:') && removalPolicy === 'destroy') { - await deleteCertificate( - physicalResourceId, - event.ResourceProperties.Region, - event.ResourceProperties.HostedZoneId, - event.ResourceProperties.Route53Endpoint, - event.ResourceProperties.CleanupRecords === "true", - ); - } - break; - default: - throw new Error(`Unsupported request type ${event.RequestType}`); - } - - console.log(`Uploading SUCCESS response to S3...`); - await report(event, context, 'SUCCESS', physicalResourceId, responseData); - console.log('Done.'); - } catch (err) { - console.log(`Caught error ${err}. Uploading FAILED message to S3.`); - await report(event, context, 'FAILED', physicalResourceId, null, err.message); - } -}; - -/** - * @private - */ -exports.withReporter = function (reporter) { - report = reporter; -}; - -/** - * @private - */ -exports.withDefaultResponseURL = function (url) { - defaultResponseURL = url; -}; - -/** - * @private - */ -exports.withWaiter = function (w) { - waiter = w; -}; - -/** - * @private - */ -exports.resetWaiter = function () { - waiter = undefined; -}; - -/** - * @private - */ -exports.withSleep = function (s) { - sleep = s; -} - -/** - * @private - */ -exports.resetSleep = function () { - sleep = defaultSleep; -} - -/** - * @private - */ -exports.withRandom = function (r) { - random = r; -} - -/** - * @private - */ -exports.resetRandom = function () { - random = Math.random; -} - -/** - * @private - */ -exports.withMaxAttempts = function (ma) { - maxAttempts = ma; -} - -/** - * @private - */ -exports.resetMaxAttempts = function () { - maxAttempts = 10; -} diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json b/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json deleted file mode 100644 index e0722e21b085d..0000000000000 --- a/packages/aws-cdk-lib/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/package.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "name": "@aws-cdk/dns_validated_certificate_handler", - "private": true, - "version": "0.0.0", - "description": "This module is part of the [AWS Cloud Development Kit](https://github.com/aws/aws-cdk) project.", - "main": "lib/index.js", - "directories": { - "test": "test" - }, - "scripts": { - "build": "echo No build", - "test": "jest", - "eslint": "eslint lib", - "build+test+package": "npm run build+test", - "build+test": "npm run build && npm test", - "build+test+extract": "npm run build+test", - "build+extract": "npm run build" - }, - "keywords": [ - "aws", - "cdk", - "constructs", - "certificatemanager" - ], - "author": { - "name": "Amazon Web Services", - "url": "https://aws.amazon.com", - "organization": true - }, - "license": "Apache-2.0", - "devDependencies": { - "@types/aws-lambda": "^8.10.111", - "@types/sinon": "^9.0.11", - "@aws-cdk/cdk-build-tools": "0.0.0", - "aws-sdk": "^2.1329.0", - "aws-sdk-mock": "5.6.0", - "eslint": "^7.32.0", - "eslint-config-standard": "^14.1.1", - "eslint-plugin-import": "^2.27.5", - "eslint-plugin-node": "^11.1.0", - "eslint-plugin-promise": "^4.3.1", - "eslint-plugin-standard": "^4.1.0", - "jest": "^27.5.1", - "lambda-tester": "^3.6.0", - "sinon": "^9.2.4", - "nock": "^13.3.0", - "ts-jest": "^27.1.5" - } -} diff --git a/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts b/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts index e833b0deebf4a..d2826d6fd796b 100644 --- a/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts +++ b/packages/aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.ts @@ -107,7 +107,7 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi } const requestorFunction = new lambda.Function(this, 'CertificateRequestorFunction', { - code: lambda.Code.fromAsset(path.resolve(__dirname, '..', 'lambda-packages', 'dns_validated_certificate_handler', 'lib')), + code: lambda.Code.fromAsset(path.resolve(__dirname, '..', '..', 'custom-resource-handlers', 'dist', 'aws-certificatemanager', 'dns-validated-certificate-handler')), handler: 'index.certificateRequestHandler', runtime: lambda.Runtime.NODEJS_18_X, timeout: cdk.Duration.minutes(15),