diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets.json new file mode 100644 index 0000000000000..807cef2a2cff8 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets.json @@ -0,0 +1,19 @@ +{ + "version": "33.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3/index.js deleted file mode 100644 index 7c8fbb57223d2..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3/index.js +++ /dev/null @@ -1,59 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.handler = void 0; -// eslint-disable-next-line import/no-extraneous-dependencies -const client_route_53_1 = require("@aws-sdk/client-route-53"); -// eslint-disable-next-line import/no-extraneous-dependencies -const credential_providers_1 = require("@aws-sdk/credential-providers"); -async function handler(event) { - const resourceProps = event.ResourceProperties; - switch (event.RequestType) { - case 'Create': - case 'Update': - return cfnEventHandler(resourceProps, false); - case 'Delete': - return cfnEventHandler(resourceProps, true); - } -} -exports.handler = handler; -async function cfnEventHandler(props, isDeleteEvent) { - const { AssumeRoleArn, ParentZoneId, ParentZoneName, DelegatedZoneName, DelegatedZoneNameServers, TTL, UseRegionalStsEndpoint } = props; - if (!ParentZoneId && !ParentZoneName) { - throw Error('One of ParentZoneId or ParentZoneName must be specified'); - } - const timestamp = (new Date()).getTime(); - const route53 = new client_route_53_1.Route53({ - credentials: (0, credential_providers_1.fromTemporaryCredentials)({ - clientConfig: { useGlobalEndpoint: !UseRegionalStsEndpoint }, - params: { - RoleArn: AssumeRoleArn, - RoleSessionName: `cross-account-zone-delegation-${timestamp}`, - }, - }), - }); - const parentZoneId = ParentZoneId ?? await getHostedZoneIdByName(ParentZoneName, route53); - await route53.changeResourceRecordSets({ - HostedZoneId: parentZoneId, - ChangeBatch: { - Changes: [{ - Action: isDeleteEvent ? 'DELETE' : 'UPSERT', - ResourceRecordSet: { - Name: DelegatedZoneName, - Type: 'NS', - TTL, - ResourceRecords: DelegatedZoneNameServers.map(ns => ({ Value: ns })), - }, - }], - }, - }); -} -async function getHostedZoneIdByName(name, route53) { - const zones = await route53.listHostedZonesByName({ DNSName: name }); - const matchedZones = zones.HostedZones?.filter(zone => zone.Name === `${name}.`) ?? []; - if (matchedZones && matchedZones.length !== 1) { - throw Error(`Expected one hosted zone to match the given name but found ${matchedZones.length}`); - } - // will always be defined because we throw if length !==1 - return matchedZones[0].Id; -} -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2REFBNkQ7QUFDN0QsOERBQW1EO0FBQ25ELDZEQUE2RDtBQUM3RCx3RUFBeUU7QUFZbEUsS0FBSyxVQUFVLE9BQU8sQ0FBQyxLQUFrRDtJQUM5RSxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsa0JBQW1ELENBQUM7SUFFaEYsUUFBUSxLQUFLLENBQUMsV0FBVyxFQUFFO1FBQ3pCLEtBQUssUUFBUSxDQUFDO1FBQ2QsS0FBSyxRQUFRO1lBQ1gsT0FBTyxlQUFlLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQy9DLEtBQUssUUFBUTtZQUNYLE9BQU8sZUFBZSxDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsQ0FBQztLQUMvQztBQUNILENBQUM7QUFWRCwwQkFVQztBQUVELEtBQUssVUFBVSxlQUFlLENBQUMsS0FBeUIsRUFBRSxhQUFzQjtJQUM5RSxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxjQUFjLEVBQUUsaUJBQWlCLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxFQUFFLHNCQUFzQixFQUFFLEdBQUcsS0FBSyxDQUFDO0lBRXhJLElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxjQUFjLEVBQUU7UUFDcEMsTUFBTSxLQUFLLENBQUMseURBQXlELENBQUMsQ0FBQztLQUN4RTtJQUVELE1BQU0sU0FBUyxHQUFHLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQ3pDLE1BQU0sT0FBTyxHQUFHLElBQUkseUJBQU8sQ0FBQztRQUMxQixXQUFXLEVBQUUsSUFBQSwrQ0FBd0IsRUFBQztZQUNwQyxZQUFZLEVBQUUsRUFBRSxpQkFBaUIsRUFBRSxDQUFDLHNCQUFzQixFQUFFO1lBQzVELE1BQU0sRUFBRTtnQkFDTixPQUFPLEVBQUUsYUFBYTtnQkFDdEIsZUFBZSxFQUFFLGlDQUFpQyxTQUFTLEVBQUU7YUFDOUQ7U0FDRixDQUFDO0tBQ0gsQ0FBQyxDQUFDO0lBRUgsTUFBTSxZQUFZLEdBQUcsWUFBWSxJQUFJLE1BQU0scUJBQXFCLENBQUMsY0FBZSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBRTNGLE1BQU0sT0FBTyxDQUFDLHdCQUF3QixDQUFDO1FBQ3JDLFlBQVksRUFBRSxZQUFZO1FBQzFCLFdBQVcsRUFBRTtZQUNYLE9BQU8sRUFBRSxDQUFDO29CQUNSLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsUUFBUTtvQkFDM0MsaUJBQWlCLEVBQUU7d0JBQ2pCLElBQUksRUFBRSxpQkFBaUI7d0JBQ3ZCLElBQUksRUFBRSxJQUFJO3dCQUNWLEdBQUc7d0JBQ0gsZUFBZSxFQUFFLHdCQUF3QixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztxQkFDckU7aUJBQ0YsQ0FBQztTQUNIO0tBQ0YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxJQUFZLEVBQUUsT0FBZ0I7SUFDakUsTUFBTSxLQUFLLEdBQUcsTUFBTSxPQUFPLENBQUMscUJBQXFCLENBQUMsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNyRSxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUV2RixJQUFJLFlBQVksSUFBSSxZQUFZLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtRQUM3QyxNQUFNLEtBQUssQ0FBQyw4REFBOEQsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7S0FDbEc7SUFFRCx5REFBeUQ7SUFDekQsT0FBTyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRyxDQUFDO0FBQzdCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgeyBSb3V0ZTUzIH0gZnJvbSAnQGF3cy1zZGsvY2xpZW50LXJvdXRlLTUzJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCB7IGZyb21UZW1wb3JhcnlDcmVkZW50aWFscyB9IGZyb20gJ0Bhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXJzJztcblxuaW50ZXJmYWNlIFJlc291cmNlUHJvcGVydGllcyB7XG4gIEFzc3VtZVJvbGVBcm46IHN0cmluZyxcbiAgUGFyZW50Wm9uZU5hbWU/OiBzdHJpbmcsXG4gIFBhcmVudFpvbmVJZD86IHN0cmluZyxcbiAgRGVsZWdhdGVkWm9uZU5hbWU6IHN0cmluZyxcbiAgRGVsZWdhdGVkWm9uZU5hbWVTZXJ2ZXJzOiBzdHJpbmdbXSxcbiAgVFRMOiBudW1iZXIsXG4gIFVzZVJlZ2lvbmFsU3RzRW5kcG9pbnQ/OiBzdHJpbmcsXG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50KSB7XG4gIGNvbnN0IHJlc291cmNlUHJvcHMgPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMgYXMgdW5rbm93biBhcyBSZXNvdXJjZVByb3BlcnRpZXM7XG5cbiAgc3dpdGNoIChldmVudC5SZXF1ZXN0VHlwZSkge1xuICAgIGNhc2UgJ0NyZWF0ZSc6XG4gICAgY2FzZSAnVXBkYXRlJzpcbiAgICAgIHJldHVybiBjZm5FdmVudEhhbmRsZXIocmVzb3VyY2VQcm9wcywgZmFsc2UpO1xuICAgIGNhc2UgJ0RlbGV0ZSc6XG4gICAgICByZXR1cm4gY2ZuRXZlbnRIYW5kbGVyKHJlc291cmNlUHJvcHMsIHRydWUpO1xuICB9XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGNmbkV2ZW50SGFuZGxlcihwcm9wczogUmVzb3VyY2VQcm9wZXJ0aWVzLCBpc0RlbGV0ZUV2ZW50OiBib29sZWFuKSB7XG4gIGNvbnN0IHsgQXNzdW1lUm9sZUFybiwgUGFyZW50Wm9uZUlkLCBQYXJlbnRab25lTmFtZSwgRGVsZWdhdGVkWm9uZU5hbWUsIERlbGVnYXRlZFpvbmVOYW1lU2VydmVycywgVFRMLCBVc2VSZWdpb25hbFN0c0VuZHBvaW50IH0gPSBwcm9wcztcblxuICBpZiAoIVBhcmVudFpvbmVJZCAmJiAhUGFyZW50Wm9uZU5hbWUpIHtcbiAgICB0aHJvdyBFcnJvcignT25lIG9mIFBhcmVudFpvbmVJZCBvciBQYXJlbnRab25lTmFtZSBtdXN0IGJlIHNwZWNpZmllZCcpO1xuICB9XG5cbiAgY29uc3QgdGltZXN0YW1wID0gKG5ldyBEYXRlKCkpLmdldFRpbWUoKTtcbiAgY29uc3Qgcm91dGU1MyA9IG5ldyBSb3V0ZTUzKHtcbiAgICBjcmVkZW50aWFsczogZnJvbVRlbXBvcmFyeUNyZWRlbnRpYWxzKHtcbiAgICAgIGNsaWVudENvbmZpZzogeyB1c2VHbG9iYWxFbmRwb2ludDogIVVzZVJlZ2lvbmFsU3RzRW5kcG9pbnQgfSxcbiAgICAgIHBhcmFtczoge1xuICAgICAgICBSb2xlQXJuOiBBc3N1bWVSb2xlQXJuLFxuICAgICAgICBSb2xlU2Vzc2lvbk5hbWU6IGBjcm9zcy1hY2NvdW50LXpvbmUtZGVsZWdhdGlvbi0ke3RpbWVzdGFtcH1gLFxuICAgICAgfSxcbiAgICB9KSxcbiAgfSk7XG5cbiAgY29uc3QgcGFyZW50Wm9uZUlkID0gUGFyZW50Wm9uZUlkID8/IGF3YWl0IGdldEhvc3RlZFpvbmVJZEJ5TmFtZShQYXJlbnRab25lTmFtZSEsIHJvdXRlNTMpO1xuXG4gIGF3YWl0IHJvdXRlNTMuY2hhbmdlUmVzb3VyY2VSZWNvcmRTZXRzKHtcbiAgICBIb3N0ZWRab25lSWQ6IHBhcmVudFpvbmVJZCxcbiAgICBDaGFuZ2VCYXRjaDoge1xuICAgICAgQ2hhbmdlczogW3tcbiAgICAgICAgQWN0aW9uOiBpc0RlbGV0ZUV2ZW50ID8gJ0RFTEVURScgOiAnVVBTRVJUJyxcbiAgICAgICAgUmVzb3VyY2VSZWNvcmRTZXQ6IHtcbiAgICAgICAgICBOYW1lOiBEZWxlZ2F0ZWRab25lTmFtZSxcbiAgICAgICAgICBUeXBlOiAnTlMnLFxuICAgICAgICAgIFRUTCxcbiAgICAgICAgICBSZXNvdXJjZVJlY29yZHM6IERlbGVnYXRlZFpvbmVOYW1lU2VydmVycy5tYXAobnMgPT4gKHsgVmFsdWU6IG5zIH0pKSxcbiAgICAgICAgfSxcbiAgICAgIH1dLFxuICAgIH0sXG4gIH0pO1xufVxuXG5hc3luYyBmdW5jdGlvbiBnZXRIb3N0ZWRab25lSWRCeU5hbWUobmFtZTogc3RyaW5nLCByb3V0ZTUzOiBSb3V0ZTUzKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgY29uc3Qgem9uZXMgPSBhd2FpdCByb3V0ZTUzLmxpc3RIb3N0ZWRab25lc0J5TmFtZSh7IEROU05hbWU6IG5hbWUgfSk7XG4gIGNvbnN0IG1hdGNoZWRab25lcyA9IHpvbmVzLkhvc3RlZFpvbmVzPy5maWx0ZXIoem9uZSA9PiB6b25lLk5hbWUgPT09IGAke25hbWV9LmApID8/IFtdO1xuXG4gIGlmIChtYXRjaGVkWm9uZXMgJiYgbWF0Y2hlZFpvbmVzLmxlbmd0aCAhPT0gMSkge1xuICAgIHRocm93IEVycm9yKGBFeHBlY3RlZCBvbmUgaG9zdGVkIHpvbmUgdG8gbWF0Y2ggdGhlIGdpdmVuIG5hbWUgYnV0IGZvdW5kICR7bWF0Y2hlZFpvbmVzLmxlbmd0aH1gKTtcbiAgfVxuXG4gIC8vIHdpbGwgYWx3YXlzIGJlIGRlZmluZWQgYmVjYXVzZSB3ZSB0aHJvdyBpZiBsZW5ndGggIT09MVxuICByZXR1cm4gbWF0Y2hlZFpvbmVzWzBdLklkITtcbn1cbiJdfQ== \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3/__entrypoint__.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab/__entrypoint__.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab/index.js new file mode 100644 index 0000000000000..83c3f0eb66811 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab/index.js @@ -0,0 +1,66 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.handler = void 0; +// eslint-disable-next-line import/no-extraneous-dependencies +const aws_sdk_1 = require("aws-sdk"); +async function handler(event) { + const resourceProps = event.ResourceProperties; + switch (event.RequestType) { + case 'Create': + case 'Update': + return cfnEventHandler(resourceProps, false); + case 'Delete': + return cfnEventHandler(resourceProps, true); + } +} +exports.handler = handler; +async function cfnEventHandler(props, isDeleteEvent) { + const { AssumeRoleArn, ParentZoneId, ParentZoneName, DelegatedZoneName, DelegatedZoneNameServers, TTL, UseRegionalStsEndpoint } = props; + if (!ParentZoneId && !ParentZoneName) { + throw Error('One of ParentZoneId or ParentZoneName must be specified'); + } + const credentials = await getCrossAccountCredentials(AssumeRoleArn, !!UseRegionalStsEndpoint); + const route53 = new aws_sdk_1.Route53({ credentials }); + const parentZoneId = ParentZoneId ?? await getHostedZoneIdByName(ParentZoneName, route53); + await route53.changeResourceRecordSets({ + HostedZoneId: parentZoneId, + ChangeBatch: { + Changes: [{ + Action: isDeleteEvent ? 'DELETE' : 'UPSERT', + ResourceRecordSet: { + Name: DelegatedZoneName, + Type: 'NS', + TTL, + ResourceRecords: DelegatedZoneNameServers.map(ns => ({ Value: ns })), + }, + }], + }, + }).promise(); +} +async function getCrossAccountCredentials(roleArn, regionalEndpoint) { + const sts = new aws_sdk_1.STS(regionalEndpoint ? { stsRegionalEndpoints: 'regional' } : {}); + const timestamp = (new Date()).getTime(); + const { Credentials: assumedCredentials } = await sts + .assumeRole({ + RoleArn: roleArn, + RoleSessionName: `cross-account-zone-delegation-${timestamp}`, + }) + .promise(); + if (!assumedCredentials) { + throw Error('Error getting assume role credentials'); + } + return new aws_sdk_1.Credentials({ + accessKeyId: assumedCredentials.AccessKeyId, + secretAccessKey: assumedCredentials.SecretAccessKey, + sessionToken: assumedCredentials.SessionToken, + }); +} +async function getHostedZoneIdByName(name, route53) { + const zones = await route53.listHostedZonesByName({ DNSName: name }).promise(); + const matchedZones = zones.HostedZones.filter(zone => zone.Name === `${name}.`); + if (matchedZones.length !== 1) { + throw Error(`Expected one hosted zone to match the given name but found ${matchedZones.length}`); + } + return matchedZones[0].Id; +} +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2REFBNkQ7QUFDN0QscUNBQW9EO0FBWTdDLEtBQUssVUFBVSxPQUFPLENBQUMsS0FBa0Q7SUFDOUUsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGtCQUFtRCxDQUFDO0lBRWhGLFFBQVEsS0FBSyxDQUFDLFdBQVcsRUFBRTtRQUN6QixLQUFLLFFBQVEsQ0FBQztRQUNkLEtBQUssUUFBUTtZQUNYLE9BQU8sZUFBZSxDQUFDLGFBQWEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUMvQyxLQUFLLFFBQVE7WUFDWCxPQUFPLGVBQWUsQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLENBQUM7S0FDL0M7QUFDSCxDQUFDO0FBVkQsMEJBVUM7QUFFRCxLQUFLLFVBQVUsZUFBZSxDQUFDLEtBQXlCLEVBQUUsYUFBc0I7SUFDOUUsTUFBTSxFQUFFLGFBQWEsRUFBRSxZQUFZLEVBQUUsY0FBYyxFQUFFLGlCQUFpQixFQUFFLHdCQUF3QixFQUFFLEdBQUcsRUFBRSxzQkFBc0IsRUFBRSxHQUFHLEtBQUssQ0FBQztJQUV4SSxJQUFJLENBQUMsWUFBWSxJQUFJLENBQUMsY0FBYyxFQUFFO1FBQ3BDLE1BQU0sS0FBSyxDQUFDLHlEQUF5RCxDQUFDLENBQUM7S0FDeEU7SUFFRCxNQUFNLFdBQVcsR0FBRyxNQUFNLDBCQUEwQixDQUFDLGFBQWEsRUFBRSxDQUFDLENBQUMsc0JBQXNCLENBQUMsQ0FBQztJQUM5RixNQUFNLE9BQU8sR0FBRyxJQUFJLGlCQUFPLENBQUMsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRTdDLE1BQU0sWUFBWSxHQUFHLFlBQVksSUFBSSxNQUFNLHFCQUFxQixDQUFDLGNBQWUsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUUzRixNQUFNLE9BQU8sQ0FBQyx3QkFBd0IsQ0FBQztRQUNyQyxZQUFZLEVBQUUsWUFBWTtRQUMxQixXQUFXLEVBQUU7WUFDWCxPQUFPLEVBQUUsQ0FBQztvQkFDUixNQUFNLEVBQUUsYUFBYSxDQUFDLENBQUMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFFBQVE7b0JBQzNDLGlCQUFpQixFQUFFO3dCQUNqQixJQUFJLEVBQUUsaUJBQWlCO3dCQUN2QixJQUFJLEVBQUUsSUFBSTt3QkFDVixHQUFHO3dCQUNILGVBQWUsRUFBRSx3QkFBd0IsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLEVBQUUsS0FBSyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7cUJBQ3JFO2lCQUNGLENBQUM7U0FDSDtLQUNGLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztBQUNmLENBQUM7QUFFRCxLQUFLLFVBQVUsMEJBQTBCLENBQUMsT0FBZSxFQUFFLGdCQUF5QjtJQUNsRixNQUFNLEdBQUcsR0FBRyxJQUFJLGFBQUcsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsRUFBRSxvQkFBb0IsRUFBRSxVQUFVLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDbEYsTUFBTSxTQUFTLEdBQUcsQ0FBQyxJQUFJLElBQUksRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7SUFFekMsTUFBTSxFQUFFLFdBQVcsRUFBRSxrQkFBa0IsRUFBRSxHQUFHLE1BQU0sR0FBRztTQUNsRCxVQUFVLENBQUM7UUFDVixPQUFPLEVBQUUsT0FBTztRQUNoQixlQUFlLEVBQUUsaUNBQWlDLFNBQVMsRUFBRTtLQUM5RCxDQUFDO1NBQ0QsT0FBTyxFQUFFLENBQUM7SUFFYixJQUFJLENBQUMsa0JBQWtCLEVBQUU7UUFDdkIsTUFBTSxLQUFLLENBQUMsdUNBQXVDLENBQUMsQ0FBQztLQUN0RDtJQUVELE9BQU8sSUFBSSxxQkFBVyxDQUFDO1FBQ3JCLFdBQVcsRUFBRSxrQkFBa0IsQ0FBQyxXQUFXO1FBQzNDLGVBQWUsRUFBRSxrQkFBa0IsQ0FBQyxlQUFlO1FBQ25ELFlBQVksRUFBRSxrQkFBa0IsQ0FBQyxZQUFZO0tBQzlDLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCxLQUFLLFVBQVUscUJBQXFCLENBQUMsSUFBWSxFQUFFLE9BQWdCO0lBQ2pFLE1BQU0sS0FBSyxHQUFHLE1BQU0sT0FBTyxDQUFDLHFCQUFxQixDQUFDLEVBQUUsT0FBTyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDL0UsTUFBTSxZQUFZLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxLQUFLLEdBQUcsSUFBSSxHQUFHLENBQUMsQ0FBQztJQUVoRixJQUFJLFlBQVksQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFO1FBQzdCLE1BQU0sS0FBSyxDQUFDLDhEQUE4RCxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztLQUNsRztJQUVELE9BQU8sWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQztBQUM1QixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgQ3JlZGVudGlhbHMsIFJvdXRlNTMsIFNUUyB9IGZyb20gJ2F3cy1zZGsnO1xuXG5pbnRlcmZhY2UgUmVzb3VyY2VQcm9wZXJ0aWVzIHtcbiAgQXNzdW1lUm9sZUFybjogc3RyaW5nLFxuICBQYXJlbnRab25lTmFtZT86IHN0cmluZyxcbiAgUGFyZW50Wm9uZUlkPzogc3RyaW5nLFxuICBEZWxlZ2F0ZWRab25lTmFtZTogc3RyaW5nLFxuICBEZWxlZ2F0ZWRab25lTmFtZVNlcnZlcnM6IHN0cmluZ1tdLFxuICBUVEw6IG51bWJlcixcbiAgVXNlUmVnaW9uYWxTdHNFbmRwb2ludD86IHN0cmluZyxcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIGhhbmRsZXIoZXZlbnQ6IEFXU0xhbWJkYS5DbG91ZEZvcm1hdGlvbkN1c3RvbVJlc291cmNlRXZlbnQpIHtcbiAgY29uc3QgcmVzb3VyY2VQcm9wcyA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcyBhcyB1bmtub3duIGFzIFJlc291cmNlUHJvcGVydGllcztcblxuICBzd2l0Y2ggKGV2ZW50LlJlcXVlc3RUeXBlKSB7XG4gICAgY2FzZSAnQ3JlYXRlJzpcbiAgICBjYXNlICdVcGRhdGUnOlxuICAgICAgcmV0dXJuIGNmbkV2ZW50SGFuZGxlcihyZXNvdXJjZVByb3BzLCBmYWxzZSk7XG4gICAgY2FzZSAnRGVsZXRlJzpcbiAgICAgIHJldHVybiBjZm5FdmVudEhhbmRsZXIocmVzb3VyY2VQcm9wcywgdHJ1ZSk7XG4gIH1cbn1cblxuYXN5bmMgZnVuY3Rpb24gY2ZuRXZlbnRIYW5kbGVyKHByb3BzOiBSZXNvdXJjZVByb3BlcnRpZXMsIGlzRGVsZXRlRXZlbnQ6IGJvb2xlYW4pIHtcbiAgY29uc3QgeyBBc3N1bWVSb2xlQXJuLCBQYXJlbnRab25lSWQsIFBhcmVudFpvbmVOYW1lLCBEZWxlZ2F0ZWRab25lTmFtZSwgRGVsZWdhdGVkWm9uZU5hbWVTZXJ2ZXJzLCBUVEwsIFVzZVJlZ2lvbmFsU3RzRW5kcG9pbnQgfSA9IHByb3BzO1xuXG4gIGlmICghUGFyZW50Wm9uZUlkICYmICFQYXJlbnRab25lTmFtZSkge1xuICAgIHRocm93IEVycm9yKCdPbmUgb2YgUGFyZW50Wm9uZUlkIG9yIFBhcmVudFpvbmVOYW1lIG11c3QgYmUgc3BlY2lmaWVkJyk7XG4gIH1cblxuICBjb25zdCBjcmVkZW50aWFscyA9IGF3YWl0IGdldENyb3NzQWNjb3VudENyZWRlbnRpYWxzKEFzc3VtZVJvbGVBcm4sICEhVXNlUmVnaW9uYWxTdHNFbmRwb2ludCk7XG4gIGNvbnN0IHJvdXRlNTMgPSBuZXcgUm91dGU1Myh7IGNyZWRlbnRpYWxzIH0pO1xuXG4gIGNvbnN0IHBhcmVudFpvbmVJZCA9IFBhcmVudFpvbmVJZCA/PyBhd2FpdCBnZXRIb3N0ZWRab25lSWRCeU5hbWUoUGFyZW50Wm9uZU5hbWUhLCByb3V0ZTUzKTtcblxuICBhd2FpdCByb3V0ZTUzLmNoYW5nZVJlc291cmNlUmVjb3JkU2V0cyh7XG4gICAgSG9zdGVkWm9uZUlkOiBwYXJlbnRab25lSWQsXG4gICAgQ2hhbmdlQmF0Y2g6IHtcbiAgICAgIENoYW5nZXM6IFt7XG4gICAgICAgIEFjdGlvbjogaXNEZWxldGVFdmVudCA/ICdERUxFVEUnIDogJ1VQU0VSVCcsXG4gICAgICAgIFJlc291cmNlUmVjb3JkU2V0OiB7XG4gICAgICAgICAgTmFtZTogRGVsZWdhdGVkWm9uZU5hbWUsXG4gICAgICAgICAgVHlwZTogJ05TJyxcbiAgICAgICAgICBUVEwsXG4gICAgICAgICAgUmVzb3VyY2VSZWNvcmRzOiBEZWxlZ2F0ZWRab25lTmFtZVNlcnZlcnMubWFwKG5zID0+ICh7IFZhbHVlOiBucyB9KSksXG4gICAgICAgIH0sXG4gICAgICB9XSxcbiAgICB9LFxuICB9KS5wcm9taXNlKCk7XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldENyb3NzQWNjb3VudENyZWRlbnRpYWxzKHJvbGVBcm46IHN0cmluZywgcmVnaW9uYWxFbmRwb2ludDogYm9vbGVhbik6IFByb21pc2U8Q3JlZGVudGlhbHM+IHtcbiAgY29uc3Qgc3RzID0gbmV3IFNUUyhyZWdpb25hbEVuZHBvaW50ID8geyBzdHNSZWdpb25hbEVuZHBvaW50czogJ3JlZ2lvbmFsJyB9IDoge30pO1xuICBjb25zdCB0aW1lc3RhbXAgPSAobmV3IERhdGUoKSkuZ2V0VGltZSgpO1xuXG4gIGNvbnN0IHsgQ3JlZGVudGlhbHM6IGFzc3VtZWRDcmVkZW50aWFscyB9ID0gYXdhaXQgc3RzXG4gICAgLmFzc3VtZVJvbGUoe1xuICAgICAgUm9sZUFybjogcm9sZUFybixcbiAgICAgIFJvbGVTZXNzaW9uTmFtZTogYGNyb3NzLWFjY291bnQtem9uZS1kZWxlZ2F0aW9uLSR7dGltZXN0YW1wfWAsXG4gICAgfSlcbiAgICAucHJvbWlzZSgpO1xuXG4gIGlmICghYXNzdW1lZENyZWRlbnRpYWxzKSB7XG4gICAgdGhyb3cgRXJyb3IoJ0Vycm9yIGdldHRpbmcgYXNzdW1lIHJvbGUgY3JlZGVudGlhbHMnKTtcbiAgfVxuXG4gIHJldHVybiBuZXcgQ3JlZGVudGlhbHMoe1xuICAgIGFjY2Vzc0tleUlkOiBhc3N1bWVkQ3JlZGVudGlhbHMuQWNjZXNzS2V5SWQsXG4gICAgc2VjcmV0QWNjZXNzS2V5OiBhc3N1bWVkQ3JlZGVudGlhbHMuU2VjcmV0QWNjZXNzS2V5LFxuICAgIHNlc3Npb25Ub2tlbjogYXNzdW1lZENyZWRlbnRpYWxzLlNlc3Npb25Ub2tlbixcbiAgfSk7XG59XG5cbmFzeW5jIGZ1bmN0aW9uIGdldEhvc3RlZFpvbmVJZEJ5TmFtZShuYW1lOiBzdHJpbmcsIHJvdXRlNTM6IFJvdXRlNTMpOiBQcm9taXNlPHN0cmluZz4ge1xuICBjb25zdCB6b25lcyA9IGF3YWl0IHJvdXRlNTMubGlzdEhvc3RlZFpvbmVzQnlOYW1lKHsgRE5TTmFtZTogbmFtZSB9KS5wcm9taXNlKCk7XG4gIGNvbnN0IG1hdGNoZWRab25lcyA9IHpvbmVzLkhvc3RlZFpvbmVzLmZpbHRlcih6b25lID0+IHpvbmUuTmFtZSA9PT0gYCR7bmFtZX0uYCk7XG5cbiAgaWYgKG1hdGNoZWRab25lcy5sZW5ndGggIT09IDEpIHtcbiAgICB0aHJvdyBFcnJvcihgRXhwZWN0ZWQgb25lIGhvc3RlZCB6b25lIHRvIG1hdGNoIHRoZSBnaXZlbiBuYW1lIGJ1dCBmb3VuZCAke21hdGNoZWRab25lcy5sZW5ndGh9YCk7XG4gIH1cblxuICByZXR1cm4gbWF0Y2hlZFpvbmVzWzBdLklkO1xufVxuIl19 \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json index 7f9e7395fc8d1..03a8cf2340c2f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.assets.json @@ -1,20 +1,20 @@ { - "version": "32.0.0", + "version": "33.0.0", "files": { - "41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3": { + "ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab": { "source": { - "path": "asset.41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3", + "path": "asset.ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3.zip", + "objectKey": "ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "6f4ec979a8d1283c6acc22bc18d9484eeb277437d6478857bfc44713df18cf6c": { + "3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460": { "source": { "path": "aws-cdk-route53-cross-account-integ.template.json", "packaging": "file" @@ -22,7 +22,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "6f4ec979a8d1283c6acc22bc18d9484eeb277437d6478857bfc44713df18cf6c.json", + "objectKey": "3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json index ca6cf99b87cf6..0dc079b05fef5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/aws-cdk-route53-cross-account-integ.template.json @@ -200,7 +200,7 @@ "S3Bucket": { "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" }, - "S3Key": "41c4b73830acc6810dfa58ee8d966cb1485aa9daa124decc1e33f957eeb1adb3.zip" + "S3Key": "ab0afc2f801b8ac11473bad4d9f22578919d8959b5f1bcd21b05c4ac895dbcab.zip" }, "Timeout": 900, "MemorySize": 128, @@ -211,7 +211,7 @@ "Arn" ] }, - "Runtime": "nodejs18.x" + "Runtime": "nodejs16.x" }, "DependsOn": [ "CustomCrossAccountZoneDelegationCustomResourceProviderRoleED64687B" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/cdk.out index f0b901e7c06e5..560dae10d018f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"32.0.0"} \ No newline at end of file +{"version":"33.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/integ.json index 9b627fe91a50d..db00c89da163e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/integ.json @@ -1,14 +1,13 @@ { - "version": "32.0.0", + "version": "33.0.0", "testCases": { - "integ.cross-account-zone-delegation": { + "Route53CrossAccountInteg/DefaultTest": { "stacks": [ "aws-cdk-route53-cross-account-integ" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "diffAssets": true, + "assertionStack": "Route53CrossAccountInteg/DefaultTest/DeployAssert", + "assertionStackName": "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json index fae5ca02eb1e2..646cd1f7d8514 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json @@ -1,5 +1,5 @@ { - "version": "32.0.0", + "version": "33.0.0", "artifacts": { "aws-cdk-route53-cross-account-integ.assets": { "type": "cdk:asset-manifest", @@ -17,7 +17,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/6f4ec979a8d1283c6acc22bc18d9484eeb277437d6478857bfc44713df18cf6c.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/3222f491727b0389ac87f972f2443b490ff3cee14d24c28f1527c3f085cab460.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -108,6 +108,53 @@ }, "displayName": "aws-cdk-route53-cross-account-integ" }, + "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "Route53CrossAccountIntegDefaultTestDeployAssertF1D808C9.assets" + ], + "metadata": { + "/Route53CrossAccountInteg/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/Route53CrossAccountInteg/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "Route53CrossAccountInteg/DefaultTest/DeployAssert" + }, "Tree": { "type": "cdk:tree", "properties": { diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json index edb9bf69a6743..d74a2a27509b1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/tree.json @@ -449,12 +449,66 @@ "version": "0.0.0" } }, + "Route53CrossAccountInteg": { + "id": "Route53CrossAccountInteg", + "path": "Route53CrossAccountInteg", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "Route53CrossAccountInteg/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "Route53CrossAccountInteg/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.2.69" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "Route53CrossAccountInteg/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "Route53CrossAccountInteg/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "Route53CrossAccountInteg/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, "Tree": { "id": "Tree", "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.2.55" + "version": "10.2.69" } } }, diff --git a/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts b/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts index 89d127ad983e6..7867e7a45a725 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts @@ -1,7 +1,5 @@ // eslint-disable-next-line import/no-extraneous-dependencies -import { Route53 } from '@aws-sdk/client-route-53'; -// eslint-disable-next-line import/no-extraneous-dependencies -import { fromTemporaryCredentials } from '@aws-sdk/credential-providers'; +import { Credentials, Route53, STS } from 'aws-sdk'; interface ResourceProperties { AssumeRoleArn: string, @@ -32,16 +30,8 @@ async function cfnEventHandler(props: ResourceProperties, isDeleteEvent: boolean throw Error('One of ParentZoneId or ParentZoneName must be specified'); } - const timestamp = (new Date()).getTime(); - const route53 = new Route53({ - credentials: fromTemporaryCredentials({ - clientConfig: { useGlobalEndpoint: !UseRegionalStsEndpoint }, - params: { - RoleArn: AssumeRoleArn, - RoleSessionName: `cross-account-zone-delegation-${timestamp}`, - }, - }), - }); + const credentials = await getCrossAccountCredentials(AssumeRoleArn, !!UseRegionalStsEndpoint); + const route53 = new Route53({ credentials }); const parentZoneId = ParentZoneId ?? await getHostedZoneIdByName(ParentZoneName!, route53); @@ -58,17 +48,38 @@ async function cfnEventHandler(props: ResourceProperties, isDeleteEvent: boolean }, }], }, + }).promise(); +} + +async function getCrossAccountCredentials(roleArn: string, regionalEndpoint: boolean): Promise { + const sts = new STS(regionalEndpoint ? { stsRegionalEndpoints: 'regional' } : {}); + const timestamp = (new Date()).getTime(); + + const { Credentials: assumedCredentials } = await sts + .assumeRole({ + RoleArn: roleArn, + RoleSessionName: `cross-account-zone-delegation-${timestamp}`, + }) + .promise(); + + if (!assumedCredentials) { + throw Error('Error getting assume role credentials'); + } + + return new Credentials({ + accessKeyId: assumedCredentials.AccessKeyId, + secretAccessKey: assumedCredentials.SecretAccessKey, + sessionToken: assumedCredentials.SessionToken, }); } async function getHostedZoneIdByName(name: string, route53: Route53): Promise { - const zones = await route53.listHostedZonesByName({ DNSName: name }); - const matchedZones = zones.HostedZones?.filter(zone => zone.Name === `${name}.`) ?? []; + const zones = await route53.listHostedZonesByName({ DNSName: name }).promise(); + const matchedZones = zones.HostedZones.filter(zone => zone.Name === `${name}.`); - if (matchedZones && matchedZones.length !== 1) { + if (matchedZones.length !== 1) { throw Error(`Expected one hosted zone to match the given name but found ${matchedZones.length}`); } - // will always be defined because we throw if length !==1 - return matchedZones[0].Id!; + return matchedZones[0].Id; } diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index 6e591efe57663..db24f76df2971 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -795,7 +795,7 @@ export class CrossAccountZoneDelegationRecord extends Construct { const provider = CustomResourceProvider.getOrCreateProvider(this, CROSS_ACCOUNT_ZONE_DELEGATION_RESOURCE_TYPE, { codeDirectory: path.join(__dirname, 'cross-account-zone-delegation-handler'), - runtime: CustomResourceProviderRuntime.NODEJS_18_X, + runtime: CustomResourceProviderRuntime.NODEJS_16_X, }); const role = iam.Role.fromRoleArn(this, 'cross-account-zone-delegation-handler-role', provider.roleArn); diff --git a/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts b/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts index e6db1d8d22d7b..04f7a54b5f1a1 100644 --- a/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts +++ b/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts @@ -1,42 +1,31 @@ import { handler } from '../../lib/cross-account-zone-delegation-handler'; -const mockAssumeRole = jest.fn(); -const mockChangeResourceRecordSets = jest.fn(); -const mockListHostedZonesByName = jest.fn(); - const mockStsClient = { - assumeRole: mockAssumeRole, + assumeRole: jest.fn().mockReturnThis(), + promise: jest.fn(), }; - const mockRoute53Client = { - changeResourceRecordSets: mockChangeResourceRecordSets, - listHostedZonesByName: mockListHostedZonesByName, + changeResourceRecordSets: jest.fn().mockReturnThis(), + listHostedZonesByName: jest.fn().mockReturnThis(), + promise: jest.fn(), }; -jest.mock('@aws-sdk/client-sts', () => { - return { - STS: jest.fn().mockImplementation(() => { - return mockStsClient;; - }), - }; -}); - -jest.mock('@aws-sdk/client-route-53', () => { +jest.mock('aws-sdk', () => { return { - Route53: jest.fn().mockImplementation(() => { - return mockRoute53Client; - }), + ...(jest.requireActual('aws-sdk') as any), + STS: jest.fn(() => mockStsClient), + Route53: jest.fn(() => mockRoute53Client), }; }); beforeEach(() => { - mockStsClient.assumeRole.mockClear(); - mockRoute53Client.changeResourceRecordSets.mockClear(); - mockRoute53Client.listHostedZonesByName.mockClear(); + mockStsClient.assumeRole.mockReturnThis(); + mockRoute53Client.changeResourceRecordSets.mockReturnThis(); + mockRoute53Client.listHostedZonesByName.mockReturnThis(); }); -afterAll(() => { - jest.resetAllMocks(); +afterEach(() => { + jest.clearAllMocks(); }); test('throws error if both ParentZoneId and ParentZoneName are not provided', async () => { @@ -50,10 +39,27 @@ test('throws error if both ParentZoneId and ParentZoneName are not provided', as await expect(invokeHandler(event)).rejects.toThrow(/One of ParentZoneId or ParentZoneName must be specified/); }); +test('throws error if getting credentials fails', async () => { + // GIVEN + mockStsClient.promise.mockResolvedValueOnce({ Credentials: undefined }); + + // WHEN + const event= getCfnEvent(); + + // THEN + await expect(invokeHandler(event)).rejects.toThrow(/Error getting assume role credentials/); + + expect(mockStsClient.assumeRole).toHaveBeenCalledTimes(1); + expect(mockStsClient.assumeRole).toHaveBeenCalledWith({ + RoleArn: 'roleArn', + RoleSessionName: expect.any(String), + }); +}); + test('calls create resource record set with Upsert for Create event', async () => { // GIVEN - mockStsClient.assumeRole.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); - mockRoute53Client.changeResourceRecordSets.mockResolvedValueOnce({}); + mockStsClient.promise.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); + mockRoute53Client.promise.mockResolvedValueOnce({}); // WHEN const event= getCfnEvent(); @@ -79,8 +85,8 @@ test('calls create resource record set with Upsert for Create event', async () = test('calls create resource record set with DELETE for Delete event', async () => { // GIVEN - mockStsClient.assumeRole.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); - mockRoute53Client.changeResourceRecordSets.mockResolvedValueOnce({}); + mockStsClient.promise.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); + mockRoute53Client.promise.mockResolvedValueOnce({}); // WHEN const event= getCfnEvent({ RequestType: 'Delete' }); @@ -109,9 +115,9 @@ test('calls listHostedZonesByName to get zoneId if ParentZoneId is not provided' const parentZoneName = 'some.zone'; const parentZoneId = 'zone-id'; - mockStsClient.assumeRole.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); - mockRoute53Client.listHostedZonesByName.mockResolvedValueOnce({ HostedZones: [{ Name: `${parentZoneName}.`, Id: parentZoneId }] }); - mockRoute53Client.changeResourceRecordSets.mockResolvedValueOnce({}); + mockStsClient.promise.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); + mockRoute53Client.promise.mockResolvedValueOnce({ HostedZones: [{ Name: `${parentZoneName}.`, Id: parentZoneId }] }); + mockRoute53Client.promise.mockResolvedValueOnce({}); // WHEN const event = getCfnEvent({}, { @@ -146,8 +152,8 @@ test('throws if more than one HostedZones are returnd for the provided ParentHos const parentZoneName = 'some.zone'; const parentZoneId = 'zone-id'; - mockStsClient.assumeRole.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); - mockRoute53Client.listHostedZonesByName.mockResolvedValueOnce({ + mockStsClient.promise.mockResolvedValueOnce({ Credentials: { AccessKeyId: 'K', SecretAccessKey: 'S', SessionToken: 'T' } }); + mockRoute53Client.promise.mockResolvedValueOnce({ HostedZones: [ { Name: `${parentZoneName}.`, Id: parentZoneId }, { Name: `${parentZoneName}.`, Id: parentZoneId },