From 329accc1f1b0775350a37bbc6675c90730382c26 Mon Sep 17 00:00:00 2001 From: Colin Francis <131073567+colifran@users.noreply.github.com> Date: Wed, 29 Nov 2023 08:20:16 -0800 Subject: [PATCH] chore(route53): migrate cross account zone handler (#28134) This PR moves the cross account zone handler from aws-cdk-lib to our new centralized location for custom resource handlers in the [@aws-cdk](https://github.com/aws-cdk) package. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../index.js | 95 ------------------- .../__entrypoint__.js | 0 .../index.js | 1 + .../child-opt-in-stack.assets.json | 10 +- .../child-opt-in-stack.template.json | 2 +- .../child-stack.assets.json | 10 +- .../child-stack.template.json | 2 +- .../manifest.json | 4 +- .../index.ts | 0 ...s-account-zone-delegation-handler.test.ts} | 2 +- .../.is_custom_resource | 0 .../aws-cdk-lib/aws-route53/lib/record-set.ts | 2 +- 12 files changed, 17 insertions(+), 111 deletions(-) delete mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/index.js rename packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/{asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7 => asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a}/__entrypoint__.js (100%) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/index.js rename packages/{aws-cdk-lib/aws-route53/lib => @aws-cdk/custom-resource-handlers/lib/aws-route53}/cross-account-zone-delegation-handler/index.ts (100%) rename packages/{aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts => @aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts} (98%) delete mode 100644 packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/.is_custom_resource diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/index.js deleted file mode 100644 index f97f8b1e0dc62..0000000000000 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/index.js +++ /dev/null @@ -1,95 +0,0 @@ -"use strict"; -Object.defineProperty(exports, "__esModule", { value: true }); -exports.handler = void 0; -// eslint-disable-next-line import/no-extraneous-dependencies -const client_route_53_1 = require("@aws-sdk/client-route-53"); -// eslint-disable-next-line import/no-extraneous-dependencies -const credential_providers_1 = require("@aws-sdk/credential-providers"); -async function handler(event) { - const resourceProps = event.ResourceProperties; - switch (event.RequestType) { - case 'Create': - case 'Update': - return cfnEventHandler(resourceProps, false); - case 'Delete': - return cfnEventHandler(resourceProps, true); - } -} -exports.handler = handler; -async function cfnEventHandler(props, isDeleteEvent) { - const { AssumeRoleArn, ParentZoneId, ParentZoneName, DelegatedZoneName, DelegatedZoneNameServers, TTL } = props; - if (!ParentZoneId && !ParentZoneName) { - throw Error('One of ParentZoneId or ParentZoneName must be specified'); - } - const timestamp = (new Date()).getTime(); - const route53 = new client_route_53_1.Route53({ - credentials: (0, credential_providers_1.fromTemporaryCredentials)({ - clientConfig: { - region: route53Region(process.env.AWS_REGION ?? process.env.AWS_DEFAULT_REGION ?? ''), - }, - params: { - RoleArn: AssumeRoleArn, - RoleSessionName: `cross-account-zone-delegation-${timestamp}`, - }, - }), - }); - const parentZoneId = ParentZoneId ?? await getHostedZoneIdByName(ParentZoneName, route53); - await route53.changeResourceRecordSets({ - HostedZoneId: parentZoneId, - ChangeBatch: { - Changes: [{ - Action: isDeleteEvent ? 'DELETE' : 'UPSERT', - ResourceRecordSet: { - Name: DelegatedZoneName, - Type: 'NS', - TTL, - ResourceRecords: DelegatedZoneNameServers.map(ns => ({ Value: ns })), - }, - }], - }, - }); -} -async function getHostedZoneIdByName(name, route53) { - const zones = await route53.listHostedZonesByName({ DNSName: name }); - const matchedZones = zones.HostedZones?.filter(zone => zone.Name === `${name}.`) ?? []; - if (matchedZones && matchedZones.length !== 1) { - throw Error(`Expected one hosted zone to match the given name but found ${matchedZones.length}`); - } - // will always be defined because we throw if length !==1 - return matchedZones[0].Id; -} -/** - * Return the region that hosts the Route53 endpoint - * - * Route53 is a partitional service: the control plane lives in one particular region, - * which is different for every partition. - * - * The SDK knows how to convert a "target region" to a "route53 endpoint", which - * equates to a (potentially different) region. However, when we use STS - * AssumeRole credentials, we must grab credentials that will work in that - * region. - * - * By default, STS AssumeRole will call the STS endpoint for the same region - * as the Lambda runs in. Normally, this is all good. However, when the AssumeRole - * is used to assume a role in a different account A, the AssumeRole will fail if the - * Lambda is executing in an an opt-in region R to which account A has not been opted in. - * - * To solve this, we will always AssumeRole in the same region as the Route53 call will - * resolve to. - */ -function route53Region(region) { - const partitions = { - 'cn': 'cn-northwest-1', - 'us-gov': 'us-gov-west-1', - 'us-iso': 'us-iso-east-1', - 'us-isob': 'us-isob-east-1', - }; - for (const [prefix, mainRegion] of Object.entries(partitions)) { - if (region.startsWith(`${prefix}-`)) { - return mainRegion; - } - } - // Default for commercial partition - return 'us-east-1'; -} -//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2REFBNkQ7QUFDN0QsOERBQW1EO0FBQ25ELDZEQUE2RDtBQUM3RCx3RUFBeUU7QUFXbEUsS0FBSyxVQUFVLE9BQU8sQ0FBQyxLQUFrRDtJQUM5RSxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsa0JBQW1ELENBQUM7SUFFaEYsUUFBUSxLQUFLLENBQUMsV0FBVyxFQUFFO1FBQ3pCLEtBQUssUUFBUSxDQUFDO1FBQ2QsS0FBSyxRQUFRO1lBQ1gsT0FBTyxlQUFlLENBQUMsYUFBYSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQy9DLEtBQUssUUFBUTtZQUNYLE9BQU8sZUFBZSxDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsQ0FBQztLQUMvQztBQUNILENBQUM7QUFWRCwwQkFVQztBQUVELEtBQUssVUFBVSxlQUFlLENBQUMsS0FBeUIsRUFBRSxhQUFzQjtJQUM5RSxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxjQUFjLEVBQUUsaUJBQWlCLEVBQUUsd0JBQXdCLEVBQUUsR0FBRyxFQUFFLEdBQUcsS0FBSyxDQUFDO0lBRWhILElBQUksQ0FBQyxZQUFZLElBQUksQ0FBQyxjQUFjLEVBQUU7UUFDcEMsTUFBTSxLQUFLLENBQUMseURBQXlELENBQUMsQ0FBQztLQUN4RTtJQUVELE1BQU0sU0FBUyxHQUFHLENBQUMsSUFBSSxJQUFJLEVBQUUsQ0FBQyxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQ3pDLE1BQU0sT0FBTyxHQUFHLElBQUkseUJBQU8sQ0FBQztRQUMxQixXQUFXLEVBQUUsSUFBQSwrQ0FBd0IsRUFBQztZQUNwQyxZQUFZLEVBQUU7Z0JBQ1osTUFBTSxFQUFFLGFBQWEsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSxPQUFPLENBQUMsR0FBRyxDQUFDLGtCQUFrQixJQUFJLEVBQUUsQ0FBQzthQUN0RjtZQUNELE1BQU0sRUFBRTtnQkFDTixPQUFPLEVBQUUsYUFBYTtnQkFDdEIsZUFBZSxFQUFFLGlDQUFpQyxTQUFTLEVBQUU7YUFDOUQ7U0FDRixDQUFDO0tBQ0gsQ0FBQyxDQUFDO0lBRUgsTUFBTSxZQUFZLEdBQUcsWUFBWSxJQUFJLE1BQU0scUJBQXFCLENBQUMsY0FBZSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBRTNGLE1BQU0sT0FBTyxDQUFDLHdCQUF3QixDQUFDO1FBQ3JDLFlBQVksRUFBRSxZQUFZO1FBQzFCLFdBQVcsRUFBRTtZQUNYLE9BQU8sRUFBRSxDQUFDO29CQUNSLE1BQU0sRUFBRSxhQUFhLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsUUFBUTtvQkFDM0MsaUJBQWlCLEVBQUU7d0JBQ2pCLElBQUksRUFBRSxpQkFBaUI7d0JBQ3ZCLElBQUksRUFBRSxJQUFJO3dCQUNWLEdBQUc7d0JBQ0gsZUFBZSxFQUFFLHdCQUF3QixDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztxQkFDckU7aUJBQ0YsQ0FBQztTQUNIO0tBQ0YsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVELEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxJQUFZLEVBQUUsT0FBZ0I7SUFDakUsTUFBTSxLQUFLLEdBQUcsTUFBTSxPQUFPLENBQUMscUJBQXFCLENBQUMsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNyRSxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssR0FBRyxJQUFJLEdBQUcsQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUV2RixJQUFJLFlBQVksSUFBSSxZQUFZLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtRQUM3QyxNQUFNLEtBQUssQ0FBQyw4REFBOEQsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7S0FDbEc7SUFFRCx5REFBeUQ7SUFDekQsT0FBTyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRyxDQUFDO0FBQzdCLENBQUM7QUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBa0JHO0FBQ0gsU0FBUyxhQUFhLENBQUMsTUFBYztJQUNuQyxNQUFNLFVBQVUsR0FBRztRQUNqQixJQUFJLEVBQUUsZ0JBQWdCO1FBQ3RCLFFBQVEsRUFBRSxlQUFlO1FBQ3pCLFFBQVEsRUFBRSxlQUFlO1FBQ3pCLFNBQVMsRUFBRSxnQkFBZ0I7S0FDNUIsQ0FBQztJQUVGLEtBQUssTUFBTSxDQUFDLE1BQU0sRUFBRSxVQUFVLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxFQUFFO1FBQzdELElBQUksTUFBTSxDQUFDLFVBQVUsQ0FBQyxHQUFHLE1BQU0sR0FBRyxDQUFDLEVBQUU7WUFDbkMsT0FBTyxVQUFVLENBQUM7U0FDbkI7S0FDRjtJQUVELG1DQUFtQztJQUNuQyxPQUFPLFdBQVcsQ0FBQztBQUNyQixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHsgUm91dGU1MyB9IGZyb20gJ0Bhd3Mtc2RrL2NsaWVudC1yb3V0ZS01Myc7XG4vLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgaW1wb3J0L25vLWV4dHJhbmVvdXMtZGVwZW5kZW5jaWVzXG5pbXBvcnQgeyBmcm9tVGVtcG9yYXJ5Q3JlZGVudGlhbHMgfSBmcm9tICdAYXdzLXNkay9jcmVkZW50aWFsLXByb3ZpZGVycyc7XG5cbmludGVyZmFjZSBSZXNvdXJjZVByb3BlcnRpZXMge1xuICBBc3N1bWVSb2xlQXJuOiBzdHJpbmcsXG4gIFBhcmVudFpvbmVOYW1lPzogc3RyaW5nLFxuICBQYXJlbnRab25lSWQ/OiBzdHJpbmcsXG4gIERlbGVnYXRlZFpvbmVOYW1lOiBzdHJpbmcsXG4gIERlbGVnYXRlZFpvbmVOYW1lU2VydmVyczogc3RyaW5nW10sXG4gIFRUTDogbnVtYmVyLFxufVxuXG5leHBvcnQgYXN5bmMgZnVuY3Rpb24gaGFuZGxlcihldmVudDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCkge1xuICBjb25zdCByZXNvdXJjZVByb3BzID0gZXZlbnQuUmVzb3VyY2VQcm9wZXJ0aWVzIGFzIHVua25vd24gYXMgUmVzb3VyY2VQcm9wZXJ0aWVzO1xuXG4gIHN3aXRjaCAoZXZlbnQuUmVxdWVzdFR5cGUpIHtcbiAgICBjYXNlICdDcmVhdGUnOlxuICAgIGNhc2UgJ1VwZGF0ZSc6XG4gICAgICByZXR1cm4gY2ZuRXZlbnRIYW5kbGVyKHJlc291cmNlUHJvcHMsIGZhbHNlKTtcbiAgICBjYXNlICdEZWxldGUnOlxuICAgICAgcmV0dXJuIGNmbkV2ZW50SGFuZGxlcihyZXNvdXJjZVByb3BzLCB0cnVlKTtcbiAgfVxufVxuXG5hc3luYyBmdW5jdGlvbiBjZm5FdmVudEhhbmRsZXIocHJvcHM6IFJlc291cmNlUHJvcGVydGllcywgaXNEZWxldGVFdmVudDogYm9vbGVhbikge1xuICBjb25zdCB7IEFzc3VtZVJvbGVBcm4sIFBhcmVudFpvbmVJZCwgUGFyZW50Wm9uZU5hbWUsIERlbGVnYXRlZFpvbmVOYW1lLCBEZWxlZ2F0ZWRab25lTmFtZVNlcnZlcnMsIFRUTCB9ID0gcHJvcHM7XG5cbiAgaWYgKCFQYXJlbnRab25lSWQgJiYgIVBhcmVudFpvbmVOYW1lKSB7XG4gICAgdGhyb3cgRXJyb3IoJ09uZSBvZiBQYXJlbnRab25lSWQgb3IgUGFyZW50Wm9uZU5hbWUgbXVzdCBiZSBzcGVjaWZpZWQnKTtcbiAgfVxuXG4gIGNvbnN0IHRpbWVzdGFtcCA9IChuZXcgRGF0ZSgpKS5nZXRUaW1lKCk7XG4gIGNvbnN0IHJvdXRlNTMgPSBuZXcgUm91dGU1Myh7XG4gICAgY3JlZGVudGlhbHM6IGZyb21UZW1wb3JhcnlDcmVkZW50aWFscyh7XG4gICAgICBjbGllbnRDb25maWc6IHtcbiAgICAgICAgcmVnaW9uOiByb3V0ZTUzUmVnaW9uKHByb2Nlc3MuZW52LkFXU19SRUdJT04gPz8gcHJvY2Vzcy5lbnYuQVdTX0RFRkFVTFRfUkVHSU9OID8/ICcnKSxcbiAgICAgIH0sXG4gICAgICBwYXJhbXM6IHtcbiAgICAgICAgUm9sZUFybjogQXNzdW1lUm9sZUFybixcbiAgICAgICAgUm9sZVNlc3Npb25OYW1lOiBgY3Jvc3MtYWNjb3VudC16b25lLWRlbGVnYXRpb24tJHt0aW1lc3RhbXB9YCxcbiAgICAgIH0sXG4gICAgfSksXG4gIH0pO1xuXG4gIGNvbnN0IHBhcmVudFpvbmVJZCA9IFBhcmVudFpvbmVJZCA/PyBhd2FpdCBnZXRIb3N0ZWRab25lSWRCeU5hbWUoUGFyZW50Wm9uZU5hbWUhLCByb3V0ZTUzKTtcblxuICBhd2FpdCByb3V0ZTUzLmNoYW5nZVJlc291cmNlUmVjb3JkU2V0cyh7XG4gICAgSG9zdGVkWm9uZUlkOiBwYXJlbnRab25lSWQsXG4gICAgQ2hhbmdlQmF0Y2g6IHtcbiAgICAgIENoYW5nZXM6IFt7XG4gICAgICAgIEFjdGlvbjogaXNEZWxldGVFdmVudCA/ICdERUxFVEUnIDogJ1VQU0VSVCcsXG4gICAgICAgIFJlc291cmNlUmVjb3JkU2V0OiB7XG4gICAgICAgICAgTmFtZTogRGVsZWdhdGVkWm9uZU5hbWUsXG4gICAgICAgICAgVHlwZTogJ05TJyxcbiAgICAgICAgICBUVEwsXG4gICAgICAgICAgUmVzb3VyY2VSZWNvcmRzOiBEZWxlZ2F0ZWRab25lTmFtZVNlcnZlcnMubWFwKG5zID0+ICh7IFZhbHVlOiBucyB9KSksXG4gICAgICAgIH0sXG4gICAgICB9XSxcbiAgICB9LFxuICB9KTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZ2V0SG9zdGVkWm9uZUlkQnlOYW1lKG5hbWU6IHN0cmluZywgcm91dGU1MzogUm91dGU1Myk6IFByb21pc2U8c3RyaW5nPiB7XG4gIGNvbnN0IHpvbmVzID0gYXdhaXQgcm91dGU1My5saXN0SG9zdGVkWm9uZXNCeU5hbWUoeyBETlNOYW1lOiBuYW1lIH0pO1xuICBjb25zdCBtYXRjaGVkWm9uZXMgPSB6b25lcy5Ib3N0ZWRab25lcz8uZmlsdGVyKHpvbmUgPT4gem9uZS5OYW1lID09PSBgJHtuYW1lfS5gKSA/PyBbXTtcblxuICBpZiAobWF0Y2hlZFpvbmVzICYmIG1hdGNoZWRab25lcy5sZW5ndGggIT09IDEpIHtcbiAgICB0aHJvdyBFcnJvcihgRXhwZWN0ZWQgb25lIGhvc3RlZCB6b25lIHRvIG1hdGNoIHRoZSBnaXZlbiBuYW1lIGJ1dCBmb3VuZCAke21hdGNoZWRab25lcy5sZW5ndGh9YCk7XG4gIH1cblxuICAvLyB3aWxsIGFsd2F5cyBiZSBkZWZpbmVkIGJlY2F1c2Ugd2UgdGhyb3cgaWYgbGVuZ3RoICE9PTFcbiAgcmV0dXJuIG1hdGNoZWRab25lc1swXS5JZCE7XG59XG5cbi8qKlxuICogUmV0dXJuIHRoZSByZWdpb24gdGhhdCBob3N0cyB0aGUgUm91dGU1MyBlbmRwb2ludFxuICpcbiAqIFJvdXRlNTMgaXMgYSBwYXJ0aXRpb25hbCBzZXJ2aWNlOiB0aGUgY29udHJvbCBwbGFuZSBsaXZlcyBpbiBvbmUgcGFydGljdWxhciByZWdpb24sXG4gKiB3aGljaCBpcyBkaWZmZXJlbnQgZm9yIGV2ZXJ5IHBhcnRpdGlvbi5cbiAqXG4gKiBUaGUgU0RLIGtub3dzIGhvdyB0byBjb252ZXJ0IGEgXCJ0YXJnZXQgcmVnaW9uXCIgdG8gYSBcInJvdXRlNTMgZW5kcG9pbnRcIiwgd2hpY2hcbiAqIGVxdWF0ZXMgdG8gYSAocG90ZW50aWFsbHkgZGlmZmVyZW50KSByZWdpb24uIEhvd2V2ZXIsIHdoZW4gd2UgdXNlIFNUU1xuICogQXNzdW1lUm9sZSBjcmVkZW50aWFscywgd2UgbXVzdCBncmFiIGNyZWRlbnRpYWxzIHRoYXQgd2lsbCB3b3JrIGluIHRoYXRcbiAqIHJlZ2lvbi5cbiAqXG4gKiBCeSBkZWZhdWx0LCBTVFMgQXNzdW1lUm9sZSB3aWxsIGNhbGwgdGhlIFNUUyBlbmRwb2ludCBmb3IgdGhlIHNhbWUgcmVnaW9uXG4gKiBhcyB0aGUgTGFtYmRhIHJ1bnMgaW4uIE5vcm1hbGx5LCB0aGlzIGlzIGFsbCBnb29kLiBIb3dldmVyLCB3aGVuIHRoZSBBc3N1bWVSb2xlXG4gKiBpcyB1c2VkIHRvIGFzc3VtZSBhIHJvbGUgaW4gYSBkaWZmZXJlbnQgYWNjb3VudCBBLCB0aGUgQXNzdW1lUm9sZSB3aWxsIGZhaWwgaWYgdGhlXG4gKiBMYW1iZGEgaXMgZXhlY3V0aW5nIGluIGFuIGFuIG9wdC1pbiByZWdpb24gUiB0byB3aGljaCBhY2NvdW50IEEgaGFzIG5vdCBiZWVuIG9wdGVkIGluLlxuICpcbiAqIFRvIHNvbHZlIHRoaXMsIHdlIHdpbGwgYWx3YXlzIEFzc3VtZVJvbGUgaW4gdGhlIHNhbWUgcmVnaW9uIGFzIHRoZSBSb3V0ZTUzIGNhbGwgd2lsbFxuICogcmVzb2x2ZSB0by5cbiAqL1xuZnVuY3Rpb24gcm91dGU1M1JlZ2lvbihyZWdpb246IHN0cmluZykge1xuICBjb25zdCBwYXJ0aXRpb25zID0ge1xuICAgICdjbic6ICdjbi1ub3J0aHdlc3QtMScsXG4gICAgJ3VzLWdvdic6ICd1cy1nb3Ytd2VzdC0xJyxcbiAgICAndXMtaXNvJzogJ3VzLWlzby1lYXN0LTEnLFxuICAgICd1cy1pc29iJzogJ3VzLWlzb2ItZWFzdC0xJyxcbiAgfTtcblxuICBmb3IgKGNvbnN0IFtwcmVmaXgsIG1haW5SZWdpb25dIG9mIE9iamVjdC5lbnRyaWVzKHBhcnRpdGlvbnMpKSB7XG4gICAgaWYgKHJlZ2lvbi5zdGFydHNXaXRoKGAke3ByZWZpeH0tYCkpIHtcbiAgICAgIHJldHVybiBtYWluUmVnaW9uO1xuICAgIH1cbiAgfVxuXG4gIC8vIERlZmF1bHQgZm9yIGNvbW1lcmNpYWwgcGFydGl0aW9uXG4gIHJldHVybiAndXMtZWFzdC0xJztcbn0iXX0= \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/__entrypoint__.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/__entrypoint__.js similarity index 100% rename from packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7/__entrypoint__.js rename to packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/__entrypoint__.js diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/index.js b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/index.js new file mode 100644 index 0000000000000..6d83e08cd46ad --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a/index.js @@ -0,0 +1 @@ +"use strict";var r=Object.defineProperty;var f=Object.getOwnPropertyDescriptor;var N=Object.getOwnPropertyNames;var h=Object.prototype.hasOwnProperty;var Z=(o,e)=>{for(var s in e)r(o,s,{get:e[s],enumerable:!0})},P=(o,e,s,t)=>{if(e&&typeof e=="object"||typeof e=="function")for(let n of N(e))!h.call(o,n)&&n!==s&&r(o,n,{get:()=>e[n],enumerable:!(t=f(e,n))||t.enumerable});return o};var E=o=>P(r({},"__esModule",{value:!0}),o);var A={};Z(A,{handler:()=>w});module.exports=E(A);var c=require("@aws-sdk/client-route-53"),u=require("@aws-sdk/credential-providers");async function w(o){let e=o.ResourceProperties;switch(o.RequestType){case"Create":case"Update":return i(e,!1);case"Delete":return i(e,!0)}}async function i(o,e){let{AssumeRoleArn:s,ParentZoneId:t,ParentZoneName:n,DelegatedZoneName:m,DelegatedZoneNameServers:d,TTL:g}=o;if(!t&&!n)throw Error("One of ParentZoneId or ParentZoneName must be specified");let l=new Date().getTime(),a=new c.Route53({credentials:(0,u.fromTemporaryCredentials)({clientConfig:{region:T(process.env.AWS_REGION??process.env.AWS_DEFAULT_REGION??"")},params:{RoleArn:s,RoleSessionName:`cross-account-zone-delegation-${l}`}})}),R=t??await S(n,a);await a.changeResourceRecordSets({HostedZoneId:R,ChangeBatch:{Changes:[{Action:e?"DELETE":"UPSERT",ResourceRecordSet:{Name:m,Type:"NS",TTL:g,ResourceRecords:d.map(p=>({Value:p}))}}]}})}async function S(o,e){let t=(await e.listHostedZonesByName({DNSName:o})).HostedZones?.filter(n=>n.Name===`${o}.`)??[];if(t&&t.length!==1)throw Error(`Expected one hosted zone to match the given name but found ${t.length}`);return t[0].Id}function T(o){let e={cn:"cn-northwest-1","us-gov":"us-gov-west-1","us-iso":"us-iso-east-1","us-isob":"us-isob-east-1"};for(let[s,t]of Object.entries(e))if(o.startsWith(`${s}-`))return t;return"us-east-1"}0&&(module.exports={handler}); diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json index 98e48868ca461..120006848b7f4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.assets.json @@ -1,21 +1,21 @@ { "version": "35.0.0", "files": { - "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7": { + "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a": { "source": { - "path": "asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7", + "path": "asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a", "packaging": "zip" }, "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7.zip", + "objectKey": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } } }, - "724fcbf9d2e61f5f01219e5ccf1893c6a7e501628b6b58e7f196e06a8ffc40a4": { + "6d179d9e2df3b560501778a556c740c38cc7bb570462ba98f24a0ecc276c5979": { "source": { "path": "child-opt-in-stack.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "234567890123-af-south-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-af-south-1", - "objectKey": "724fcbf9d2e61f5f01219e5ccf1893c6a7e501628b6b58e7f196e06a8ffc40a4.json", + "objectKey": "6d179d9e2df3b560501778a556c740c38cc7bb570462ba98f24a0ecc276c5979.json", "region": "af-south-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-af-south-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json index f7f290dc97527..154ebc04c51f5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-opt-in-stack.template.json @@ -103,7 +103,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-af-south-1", - "S3Key": "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7.zip" + "S3Key": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json index c8215193d39ba..d11d9d18ca1b2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.assets.json @@ -1,21 +1,21 @@ { "version": "35.0.0", "files": { - "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7": { + "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a": { "source": { - "path": "asset.2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7", + "path": "asset.8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a", "packaging": "zip" }, "destinations": { "234567890123-us-east-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7.zip", + "objectKey": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" } } }, - "f9bf49bbd725ecaa31a6ed5c97d7065bfa59fb5a31448ec069e2029c6e7a0b26": { + "fcdf10d0b55ed0b26eaa351d4c10e29d6e41d1a6b3a45893da6810ed9a91a0a2": { "source": { "path": "child-stack.template.json", "packaging": "file" @@ -23,7 +23,7 @@ "destinations": { "234567890123-us-east-1": { "bucketName": "cdk-hnb659fds-assets-234567890123-us-east-1", - "objectKey": "f9bf49bbd725ecaa31a6ed5c97d7065bfa59fb5a31448ec069e2029c6e7a0b26.json", + "objectKey": "fcdf10d0b55ed0b26eaa351d4c10e29d6e41d1a6b3a45893da6810ed9a91a0a2.json", "region": "us-east-1", "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-file-publishing-role-234567890123-us-east-1" } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json index 5dbe7336da9ae..18d488b79c647 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/child-stack.template.json @@ -103,7 +103,7 @@ "Properties": { "Code": { "S3Bucket": "cdk-hnb659fds-assets-234567890123-us-east-1", - "S3Key": "2b579e92e62b1fec719d37bec6b4c9a853eb770a1ec95bbfb0cb301be93af3b7.zip" + "S3Key": "8b3eb4893317dd327e9817a7e5472f97fd34125627ca21ac8cd6b0303a869b9a.zip" }, "Timeout": 900, "MemorySize": 128, diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json index 2090bc5bc5a3e..617ec2dc08f59 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-route53/test/integ.cross-account-zone-delegation.js.snapshot/manifest.json @@ -84,7 +84,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-us-east-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-us-east-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-us-east-1/f9bf49bbd725ecaa31a6ed5c97d7065bfa59fb5a31448ec069e2029c6e7a0b26.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-us-east-1/fcdf10d0b55ed0b26eaa351d4c10e29d6e41d1a6b3a45893da6810ed9a91a0a2.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ @@ -163,7 +163,7 @@ "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-deploy-role-234567890123-af-south-1", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::234567890123:role/cdk-hnb659fds-cfn-exec-role-234567890123-af-south-1", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/724fcbf9d2e61f5f01219e5ccf1893c6a7e501628b6b58e7f196e06a8ffc40a4.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-234567890123-af-south-1/6d179d9e2df3b560501778a556c740c38cc7bb570462ba98f24a0ecc276c5979.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ diff --git a/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts b/packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts similarity index 100% rename from packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/index.ts rename to packages/@aws-cdk/custom-resource-handlers/lib/aws-route53/cross-account-zone-delegation-handler/index.ts diff --git a/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts b/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts similarity index 98% rename from packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts rename to packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts index 8696c93c62d3b..d26356be46bbc 100644 --- a/packages/aws-cdk-lib/aws-route53/test/cross-account-zone-delegation-handler/index.test.ts +++ b/packages/@aws-cdk/custom-resource-handlers/test/aws-route53/cross-account-zone-delegation-handler.test.ts @@ -1,4 +1,4 @@ -import { handler } from '../../lib/cross-account-zone-delegation-handler'; +import { handler } from '../../lib/aws-route53/cross-account-zone-delegation-handler/index'; const mockAssumeRole = jest.fn(); const mockChangeResourceRecordSets = jest.fn(); diff --git a/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/.is_custom_resource b/packages/aws-cdk-lib/aws-route53/lib/cross-account-zone-delegation-handler/.is_custom_resource deleted file mode 100644 index e69de29bb2d1d..0000000000000 diff --git a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts index d47f29f6b953b..f9f34f60e7fcd 100644 --- a/packages/aws-cdk-lib/aws-route53/lib/record-set.ts +++ b/packages/aws-cdk-lib/aws-route53/lib/record-set.ts @@ -774,7 +774,7 @@ export class CrossAccountZoneDelegationRecord extends Construct { } const provider = CustomResourceProvider.getOrCreateProvider(this, CROSS_ACCOUNT_ZONE_DELEGATION_RESOURCE_TYPE, { - codeDirectory: path.join(__dirname, 'cross-account-zone-delegation-handler'), + codeDirectory: path.join(__dirname, '..', '..', 'custom-resource-handlers', 'dist', 'aws-route53', 'cross-account-zone-delegation-handler'), runtime: CustomResourceProviderRuntime.NODEJS_18_X, });