From 32b4bf01c9bb5725c62b57c46c097a66dcf81027 Mon Sep 17 00:00:00 2001 From: Nick Lynch Date: Tue, 28 Jul 2020 13:41:17 +0100 Subject: [PATCH] chore(certificatemanager): convert tests to Jest (#9290) Converted all tests in the module to use Jest instead of nodeunit. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license* --- .../aws-certificatemanager/.gitignore | 3 +- .../aws-certificatemanager/.npmignore | 3 +- .../aws-certificatemanager/jest.config.js | 2 + .../aws-certificatemanager/package.json | 5 +- .../test/certificate.test.ts | 211 ++++++++++++++++ .../test/dns-validated-certificate.test.ts | 192 +++++++++++++++ .../test/test.certificate.ts | 233 ------------------ .../test/test.dns-validated-certificate.ts | 207 ---------------- .../aws-certificatemanager/test/test.util.ts | 108 -------- .../aws-certificatemanager/test/util.test.ts | 105 ++++++++ 10 files changed, 516 insertions(+), 553 deletions(-) create mode 100644 packages/@aws-cdk/aws-certificatemanager/jest.config.js create mode 100644 packages/@aws-cdk/aws-certificatemanager/test/certificate.test.ts create mode 100644 packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts delete mode 100644 packages/@aws-cdk/aws-certificatemanager/test/test.certificate.ts delete mode 100644 packages/@aws-cdk/aws-certificatemanager/test/test.dns-validated-certificate.ts delete mode 100644 packages/@aws-cdk/aws-certificatemanager/test/test.util.ts create mode 100644 packages/@aws-cdk/aws-certificatemanager/test/util.test.ts diff --git a/packages/@aws-cdk/aws-certificatemanager/.gitignore b/packages/@aws-cdk/aws-certificatemanager/.gitignore index 018c65919d67c..266c0684c6844 100644 --- a/packages/@aws-cdk/aws-certificatemanager/.gitignore +++ b/packages/@aws-cdk/aws-certificatemanager/.gitignore @@ -14,5 +14,6 @@ nyc.config.js .LAST_PACKAGE *.snk !.eslintrc.js +!jest.config.js -junit.xml \ No newline at end of file +junit.xml diff --git a/packages/@aws-cdk/aws-certificatemanager/.npmignore b/packages/@aws-cdk/aws-certificatemanager/.npmignore index 5b76353bc079b..0a336369a6bfb 100644 --- a/packages/@aws-cdk/aws-certificatemanager/.npmignore +++ b/packages/@aws-cdk/aws-certificatemanager/.npmignore @@ -25,4 +25,5 @@ tsconfig.json # exclude cdk artifacts **/cdk.out -junit.xml \ No newline at end of file +junit.xml +jest.config.js diff --git a/packages/@aws-cdk/aws-certificatemanager/jest.config.js b/packages/@aws-cdk/aws-certificatemanager/jest.config.js new file mode 100644 index 0000000000000..cd664e1d069e5 --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/jest.config.js @@ -0,0 +1,2 @@ +const baseConfig = require('../../../tools/cdk-build-tools/config/jest.config'); +module.exports = baseConfig; diff --git a/packages/@aws-cdk/aws-certificatemanager/package.json b/packages/@aws-cdk/aws-certificatemanager/package.json index adb40b6ddbe4e..000d643df48ec 100644 --- a/packages/@aws-cdk/aws-certificatemanager/package.json +++ b/packages/@aws-cdk/aws-certificatemanager/package.json @@ -47,7 +47,8 @@ "compat": "cdk-compat" }, "cdk-build": { - "cloudformation": "AWS::CertificateManager" + "cloudformation": "AWS::CertificateManager", + "jest": true }, "keywords": [ "aws", @@ -63,10 +64,8 @@ "license": "Apache-2.0", "devDependencies": { "@aws-cdk/assert": "0.0.0", - "@types/nodeunit": "^0.0.31", "cdk-build-tools": "0.0.0", "cfn2ts": "0.0.0", - "nodeunit": "^0.11.3", "pkglint": "0.0.0" }, "dependencies": { diff --git a/packages/@aws-cdk/aws-certificatemanager/test/certificate.test.ts b/packages/@aws-cdk/aws-certificatemanager/test/certificate.test.ts new file mode 100644 index 0000000000000..4b122b7eae754 --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/certificate.test.ts @@ -0,0 +1,211 @@ +import '@aws-cdk/assert/jest'; +import * as route53 from '@aws-cdk/aws-route53'; +import { Lazy, Stack } from '@aws-cdk/core'; +import { Certificate, CertificateValidation, ValidationMethod } from '../lib'; + +test('apex domain selection by default', () => { + const stack = new Stack(); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + DomainValidationOptions: [{ + DomainName: 'test.example.com', + ValidationDomain: 'example.com', + }], + }); +}); + +test('validation domain can be overridden', () => { + const stack = new Stack(); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + validationDomains: { + 'test.example.com': 'test.example.com', + }, + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainValidationOptions: [{ + DomainName: 'test.example.com', + ValidationDomain: 'test.example.com', + }], + }); +}); + +test('export and import', () => { + // GIVEN + const stack = new Stack(); + + // WHEN + const c = Certificate.fromCertificateArn(stack, 'Imported', 'cert-arn'); + + // THEN + expect(c.certificateArn).toBe('cert-arn'); +}); + +test('can configure validation method', () => { + const stack = new Stack(); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + validationMethod: ValidationMethod.DNS, + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + ValidationMethod: 'DNS', + }); +}); + +test('needs validation domain supplied if domain contains a token', () => { + const stack = new Stack(); + + expect(() => { + const domainName = Lazy.stringValue({ produce: () => 'example.com' }); + new Certificate(stack, 'Certificate', { + domainName, + }); + }).toThrow(/'validationDomains' needs to be supplied/); +}); + +test('validationdomains can be given for a Token', () => { + const stack = new Stack(); + + const domainName = Lazy.stringValue({ produce: () => 'my.example.com' }); + new Certificate(stack, 'Certificate', { + domainName, + validationDomains: { + [domainName]: 'example.com', + }, + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'my.example.com', + DomainValidationOptions: [{ + DomainName: 'my.example.com', + ValidationDomain: 'example.com', + }], + }); +}); + +test('CertificateValidation.fromEmail', () => { + const stack = new Stack(); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + subjectAlternativeNames: ['extra.example.com'], + validation: CertificateValidation.fromEmail({ + 'test.example.com': 'example.com', + }), + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + SubjectAlternativeNames: ['extra.example.com'], + DomainValidationOptions: [ + { + DomainName: 'test.example.com', + ValidationDomain: 'example.com', + }, + { + DomainName: 'extra.example.com', + ValidationDomain: 'example.com', + }, + ], + ValidationMethod: 'EMAIL', + }); +}); + +test('CertificateValidation.fromDns', () => { + const stack = new Stack(); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + subjectAlternativeNames: ['extra.example.com'], + validation: CertificateValidation.fromDns(), + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + SubjectAlternativeNames: ['extra.example.com'], + ValidationMethod: 'DNS', + }); +}); + +test('CertificateValidation.fromDns with hosted zone', () => { + const stack = new Stack(); + + const exampleCom = new route53.HostedZone(stack, 'ExampleCom', { + zoneName: 'example.com', + }); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + validation: CertificateValidation.fromDns(exampleCom), + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + DomainValidationOptions: [ + { + DomainName: 'test.example.com', + HostedZoneId: { + Ref: 'ExampleCom20E1324B', + }, + }, + ], + ValidationMethod: 'DNS', + }); +}); + +test('CertificateValidation.fromDnsMultiZone', () => { + const stack = new Stack(); + + const exampleCom = new route53.HostedZone(stack, 'ExampleCom', { + zoneName: 'example.com', + }); + + const exampleNet = new route53.HostedZone(stack, 'ExampleNet', { + zoneName: 'example.com', + }); + + new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + subjectAlternativeNames: ['cool.example.com', 'test.example.net'], + validation: CertificateValidation.fromDnsMultiZone({ + 'test.example.com': exampleCom, + 'cool.example.com': exampleCom, + 'test.example.net': exampleNet, + }), + }); + + expect(stack).toHaveResource('AWS::CertificateManager::Certificate', { + DomainName: 'test.example.com', + DomainValidationOptions: [ + { + DomainName: 'test.example.com', + HostedZoneId: { + Ref: 'ExampleCom20E1324B', + }, + }, + { + DomainName: 'cool.example.com', + HostedZoneId: { + Ref: 'ExampleCom20E1324B', + }, + }, + { + DomainName: 'test.example.net', + HostedZoneId: { + Ref: 'ExampleNetF7CA40C9', + }, + }, + ], + ValidationMethod: 'DNS', + }); +}); diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts new file mode 100644 index 0000000000000..1e283f558880e --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts @@ -0,0 +1,192 @@ +import '@aws-cdk/assert/jest'; +import { SynthUtils } from '@aws-cdk/assert'; +import * as iam from '@aws-cdk/aws-iam'; +import { HostedZone, PublicHostedZone } from '@aws-cdk/aws-route53'; +import { App, Stack, Token } from '@aws-cdk/core'; +import { DnsValidatedCertificate } from '../lib/dns-validated-certificate'; + +test('creates CloudFormation Custom Resource', () => { + const stack = new Stack(); + + const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + + new DnsValidatedCertificate(stack, 'Certificate', { + domainName: 'test.example.com', + hostedZone: exampleDotComZone, + }); + + expect(stack).toHaveResource('AWS::CloudFormation::CustomResource', { + DomainName: 'test.example.com', + ServiceToken: { + 'Fn::GetAtt': [ + 'CertificateCertificateRequestorFunction5E845413', + 'Arn', + ], + }, + HostedZoneId: { + Ref: 'ExampleDotCom4D1B83AA', + }, + }); + expect(stack).toHaveResource('AWS::Lambda::Function', { + Handler: 'index.certificateRequestHandler', + Runtime: 'nodejs10.x', + Timeout: 900, + }); + expect(stack).toHaveResource('AWS::IAM::Policy', { + PolicyName: 'CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC', + Roles: [ + { + Ref: 'CertificateCertificateRequestorFunctionServiceRoleC04C13DA', + }, + ], + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Action: [ + 'acm:RequestCertificate', + 'acm:DescribeCertificate', + 'acm:DeleteCertificate', + ], + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'route53:GetChange', + Effect: 'Allow', + Resource: '*', + }, + { + Action: 'route53:changeResourceRecordSets', + Effect: 'Allow', + Resource: { + 'Fn::Join': [ + '', + [ + 'arn:', + { Ref: 'AWS::Partition' }, + ':route53:::hostedzone/', + { Ref: 'ExampleDotCom4D1B83AA' }, + ], + ], + }, + }, + ], + }, + }); +}); + +test('adds validation error on domain mismatch', () => { + const stack = new Stack(); + + const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { + zoneName: 'hello.com', + }); + + new DnsValidatedCertificate(stack, 'Cert', { + domainName: 'example.com', + hostedZone: helloDotComZone, + }); + + expect(() => { + SynthUtils.synthesize(stack); + }).toThrow(/DNS zone hello.com is not authoritative for certificate domain name example.com/); +}); + +test('does not try to validate unresolved tokens', () => { + const stack = new Stack(); + + const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { + zoneName: Token.asString('hello.com'), + }); + + new DnsValidatedCertificate(stack, 'Cert', { + domainName: 'hello.com', + hostedZone: helloDotComZone, + }); + + SynthUtils.synthesize(stack); // does not throw +}); + +test('test root certificate', () => { + const stack = new Stack(); + + const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + + new DnsValidatedCertificate(stack, 'Cert', { + domainName: 'example.com', + hostedZone: exampleDotComZone, + }); + + expect(stack).toHaveResource('AWS::CloudFormation::CustomResource', { + ServiceToken: { + 'Fn::GetAtt': [ + 'CertCertificateRequestorFunction98FDF273', + 'Arn', + ], + }, + DomainName: 'example.com', + HostedZoneId: { + Ref: 'ExampleDotCom4D1B83AA', + }, + }); +}); + +test('works with imported zone', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'Stack', { + env: { account: '12345678', region: 'us-blue-5' }, + }); + const imported = HostedZone.fromLookup(stack, 'ExampleDotCom', { + domainName: 'mydomain.com', + }); + + // WHEN + new DnsValidatedCertificate(stack, 'Cert', { + domainName: 'mydomain.com', + hostedZone: imported, + route53Endpoint: 'https://api.route53.xxx.com', + }); + + // THEN + expect(stack).toHaveResource('AWS::CloudFormation::CustomResource', { + ServiceToken: { + 'Fn::GetAtt': [ + 'CertCertificateRequestorFunction98FDF273', + 'Arn', + ], + }, + DomainName: 'mydomain.com', + HostedZoneId: 'DUMMY', + Route53Endpoint: 'https://api.route53.xxx.com', + }); +}); + +test('works with imported role', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'Stack', { + env: { account: '12345678', region: 'us-blue-5' }, + }); + const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { + zoneName: 'hello.com', + }); + const role = iam.Role.fromRoleArn(stack, 'Role', 'arn:aws:iam::account-id:role/role-name'); + + // WHEN + new DnsValidatedCertificate(stack, 'Cert', { + domainName: 'hello.com', + hostedZone: helloDotComZone, + customResourceRole: role, + }); + + // THEN + expect(stack).toHaveResource('AWS::Lambda::Function', { + Role: 'arn:aws:iam::account-id:role/role-name', + }); +}); diff --git a/packages/@aws-cdk/aws-certificatemanager/test/test.certificate.ts b/packages/@aws-cdk/aws-certificatemanager/test/test.certificate.ts deleted file mode 100644 index 3b0de2e1ba1f2..0000000000000 --- a/packages/@aws-cdk/aws-certificatemanager/test/test.certificate.ts +++ /dev/null @@ -1,233 +0,0 @@ -import { expect, haveResource } from '@aws-cdk/assert'; -import * as route53 from '@aws-cdk/aws-route53'; -import { Lazy, Stack } from '@aws-cdk/core'; -import { Test } from 'nodeunit'; -import { Certificate, CertificateValidation, ValidationMethod } from '../lib'; - -export = { - 'apex domain selection by default'(test: Test) { - const stack = new Stack(); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - DomainValidationOptions: [{ - DomainName: 'test.example.com', - ValidationDomain: 'example.com', - }], - })); - - test.done(); - }, - - 'validation domain can be overridden'(test: Test) { - const stack = new Stack(); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - validationDomains: { - 'test.example.com': 'test.example.com', - }, - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainValidationOptions: [{ - DomainName: 'test.example.com', - ValidationDomain: 'test.example.com', - }], - })); - - test.done(); - }, - - 'export and import'(test: Test) { - // GIVEN - const stack = new Stack(); - - // WHEN - const c = Certificate.fromCertificateArn(stack, 'Imported', 'cert-arn'); - - // THEN - test.deepEqual(c.certificateArn, 'cert-arn'); - test.done(); - }, - - 'can configure validation method'(test: Test) { - const stack = new Stack(); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - validationMethod: ValidationMethod.DNS, - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - ValidationMethod: 'DNS', - })); - - test.done(); - }, - - 'needs validation domain supplied if domain contains a token'(test: Test) { - const stack = new Stack(); - - test.throws(() => { - const domainName = Lazy.stringValue({ produce: () => 'example.com' }); - new Certificate(stack, 'Certificate', { - domainName, - }); - }, /'validationDomains' needs to be supplied/); - - test.done(); - }, - - 'validationdomains can be given for a Token'(test: Test) { - const stack = new Stack(); - - const domainName = Lazy.stringValue({ produce: () => 'my.example.com' }); - new Certificate(stack, 'Certificate', { - domainName, - validationDomains: { - [domainName]: 'example.com', - }, - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'my.example.com', - DomainValidationOptions: [{ - DomainName: 'my.example.com', - ValidationDomain: 'example.com', - }], - })); - - test.done(); - }, - - 'CertificateValidation.fromEmail'(test: Test) { - const stack = new Stack(); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - subjectAlternativeNames: ['extra.example.com'], - validation: CertificateValidation.fromEmail({ - 'test.example.com': 'example.com', - }), - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - SubjectAlternativeNames: ['extra.example.com'], - DomainValidationOptions: [ - { - DomainName: 'test.example.com', - ValidationDomain: 'example.com', - }, - { - DomainName: 'extra.example.com', - ValidationDomain: 'example.com', - }, - ], - ValidationMethod: 'EMAIL', - })); - - test.done(); - }, - - 'CertificateValidation.fromDns'(test: Test) { - const stack = new Stack(); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - subjectAlternativeNames: ['extra.example.com'], - validation: CertificateValidation.fromDns(), - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - SubjectAlternativeNames: ['extra.example.com'], - ValidationMethod: 'DNS', - })); - - test.done(); - }, - - 'CertificateValidation.fromDns with hosted zone'(test: Test) { - const stack = new Stack(); - - const exampleCom = new route53.HostedZone(stack, 'ExampleCom', { - zoneName: 'example.com', - }); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - validation: CertificateValidation.fromDns(exampleCom), - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - DomainValidationOptions: [ - { - DomainName: 'test.example.com', - HostedZoneId: { - Ref: 'ExampleCom20E1324B', - }, - }, - ], - ValidationMethod: 'DNS', - })); - - test.done(); - }, - - 'CertificateValidation.fromDnsMultiZone'(test: Test) { - const stack = new Stack(); - - const exampleCom = new route53.HostedZone(stack, 'ExampleCom', { - zoneName: 'example.com', - }); - - const exampleNet = new route53.HostedZone(stack, 'ExampleNet', { - zoneName: 'example.com', - }); - - new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - subjectAlternativeNames: ['cool.example.com', 'test.example.net'], - validation: CertificateValidation.fromDnsMultiZone({ - 'test.example.com': exampleCom, - 'cool.example.com': exampleCom, - 'test.example.net': exampleNet, - }), - }); - - expect(stack).to(haveResource('AWS::CertificateManager::Certificate', { - DomainName: 'test.example.com', - DomainValidationOptions: [ - { - DomainName: 'test.example.com', - HostedZoneId: { - Ref: 'ExampleCom20E1324B', - }, - }, - { - DomainName: 'cool.example.com', - HostedZoneId: { - Ref: 'ExampleCom20E1324B', - }, - }, - { - DomainName: 'test.example.net', - HostedZoneId: { - Ref: 'ExampleNetF7CA40C9', - }, - }, - ], - ValidationMethod: 'DNS', - })); - - test.done(); - }, -}; diff --git a/packages/@aws-cdk/aws-certificatemanager/test/test.dns-validated-certificate.ts b/packages/@aws-cdk/aws-certificatemanager/test/test.dns-validated-certificate.ts deleted file mode 100644 index 6a718bb39d39d..0000000000000 --- a/packages/@aws-cdk/aws-certificatemanager/test/test.dns-validated-certificate.ts +++ /dev/null @@ -1,207 +0,0 @@ -import { expect, haveResource, SynthUtils } from '@aws-cdk/assert'; -import * as iam from '@aws-cdk/aws-iam'; -import { HostedZone, PublicHostedZone } from '@aws-cdk/aws-route53'; -import { App, Stack, Token } from '@aws-cdk/core'; -import { Test } from 'nodeunit'; -import { DnsValidatedCertificate } from '../lib/dns-validated-certificate'; - -export = { - 'creates CloudFormation Custom Resource'(test: Test) { - const stack = new Stack(); - - const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { - zoneName: 'example.com', - }); - - new DnsValidatedCertificate(stack, 'Certificate', { - domainName: 'test.example.com', - hostedZone: exampleDotComZone, - }); - - expect(stack).to(haveResource('AWS::CloudFormation::CustomResource', { - DomainName: 'test.example.com', - ServiceToken: { - 'Fn::GetAtt': [ - 'CertificateCertificateRequestorFunction5E845413', - 'Arn', - ], - }, - HostedZoneId: { - Ref: 'ExampleDotCom4D1B83AA', - }, - })); - expect(stack).to(haveResource('AWS::Lambda::Function', { - Handler: 'index.certificateRequestHandler', - Runtime: 'nodejs10.x', - Timeout: 900, - })); - expect(stack).to(haveResource('AWS::IAM::Policy', { - PolicyName: 'CertificateCertificateRequestorFunctionServiceRoleDefaultPolicy3C8845BC', - Roles: [ - { - Ref: 'CertificateCertificateRequestorFunctionServiceRoleC04C13DA', - }, - ], - PolicyDocument: { - Version: '2012-10-17', - Statement: [ - { - Action: [ - 'acm:RequestCertificate', - 'acm:DescribeCertificate', - 'acm:DeleteCertificate', - ], - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'route53:GetChange', - Effect: 'Allow', - Resource: '*', - }, - { - Action: 'route53:changeResourceRecordSets', - Effect: 'Allow', - Resource: { - 'Fn::Join': [ - '', - [ - 'arn:', - { Ref: 'AWS::Partition' }, - ':route53:::hostedzone/', - { Ref: 'ExampleDotCom4D1B83AA' }, - ], - ], - }, - }, - ], - }, - })); - - test.done(); - }, - - 'adds validation error on domain mismatch'(test: Test) { - const stack = new Stack(); - - const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { - zoneName: 'hello.com', - }); - - new DnsValidatedCertificate(stack, 'Cert', { - domainName: 'example.com', - hostedZone: helloDotComZone, - }); - - test.throws(() => { - SynthUtils.synthesize(stack); - }, /DNS zone hello.com is not authoritative for certificate domain name example.com/); - - test.done(); - }, - - 'does not try to validate unresolved tokens'(test: Test) { - const stack = new Stack(); - - const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { - zoneName: Token.asString('hello.com'), - }); - - new DnsValidatedCertificate(stack, 'Cert', { - domainName: 'hello.com', - hostedZone: helloDotComZone, - }); - - test.doesNotThrow(() => { - SynthUtils.synthesize(stack); - }); - - test.done(); - }, - - 'test root certificate'(test: Test) { - const stack = new Stack(); - - const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { - zoneName: 'example.com', - }); - - new DnsValidatedCertificate(stack, 'Cert', { - domainName: 'example.com', - hostedZone: exampleDotComZone, - }); - - expect(stack).to(haveResource('AWS::CloudFormation::CustomResource', { - ServiceToken: { - 'Fn::GetAtt': [ - 'CertCertificateRequestorFunction98FDF273', - 'Arn', - ], - }, - DomainName: 'example.com', - HostedZoneId: { - Ref: 'ExampleDotCom4D1B83AA', - }, - })); - test.done(); - }, - - 'works with imported zone'(test: Test) { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'Stack', { - env: { account: '12345678', region: 'us-blue-5' }, - }); - const imported = HostedZone.fromLookup(stack, 'ExampleDotCom', { - domainName: 'mydomain.com', - }); - - // WHEN - new DnsValidatedCertificate(stack, 'Cert', { - domainName: 'mydomain.com', - hostedZone: imported, - route53Endpoint: 'https://api.route53.xxx.com', - }); - - // THEN - expect(stack).to(haveResource('AWS::CloudFormation::CustomResource', { - ServiceToken: { - 'Fn::GetAtt': [ - 'CertCertificateRequestorFunction98FDF273', - 'Arn', - ], - }, - DomainName: 'mydomain.com', - HostedZoneId: 'DUMMY', - Route53Endpoint: 'https://api.route53.xxx.com', - })); - - test.done(); - }, - - 'works with imported role'(test: Test) { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'Stack', { - env: { account: '12345678', region: 'us-blue-5' }, - }); - const helloDotComZone = new PublicHostedZone(stack, 'HelloDotCom', { - zoneName: 'hello.com', - }); - const role = iam.Role.fromRoleArn(stack, 'Role', 'arn:aws:iam::account-id:role/role-name'); - - // WHEN - new DnsValidatedCertificate(stack, 'Cert', { - domainName: 'hello.com', - hostedZone: helloDotComZone, - customResourceRole: role, - }); - - // THEN - expect(stack).to(haveResource('AWS::Lambda::Function', { - Role: 'arn:aws:iam::account-id:role/role-name', - })); - - test.done(); - }, -}; diff --git a/packages/@aws-cdk/aws-certificatemanager/test/test.util.ts b/packages/@aws-cdk/aws-certificatemanager/test/test.util.ts deleted file mode 100644 index 9751d3e0b7f7e..0000000000000 --- a/packages/@aws-cdk/aws-certificatemanager/test/test.util.ts +++ /dev/null @@ -1,108 +0,0 @@ -import { PublicHostedZone } from '@aws-cdk/aws-route53'; -import { App, Stack } from '@aws-cdk/core'; -import { Test } from 'nodeunit'; -import { Certificate, DnsValidatedCertificate } from '../lib'; -import { apexDomain, getCertificateRegion, isDnsValidatedCertificate } from '../lib/util'; - -export = { - 'apex domain': { - 'returns right domain'(test: Test) { - test.equals('domain.com', apexDomain('domain.com')); - test.equals('domain.com', apexDomain('test.domain.com')); - test.done(); - }, - - 'understands eTLDs'(test: Test) { - test.equals('domain.co.uk', apexDomain('test.domain.co.uk')); - test.done(); - }, - }, - 'isDnsValidatedCertificate': { - 'new DnsValidatedCertificate is a DnsValidatedCertificate'(test: Test) { - const stack = new Stack(); - - const hostedZone = new PublicHostedZone(stack, 'ExampleDotCom', { - zoneName: 'example.com', - }); - const cert = new DnsValidatedCertificate(stack, 'Certificate', { - domainName: 'test.example.com', - hostedZone, - }); - - test.ok(isDnsValidatedCertificate(cert)); - test.done(); - }, - 'new Certificate is not a DnsValidatedCertificate'(test: Test) { - const stack = new Stack(); - - const cert = new Certificate(stack, 'Certificate', { - domainName: 'test.example.com', - }); - - test.ok(!isDnsValidatedCertificate(cert)); - test.done(); - }, - 'fromCertificateArn is not a DnsValidatedCertificate'(test: Test) { - const stack = new Stack(); - - const cert = Certificate.fromCertificateArn(stack, 'Certificate', 'cert-arn'); - - test.ok(!isDnsValidatedCertificate(cert)); - test.done(); - }, - }, - 'getCertificateRegion': { - 'from stack'(test: Test) { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); - - const certificate = new Certificate(stack, 'TestCertificate', { - domainName: 'www.example.com', - }); - - test.equals(getCertificateRegion(certificate), 'eu-west-1'); - test.done(); - }, - 'from DnsValidatedCertificate region'(test: Test) { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); - const hostedZone = new PublicHostedZone(stack, 'ExampleDotCom', { - zoneName: 'example.com', - }); - - const certificate = new DnsValidatedCertificate(stack, 'TestCertificate', { - domainName: 'www.example.com', - hostedZone, - region: 'eu-west-3', - }); - - test.equals(getCertificateRegion(certificate), 'eu-west-3'); - test.done(); - }, - 'fromCertificateArn'(test: Test) { - // GIVEN - const app = new App(); - const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); - - const certificate = Certificate.fromCertificateArn( - stack, 'TestCertificate', 'arn:aws:acm:us-east-2:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', - ); - - test.equals(getCertificateRegion(certificate), 'us-east-2'); - test.done(); - }, - 'region agnostic stack'(test: Test) { - // GIVEN - const stack = new Stack(); - - const certificate = new Certificate(stack, 'TestCertificate', { - domainName: 'www.example.com', - }); - - test.equals(getCertificateRegion(certificate), '${Token[AWS::Region.4]}'); - test.done(); - }, - }, -}; diff --git a/packages/@aws-cdk/aws-certificatemanager/test/util.test.ts b/packages/@aws-cdk/aws-certificatemanager/test/util.test.ts new file mode 100644 index 0000000000000..ff9018ad4ca4d --- /dev/null +++ b/packages/@aws-cdk/aws-certificatemanager/test/util.test.ts @@ -0,0 +1,105 @@ +import '@aws-cdk/assert/jest'; +import { PublicHostedZone } from '@aws-cdk/aws-route53'; +import { App, Stack } from '@aws-cdk/core'; +import { Certificate, DnsValidatedCertificate } from '../lib'; +import { apexDomain, getCertificateRegion, isDnsValidatedCertificate } from '../lib/util'; + +describe('apex domain', () => { + test('returns right domain', () => { + expect(apexDomain('domain.com')).toEqual('domain.com'); + expect(apexDomain('test.domain.com')).toEqual('domain.com'); + }); + + test('understands eTLDs', () => { + expect(apexDomain('test.domain.co.uk')).toEqual('domain.co.uk'); + }); +}); + +describe('isDnsValidatedCertificate', () => { + test('new DnsValidatedCertificate is a DnsValidatedCertificate', () => { + const stack = new Stack(); + + const hostedZone = new PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + const cert = new DnsValidatedCertificate(stack, 'Certificate', { + domainName: 'test.example.com', + hostedZone, + }); + + expect(isDnsValidatedCertificate(cert)).toBeTruthy(); + }); + + test('new Certificate is not a DnsValidatedCertificate', () => { + const stack = new Stack(); + + const cert = new Certificate(stack, 'Certificate', { + domainName: 'test.example.com', + }); + + expect(isDnsValidatedCertificate(cert)).toBeFalsy(); + }); + + test('fromCertificateArn is not a DnsValidatedCertificate', () => { + const stack = new Stack(); + + const cert = Certificate.fromCertificateArn(stack, 'Certificate', 'cert-arn'); + + expect(isDnsValidatedCertificate(cert)).toBeFalsy(); + }); +}); + +describe('getCertificateRegion', () => { + test('from stack', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); + + const certificate = new Certificate(stack, 'TestCertificate', { + domainName: 'www.example.com', + }); + + expect(getCertificateRegion(certificate)).toEqual('eu-west-1'); + }); + + test('from DnsValidatedCertificate region', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); + const hostedZone = new PublicHostedZone(stack, 'ExampleDotCom', { + zoneName: 'example.com', + }); + + const certificate = new DnsValidatedCertificate(stack, 'TestCertificate', { + domainName: 'www.example.com', + hostedZone, + region: 'eu-west-3', + }); + + expect(getCertificateRegion(certificate)).toEqual('eu-west-3'); + }); + + test('fromCertificateArn', () => { + // GIVEN + const app = new App(); + const stack = new Stack(app, 'RegionStack', {env: {region: 'eu-west-1'}}); + + const certificate = Certificate.fromCertificateArn( + stack, 'TestCertificate', 'arn:aws:acm:us-east-2:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', + ); + + expect(getCertificateRegion(certificate)).toEqual('us-east-2'); + }); + + test('region agnostic stack', () => { + // GIVEN + const stack = new Stack(); + + const certificate = new Certificate(stack, 'TestCertificate', { + domainName: 'www.example.com', + }); + + expect(getCertificateRegion(certificate)).toEqual('${Token[AWS::Region.4]}'); + }); + +});