Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(apigateway): cleanup DomainName TLS docstring and tests #13309

Merged
merged 10 commits into from
Mar 3, 2021
Merged

chore(apigateway): cleanup DomainName TLS docstring and tests #13309

Show file tree
Hide file tree
Changes from 7 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
6514046
chore(apigateway): cleanup DomainName TLS docstring and tests
robertd Feb 27, 2021
e510a77
update integration test in aws-route53-targets module
robertd Feb 27, 2021
89533c3
Revert "update integration test in aws-route53-targets module"
robertd Mar 3, 2021
dc18d74
remove setting TLS by default
robertd Mar 3, 2021
3e4e796
Merge branch 'master' into robertd/api-gateway-tls
robertd Mar 3, 2021
724a546
Merge branch 'master' into robertd/api-gateway-tls
robertd Mar 3, 2021
eaa8d61
update docstring for security policy
robertd Mar 3, 2021
9e7c209
Merge branch 'master' into robertd/api-gateway-tls
robertd Mar 3, 2021
158ab9b
revert few things
robertd Mar 3, 2021
d5c71e4
Merge branch 'master' into robertd/api-gateway-tls
mergify[bot] Mar 3, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions packages/@aws-cdk/aws-apigateway/lib/domain-name.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,9 @@ import { EndpointType, IRestApi } from './restapi';
export enum SecurityPolicy {
/** Cipher suite TLS 1.0 */
TLS_1_0 = 'TLS_1_0',

/** Cipher suite TLS 1.2 */
TLS_1_2 = 'TLS_1_2'
TLS_1_2 = 'TLS_1_2',
}

export interface DomainNameOptions {
Expand All @@ -38,15 +39,15 @@ export interface DomainNameOptions {
/**
* The Transport Layer Security (TLS) version + cipher suite for this domain name.
* @see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-domainname.html
* @default SecurityPolicy.TLS_1_0
* @default - CloudFormation will default to TLS_1_0
robertd marked this conversation as resolved.
Show resolved Hide resolved
*/
readonly securityPolicy?: SecurityPolicy
readonly securityPolicy?: SecurityPolicy;

/**
* The mutual TLS authentication configuration for a custom domain name.
* @default - mTLS is not configured.
*/
readonly mtls?: MTLSConfig
readonly mtls?: MTLSConfig;
}

export interface DomainNameProps extends DomainNameOptions {
Expand Down Expand Up @@ -83,7 +84,6 @@ export interface IDomainName extends IResource {
* @attribute DistributionHostedZoneId,RegionalHostedZoneId
*/
readonly domainNameAliasHostedZoneId: string;

}

export class DomainName extends Resource implements IDomainName {
Expand Down Expand Up @@ -112,9 +112,9 @@ export class DomainName extends Resource implements IDomainName {
const edge = endpointType === EndpointType.EDGE;

if (!Token.isUnresolved(props.domainName) && /[A-Z]/.test(props.domainName)) {
throw new Error('domainName does not support uppercase letters. ' +
`got: '${props.domainName}'`);
throw new Error(`Domain name does not support uppercase letters. Got: ${props.domainName}`);
}

const mtlsConfig = this.configureMTLS(props.mtls);
const resource = new CfnDomainName(this, 'Resource', {
domainName: props.domainName,
Expand Down Expand Up @@ -176,10 +176,9 @@ export interface DomainNameAttributes {
readonly domainNameAliasTarget: string;

/**
* Thje Route53 hosted zone ID to use in order to connect a record set to this domain through an alias.
* The Route53 hosted zone ID to use in order to connect a record set to this domain through an alias.
*/
readonly domainNameAliasHostedZoneId: string;

}

/**
Expand All @@ -190,8 +189,9 @@ export interface MTLSConfig {
* The bucket that the trust store is hosted in.
*/
readonly bucket: IBucket;

/**
* The key in S3 to look at for the trust store
* The key in S3 to look at for the trust store.
*/
readonly key: string;

Expand Down
24 changes: 3 additions & 21 deletions packages/@aws-cdk/aws-apigateway/test/domains.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
import '@aws-cdk/assert/jest';
import { ABSENT } from '@aws-cdk/assert';
import '@aws-cdk/assert/jest';
import * as acm from '@aws-cdk/aws-certificatemanager';
import { Bucket } from '@aws-cdk/aws-s3';
import { Stack } from '@aws-cdk/core';
Expand Down Expand Up @@ -43,8 +43,6 @@ describe('domains', () => {
expect(stack.resolve(regionalDomain.domainNameAliasHostedZoneId)).toEqual({ 'Fn::GetAtt': ['mydomain592C948B', 'RegionalHostedZoneId'] });
expect(stack.resolve(edgeDomain.domainNameAliasDomainName)).toEqual({ 'Fn::GetAtt': ['yourdomain5FE30C81', 'DistributionDomainName'] });
expect(stack.resolve(edgeDomain.domainNameAliasHostedZoneId)).toEqual({ 'Fn::GetAtt': ['yourdomain5FE30C81', 'DistributionHostedZoneId'] });


});

test('default endpoint type is REGIONAL', () => {
Expand All @@ -64,7 +62,6 @@ describe('domains', () => {
'EndpointConfiguration': { 'Types': ['REGIONAL'] },
'RegionalCertificateArn': { 'Ref': 'Cert5C9FAEC1' },
});

});

test('accepts different security policies', () => {
Expand Down Expand Up @@ -111,7 +108,6 @@ describe('domains', () => {
'RegionalCertificateArn': { 'Ref': 'Cert5C9FAEC1' },
'SecurityPolicy': ABSENT,
});

});

test('"mapping" can be used to automatically map this domain to the deployment stage of an API', () => {
Expand Down Expand Up @@ -140,7 +136,6 @@ describe('domains', () => {
'Ref': 'apiDeploymentStageprod896C8101',
},
});

});

test('"addBasePathMapping" can be used to add base path mapping to the domain', () => {
Expand Down Expand Up @@ -186,7 +181,6 @@ describe('domains', () => {
'Ref': 'api2DeploymentStageprod4120D74E',
},
});

});

test('a domain name can be defined with the API', () => {
Expand Down Expand Up @@ -225,8 +219,6 @@ describe('domains', () => {
'Ref': 'apiDeploymentStageprod896C8101',
},
});


});

test('a domain name can be added later', () => {
Expand Down Expand Up @@ -265,22 +257,17 @@ describe('domains', () => {
'Ref': 'apiDeploymentStageprod896C8101',
},
});


});

test('domain name cannot contain uppercase letters', () => {
// GIVEN
const stack = new Stack();
const certificate = new acm.Certificate(stack, 'cert', { domainName: 'someDomainWithUpercase.domain.com' });

// WHEN
// WHEN & THEN
expect(() => {
new apigw.DomainName(stack, 'someDomain', { domainName: 'someDomainWithUpercase.domain.com', certificate });
}).toThrow(/uppercase/);

// THEN

}).toThrow(/Domain name does not support uppercase letters./);
robertd marked this conversation as resolved.
Show resolved Hide resolved
});

test('multiple domain names can be added', () => {
Expand Down Expand Up @@ -345,8 +332,6 @@ describe('domains', () => {
'Ref': 'apiDeploymentStageprod896C8101',
},
});


});

test('"addBasePathMapping" can be used to add base path mapping to the domain with specific stage', () => {
Expand Down Expand Up @@ -440,7 +425,6 @@ describe('domains', () => {
'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d',
'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem', 'TruststoreVersion': 'version' },
});

});

test('base path mapping configures stage for RestApi creation', () => {
Expand All @@ -466,8 +450,6 @@ describe('domains', () => {
'Ref': 'restApiWithStageDeploymentStageprodC82A6648',
},
});


});

test('base path mapping configures stage for SpecRestApi creation', () => {
Expand Down