aws-cdk-lib/aws-certificatemanager/lib/dns-validated-certificate.js

Version 2 of the AWS Cloud Development Kit library

"use strict";var __runInitializers=exports&&exports.__runInitializers||function(thisArg,initializers,value){for(var useValue=arguments.length>2,i=0;i<initializers.length;i++)value=useValue?initializers[i].call(thisArg,value):initializers[i].call(thisArg);return useValue?value:void 0},__esDecorate=exports&&exports.__esDecorate||function(ctor,descriptorIn,decorators,contextIn,initializers,extraInitializers){function accept(f){if(f!==void 0&&typeof f!="function")throw new TypeError("Function expected");return f}for(var kind=contextIn.kind,key=kind==="getter"?"get":kind==="setter"?"set":"value",target=!descriptorIn&&ctor?contextIn.static?ctor:ctor.prototype:null,descriptor=descriptorIn||(target?Object.getOwnPropertyDescriptor(target,contextIn.name):{}),_,done=!1,i=decorators.length-1;i>=0;i--){var context={};for(var p in contextIn)context[p]=p==="access"?{}:contextIn[p];for(var p in contextIn.access)context.access[p]=contextIn.access[p];context.addInitializer=function(f){if(done)throw new TypeError("Cannot add initializers after decoration has completed");extraInitializers.push(accept(f||null))};var result=(0,decorators[i])(kind==="accessor"?{get:descriptor.get,set:descriptor.set}:descriptor[key],context);if(kind==="accessor"){if(result===void 0)continue;if(result===null||typeof result!="object")throw new TypeError("Object expected");(_=accept(result.get))&&(descriptor.get=_),(_=accept(result.set))&&(descriptor.set=_),(_=accept(result.init))&&initializers.unshift(_)}else(_=accept(result))&&(kind==="field"?initializers.unshift(_):descriptor[key]=_)}target&&Object.defineProperty(target,contextIn.name,descriptor),done=!0};Object.defineProperty(exports,"__esModule",{value:!0}),exports.DnsValidatedCertificate=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var certificate_base_1=()=>{var tmp=require("./certificate-base");return certificate_base_1=()=>tmp,tmp},iam=()=>{var tmp=require("../../aws-iam");return iam=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},metadata_resource_1=()=>{var tmp=require("../../core/lib/metadata-resource");return metadata_resource_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp},prop_injectable_1=()=>{var tmp=require("../../core/lib/prop-injectable");return prop_injectable_1=()=>tmp,tmp},certificate_request_provider_generated_1=()=>{var tmp=require("../../custom-resource-handlers/dist/aws-certificatemanager/certificate-request-provider.generated");return certificate_request_provider_generated_1=()=>tmp,tmp};let DnsValidatedCertificate=(()=>{let _classDecorators=[prop_injectable_1().propertyInjectable],_classDescriptor,_classExtraInitializers=[],_classThis,_classSuper=certificate_base_1().CertificateBase,_instanceExtraInitializers=[],_applyRemovalPolicy_decorators;var DnsValidatedCertificate2=class extends _classSuper{static{_classThis=this}static{const _metadata=typeof Symbol=="function"&&Symbol.metadata?Object.create(_classSuper[Symbol.metadata]??null):void 0;_applyRemovalPolicy_decorators=[(0,metadata_resource_1().MethodMetadata)()],__esDecorate(this,null,_applyRemovalPolicy_decorators,{kind:"method",name:"applyRemovalPolicy",static:!1,private:!1,access:{has:obj=>"applyRemovalPolicy"in obj,get:obj=>obj.applyRemovalPolicy},metadata:_metadata},null,_instanceExtraInitializers),__esDecorate(null,_classDescriptor={value:_classThis},_classDecorators,{kind:"class",name:_classThis.name,metadata:_metadata},null,_classExtraInitializers),DnsValidatedCertificate2=_classThis=_classDescriptor.value,_metadata&&Object.defineProperty(_classThis,Symbol.metadata,{enumerable:!0,configurable:!0,writable:!0,value:_metadata})}static[JSII_RTTI_SYMBOL_1]={fqn:"aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate",version:"2.252.0"};static PROPERTY_INJECTION_ID="aws-cdk-lib.aws-certificatemanager.DnsValidatedCertificate";certificateArn=__runInitializers(this,_instanceExtraInitializers);tags;region;normalizedZoneName;hostedZoneId;domainName;_removalPolicy;constructor(scope,id,props){super(scope,id);try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate","use {@link Certificate } instead"),jsiiDeprecationWarnings().aws_cdk_lib_aws_certificatemanager_DnsValidatedCertificateProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,DnsValidatedCertificate2),error}if((0,metadata_resource_1().addConstructMetadata)(this,props),props.keyAlgorithm&&cdk().Annotations.of(this).addWarningV2("@aws-cdk/aws-certificatemanager:keyAlgorithmIgnored","keyAlgorithm is ignored for DnsValidatedCertificate construct."),this.region=props.region,this.domainName=props.domainName,!core_1().Token.isUnresolved(props.domainName)&&props.domainName.length>64)throw new(cdk()).ValidationError((0,literal_string_1().lit)`DomainNameTooLong`,"Domain name must be 64 characters or less",this);this.normalizedZoneName=props.hostedZone.zoneName,this.normalizedZoneName.endsWith(".")&&(this.normalizedZoneName=this.normalizedZoneName.substring(0,this.normalizedZoneName.length-1)),this.hostedZoneId=props.hostedZone.hostedZoneId.replace(/^\/hostedzone\//,""),this.tags=new(cdk()).TagManager(cdk().TagType.MAP,"AWS::CertificateManager::Certificate");let certificateTransparencyLoggingPreference;props.transparencyLoggingEnabled!==void 0&&(certificateTransparencyLoggingPreference=props.transparencyLoggingEnabled?"ENABLED":"DISABLED");const requestorFunction=new(certificate_request_provider_generated_1()).CertificateRequestCertificateRequestFunction(this,"CertificateRequestorFunction",{timeout:cdk().Duration.minutes(15),role:props.customResourceRole});requestorFunction.addToRolePolicy(new(iam()).PolicyStatement({actions:["acm:RequestCertificate","acm:DescribeCertificate","acm:DeleteCertificate","acm:AddTagsToCertificate"],resources:["*"]})),requestorFunction.addToRolePolicy(new(iam()).PolicyStatement({actions:["route53:GetChange"],resources:["*"]})),requestorFunction.addToRolePolicy(new(iam()).PolicyStatement({actions:["route53:changeResourceRecordSets"],resources:[`arn:${cdk().Stack.of(requestorFunction).partition}:route53:::hostedzone/${this.hostedZoneId}`],conditions:{"ForAllValues:StringEquals":{"route53:ChangeResourceRecordSetsRecordTypes":["CNAME"],"route53:ChangeResourceRecordSetsActions":props.cleanupRoute53Records?["UPSERT","DELETE"]:["UPSERT"]},"ForAllValues:StringLike":{"route53:ChangeResourceRecordSetsNormalizedRecordNames":[addWildcard(props.domainName),...(props.subjectAlternativeNames??[]).map(d=>addWildcard(d))]}}}));const certificate=new(cdk()).CustomResource(this,"CertificateRequestorResource",{serviceToken:requestorFunction.functionArn,properties:{DomainName:props.domainName,SubjectAlternativeNames:cdk().Lazy.list({produce:()=>props.subjectAlternativeNames},{omitEmpty:!0}),CertificateTransparencyLoggingPreference:certificateTransparencyLoggingPreference,HostedZoneId:this.hostedZoneId,Region:props.region,Route53Endpoint:props.route53Endpoint,RemovalPolicy:cdk().Lazy.any({produce:()=>this._removalPolicy}),CleanupRecords:props.cleanupRoute53Records?"true":void 0,Tags:cdk().Lazy.list({produce:()=>this.tags.renderTags()})}});this.certificateArn=certificate.getAtt("Arn").toString(),this.node.addValidation({validate:()=>this.validateDnsValidatedCertificate()})}applyRemovalPolicy(policy){try{jsiiDeprecationWarnings().print("aws-cdk-lib.aws_certificatemanager.DnsValidatedCertificate#applyRemovalPolicy","use {@link Certificate } instead"),jsiiDeprecationWarnings().aws_cdk_lib_RemovalPolicy(policy)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.applyRemovalPolicy),error}this._removalPolicy=policy}validateDnsValidatedCertificate(){const errors=[];return!cdk().Token.isUnresolved(this.normalizedZoneName)&&this.domainName!==this.normalizedZoneName&&!this.domainName.endsWith("."+this.normalizedZoneName)&&errors.push(`DNS zone ${this.normalizedZoneName} is not authoritative for certificate domain name ${this.domainName}`),errors}static{__runInitializers(_classThis,_classExtraInitializers)}};return DnsValidatedCertificate2=_classThis})();exports.DnsValidatedCertificate=DnsValidatedCertificate;function addWildcard(domainName){return domainName.startsWith("*.")?domainName:`*.${domainName}`}