UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 5.39 kB
1
2
"use strict";var __createBinding=exports&&exports.__createBinding||(Object.create?(function(o,m,k,k2){k2===void 0&&(k2=k);var desc=Object.getOwnPropertyDescriptor(m,k);(!desc||("get"in desc?!m.__esModule:desc.writable||desc.configurable))&&(desc={enumerable:!0,get:function(){return m[k]}}),Object.defineProperty(o,k2,desc)}):(function(o,m,k,k2){k2===void 0&&(k2=k),o[k2]=m[k]})),__setModuleDefault=exports&&exports.__setModuleDefault||(Object.create?(function(o,v){Object.defineProperty(o,"default",{enumerable:!0,value:v})}):function(o,v){o.default=v}),__importStar=exports&&exports.__importStar||(function(){var ownKeys=function(o){return ownKeys=Object.getOwnPropertyNames||function(o2){var ar=[];for(var k in o2)Object.prototype.hasOwnProperty.call(o2,k)&&(ar[ar.length]=k);return ar},ownKeys(o)};return function(mod){if(mod&&mod.__esModule)return mod;var result={};if(mod!=null)for(var k=ownKeys(mod),i=0;i<k.length;i++)k[i]!=="default"&&__createBinding(result,mod,k[i]);return __setModuleDefault(result,mod),result}})();Object.defineProperty(exports,"__esModule",{value:!0}),exports.validateZoneName=validateZoneName,exports.determineFullyQualifiedDomainName=determineFullyQualifiedDomainName,exports.makeHostedZoneArn=makeHostedZoneArn,exports.makeGrantDelegation=makeGrantDelegation;var iam=()=>{var tmp=__importStar(require("../../aws-iam"));return iam=()=>tmp,tmp},core_1=()=>{var tmp=require("../../core");return core_1=()=>tmp,tmp},literal_string_1=()=>{var tmp=require("../../core/lib/private/literal-string");return literal_string_1=()=>tmp,tmp};function validateZoneName(zoneName){if(zoneName.length>255)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`ZoneNameTooLong`,"zone name cannot be more than 255 bytes long");if(zoneName.split(".").find(label=>label.length>63))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`ZoneLabelTooLong`,"zone name labels cannot be more than 63 bytes long");if(!zoneName.match(/^[a-z0-9!"#$%&'()*+,/:;<=>?@[\\\]^_`{|}~.-]+$/i))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`InvalidZoneNameCharacters`,"zone names can only contain a-z, 0-9, -, ! \" # $ % & ' ( ) * + , - / : ; < = > ? @ [ ] ^ _ ` { | } ~ .")}function determineFullyQualifiedDomainName(providedName,hostedZone){if(providedName.endsWith("."))return providedName;const hostedZoneName=stripTrailingDot(hostedZone.zoneName),suffix=`.${hostedZoneName}`;return providedName.endsWith(suffix)||providedName===hostedZoneName?`${providedName}.`:`${providedName}${suffix}.`}function makeHostedZoneArn(construct,hostedZoneId){return core_1().Stack.of(construct).formatArn({account:"",region:"",service:"route53",resource:"hostedzone",resourceName:hostedZoneId})}function stripTrailingDot(zoneName){return zoneName.endsWith(".")?zoneName.substring(0,zoneName.length-1):zoneName}const octalConversionIgnoreRegex=/[a-z0-9-_\\.]/;function octalEncodeDelegatedZoneName(delegatedZoneName){return core_1().Token.isUnresolved(delegatedZoneName)?delegatedZoneName:delegatedZoneName.split("").map(c=>octalConversionIgnoreRegex.test(c)?c:"\\"+c.charCodeAt(0).toString(8).padStart(3,"0")).join("")}function validateDelegatedZoneName(parentZoneName,delegatedZoneName){if(delegatedZoneName.endsWith("."))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`DelegatedZoneNameTrailingPeriod`,`Error while validating delegate zone name '${delegatedZoneName}': delegated zone name cannot have a trailing period`);if(core_1().Token.isUnresolved(delegatedZoneName))return;if(validateZoneName(delegatedZoneName),delegatedZoneName.toLowerCase()!==delegatedZoneName)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`DelegatedZoneNameUppercase`,`Error while validating delegate zone name '${delegatedZoneName}': delegated zone name cannot contain uppercase characters`);if(core_1().Token.isUnresolved(parentZoneName))return;const parentZoneNameNoTrailingDot=stripTrailingDot(parentZoneName);if(!delegatedZoneName.endsWith(parentZoneNameNoTrailingDot))throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`DelegatedZoneNameNotSuffixed`,`Error while validating delegate zone name '${delegatedZoneName}': delegated zone name must be suffixed by parent zone name`);if(delegatedZoneName===parentZoneNameNoTrailingDot)throw new(core_1()).UnscopedValidationError((0,literal_string_1().lit)`DelegatedZoneNameSameAsParent`,`Error while validating delegate zone name '${delegatedZoneName}': delegated zone name cannot be the same as the parent zone name`)}function makeGrantDelegation(grantee,hostedZone,delegationOptions){const delegatedZoneNames=delegationOptions?.delegatedZoneNames?.map(delegatedZoneName=>(validateDelegatedZoneName(hostedZone.name,delegatedZoneName),octalEncodeDelegatedZoneName(delegatedZoneName))),g1=iam().Grant.addToPrincipal({grantee,actions:["route53:ChangeResourceRecordSets"],resourceArns:[makeHostedZoneArn(hostedZone,hostedZone.hostedZoneRef.hostedZoneId)],conditions:{"ForAllValues:StringEquals":{"route53:ChangeResourceRecordSetsRecordTypes":["NS"],"route53:ChangeResourceRecordSetsActions":["UPSERT","DELETE"],...delegationOptions?.delegatedZoneNames?{"route53:ChangeResourceRecordSetsNormalizedRecordNames":delegatedZoneNames}:{}}}}),g2=iam().Grant.addToPrincipal({grantee,actions:["route53:ListHostedZonesByName"],resourceArns:["*"]});return g1.combine(g2)}