Add account id to BYOC delegate domain name

edw-defang · edw-defang · commit d6be23580412 · 2024-08-21T13:47:26.000-07:00
diff --git a/src/pkg/cli/client/byoc/aws/byoc.go b/src/pkg/cli/client/byoc/aws/byoc.go
@@ -101,7 +101,17 @@ func (b *ByocAws) setUp(ctx context.Context) error {
 			term.Debug("Failed to get subdomain zone:", err)
 			// return err; FIXME: ignore this error for now
 		} else {
-			b.ProjectDomain = b.getProjectDomain(domain.Zone)
+			// Use STS to get the account ID
+			cfg, err := b.driver.LoadConfig(ctx)
+			if err != nil {
+				return annotateAwsError(err)
+			}
+			identity, err := sts.NewFromConfig(cfg).GetCallerIdentity(ctx, &sts.GetCallerIdentityInput{})
+			if err != nil {
+				return annotateAwsError(err)
+			}
+
+			b.ProjectDomain = b.getProjectDomain(*identity.Account, domain.Zone)
 			if b.ProjectDomain != "" {
 				b.ShouldDelegateSubdomain = true
 			}
@@ -637,15 +647,22 @@ func (b *ByocAws) getPrivateFqdn(fqn qualifiedName) string {
 	return fmt.Sprintf("%s.%s", safeFqn, b.PrivateDomain) // TODO: consider merging this with ServiceDNS
 }
 
-func (b *ByocAws) getProjectDomain(zone string) string {
+func (b *ByocAws) getProjectDomain(account, zone string) string {
 	if b.ProjectName == "" {
 		return "" // no project name => no custom domain
 	}
+	var buf strings.Builder
+	if account != "" {
+		buf.WriteString(account)
+		buf.WriteByte('.')
+	}
 	projectLabel := byoc.DnsSafeLabel(b.ProjectName)
-	if projectLabel == byoc.DnsSafeLabel(b.TenantID) {
-		return byoc.DnsSafe(zone) // the zone will already have the tenant ID
+	if projectLabel != byoc.DnsSafeLabel(b.TenantID) {
+		buf.WriteString(projectLabel)
+		buf.WriteByte('.')
 	}
-	return projectLabel + "." + byoc.DnsSafe(zone)
+	buf.WriteString(byoc.DnsSafe(zone))
+	return buf.String()
 }
 
 func (b *ByocAws) TearDown(ctx context.Context) error {
diff --git a/src/pkg/cli/client/byoc/aws/byoc_test.go b/src/pkg/cli/client/byoc/aws/byoc_test.go
@@ -23,17 +23,17 @@ func TestDomainMultipleProjectSupport(t *testing.T) {
 		PublicFqdn  string
 		PrivateFqdn string
 	}{
-		{"tenant1", "tenant1", "web", port80, "web--80.example.com", "web.example.com", "web.tenant1.internal"},
-		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.example.com", "web.tenant1.internal"},
-		{"project1", "tenant1", "web", port80, "web--80.project1.example.com", "web.project1.example.com", "web.project1.internal"},
-		{"Project1", "tenant1", "web", port80, "web--80.project1.example.com", "web.project1.example.com", "web.project1.internal"},
-		{"project1", "tenant1", "web", hostModePort, "web.project1.internal:80", "web.project1.example.com", "web.project1.internal"},
-		{"project1", "tenant1", "api", port8080, "api--8080.project1.example.com", "api.project1.example.com", "api.project1.internal"},
-		{"tenant1", "tenant1", "web", port80, "web--80.example.com", "web.example.com", "web.tenant1.internal"},
-		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.example.com", "web.tenant1.internal"},
-		{"Project1", "tenant1", "web", port80, "web--80.project1.example.com", "web.project1.example.com", "web.project1.internal"},
-		{"Tenant2", "tenant1", "web", port80, "web--80.tenant2.example.com", "web.tenant2.example.com", "web.tenant2.internal"},
-		{"tenant1", "tenAnt1", "web", port80, "web--80.example.com", "web.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.123456789012.example.com", "web.tenant1.internal"},
+		{"project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
+		{"Project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
+		{"project1", "tenant1", "web", hostModePort, "web.project1.internal:80", "web.123456789012.project1.example.com", "web.project1.internal"},
+		{"project1", "tenant1", "api", port8080, "api--8080.123456789012.project1.example.com", "api.123456789012.project1.example.com", "api.project1.internal"},
+		{"tenant1", "tenant1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
+		{"tenant1", "tenant1", "web", hostModePort, "web.tenant1.internal:80", "web.123456789012.example.com", "web.tenant1.internal"},
+		{"Project1", "tenant1", "web", port80, "web--80.123456789012.project1.example.com", "web.123456789012.project1.example.com", "web.project1.internal"},
+		{"Tenant2", "tenant1", "web", port80, "web--80.123456789012.tenant2.example.com", "web.123456789012.tenant2.example.com", "web.tenant2.internal"},
+		{"tenant1", "tenAnt1", "web", port80, "web--80.123456789012.example.com", "web.123456789012.example.com", "web.tenant1.internal"},
 	}
 
 	for _, tt := range tests {
@@ -43,7 +43,7 @@ func TestDomainMultipleProjectSupport(t *testing.T) {
 			if _, err := b.LoadProject(context.Background()); err != nil {
 				t.Fatalf("LoadProject() failed: %v", err)
 			}
-			b.ProjectDomain = b.getProjectDomain("example.com")
+			b.ProjectDomain = b.getProjectDomain("123456789012", "example.com")
 
 			endpoint := b.getEndpoint(tt.Fqn, tt.Port)
 			if endpoint != tt.EndPoint {
