implement multi-domain setups

pecirep · pecirep · commit 02e95c08505e · 2021-02-14T04:43:26.000+01:00
diff --git a/index.js b/index.js
@@ -12,7 +12,7 @@ const bucketUtils = require('./lib/bucketUtils');
 const uploadDirectory = require('./lib/upload');
 const validateClient = require('./lib/validate');
 const {invalidateCloudfrontDistribution} = require('./lib/cloudFront');
-const {addAliasRecord, setupCertificate} = require('./lib/route53');
+const {addCloudFrontAlias, setupCertificate} = require('./lib/route53');
 const {getCertificateArn} = require('./lib/acm');
 
 class ServerlessFullstackPlugin {
@@ -345,11 +345,11 @@ class ServerlessFullstackPlugin {
     
         if (this.options.domain) {
             if (this.getConfig("route53", false)) {
-                await addAliasRecord(
+                await addCloudFrontAlias(
                     this.serverless,
                     this.options.domain
                 );
-                // only override if not specified
+                // only create and override if not specified
                 if (certificate === null) {
                     distributionCertificate.AcmCertificateArn = await setupCertificate(
                         this.serverless,
diff --git a/lib/acm.js b/lib/acm.js
@@ -1,20 +1,47 @@
-const getCertificateArn = async (serverless, domainName) => {
+const getCertificateArn = async (serverless, domain) => {
     const awsClient = serverless.getProvider('aws'),
         requestParams = {
             CertificateStatuses: ['ISSUED']
         },
-        listCertificatesResponse = await awsClient.request('ACM', 'listCertificates', requestParams),
-        certificate = listCertificatesResponse.CertificateSummaryList
-            .find(certificate => certificate.DomainName === domainName);
+        listCertificatesResponse = await awsClient.request('ACM', 'listCertificates', requestParams);
+    
+    // if multiple domains are provided, we have to find a cert that covers all of them
+    if (Array.isArray(domain)) {
+        const certificate = (
+          await Promise.all(
+            // filter out certs without one of the domains in their "main" DomainName
+            // before requesting detailed certificate data
+            listCertificatesResponse.CertificateSummaryList.filter(
+              (certificate) => domain.includes(certificate.DomainName)
+            ).map(
+              async (certificate) =>
+                await awsClient.request("ACM", "describeCertificate", {
+                  CertificateArn: certificate.CertificateArn,
+                })
+            )
+          )
+        ).find((certificateDesc) =>
+          domain.every((domain) =>
+            certificateDesc.Certificate.SubjectAlternativeNames.includes(domain)
+          )
+        );
 
-    return certificate ? certificate.CertificateArn : null;
+        return certificate ? certificate.Certificate.CertificateArn : null;
+    } else {
+        const certificate = listCertificatesResponse.CertificateSummaryList
+                .find(certificate => certificate.DomainName === domain);
+
+        return certificate ? certificate.CertificateArn : null;
+    }
 }
 
-const requestCertificateWithDNS = async (serverless, domainName) => {
+const requestCertificateWithDNS = async (serverless, domain) => {
+    if (!Array.isArray(domain)) domain = [domain];
     const awsClient = serverless.getProvider('aws'),
         requestCertificateParams = {
-            DomainName: domainName,
-            ValidationMethod: 'DNS'
+            DomainName: domain[0],
+            ValidationMethod: 'DNS',
+            SubjectAlternativeNames: domain.length > 1 ? domain.slice(1) : null
         },
         requestCertificateResponse = await awsClient.request('ACM', 'requestCertificate', requestCertificateParams),
         describeCertificateParams = {
@@ -28,4 +55,4 @@ const requestCertificateWithDNS = async (serverless, domainName) => {
 module.exports = {
     getCertificateArn,
     requestCertificateWithDNS
-}
+}
diff --git a/lib/route53.js b/lib/route53.js
@@ -1,14 +1,12 @@
 const { getCloudFrontDomainName } = require("./cloudFront");
 const {getCertificateArn, requestCertificateWithDNS} = require("./acm");
 
-const entity = 'Fullstack'
-
 const getHostedZoneForDomain = async (awsClient, domainName) => {
     const r53response = await awsClient.request('Route53', 'listHostedZones', {}),
         hostedZone = r53response.HostedZones
             .find(hostedZone => `${domainName}.`.includes(hostedZone.Name));
 
-    if (!hostedZone) throw `Domain is not managed by AWS, you will have to add a record for ${domainName} manually.`;
+    //if (!hostedZone) throw `Domain is not managed by AWS, you will have to add a record for ${domainName} manually.`;
 
     return hostedZone;
 };
@@ -29,114 +27,177 @@ const waitForChange = async (checkChange) => {
         return isChangeComplete
     } else {
         await new Promise(r => setTimeout(r, 1000));
-        return await waitForChange(checkChange, serverless);
-    };
+        return await waitForChange(checkChange);
+    }
 };
 
-const entryExists = async (awsClient, hostedZone, domainName, target) => {
+const filterExistingAlias = async (awsClient, hostedZone, target) => {
     const requestParams = {
             HostedZoneId: hostedZone.Id
         },
-        r53response = await awsClient.request('Route53', 'listResourceRecordSets', requestParams)
-        sets = r53response.ResourceRecordSets;
+        r53response = await awsClient.request('Route53', 'listResourceRecordSets', requestParams),
+        sets = r53response.ResourceRecordSets,
+        filteredDomains = hostedZone.domains.filter(domain => !sets.find(set => set.Name === `${domain}.` && set.AliasTarget?.DNSName === `${target}.`))
         
-    return sets.find(set => set.Name === `${domainName}.` && set.AliasTarget?.DNSName === `${target}.`);
-}
+    return {...hostedZone, domains: filteredDomains};
+};
 
-const addAliasRecord = async (serverless, domainName) => {
-    const awsClient = serverless.getProvider('aws')
+const groupDomainsByHostedZone = async (awsClient, domains) =>
+    // Get hosted Zone for each domain, group domains by HZ.Id using .reduce and extract values
+    Object.values(
+        await domains.reduce(async (promisedAccumulator, domain) => {
+            const hostedZones = await promisedAccumulator;
+            const hostedZone = await getHostedZoneForDomain(awsClient, domain);
+            if (hostedZones[hostedZone?.Id]) hostedZones[hostedZone?.Id].domains.push(domain);
+            else hostedZones[hostedZone?.Id] = {...hostedZone, domains: [domain]};
+            return hostedZones;
+        }, {})
+    );
+
+const addCloudFrontAlias = async (serverless, domains) => {
+    if (!Array.isArray(domains)) {
+        domains = [domains];
+    }
+
+    const awsClient = serverless.getProvider('aws'),
         target = await getCloudFrontDomainName(serverless),
-        hostedZone = await getHostedZoneForDomain(awsClient, domainName);
-
-    if (await entryExists(awsClient, hostedZone, domainName, target)) return;
-
-    serverless.cli.log(`Adding ALIAS record for ${domainName} to point to ${target}...`, entity);
-
-    const changeRecordParams = {
-            HostedZoneId: hostedZone.Id,
-            ChangeBatch: {
-                Changes: [
-                    {
-                        Action: 'UPSERT',
-                        ResourceRecordSet: {
-                            Name: domainName,
-                            Type: 'A',
-                            AliasTarget: {
-                                HostedZoneId: 'Z2FDTNDATAQYW2', // global CloudFront HostedZoneId
-                                DNSName: target,
-                                EvaluateTargetHealth: false
+        domainsByHostedZones = await groupDomainsByHostedZone(awsClient, domains),
+        domainsWithoutHostedZone = domainsByHostedZones
+                .filter(hostedZone => !hostedZone.Id)
+                .reduce((acc, hostedZone) => [...acc, ...hostedZone.domains],[]),
+        filteredDomainsByHostedZones = (await Promise.all(domainsByHostedZones
+                .filter(hostedZone => !!hostedZone.Id)
+                .map(hostedZone => filterExistingAlias(awsClient, hostedZone, target))))
+                .filter(hostedZone => hostedZone.domains.length);
+
+    if (domainsWithoutHostedZone?.length > 0) 
+        serverless.cli.log(`No hosted zones found for ${domainsWithoutHostedZone}, records pointing to`
+                            +` ${target} will have to be added manually.`, "Route53", {color: "orange", underline: true});
+    
+    await Promise.all(filteredDomainsByHostedZones.map(async hostedZone => {
+        hostedZone.domains.forEach(domain => 
+            serverless.cli.log(`Adding ALIAS record for ${domain} to point to ${target}...`)
+        );
+        
+        const changeRecordParams = {
+                HostedZoneId: hostedZone.Id,
+                ChangeBatch: {
+                    Changes: hostedZone.domains.map(domainName => (
+                        {
+                            Action: 'UPSERT',
+                            ResourceRecordSet: {
+                                Name: domainName,
+                                Type: 'A',
+                                AliasTarget: {
+                                    HostedZoneId: 'Z2FDTNDATAQYW2', // global CloudFront HostedZoneId
+                                    DNSName: target,
+                                    EvaluateTargetHealth: false
+                                }
                             }
                         }
-                    }
-                ]
-            }
-        },
-        changeRecordResult = await awsClient.request('Route53', 'changeResourceRecordSets', changeRecordParams);
+                    ))
+                }
+            },
+            changeRecordResult = await awsClient.request('Route53', 'changeResourceRecordSets', changeRecordParams);
     
-    // wait for DNS entry
-    await waitForChange(() => checkChangeStatus(awsClient, changeRecordResult.ChangeInfo));
+        // wait for DNS entry
+        await waitForChange(() => checkChangeStatus(awsClient, changeRecordResult.ChangeInfo));
 
-    serverless.cli.log(`ALIAS ${domainName} -> ${target} successfully added.`, entity);
+        serverless.cli.log(`ALIAS ${hostedZone.domains} -> ${target} successfully added.`);
 
-    // waitFor can't be called using Provider.request yet
-    /*
-    waitForRecordParams = {
-        Id: changeRecordResult.ChangeInfo.Id
-    },
-    
-    {err, waitForRecordResult} = await awsClient.request('Route53', 'waitFor', 'resourceRecordSetsChanged', waitForRecordParams)
+        // waitFor can't be called using Provider.request yet
+        /*
+        waitForRecordParams = {
+            Id: changeRecordResult.ChangeInfo.Id
+        },
 
-    serverless.cli.log(err)
-    serverless.cli.log(waitForRecordResult)
-    */    
+        {err, waitForRecordResult} = await awsClient.request('Route53', 'waitFor', 'resourceRecordSetsChanged', waitForRecordParams)
+        */
+    }));
 };
 
-const setupCertificate = async (serverless, domainName) => {
-    const existingCertificateArn = await getCertificateArn(serverless, domainName);
-    if (existingCertificateArn) return existingCertificateArn;
-
-    serverless.cli.log(`Requesting certificate for ${domainName}...`, entity);
-
-    const awsClient = serverless.getProvider('aws')
-        hostedZone = await getHostedZoneForDomain(awsClient, domainName),
-        getCertificateRecord = async (serverless, domainName) => {
-            const certificaterequest = await requestCertificateWithDNS(serverless, domainName);
-            return certificaterequest.DomainValidationOptions[0].ResourceRecord
+const groupResourceRecordsByHostedZone = async (awsClient, resourceRecords) =>
+    // Get hosted Zone for each resourcerecord, group resourcerecords by HZ.Id using .reduce and extract values
+    Object.values(
+        await resourceRecords.reduce(async (promisedAccumulator, resourceRecord) => {
+            const hostedZones = await promisedAccumulator;
+            const hostedZone = await getHostedZoneForDomain(awsClient, resourceRecord.Name);
+            if (hostedZones[hostedZone?.Id]) hostedZones[hostedZone?.Id].resourceRecords.push(resourceRecord);
+            else hostedZones[hostedZone?.Id] = {...hostedZone, resourceRecords: [resourceRecord]};
+            return hostedZones;
+        }, {})
+    );
+
+const setupCertificate = async (serverless, domains) => {
+    const existingCertificateArn = await getCertificateArn(serverless, domains);
+    if (existingCertificateArn) {
+        return existingCertificateArn;
+    }
+
+    if (!Array.isArray(domains)) {
+        domains = [domains];
+    }
+
+    serverless.cli.log(`Requesting certificate for ${domains}...`);
+
+    const awsClient = serverless.getProvider('aws'),
+        getCertificateRecords = async (serverless, domains) => {
+            const certificaterequest = await requestCertificateWithDNS(serverless, domains),
+                resourceRecords = certificaterequest.DomainValidationOptions
+                        .filter(validationOption => validationOption.ValidationStatus !== "SUCCESS")
+                        .map(validationOption => validationOption.ResourceRecord);
+            return resourceRecords.every(e => !!e) && resourceRecords.length === domains.length ? resourceRecords : null
         },
-        // sometimes the ResourceRecord entry isn't immediately available, so we wait until it is
-        certificateResourceRecord = await waitForChange(() => getCertificateRecord(serverless, domainName)),
-        changeRecordParams = {
-            HostedZoneId: hostedZone.Id,
-            ChangeBatch: {
-                Changes: [
-                    {
-                        Action: 'UPSERT',
-                        ResourceRecordSet: {
-                            Name: certificateResourceRecord.Name,
-                            Type: certificateResourceRecord.Type,
-                            TTL: 60,
-                            ResourceRecords: [
-                                {
-                                    Value: certificateResourceRecord.Value
-                                }
-                            ]
+        // sometimes the ResourceRecords entries aren't immediately available, so we wait until they are
+        certificateResourceRecords = await waitForChange(() => getCertificateRecords(serverless, domains)),
+        resourceRecordsByHostedZones = await groupResourceRecordsByHostedZone(awsClient, certificateResourceRecords),
+        resourceRecordsWithoutHostedZone = resourceRecordsByHostedZones
+                .filter(hostedZone => !hostedZone.Id)
+                .reduce((acc, hostedZone) => [...acc, ...hostedZone.resourceRecords],[]),
+        filteredResourceRecordsByHostedZones = resourceRecordsByHostedZones.filter(hostedZone => !!hostedZone.Id);
+
+    resourceRecordsWithoutHostedZone.forEach((resourceRecord) => {
+      serverless.cli.log(
+        `Needs to be added manually: ${resourceRecord.Type} ${resourceRecord.Name} ${resourceRecord.Value}`,
+        "Route53",
+        { color: "orange", underline: true }
+      );
+    });
+
+    await Promise.all(filteredResourceRecordsByHostedZones.map(async hostedZone => {
+        const changeRecordParams = {
+                HostedZoneId: hostedZone.Id,
+                ChangeBatch: {
+                    Changes: hostedZone.resourceRecords.map(resourceRecord => (
+                        {
+                            Action: 'UPSERT',
+                            ResourceRecordSet: {
+                                Name: resourceRecord.Name,
+                                Type: resourceRecord.Type,
+                                TTL: 60,
+                                ResourceRecords: [
+                                    {
+                                        Value: resourceRecord.Value
+                                    }
+                                ]
+                            }
                         }
-                    }
-                ]
-            }
-        },
-        changeRecordResult = await awsClient.request('Route53', 'changeResourceRecordSets', changeRecordParams);
-
-    // wait for DNS entry
-    await waitForChange(() => checkChangeStatus(awsClient, changeRecordResult.ChangeInfo));
-
-    // wait for issued certificate
-    const certificateArn = await waitForChange(() => getCertificateArn(serverless, domainName));
-    serverless.cli.log(`Certificate for ${domainName} successfully issued.`, entity);
+                    ))
+                }
+            },
+            changeRecordResult = await awsClient.request('Route53', 'changeResourceRecordSets', changeRecordParams);
+
+        // wait for DNS entry
+        await waitForChange(() => checkChangeStatus(awsClient, changeRecordResult.ChangeInfo));
+    }));
+
+    serverless.cli.log(`Waiting for certificate verification...`);
+    const certificateArn = await waitForChange(() => getCertificateArn(serverless, domains));
+    serverless.cli.log(`Certificate for ${domains} successfully issued.`);
     return certificateArn;
 };
 
 module.exports = {
-    addAliasRecord,
+    addCloudFrontAlias,
     setupCertificate
-};
+};
