src/dns/route53.js

'use strict';

exports = module.exports = {
    upsert: upsert,
    get: get,
    del: del,
    waitForDns: require('./waitfordns.js'),
    verifyDnsConfig: verifyDnsConfig,

    // not part of "dns" interface
    getHostedZone: getHostedZone
};

var assert = require('assert'),
    AWS = require('aws-sdk'),
    debug = require('debug')('box:dns/route53'),
    dns = require('../native-dns.js'),
    DomainsError = require('../domains.js').DomainsError,
    util = require('util'),
    _ = require('underscore');

function getDnsCredentials(dnsConfig) {
    assert.strictEqual(typeof dnsConfig, 'object');

    var credentials = {
        accessKeyId: dnsConfig.accessKeyId,
        secretAccessKey: dnsConfig.secretAccessKey,
        region: dnsConfig.region
    };

    if (dnsConfig.endpoint) credentials.endpoint = new AWS.Endpoint(dnsConfig.endpoint);

    return credentials;
}

function getZoneByName(dnsConfig, zoneName, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof callback, 'function');

    var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));

    // backward compat for 2.2, where we only required access to "listHostedZones"
    let listHostedZones;
    if (dnsConfig.listHostedZonesByName) {
        listHostedZones = route53.listHostedZonesByName.bind(route53, { MaxItems: '1', DNSName: zoneName + '.' });
    } else {
        listHostedZones = route53.listHostedZones.bind(route53, {}); // currently, this route does not support > 100 zones
    }

    listHostedZones(function (error, result) {
        if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
        if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
        if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

        var zone = result.HostedZones.filter(function (zone) {
            return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
        })[0];

        if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));

        callback(null, zone);
    });
}

function getHostedZone(dnsConfig, zoneName, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof callback, 'function');

    getZoneByName(dnsConfig, zoneName, function (error, zone) {
        if (error) return callback(error);

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.getHostedZone({ Id: zone.Id }, function (error, result) {
            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

            callback(null, result);
        });
    });
}

function add(dnsConfig, zoneName, subdomain, type, values, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

    debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);

    getZoneByName(dnsConfig, zoneName, function (error, zone) {
        if (error) return callback(error);

        var fqdn = subdomain === '' ? zoneName : subdomain + '.' + zoneName;
        var records = values.map(function (v) { return { Value: v }; });  // for mx records, value is already of the '<priority> <server>' format

        var params = {
            ChangeBatch: {
                Changes: [{
                    Action: 'UPSERT',
                    ResourceRecordSet: {
                        Type: type,
                        Name: fqdn,
                        ResourceRecords: records,
                        TTL: 1
                    }
                }]
            },
            HostedZoneId: zone.Id
        };

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.changeResourceRecordSets(params, function(error, result) {
            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
            if (error && error.code === 'InvalidChangeBatch') return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));
            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));

            callback(null, result.ChangeInfo.Id);
        });
    });
}

function upsert(dnsConfig, zoneName, subdomain, type, values, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

    add(dnsConfig, zoneName, subdomain, type, values, callback);
}

function get(dnsConfig, zoneName, subdomain, type, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof callback, 'function');

    getZoneByName(dnsConfig, zoneName, function (error, zone) {
        if (error) return callback(error);

        var params = {
            HostedZoneId: zone.Id,
            MaxItems: '1',
            StartRecordName: (subdomain ? subdomain + '.' : '') + zoneName + '.',
            StartRecordType: type
        };

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.listResourceRecordSets(params, function (error, result) {
            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);
            if (result.ResourceRecordSets[0].Name !== params.StartRecordName || result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);

            var values = result.ResourceRecordSets[0].ResourceRecords.map(function (record) { return record.Value; });

            callback(null, values);
        });
    });
}

function del(dnsConfig, zoneName, subdomain, type, values, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(util.isArray(values));
    assert.strictEqual(typeof callback, 'function');

    getZoneByName(dnsConfig, zoneName, function (error, zone) {
        if (error) return callback(error);

        var fqdn = subdomain === '' ? zoneName : subdomain + '.' + zoneName;
        var records = values.map(function (v) { return { Value: v }; });

        var resourceRecordSet = {
            Name: fqdn,
            Type: type,
            ResourceRecords: records,
            TTL: 1
        };

        var params = {
            ChangeBatch: {
                Changes: [{
                    Action: 'DELETE',
                    ResourceRecordSet: resourceRecordSet
                }]
            },
            HostedZoneId: zone.Id
        };

        var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));
        route53.changeResourceRecordSets(params, function(error) {
            if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));
            if (error && error.message && error.message.indexOf('it was not found') !== -1) {
                debug('del: resource record set not found.', error);
                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error && error.code === 'NoSuchHostedZone') {
                debug('del: hosted zone not found.', error);
                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error && error.code === 'PriorRequestNotComplete') {
                debug('del: resource is still busy', error);
                return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));
            } else if (error && error.code === 'InvalidChangeBatch') {
                debug('del: invalid change batch. No such record to be deleted.');
                return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));
            } else if (error) {
                debug('del: error', error);
                return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));
            }

            callback(null);
        });
    });
}

function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {
    assert.strictEqual(typeof dnsConfig, 'object');
    assert.strictEqual(typeof fqdn, 'string');
    assert.strictEqual(typeof zoneName, 'string');
    assert.strictEqual(typeof ip, 'string');
    assert.strictEqual(typeof callback, 'function');

    if (!dnsConfig.accessKeyId || typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));
    if (!dnsConfig.secretAccessKey || typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));

    var credentials = {
        accessKeyId: dnsConfig.accessKeyId,
        secretAccessKey: dnsConfig.secretAccessKey,
        region: dnsConfig.region || 'us-east-1',
        endpoint: dnsConfig.endpoint || null,
        listHostedZonesByName: true // new/updated creds require this perm
    };

    if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here

    dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {
        if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));
        if (error || !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));

        getHostedZone(credentials, zoneName, function (error, zone) {
            if (error) return callback(error);

            if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
                debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);
                return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Route53'));
            }

            const testSubdomain = 'cloudrontestdns';

            upsert(credentials, zoneName, testSubdomain, 'A', [ ip ], function (error, changeId) {
                if (error) return callback(error);

                debug('verifyDnsConfig: Test A record added with change id %s', changeId);

                del(credentials, zoneName, testSubdomain, 'A', [ ip ], function (error) {
                    if (error) return callback(error);

                    debug('verifyDnsConfig: Test A record removed again');

                    callback(null, credentials);
                });
            });
        });
    });
}
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`'use strict';`

			`exports = module.exports = {`
Reorder dns backend exports 2016-09-15 11:57:25 +02:00			`upsert: upsert,`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`get: get,`
subdomains.del now takes array values 2015-10-30 13:30:19 -07:00			`del: del,`
Make waitForDns provider specific 2016-12-14 12:27:11 -08:00			`waitForDns: require('./waitfordns.js'),`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`verifyDnsConfig: verifyDnsConfig,`
validate route53 credentials 2016-07-03 21:37:17 -05:00
			`// not part of "dns" interface`
			`getHostedZone: getHostedZone`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`};`

			`var assert = require('assert'),`
			`AWS = require('aws-sdk'),`
			`debug = require('debug')('box:dns/route53'),`
Use the native dns resolver 2018-02-08 10:21:31 -08:00			`dns = require('../native-dns.js'),`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`DomainsError = require('../domains.js').DomainsError,`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`util = require('util'),`
			`_ = require('underscore');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`function getDnsCredentials(dnsConfig) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var credentials = {`
			`accessKeyId: dnsConfig.accessKeyId,`
			`secretAccessKey: dnsConfig.secretAccessKey,`
			`region: dnsConfig.region`
			`};`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`if (dnsConfig.endpoint) credentials.endpoint = new AWS.Endpoint(dnsConfig.endpoint);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`return credentials;`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`}`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`function getZoneByName(dnsConfig, zoneName, callback) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));`
route53: add backward compat for pre-2.2 IAM perms 2018-05-07 11:18:15 -07:00
			`// backward compat for 2.2, where we only required access to "listHostedZones"`
			`let listHostedZones;`
			`if (dnsConfig.listHostedZonesByName) {`
			`listHostedZones = route53.listHostedZonesByName.bind(route53, { MaxItems: '1', DNSName: zoneName + '.' });`
			`} else {`
			`listHostedZones = route53.listHostedZones.bind(route53, {}); // currently, this route does not support > 100 zones`
			`}`

			`listHostedZones(function (error, result) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
Revert "No need to iterate over the hosted zones anymore" 2018-05-07 11:23:17 -07:00			`var zone = result.HostedZones.filter(function (zone) {`
			`return zone.Name.slice(0, -1) === zoneName; // aws zone name contains a '.' at the end`
			`})[0];`

			`if (!zone) return callback(new DomainsError(DomainsError.NOT_FOUND, 'no such zone'));`

			`callback(null, zone);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`});`
			`}`

validate route53 credentials 2016-07-03 21:37:17 -05:00			`function getHostedZone(dnsConfig, zoneName, callback) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof callback, 'function');`
Reorder dns backend exports 2016-09-15 11:57:25 +02:00
validate route53 credentials 2016-07-03 21:37:17 -05:00			`getZoneByName(dnsConfig, zoneName, function (error, zone) {`
handle error 2016-07-04 23:31:26 -05:00			`if (error) return callback(error);`

validate route53 credentials 2016-07-03 21:37:17 -05:00			`var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));`
			`route53.getHostedZone({ Id: zone.Id }, function (error, result) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));`
validate route53 credentials 2016-07-03 21:37:17 -05:00
			`callback(null, result);`
			`});`
			`});`
			`}`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`function add(dnsConfig, zoneName, subdomain, type, values, callback) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof type, 'string');`
subdomains.add takes array values 2015-10-30 13:16:07 -07:00			`assert(util.isArray(values));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof callback, 'function');`

subdomains.add takes array values 2015-10-30 13:16:07 -07:00			`debug('add: %s for zone %s of type %s with values %j', subdomain, zoneName, type, values);`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`getZoneByName(dnsConfig, zoneName, function (error, zone) {`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`if (error) return callback(error);`

fix fqdn for naked domain 2016-07-07 13:14:15 -07:00			`var fqdn = subdomain === '' ? zoneName : subdomain + '.' + zoneName;`
Add note on MX records 2018-05-06 22:14:39 -07:00			`var records = values.map(function (v) { return { Value: v }; }); // for mx records, value is already of the '<priority> <server>' format`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`var params = {`
			`ChangeBatch: {`
			`Changes: [{`
			`Action: 'UPSERT',`
			`ResourceRecordSet: {`
			`Type: type,`
			`Name: fqdn,`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00			`ResourceRecords: records,`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`TTL: 1`
			`}`
			`}]`
			`},`
			`HostedZoneId: zone.Id`
			`};`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));`
			`route53.changeResourceRecordSets(params, function(error, result) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'PriorRequestNotComplete') return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));`
			`if (error && error.code === 'InvalidChangeBatch') return callback(new DomainsError(DomainsError.BAD_FIELD, error.message));`
			`if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`callback(null, result.ChangeInfo.Id);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`});`
			`});`
			`}`

rename subdomains.update to subdomains.upsert 2016-09-05 16:41:04 -07:00			`function upsert(dnsConfig, zoneName, subdomain, type, values, callback) {`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`assert.strictEqual(typeof dnsConfig, 'object');`
add updateSubdomain in route53 backend 2015-10-29 15:37:42 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof type, 'string');`
subdomains.update now takes array 2015-10-30 13:45:07 -07:00			`assert(util.isArray(values));`
add updateSubdomain in route53 backend 2015-10-29 15:37:42 -07:00			`assert.strictEqual(typeof callback, 'function');`

rename subdomains.update to subdomains.upsert 2016-09-05 16:41:04 -07:00			`add(dnsConfig, zoneName, subdomain, type, values, callback);`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`}`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`function get(dnsConfig, zoneName, subdomain, type, callback) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`getZoneByName(dnsConfig, zoneName, function (error, zone) {`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`if (error) return callback(error);`

			`var params = {`
Fix casing of zone id 2015-10-30 18:05:08 -07:00			`HostedZoneId: zone.Id,`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`MaxItems: '1',`
ListResourceRecordSet returns items based on lexical sorting 2015-10-30 14:41:34 -07:00			`StartRecordName: (subdomain ? subdomain + '.' : '') + zoneName + '.',`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`StartRecordType: type`
			`};`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));`
			`route53.listResourceRecordSets(params, function (error, result) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error) return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`if (result.ResourceRecordSets.length === 0) return callback(null, [ ]);`
fix route53.get() 2016-09-05 15:17:42 -07:00			`if (result.ResourceRecordSets[0].Name !== params.StartRecordName \|\| result.ResourceRecordSets[0].Type !== params.StartRecordType) return callback(null, [ ]);`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var values = result.ResourceRecordSets[0].ResourceRecords.map(function (record) { return record.Value; });`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`callback(null, values);`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00			`});`
			`});`
add updateSubdomain in route53 backend 2015-10-29 15:37:42 -07:00			`}`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`function del(dnsConfig, zoneName, subdomain, type, values, callback) {`
			`assert.strictEqual(typeof dnsConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
			`assert.strictEqual(typeof subdomain, 'string');`
			`assert.strictEqual(typeof type, 'string');`
subdomains.del now takes array values 2015-10-30 13:30:19 -07:00			`assert(util.isArray(values));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof callback, 'function');`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`getZoneByName(dnsConfig, zoneName, function (error, zone) {`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`if (error) return callback(error);`

fix fqdn for naked domain 2016-07-07 13:14:15 -07:00			`var fqdn = subdomain === '' ? zoneName : subdomain + '.' + zoneName;`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00			`var records = values.map(function (v) { return { Value: v }; });`

Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`var resourceRecordSet = {`
			`Name: fqdn,`
			`Type: type,`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00			`ResourceRecords: records,`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`TTL: 1`
			`};`

			`var params = {`
			`ChangeBatch: {`
			`Changes: [{`
			`Action: 'DELETE',`
			`ResourceRecordSet: resourceRecordSet`
			`}]`
			`},`
			`HostedZoneId: zone.Id`
			`};`

pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`var route53 = new AWS.Route53(getDnsCredentials(dnsConfig));`
Use the native dns resolver 2018-02-08 10:21:31 -08:00			`route53.changeResourceRecordSets(params, function(error) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'AccessDenied') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
			`if (error && error.code === 'InvalidClientTokenId') return callback(new DomainsError(DomainsError.ACCESS_DENIED, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`if (error && error.message && error.message.indexOf('it was not found') !== -1) {`
fix function name in debug 2015-12-17 20:30:30 -08:00			`debug('del: resource record set not found.', error);`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`} else if (error && error.code === 'NoSuchHostedZone') {`
fix function name in debug 2015-12-17 20:30:30 -08:00			`debug('del: hosted zone not found.', error);`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`} else if (error && error.code === 'PriorRequestNotComplete') {`
fix function name in debug 2015-12-17 20:30:30 -08:00			`debug('del: resource is still busy', error);`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.STILL_BUSY, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`} else if (error && error.code === 'InvalidChangeBatch') {`
fix function name in debug 2015-12-17 20:30:30 -08:00			`debug('del: invalid change batch. No such record to be deleted.');`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.NOT_FOUND, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`} else if (error) {`
fix function name in debug 2015-12-17 20:30:30 -08:00			`debug('del: error', error);`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.EXTERNAL_ERROR, error.message));`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`}`

			`callback(null);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`});`
			`});`
			`}`

domain -> fqdn 2017-06-12 21:06:40 -07:00			`function verifyDnsConfig(dnsConfig, fqdn, zoneName, ip, callback) {`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`assert.strictEqual(typeof dnsConfig, 'object');`
domain -> fqdn 2017-06-12 21:06:40 -07:00			`assert.strictEqual(typeof fqdn, 'string');`
Make verifyDnsConfig take zone name 2017-06-11 22:32:05 -07:00			`assert.strictEqual(typeof zoneName, 'string');`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`assert.strictEqual(typeof ip, 'string');`
			`assert.strictEqual(typeof callback, 'function');`

validate dns config parameters 2018-06-17 21:44:08 -07:00			`if (!dnsConfig.accessKeyId \|\| typeof dnsConfig.accessKeyId !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'accessKeyId must be a non-empty string'));`
			`if (!dnsConfig.secretAccessKey \|\| typeof dnsConfig.secretAccessKey !== 'string') return callback(new DomainsError(DomainsError.BAD_FIELD, 'secretAccessKey must be a non-empty string'));`

Make the verifyDnsConfig() api return the valid credentials 2017-01-10 11:32:44 +01:00			`var credentials = {`
			`accessKeyId: dnsConfig.accessKeyId,`
			`secretAccessKey: dnsConfig.secretAccessKey,`
			`region: dnsConfig.region \|\| 'us-east-1',`
route53: set listHostedZonesByName for new/updated domains 2018-05-07 13:42:10 -07:00			`endpoint: dnsConfig.endpoint \|\| null,`
			`listHostedZonesByName: true // new/updated creds require this perm`
Make the verifyDnsConfig() api return the valid credentials 2017-01-10 11:32:44 +01:00			`};`

Fix failing tests 2017-01-10 16:44:28 -08:00			`if (process.env.BOX_ENV === 'test') return callback(null, credentials); // this shouldn't be here`

remove resolveNs 2018-02-08 14:39:35 -08:00			`dns.resolve(zoneName, 'NS', { timeout: 5000 }, function (error, nameservers) {`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`if (error && error.code === 'ENOTFOUND') return callback(new DomainsError(DomainsError.BAD_FIELD, 'Unable to resolve nameservers for this domain'));`
			`if (error \|\| !nameservers) return callback(new DomainsError(DomainsError.BAD_FIELD, error ? error.message : 'Unable to get nameservers'));`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
Make verifyDnsConfig take zone name 2017-06-11 22:32:05 -07:00			`getHostedZone(credentials, zoneName, function (error, zone) {`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`if (error) return callback(error);`

			`if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {`
			`debug('verifyDnsConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);`
DomainError -> DomainsError 2018-04-29 11:20:12 -07:00			`return callback(new DomainsError(DomainsError.BAD_FIELD, 'Domain nameservers are not set to Route53'));`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`}`

Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00			`const testSubdomain = 'cloudrontestdns';`
Make verifyDnsConfig take zone name 2017-06-11 22:32:05 -07:00
Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00			`upsert(credentials, zoneName, testSubdomain, 'A', [ ip ], function (error, changeId) {`
upsert already returns a SubdomainError 2017-02-14 22:29:33 -08:00			`if (error) return callback(error);`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00			`debug('verifyDnsConfig: Test A record added with change id %s', changeId);`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
route53: use credentials instead of dnsConfig 2018-05-07 23:41:03 -07:00			`del(credentials, zoneName, testSubdomain, 'A', [ ip ], function (error) {`
Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00			`if (error) return callback(error);`

			`debug('verifyDnsConfig: Test A record removed again');`

			`callback(null, credentials);`
			`});`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`});`
			`});`
			`});`
			`}`