src/dns/route53.js

import assert from 'node:assert';
import BoxError from '../boxerror.js';
import { ConfiguredRetryStrategy } from '@smithy/util-retry';
import constants from '../constants.js';
import debugModule from 'debug';
import * as dig from '../dig.js';
import * as dns from '../dns.js';
import { Route53 } from '@aws-sdk/client-route-53';
import safe from 'safetydance';
import waitForDns from './waitfordns.js';
import * as _ from '../underscore.js';

const debug = debugModule('box:dns/route53');

export {
    removePrivateFields,
    injectPrivateFields,
    upsert,
    get,
    del,
    wait,
    verifyDomainConfig,
};

function removePrivateFields(domainObject) {
    delete domainObject.config.secretAccessKey;
    return domainObject;
}

function injectPrivateFields(newConfig, currentConfig) {
    if (!Object.hasOwn(newConfig, 'secretAccessKey')) newConfig.secretAccessKey = currentConfig.secretAccessKey;
}

function createRoute53Client(domainConfig) {
    assert.strictEqual(typeof domainConfig, 'object');

    const credentials = {
        accessKeyId: domainConfig.accessKeyId,
        secretAccessKey: domainConfig.secretAccessKey,
    };

    const clientConfig = {
        region: domainConfig.region,
        credentials,
        // route53 has a limit of 5 req/sec/region - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests
        retryStrategy: new ConfiguredRetryStrategy(20 /* max attempts */, (/* attempt */) => 3000 /* constant backoff */)
    };

    return constants.TEST ? new globalThis.Route53Mock(clientConfig) : new Route53(clientConfig);
}

async function getZoneByName(domainConfig, zoneName) {
    assert.strictEqual(typeof domainConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');

    const route53 = createRoute53Client(domainConfig);

    // backward compat for 2.2, where we only required access to "listHostedZones"
    let listHostedZones;
    if (domainConfig.listHostedZonesByName) {
        listHostedZones = route53.listHostedZonesByName({ MaxItems: '1', DNSName: zoneName + '.' });
    } else {
        listHostedZones = route53.listHostedZones({}); // currently, this route does not support > 100 zones
    }

    const [error, result] = await safe(listHostedZones);
    if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);

    const zone = result.HostedZones.filter(function (zone) {
        return zone.Name.slice(0, -1) === zoneName;     // aws zone name contains a '.' at the end
    })[0];

    if (!zone) throw new BoxError(BoxError.NOT_FOUND, 'no such zone');

    return zone;
}

async function getHostedZone(domainConfig, zoneName) {
    assert.strictEqual(typeof domainConfig, 'object');
    assert.strictEqual(typeof zoneName, 'string');

    const zone = await getZoneByName(domainConfig, zoneName);

    const route53 = createRoute53Client(domainConfig);
    const [error, result] = await safe(route53.getHostedZone({ Id: zone.Id }));
    if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);

    return result;
}

async function upsert(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        fqdn = dns.fqdn(location, domainObject.domain);

    debug('add: %s for zone %s of type %s with values %j', fqdn, zoneName, type, values);

    const zone = await getZoneByName(domainConfig, zoneName);

    const records = values.map(function (v) { return { Value: v }; });  // for mx records, value is already of the '<priority> <server>' format

    const params = {
        ChangeBatch: {
            Changes: [{
                Action: 'UPSERT',
                ResourceRecordSet: {
                    Type: type,
                    Name: fqdn,
                    ResourceRecords: records,
                    TTL: 1
                }
            }]
        },
        HostedZoneId: zone.Id
    };

    const route53 = createRoute53Client(domainConfig);
    const [error] = await safe(route53.changeResourceRecordSets(params));
    if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'PriorRequestNotComplete') throw new BoxError(BoxError.BUSY, error.message);
    if (error && error.code === 'InvalidChangeBatch') throw new BoxError(BoxError.BAD_FIELD, error.message);
    if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);
}

async function get(domainObject, location, type) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        fqdn = dns.fqdn(location, domainObject.domain);

    const zone = await getZoneByName(domainConfig, zoneName);

    const params = {
        HostedZoneId: zone.Id,
        MaxItems: '1',
        StartRecordName: fqdn + '.',
        StartRecordType: type
    };

    const route53 = createRoute53Client(domainConfig);
    const [error, result] = await safe(route53.listResourceRecordSets(params));
    if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);
    if (result.ResourceRecordSets.length === 0) return [];
    if (result.ResourceRecordSets[0].Name !== params.StartRecordName || result.ResourceRecordSets[0].Type !== params.StartRecordType) return [];

    const values = result.ResourceRecordSets[0].ResourceRecords.map(function (record) { return record.Value; });
    return values;
}

async function del(domainObject, location, type, values) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof location, 'string');
    assert.strictEqual(typeof type, 'string');
    assert(Array.isArray(values));

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName,
        fqdn = dns.fqdn(location, domainObject.domain);

    const zone = await getZoneByName(domainConfig, zoneName);

    const records = values.map(function (v) { return { Value: v }; });

    const resourceRecordSet = {
        Name: fqdn,
        Type: type,
        ResourceRecords: records,
        TTL: 1
    };

    const params = {
        ChangeBatch: {
            Changes: [{
                Action: 'DELETE',
                ResourceRecordSet: resourceRecordSet
            }]
        },
        HostedZoneId: zone.Id
    };

    const route53 = createRoute53Client(domainConfig);
    const [error] = await safe(route53.changeResourceRecordSets(params));
    if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);
    if (error && error.message && error.message.indexOf('it was not found') !== -1) {
        throw new BoxError(BoxError.NOT_FOUND, error.message);
    } else if (error && error.code === 'NoSuchHostedZone') {
        throw new BoxError(BoxError.NOT_FOUND, error.message);
    } else if (error && error.code === 'PriorRequestNotComplete') {
        throw new BoxError(BoxError.BUSY, error.message);
    } else if (error && error.code === 'InvalidChangeBatch') {
        throw new BoxError(BoxError.NOT_FOUND, error.message);
    } else if (error) {
        throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);
    }
}

async function wait(domainObject, subdomain, type, value, options) {
    assert.strictEqual(typeof domainObject, 'object');
    assert.strictEqual(typeof subdomain, 'string');
    assert.strictEqual(typeof type, 'string');
    assert.strictEqual(typeof value, 'string');
    assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }

    const fqdn = dns.fqdn(subdomain, domainObject.domain);

    await waitForDns(fqdn, domainObject.zoneName, type, value, options);
}

async function verifyDomainConfig(domainObject) {
    assert.strictEqual(typeof domainObject, 'object');

    const domainConfig = domainObject.config,
        zoneName = domainObject.zoneName;

    if (!domainConfig.accessKeyId || typeof domainConfig.accessKeyId !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a non-empty string');
    if (!domainConfig.secretAccessKey || typeof domainConfig.secretAccessKey !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a non-empty string');
    if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');

    const credentials = {
        accessKeyId: domainConfig.accessKeyId,
        secretAccessKey: domainConfig.secretAccessKey,
        region: domainConfig.region || 'us-east-1',
        endpoint: domainConfig.endpoint || null,
        listHostedZonesByName: true, // new/updated creds require this perm
        customNameservers: !!domainConfig.customNameservers
    };

    const ip = '127.0.0.1';

    if (constants.TEST) return credentials; // this shouldn't be here

    const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));
    if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');
    if (error || !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');

    const zone = await getHostedZone(credentials, zoneName);

    if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {
        debug('verifyDomainConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);
        if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Route53');
    }

    const location = 'cloudrontestdns';
    const newDomainObject = Object.assign({ }, domainObject, { config: credentials });

    await upsert(newDomainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record added');

    await get(newDomainObject, location, 'A');
    debug('verifyDomainConfig: Can list record sets');

    await del(newDomainObject, location, 'A', [ ip ]);
    debug('verifyDomainConfig: Test A record removed again');

    return credentials;
}
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`import assert from 'node:assert';`
			`import BoxError from '../boxerror.js';`
			`import { ConfiguredRetryStrategy } from '@smithy/util-retry';`
			`import constants from '../constants.js';`
			`import debugModule from 'debug';`
			`import * as dig from '../dig.js';`
			`import * as dns from '../dns.js';`
			`import { Route53 } from '@aws-sdk/client-route-53';`
			`import safe from 'safetydance';`
			`import waitForDns from './waitfordns.js';`
			`import * as _ from '../underscore.js';`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
Migrate codebase from CommonJS to ES Modules 2026-02-14 09:53:14 +01:00			`const debug = debugModule('box:dns/route53');`

			`export {`
Revert "Add no-use-before-define linter rule" 2025-10-08 20:11:55 +02:00			`removePrivateFields,`
			`injectPrivateFields,`
			`upsert,`
			`get,`
			`del,`
			`wait,`
			`verifyDomainConfig,`
			`};`

add provider specific removePrivateFields to redact tokens and secrets 2019-02-08 11:11:49 +01:00			`function removePrivateFields(domainObject) {`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00			`delete domainObject.config.secretAccessKey;`
add provider specific removePrivateFields to redact tokens and secrets 2019-02-08 11:11:49 +01:00			`return domainObject;`
			`}`

Add dns interface api to inject hidden files for verification 2019-02-09 19:08:15 +01:00			`function injectPrivateFields(newConfig, currentConfig) {`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00			`if (!Object.hasOwn(newConfig, 'secretAccessKey')) newConfig.secretAccessKey = currentConfig.secretAccessKey;`
Add dns interface api to inject hidden files for verification 2019-02-09 19:08:15 +01:00			`}`

test: fix route53 tests 2025-02-11 11:29:30 +01:00			`function createRoute53Client(domainConfig) {`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`assert.strictEqual(typeof domainConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`const credentials = {`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`accessKeyId: domainConfig.accessKeyId,`
			`secretAccessKey: domainConfig.secretAccessKey,`
pass dnsConfig to backend api 2015-11-08 23:14:39 -08:00			`};`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const clientConfig = {`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`region: domainConfig.region,`
			`credentials,`
test: fix route53 tests 2025-02-11 11:29:30 +01:00			`// route53 has a limit of 5 req/sec/region - https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DNSLimitations.html#limits-api-requests`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`retryStrategy: new ConfiguredRetryStrategy(20 /* max attempts /, (/ attempt /) => 3000 / constant backoff */)`
			`};`
test: fix route53 tests 2025-02-11 11:29:30 +01:00
			`return constants.TEST ? new globalThis.Route53Mock(clientConfig) : new Route53(clientConfig);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function getZoneByName(domainConfig, zoneName) {`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`assert.strictEqual(typeof domainConfig, 'object');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof zoneName, 'string');`

test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const route53 = createRoute53Client(domainConfig);`
route53: add backward compat for pre-2.2 IAM perms 2018-05-07 11:18:15 -07:00
			`// backward compat for 2.2, where we only required access to "listHostedZones"`
			`let listHostedZones;`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`if (domainConfig.listHostedZonesByName) {`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`listHostedZones = route53.listHostedZonesByName({ MaxItems: '1', DNSName: zoneName + '.' });`
route53: add backward compat for pre-2.2 IAM perms 2018-05-07 11:18:15 -07:00			`} else {`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`listHostedZones = route53.listHostedZones({}); // currently, this route does not support > 100 zones`
route53: add backward compat for pre-2.2 IAM perms 2018-05-07 11:18:15 -07:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`const [error, result] = await safe(listHostedZones);`
			`if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = result.HostedZones.filter(function (zone) {`
			`return zone.Name.slice(0, -1) === zoneName; // aws zone name contains a '.' at the end`
			`})[0];`
Revert "No need to iterate over the hosted zones anymore" 2018-05-07 11:23:17 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`if (!zone) throw new BoxError(BoxError.NOT_FOUND, 'no such zone');`
Revert "No need to iterate over the hosted zones anymore" 2018-05-07 11:23:17 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`return zone;`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function getHostedZone(domainConfig, zoneName) {`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`assert.strictEqual(typeof domainConfig, 'object');`
validate route53 credentials 2016-07-03 21:37:17 -05:00			`assert.strictEqual(typeof zoneName, 'string');`
Reorder dns backend exports 2016-09-15 11:57:25 +02:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = await getZoneByName(domainConfig, zoneName);`
handle error 2016-07-04 23:31:26 -05:00
test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const route53 = createRoute53Client(domainConfig);`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`const [error, result] = await safe(route53.getHostedZone({ Id: zone.Id }));`
make route53 async 2022-02-04 15:20:49 -08:00			`if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);`
validate route53 credentials 2016-07-03 21:37:17 -05:00
make route53 async 2022-02-04 15:20:49 -08:00			`return result;`
validate route53 credentials 2016-07-03 21:37:17 -05:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function upsert(domainObject, location, type, values) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof type, 'string');`
Use Array.isArray instead 2021-05-02 11:26:08 -07:00			`assert(Array.isArray(values));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
dns: fqdn only needs domain string 2022-11-28 21:23:06 +01:00			`fqdn = dns.fqdn(location, domainObject.domain);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00
			`debug('add: %s for zone %s of type %s with values %j', fqdn, zoneName, type, values);`
prepare dns backends to accepts array of values 2015-10-30 13:04:43 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = await getZoneByName(domainConfig, zoneName);`

			`const records = values.map(function (v) { return { Value: v }; }); // for mx records, value is already of the '<priority> <server>' format`

			`const params = {`
			`ChangeBatch: {`
			`Changes: [{`
			`Action: 'UPSERT',`
			`ResourceRecordSet: {`
			`Type: type,`
			`Name: fqdn,`
			`ResourceRecords: records,`
			`TTL: 1`
			`}`
			`}]`
			`},`
			`HostedZoneId: zone.Id`
			`};`

test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const route53 = createRoute53Client(domainConfig);`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`const [error] = await safe(route53.changeResourceRecordSets(params));`
make route53 async 2022-02-04 15:20:49 -08:00			`if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'PriorRequestNotComplete') throw new BoxError(BoxError.BUSY, error.message);`
			`if (error && error.code === 'InvalidChangeBatch') throw new BoxError(BoxError.BAD_FIELD, error.message);`
			`if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function get(domainObject, location, type) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
add updateSubdomain in route53 backend 2015-10-29 15:37:42 -07:00			`assert.strictEqual(typeof type, 'string');`

dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
dns: fqdn only needs domain string 2022-11-28 21:23:06 +01:00			`fqdn = dns.fqdn(location, domainObject.domain);`
implement subdomains.get for route53 2015-10-30 13:17:33 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = await getZoneByName(domainConfig, zoneName);`

			`const params = {`
			`HostedZoneId: zone.Id,`
			`MaxItems: '1',`
			`StartRecordName: fqdn + '.',`
			`StartRecordType: type`
			`};`

test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const route53 = createRoute53Client(domainConfig);`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`const [error, result] = await safe(route53.listResourceRecordSets(params));`
make route53 async 2022-02-04 15:20:49 -08:00			`if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error) throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);`
			`if (result.ResourceRecordSets.length === 0) return [];`
			`if (result.ResourceRecordSets[0].Name !== params.StartRecordName \|\| result.ResourceRecordSets[0].Type !== params.StartRecordType) return [];`

			`const values = result.ResourceRecordSets[0].ResourceRecords.map(function (record) { return record.Value; });`
			`return values;`
add updateSubdomain in route53 backend 2015-10-29 15:37:42 -07:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function del(domainObject, location, type, values) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
			`assert.strictEqual(typeof location, 'string');`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`assert.strictEqual(typeof type, 'string');`
Use Array.isArray instead 2021-05-02 11:26:08 -07:00			`assert(Array.isArray(values));`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName,`
dns: fqdn only needs domain string 2022-11-28 21:23:06 +01:00			`fqdn = dns.fqdn(location, domainObject.domain);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = await getZoneByName(domainConfig, zoneName);`

			`const records = values.map(function (v) { return { Value: v }; });`

			`const resourceRecordSet = {`
			`Name: fqdn,`
			`Type: type,`
			`ResourceRecords: records,`
			`TTL: 1`
			`};`

			`const params = {`
			`ChangeBatch: {`
			`Changes: [{`
			`Action: 'DELETE',`
			`ResourceRecordSet: resourceRecordSet`
			`}]`
			`},`
			`HostedZoneId: zone.Id`
			`};`

test: fix route53 tests 2025-02-11 11:29:30 +01:00			`const route53 = createRoute53Client(domainConfig);`
domains: migrate route53 to aws sdk v3 2025-02-10 17:03:09 +01:00			`const [error] = await safe(route53.changeResourceRecordSets(params));`
make route53 async 2022-02-04 15:20:49 -08:00			`if (error && error.code === 'AccessDenied') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.code === 'InvalidClientTokenId') throw new BoxError(BoxError.ACCESS_DENIED, error.message);`
			`if (error && error.message && error.message.indexOf('it was not found') !== -1) {`
			`throw new BoxError(BoxError.NOT_FOUND, error.message);`
			`} else if (error && error.code === 'NoSuchHostedZone') {`
			`throw new BoxError(BoxError.NOT_FOUND, error.message);`
			`} else if (error && error.code === 'PriorRequestNotComplete') {`
			`throw new BoxError(BoxError.BUSY, error.message);`
			`} else if (error && error.code === 'InvalidChangeBatch') {`
			`throw new BoxError(BoxError.NOT_FOUND, error.message);`
			`} else if (error) {`
			`throw new BoxError(BoxError.EXTERNAL_ERROR, error.message);`
			`}`
Move dns backends to separate directory 2015-10-28 16:02:06 -07:00			`}`

make waitForDns async 2022-02-03 16:15:14 -08:00			`async function wait(domainObject, subdomain, type, value, options) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`
make waitForDns async 2022-02-03 16:15:14 -08:00			`assert.strictEqual(typeof subdomain, 'string');`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof type, 'string');`
			`assert.strictEqual(typeof value, 'string');`
			`assert(options && typeof options === 'object'); // { interval: 5000, times: 50000 }`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
dns: fqdn only needs domain string 2022-11-28 21:23:06 +01:00			`const fqdn = dns.fqdn(subdomain, domainObject.domain);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00
make waitForDns async 2022-02-03 16:15:14 -08:00			`await waitForDns(fqdn, domainObject.zoneName, type, value, options);`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`}`

make route53 async 2022-02-04 15:20:49 -08:00			`async function verifyDomainConfig(domainObject) {`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`assert.strictEqual(typeof domainObject, 'object');`

dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`const domainConfig = domainObject.config,`
rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`zoneName = domainObject.zoneName;`

make route53 async 2022-02-04 15:20:49 -08:00			`if (!domainConfig.accessKeyId \|\| typeof domainConfig.accessKeyId !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'accessKeyId must be a non-empty string');`
			`if (!domainConfig.secretAccessKey \|\| typeof domainConfig.secretAccessKey !== 'string') throw new BoxError(BoxError.BAD_FIELD, 'secretAccessKey must be a non-empty string');`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`if ('customNameservers' in domainConfig && typeof domainConfig.customNameservers !== 'boolean') throw new BoxError(BoxError.BAD_FIELD, 'customNameservers must be a boolean');`
validate dns config parameters 2018-06-17 21:44:08 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`const credentials = {`
dnsConfig -> domainConfig 2022-01-05 22:41:41 -08:00			`accessKeyId: domainConfig.accessKeyId,`
			`secretAccessKey: domainConfig.secretAccessKey,`
			`region: domainConfig.region \|\| 'us-east-1',`
			`endpoint: domainConfig.endpoint \|\| null,`
Handle hyphenatedSubdomains in the backend verifyDnsConfig() 2018-08-22 12:16:19 +02:00			`listHostedZonesByName: true, // new/updated creds require this perm`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`customNameservers: !!domainConfig.customNameservers`
Make the verifyDnsConfig() api return the valid credentials 2017-01-10 11:32:44 +01:00			`};`

rework dns api to take domainObject 2019-01-04 18:44:54 -08:00			`const ip = '127.0.0.1';`

Use constants.TEST 2023-10-01 13:52:19 +05:30			`if (constants.TEST) return credentials; // this shouldn't be here`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
make route53 async 2022-02-04 15:20:49 -08:00			`const [error, nameservers] = await safe(dig.resolve(zoneName, 'NS', { timeout: 5000 }));`
			`if (error && error.code === 'ENOTFOUND') throw new BoxError(BoxError.BAD_FIELD, 'Unable to resolve nameservers for this domain');`
			`if (error \|\| !nameservers) throw new BoxError(BoxError.BAD_FIELD, error ? error.message : 'Unable to get nameservers');`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
make route53 async 2022-02-04 15:20:49 -08:00			`const zone = await getHostedZone(credentials, zoneName);`
Make verifyDnsConfig take zone name 2017-06-11 22:32:05 -07:00
make route53 async 2022-02-04 15:20:49 -08:00			`if (!_.isEqual(zone.DelegationSet.NameServers.sort(), nameservers.sort())) {`
			`debug('verifyDomainConfig: %j and %j do not match', nameservers, zone.DelegationSet.NameServers);`
domains: add option to set custom/vanity nameservers 2025-03-02 07:27:09 +01:00			`if (!domainConfig.customNameservers) throw new BoxError(BoxError.BAD_FIELD, 'Domain nameservers are not set to Route53');`
make route53 async 2022-02-04 15:20:49 -08:00			`}`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
make route53 async 2022-02-04 15:20:49 -08:00			`const location = 'cloudrontestdns';`
			`const newDomainObject = Object.assign({ }, domainObject, { config: credentials });`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00
make route53 async 2022-02-04 15:20:49 -08:00			`await upsert(newDomainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record added');`
Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00
route53: check permissions to perform route53:ListResourceRecordSets 2022-03-02 10:44:52 -08:00			`await get(newDomainObject, location, 'A');`
			`debug('verifyDomainConfig: Can list record sets');`

make route53 async 2022-02-04 15:20:49 -08:00			`await del(newDomainObject, location, 'A', [ ip ]);`
			`debug('verifyDomainConfig: Test A record removed again');`
Do not rely on admin subdomain for dns backend config validation 2017-11-07 23:13:58 +01:00
make route53 async 2022-02-04 15:20:49 -08:00			`return credentials;`
Implement verifyDnsConfig() for route53 2017-01-10 11:12:25 +01:00			`}`
domains: remove SECRET_PLACEHOLDER from responses 2025-10-08 12:04:31 +02:00