fix(lambda): handle gracefully for same alias default domain (#2607)

iamhopaul123 · web-flow · commit d0d42cada0bd · 2021-07-13T18:32:56.000Z
fixes #2602. Currently Copilot fails if users set the `alias` to be the same as the default domain name we assign them. Though this is not a very common behavior, we should handle this edge case gracefully.  By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
diff --git a/cf-custom-resources/lib/dns-cert-validator.js b/cf-custom-resources/lib/dns-cert-validator.js
@@ -108,11 +108,12 @@ const requestCertificate = async function (
 ) {
   const crypto = require("crypto");
   const [acm, envRoute53, appRoute53] = clients(region, rootDnsRole);
-  // For backward compatiblity.
-  const sansToUse = [`*.${certDomain}`];
+  // For backward compatiblity, and make sure the SANs we use are unique.
+  const uniqueSansToUse = new Set([certDomain, `*.${certDomain}`]);
   for (const alias of aliases) {
-    sansToUse.push(alias);
+    uniqueSansToUse.add(alias);
   }
+  const sansToUse = [...uniqueSansToUse];
   const reqCertResponse = await acm
     .requestCertificate({
       DomainName: certDomain,
@@ -138,8 +139,7 @@ const requestCertificate = async function (
 
   let options;
   let attempt;
-  // We need to count the domain name itself.
-  const expectedValidationOptionsNum = sansToUse.length + 1;
+  const expectedValidationOptionsNum = sansToUse.length;
   for (attempt = 0; attempt < maxAttempts; attempt++) {
     const { Certificate } = await acm
       .describeCertificate({
diff --git a/cf-custom-resources/test/dns-cert-validator-test.js b/cf-custom-resources/test/dns-cert-validator-test.js
@@ -22,13 +22,14 @@ describe("DNS Validated Certificate Handler", () => {
   const testRootDNSRole = "mockRole";
   const testAliases = `{
     "frontend": ["v1.${testAppName}.${testDomainName}", "foobar.com"],
-    "backend": ["v2.${testDomainName}"]
+    "backend": ["v2.${testDomainName}", "${testEnvName}.${testAppName}.${testDomainName}"]
   }`;
   const testUpdatedAliases = `{
     "frontend": ["v1.${testAppName}.${testDomainName}"],
-    "backend": ["v2.${testDomainName}"]
+    "backend": ["v2.${testDomainName}", "${testEnvName}.${testAppName}.${testDomainName}"]
   }`;
   const testSANs = [
+    "test.myapp.example.com",
     "*.test.myapp.example.com",
     "v1.myapp.example.com",
     "v2.example.com",
@@ -518,6 +519,7 @@ describe("DNS Validated Certificate Handler", () => {
           sinon.match({
             DomainName: `${testEnvName}.${testAppName}.${testDomainName}`,
             SubjectAlternativeNames: [
+              `${testEnvName}.${testAppName}.${testDomainName}`,
               `*.${testEnvName}.${testAppName}.${testDomainName}`,
             ],
             ValidationMethod: "DNS",
diff --git a/templates/environment/cf.yml b/templates/environment/cf.yml
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: MIT-0
 Description: CloudFormation environment template for infrastructure shared among Copilot workloads.
 Metadata:
-  Version: 'v1.5.0'
+  Version: 'v1.5.1'
 Parameters:
   AppName:
     Type: String
