diff --git a/README.md b/README.md index de9602f..e0e2927 100644 --- a/README.md +++ b/README.md @@ -23,9 +23,8 @@ All requirements for running the API are packaged and uploaded to AWS as a lambd 8. Get the API Key generated by AWS by running `hatch run ./get_api_key.py` in the root directory. The deployment is configured to reject any API call that does not have this key passed via the `x-api-key` HTTP header. For convenience: -* `./deploy.sh` in the project root will clean the environment and perform steps 2-6 (using `-var="dnssec_enabled=false"`), with the exception of copying over the example config to the operational config and running `tofu init` in the open-tofu dir. * `hatch run lambda:prepare` will run steps 2-5 in a single command. -* `hatch run lambda:deploy` will clean the environment and then run steps 2-6, in the same manner as `deploy.sh`. +* `hatch run lambda:deploy-no-dnssec` or `hatch run lambda:deploy-dnssec` will clean the environment and then run steps 2-6 with DNSSEC validation enabled or disabled respectively. ## Testing The following is an example of a test API call that uses bash command substitution to fill in the proper values for the API URL and the API key. @@ -44,7 +43,7 @@ The above sample must be run from the root directory of a deployed Open MPIC aws The API is compliant with the [Open MPIC Specification](https://github.com/open-mpic/open-mpic-specification). -Documentation based on the API specification used in this version can be viewed [here](https://open-mpic.org/documentation.html?commit=f763382c38a867dda3253afded017f9e3a24ead5). +Documentation based on the API specification used in this version can be viewed [here](https://open-mpic.org/documentation.html?commit=9c1e2e9a73f63e2c9156909e949e0a724aeccb6a). ## Development Code changes can easily be deployed by editing the .py files and then rezipping the project via `./zip-all.sh` and `./2-package.sh` in the `layer` directory. Then, running `tofu apply` run from the open-tofu directory will update only on the required resources and leave the others unchanged. If any `.tf.template` files are changed or `config.yaml` is edited, `hatch run ./configure.py` must be rerun followed by `tofu apply` in the open-tofu directory. diff --git a/clean.sh b/clean.sh index 8f2c045..bac15d9 100755 --- a/clean.sh +++ b/clean.sh @@ -5,11 +5,11 @@ cd $SCRIPT_DIR FUNCTIONS_DIR="src/aws_lambda_mpic" -rm open-tofu/*.generated.tf +$(rm open-tofu/*.generated.tf 2> /dev/null) || true -rm layer/*.zip -rm -r layer/create_layer_virtualenv +$(rm layer/*.zip 2> /dev/null) || true +#$(rm -r layer/create_layer_virtualenv 2> /dev/null) || true -rm "${FUNCTIONS_DIR}"/mpic_coordinator_lambda/mpic_coordinator_lambda.zip -rm "${FUNCTIONS_DIR}"/mpic_caa_checker_lambda/mpic_caa_checker_lambda.zip -rm "${FUNCTIONS_DIR}"/mpic_dcv_checker_lambda/mpic_dcv_checker_lambda.zip +$(rm "${FUNCTIONS_DIR}"/mpic_coordinator_lambda/mpic_coordinator_lambda.zip 2> /dev/null) || true +$(rm "${FUNCTIONS_DIR}"/mpic_caa_checker_lambda/mpic_caa_checker_lambda.zip 2> /dev/null) || true +$(rm "${FUNCTIONS_DIR}"/mpic_dcv_checker_lambda/mpic_dcv_checker_lambda.zip 2> /dev/null) || true diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 878954c..0000000 --- a/deploy.sh +++ /dev/null @@ -1,2 +0,0 @@ -#!/bin/bash -./clean.sh; hatch env prune; hatch run lambda-layer:install; ./package-layer.sh; hatch run ./configure.py; ./zip-all.sh; cd open-tofu; tofu apply -var="dnssec_enabled=false" -auto-approve; cd .. diff --git a/open-tofu/variables.tf b/open-tofu/variables.tf index b359366..05a1c85 100644 --- a/open-tofu/variables.tf +++ b/open-tofu/variables.tf @@ -1,5 +1,5 @@ variable "dnssec_enabled" { type = bool description = "Enable DNSSEC" - default = false + default = true } diff --git a/pyproject.toml b/pyproject.toml index 73db6be..dadc439 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -33,7 +33,7 @@ dependencies = [ "pydantic==2.8.2", "aiohttp==3.11.11", "aws-lambda-powertools[parser]==3.2.0", - "open-mpic-core==5.0.0", + "open-mpic-core==5.1.0", "aioboto3~=13.3.0", "black==24.8.0", ] @@ -91,7 +91,9 @@ layer-install = "pip install . --platform manylinux2014_aarch64 --only-binary=:a layer-package = "sh ./package-layer.sh" configure-tf = "python configure.py" zip-lambdas = "sh ./zip-all.sh" -apply-tf = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=false\" -auto-approve)" +apply-tf-dnssec = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=true\" -auto-approve)" +apply-tf-no-dnssec = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=false\" -auto-approve)" +destroy-tf = "(cd open-tofu && tofu destroy -auto-approve)" prepare = [ "layer-install", "layer-package", @@ -99,10 +101,15 @@ prepare = [ "zip-lambdas" ] clean = "sh ./clean.sh" -deploy = [ +deploy-dnssec = [ "clean", "prepare", - "apply-tf" + "apply-tf-dnssec" +] +deploy-no-dnssec = [ + "clean", + "prepare", + "apply-tf-no-dnssec" ] diff --git a/tests/integration/test_deployed_mpic_api.py b/tests/integration/test_deployed_mpic_api.py index 71ad615..d0aab1b 100644 --- a/tests/integration/test_deployed_mpic_api.py +++ b/tests/integration/test_deployed_mpic_api.py @@ -291,7 +291,7 @@ def api_should_return_200_given_valid_website_change_validation( @pytest.mark.parametrize('domain_or_ip_target, dns_record_type, challenge_value, purpose_of_test', [ ('dns-change-txt.integration-testing.open-mpic.org', DnsRecordType.TXT, "1234567890abcdefg.", 'standard TXT dns change'), ('dns-change-cname.integration-testing.open-mpic.org', DnsRecordType.CNAME, "1234567890abcdefg.", 'standard CNAME dns change'), - ('dns-change-caa.integration-testing.open-mpic.org', DnsRecordType.CAA, '0 dnschange "1234567890abcdefg."', 'standard CAA dns change'), + ('dns-change-caa.integration-testing.open-mpic.org', DnsRecordType.CAA, '1234567890abcdefg.', 'standard CAA dns change'), ]) # fmt: on def api_should_return_200_is_valid_true_given_valid_dns_change_validation(