bump core and cleanup deploy files. fix test for CAA dns change.

README.md

@@ -23,9 +23,8 @@ All requirements for running the API are packaged and uploaded to AWS as a lambd
 8. Get the API Key generated by AWS by running `hatch run ./get_api_key.py` in the root directory. The deployment is configured to reject any API call that does not have this key passed via the `x-api-key` HTTP header.
 
 For convenience:
-* `./deploy.sh` in the project root will clean the environment and perform steps 2-6 (using `-var="dnssec_enabled=false"`), with the exception of copying over the example config to the operational config and running `tofu init` in the open-tofu dir.
 * `hatch run lambda:prepare` will run steps 2-5 in a single command.
-* `hatch run lambda:deploy` will clean the environment and then run steps 2-6, in the same manner as `deploy.sh`.
+* `hatch run lambda:deploy-no-dnssec` or `hatch run lambda:deploy-dnssec` will clean the environment and then run steps 2-6 with DNSSEC validation enabled or disabled respectively.
 
 ## Testing
 The following is an example of a test API call that uses bash command substitution to fill in the proper values for the API URL and the API key.
@@ -44,7 +43,7 @@ The above sample must be run from the root directory of a deployed Open MPIC aws
 
 The API is compliant with the [Open MPIC Specification](https://github.com/open-mpic/open-mpic-specification).
 
-Documentation based on the API specification used in this version can be viewed [here](https://open-mpic.org/documentation.html?commit=f763382c38a867dda3253afded017f9e3a24ead5).
+Documentation based on the API specification used in this version can be viewed [here](https://open-mpic.org/documentation.html?commit=9c1e2e9a73f63e2c9156909e949e0a724aeccb6a).
 
 ## Development
 Code changes can easily be deployed by editing the .py files and then rezipping the project via `./zip-all.sh` and `./2-package.sh` in the `layer` directory. Then, running `tofu apply` run from the open-tofu directory will update only on the required resources and leave the others unchanged. If any `.tf.template` files are changed or `config.yaml` is edited, `hatch run ./configure.py` must be rerun followed by `tofu apply` in the open-tofu directory.

clean.sh

@@ -5,11 +5,11 @@ cd $SCRIPT_DIR
 
 FUNCTIONS_DIR="src/aws_lambda_mpic"
 
-rm open-tofu/*.generated.tf
+$(rm open-tofu/*.generated.tf 2> /dev/null) || true
 
-rm layer/*.zip
-rm -r layer/create_layer_virtualenv
+$(rm layer/*.zip 2> /dev/null) || true
+#$(rm -r layer/create_layer_virtualenv 2> /dev/null) || true
 
-rm "${FUNCTIONS_DIR}"/mpic_coordinator_lambda/mpic_coordinator_lambda.zip
-rm "${FUNCTIONS_DIR}"/mpic_caa_checker_lambda/mpic_caa_checker_lambda.zip
-rm "${FUNCTIONS_DIR}"/mpic_dcv_checker_lambda/mpic_dcv_checker_lambda.zip
+$(rm "${FUNCTIONS_DIR}"/mpic_coordinator_lambda/mpic_coordinator_lambda.zip 2> /dev/null) || true
+$(rm "${FUNCTIONS_DIR}"/mpic_caa_checker_lambda/mpic_caa_checker_lambda.zip 2> /dev/null) || true
+$(rm "${FUNCTIONS_DIR}"/mpic_dcv_checker_lambda/mpic_dcv_checker_lambda.zip 2> /dev/null) || true

open-tofu/variables.tf

@@ -1,5 +1,5 @@
 variable "dnssec_enabled" {
   type        = bool
   description = "Enable DNSSEC"
-  default     = false
+  default     = true
 }

pyproject.toml

@@ -33,7 +33,7 @@ dependencies = [
     "pydantic==2.8.2",
     "aiohttp==3.11.11",
     "aws-lambda-powertools[parser]==3.2.0",
-    "open-mpic-core==5.0.0",
+    "open-mpic-core==5.1.0",
     "aioboto3~=13.3.0",
     "black==24.8.0",
 ]
@@ -91,18 +91,25 @@ layer-install = "pip install . --platform manylinux2014_aarch64 --only-binary=:a
 layer-package = "sh ./package-layer.sh"
 configure-tf = "python configure.py"
 zip-lambdas = "sh ./zip-all.sh"
-apply-tf = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=false\" -auto-approve)"
+apply-tf-dnssec = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=true\"  -auto-approve)"
+apply-tf-no-dnssec = "(cd open-tofu && tofu apply -var=\"dnssec_enabled=false\" -auto-approve)"
+destroy-tf = "(cd open-tofu && tofu destroy -auto-approve)"
 prepare = [
     "layer-install",
     "layer-package",
     "configure-tf",
     "zip-lambdas"
 ]
 clean = "sh ./clean.sh"
-deploy = [
+deploy-dnssec = [
     "clean",
     "prepare",
-    "apply-tf"
+    "apply-tf-dnssec"
+]
+deploy-no-dnssec = [
+    "clean",
+    "prepare",
+    "apply-tf-no-dnssec"
 ]
 
 

tests/integration/test_deployed_mpic_api.py

@@ -291,7 +291,7 @@ def api_should_return_200_given_valid_website_change_validation(
     @pytest.mark.parametrize('domain_or_ip_target, dns_record_type, challenge_value, purpose_of_test', [
         ('dns-change-txt.integration-testing.open-mpic.org', DnsRecordType.TXT, "1234567890abcdefg.", 'standard TXT dns change'),
         ('dns-change-cname.integration-testing.open-mpic.org', DnsRecordType.CNAME, "1234567890abcdefg.", 'standard CNAME dns change'),
-        ('dns-change-caa.integration-testing.open-mpic.org', DnsRecordType.CAA, '0 dnschange "1234567890abcdefg."', 'standard CAA dns change'),
+        ('dns-change-caa.integration-testing.open-mpic.org', DnsRecordType.CAA, '1234567890abcdefg.', 'standard CAA dns change'),
     ])
     # fmt: on
     def api_should_return_200_is_valid_true_given_valid_dns_change_validation(