looks like it was trying to validate the wrong hostname

guardian · Mar 15, 2024 · a15e3a9 · a15e3a9
1 parent 8153ade
commit a15e3a9
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 16 deletions.
diff --git a/cdk/lib/__snapshots__/concierge-graphql.test.ts.snap b/cdk/lib/__snapshots__/concierge-graphql.test.ts.snap
@@ -141,10 +141,10 @@ exports[`The ConciergeGraphql stack matches the snapshot 1`] = `
     "CertificateConciergegraphqlC301CD47": {
       "DeletionPolicy": "Retain",
       "Properties": {
-        "DomainName": "concierge-graphql-preview.content.code.dev-guardianapis.com",
+        "DomainName": "graphql-preview.internal.content.code.dev-guardianapis.com",
         "DomainValidationOptions": [
           {
-            "DomainName": "concierge-graphql-preview.content.code.dev-guardianapis.com",
+            "DomainName": "graphql-preview.internal.content.code.dev-guardianapis.com",
             "HostedZoneId": {
               "Ref": "SsmParameterValueaccountservicescapigutoolsTESThostedzoneidC96584B6F00A464EAD1953AFF4B05118Parameter",
             },
@@ -258,12 +258,7 @@ exports[`The ConciergeGraphql stack matches the snapshot 1`] = `
         },
         "PayloadFormatVersion": "1.0",
         "TlsConfig": {
-          "ServerNameToVerify": {
-            "Fn::GetAtt": [
-              "LoadBalancerConciergegraphql238A0C8B",
-              "DNSName",
-            ],
-          },
+          "ServerNameToVerify": "graphql-preview.internal.content.code.dev-guardianapis.com",
         },
       },
       "Type": "AWS::ApiGatewayV2::Integration",

diff --git a/cdk/lib/concierge-graphql.ts b/cdk/lib/concierge-graphql.ts
@@ -41,6 +41,7 @@ export class ConciergeGraphql extends GuStack {
 
     const hostedZoneId = aws_ssm.StringParameter.valueForStringParameter(this, `/account/services/capi.gutools/${this.stage}/hostedzoneid`);
 
+    const lbDomainName = getHostName(this, ".internal");
     const {loadBalancer, listener} = new GuPlayApp(this, {
       access: {
         //You should put a gateway in front of this
@@ -50,7 +51,7 @@ export class ConciergeGraphql extends GuStack {
       app: "concierge-graphql",
       certificateProps: {
         hostedZoneId,
-        domainName: getHostName(this),
+        domainName: lbDomainName,
       },
       instanceType: InstanceType.of(InstanceClass.T4G, InstanceSize.LARGE),
       monitoringConfiguration: {
@@ -85,6 +86,7 @@ export class ConciergeGraphql extends GuStack {
     new HttpGateway(this, "GW", {
       stage: props.stage as "CODE"|"PROD",
       backendLoadbalancer: loadBalancer,
+      lbDomainName,
       previewMode,
       backendListener: listener,
       backendLbIncomingSg: linkageSG,

diff --git a/cdk/lib/gateway.ts b/cdk/lib/gateway.ts
@@ -14,6 +14,7 @@ interface HttpGatewayProps {
     backendLoadbalancer: IApplicationLoadBalancer;
     backendListener: IApplicationListener;
     backendLbIncomingSg: ISecurityGroup;
+    lbDomainName: string;
     subnets: SubnetSelection;
     vpc: IVpc;
 }
@@ -47,7 +48,7 @@ export class HttpGateway extends Construct {
             description: `Gateway for the ${props.stage} concierge-graphql${maybePreview} instance`,
             defaultIntegration: new HttpAlbIntegration('DefaultIntegration', props.backendListener, {
                 vpcLink,
-                secureServerName: props.backendLoadbalancer.loadBalancerDnsName,
+                secureServerName: props.lbDomainName,
             }),
             createDefaultStage: true,
         });

diff --git a/cdk/lib/hostname.ts b/cdk/lib/hostname.ts
@@ -1,20 +1,20 @@
 import {GuStack} from "@guardian/cdk/lib/constructs/core";
 
-export function getHostName(scope:GuStack):string {
+export function getHostName(scope:GuStack, insert?:string):string {
     if(scope.stage.startsWith("CODE")) {
         if(scope.stack.endsWith("preview")) {
-            return "concierge-graphql-preview.content.code.dev-guardianapis.com";
+            return `graphql-preview${insert ?? ""}.content.code.dev-guardianapis.com`;
         } else {
-            return "concierge-graphql.content.code.dev-guardianapis.com";
+            return `graphql${insert ?? ""}.content.code.dev-guardianapis.com`;
         }
     } else if(scope.stage.startsWith("PROD")) {
         if (scope.stack.endsWith("preview")) {
-            return "concierge-graphql-preview.content.guardianapis.com";
+            return `graphql-preview${insert ?? ""}.content.guardianapis.com`;
         } else {
-            return "concierge-graphql.content.guardianapis.com";
+            return `graphql${insert ?? ""}.content.guardianapis.com`;
         }
     } else if(scope.stage=="TEST") {    //CI testing
-        return "concierge-graphql-preview.content.code.dev-guardianapis.com";
+        return `graphql-preview${insert ?? ""}.content.code.dev-guardianapis.com`;
     } else {
         throw "stage must be either CODE or PROD";
     }