From 52757f698b5a034b1efdb2f05248691c07d3cc5b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 10:21:49 +0000
Subject: [PATCH 1/6] chore: Adding a script that spits out an email template
 for certs pending validation

---
 scripts/certs.sh | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100755 scripts/certs.sh

diff --git a/scripts/certs.sh b/scripts/certs.sh
new file mode 100755
index 000000000000..c9e40effbd80
--- /dev/null
+++ b/scripts/certs.sh
@@ -0,0 +1,23 @@
+echo "Generates a markdown file with the CNAME values for the certificates that are pending validation"
+touch email.md
+printf "# Beiðni um staðfestingu á skirteini fyrir lén\n\n" >email.md
+
+printf "Við fengum beiðni um áframsendingu á slóð inn á undirssíðu hjá island.is. Við þurfum því að gefa út skilríki fyrir slóðina.\n\n\n" >>email.md
+printf "Bæta þarf CNAME færslum við til hægt sé að sannreyna að þau séu í nafni eiganda lénsins.\n\n\n" >>email.md
+printf "Hér koma lénin og gildin á CNAME færslunum:\n" >>email.md
+
+arns=$(aws acm list-certificates --certificate-statuses PENDING_VALIDATION --includes keyTypes=RSA_1024,RSA_2048,RSA_3072,RSA_4096,EC_prime256v1,EC_secp384r1,EC_secp521r1 | jq -r '.CertificateSummaryList[] | .CertificateArn')
+
+for arn in $arns; do
+  cert=$(aws acm describe-certificate --certificate-arn $arn | jq '.Certificate.DomainValidationOptions')
+  domains=$(echo $cert | jq -r '.[] | .DomainName')
+  INDEX=0
+  for i in $domains; do
+    printf "* Domain Name: $i\n" >>email.md
+    printf "\t* CNAME_VALUE: $(echo $cert | jq -r '.['$INDEX'] | .ResourceRecord | .Name')\n" >>email.md
+    printf "\t* CNAME_NAME: $(echo $cert | jq -r '.['$INDEX'] | .ResourceRecord | .Value')\n\n" >>email.md
+    let INDEX=${INDEX}+1
+  done
+done
+
+printf "Með kveðju\n\nApró ehf." >>email.md

From 09737fccbd1c042a8134fb55abcfc5d4a585553f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 10:26:45 +0000
Subject: [PATCH 2/6] fix: Adding shebang

Update scripts/certs.sh

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Update scripts/certs.sh

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Update scripts/certs.sh

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

Update scripts/certs.sh

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

fix: Reccomended fixes

fix: Reccomended fixes

fix: Reccomended fixes
---
 scripts/certs.sh | 90 ++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 76 insertions(+), 14 deletions(-)

diff --git a/scripts/certs.sh b/scripts/certs.sh
index c9e40effbd80..873481d1e2c1 100755
--- a/scripts/certs.sh
+++ b/scripts/certs.sh
@@ -1,22 +1,84 @@
+#!/bin/bash
+set -euo pipefail
+
+# Configuration
+OUTPUT_FILE="${1:-email.md}"
+
 echo "Generates a markdown file with the CNAME values for the certificates that are pending validation"
-touch email.md
-printf "# Beiðni um staðfestingu á skirteini fyrir lén\n\n" >email.md
 
-printf "Við fengum beiðni um áframsendingu á slóð inn á undirssíðu hjá island.is. Við þurfum því að gefa út skilríki fyrir slóðina.\n\n\n" >>email.md
-printf "Bæta þarf CNAME færslum við til hægt sé að sannreyna að þau séu í nafni eiganda lénsins.\n\n\n" >>email.md
-printf "Hér koma lénin og gildin á CNAME færslunum:\n" >>email.md
+# Ensure clean start
+if [ -f "$OUTPUT_FILE" ]; then
+  rm "$OUTPUT_FILE"
+fi
+touch "$OUTPUT_FILE" || {
+  echo "Error: Cannot create $OUTPUT_FILE"
+  exit 1
+}
+
+{
+  printf "# Beiðni um staðfestingu á skirteini fyrir lén\n\n"
+  printf "Við fengum beiðni um áframsendingu á slóð inn á undirssíðu hjá island.is. Við þurfum því að gefa út skilríki fyrir slóðina.\n\n\n"
+  printf "Bæta þarf CNAME færslum við til hægt sé að sannreyna að þau séu í nafni eiganda lénsins.\n\n\n"
+  printf "Hér koma lénin og gildin á CNAME færslunum:\n"
+} >"$OUTPUT_FILE"
+
+# Check AWS CLI availability
+command -v aws >/dev/null 2>&1 || {
+  echo "Error: AWS CLI is required but not installed"
+  exit 1
+}
 
-arns=$(aws acm list-certificates --certificate-statuses PENDING_VALIDATION --includes keyTypes=RSA_1024,RSA_2048,RSA_3072,RSA_4096,EC_prime256v1,EC_secp384r1,EC_secp521r1 | jq -r '.CertificateSummaryList[] | .CertificateArn')
+# Check AWS credentials
+aws sts get-caller-identity >/dev/null 2>&1 || {
+  echo "Error: AWS credentials not configured"
+  exit 1
+}
 
+# Fetch certificates pending validation
+echo "Fetching certificates pending validation..."
+arns=$(aws acm list-certificates \
+  --certificate-statuses PENDING_VALIDATION \
+  --includes keyTypes=RSA_1024,RSA_2048,RSA_3072,RSA_4096,EC_prime256v1,EC_secp384r1,EC_secp521r1 \
+  2>/dev/null |
+  jq -r '.CertificateSummaryList[] | .CertificateArn') ||
+  {
+    echo "Error: Failed to fetch certificates"
+    exit 1
+  }
+
+# Validate we got some certificates
+if [ -z "$arns" ]; then
+  echo "No certificates found pending validation"
+  exit 0
+fi
 for arn in $arns; do
-  cert=$(aws acm describe-certificate --certificate-arn $arn | jq '.Certificate.DomainValidationOptions')
-  domains=$(echo $cert | jq -r '.[] | .DomainName')
-  INDEX=0
-  for i in $domains; do
-    printf "* Domain Name: $i\n" >>email.md
-    printf "\t* CNAME_VALUE: $(echo $cert | jq -r '.['$INDEX'] | .ResourceRecord | .Name')\n" >>email.md
-    printf "\t* CNAME_NAME: $(echo $cert | jq -r '.['$INDEX'] | .ResourceRecord | .Value')\n\n" >>email.md
-    let INDEX=${INDEX}+1
+  # Fetch certificate details
+  cert=$(aws acm describe-certificate --certificate-arn "$arn" 2>/dev/null) ||
+    {
+      echo "Error: Failed to fetch certificate details for $arn"
+      continue
+    }
+
+  # Extract validation options
+  validation_options=$(echo "$cert" | jq -r '.Certificate.DomainValidationOptions')
+  if [ -z "$validation_options" ] || [ "$validation_options" = "null" ]; then
+    echo "Warning: No validation options found for $arn"
+    continue
+  fi
+
+  # Process each domain
+  echo "$validation_options" | jq -r '
+    to_entries | .[] | @sh "DOMAIN=\(.value.DomainName) NAME=\(.value.ResourceRecord.Name) VALUE=\(.value.ResourceRecord.Value)"
+  ' | while read -r line; do
+    eval "$line"
+    {
+      printf "* Domain Name: %s\n" "$DOMAIN"
+      printf "\t* CNAME_VALUE: %s\n" "$NAME"
+      printf "\t* CNAME_NAME: %s\n\n" "$VALUE"
+    } >>"$OUTPUT_FILE" || {
+      echo "Error: Failed to write domain details"
+      exit 1
+    }
   done
 done
 

From 199de81adf008d10b7c58138aee229630652646a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 11:08:18 +0000
Subject: [PATCH 3/6] Update scripts/certs.sh

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---
 scripts/certs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/certs.sh b/scripts/certs.sh
index 873481d1e2c1..7284463de6b3 100755
--- a/scripts/certs.sh
+++ b/scripts/certs.sh
@@ -82,4 +82,4 @@ for arn in $arns; do
   done
 done
 
-printf "Með kveðju\n\nApró ehf." >>email.md
+printf "Með kveðju\n\nApró ehf." >>"$OUTPUT_FILE"

From 3837645320de00e965bba6f13b3cd66b9a310664 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 11:21:34 +0000
Subject: [PATCH 4/6] fix: moving to infra

---
 {scripts => infra/scripts}/certs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename {scripts => infra/scripts}/certs.sh (98%)

diff --git a/scripts/certs.sh b/infra/scripts/certs.sh
similarity index 98%
rename from scripts/certs.sh
rename to infra/scripts/certs.sh
index 7284463de6b3..0ded89cd47c9 100755
--- a/scripts/certs.sh
+++ b/infra/scripts/certs.sh
@@ -37,7 +37,7 @@ aws sts get-caller-identity >/dev/null 2>&1 || {
 # Fetch certificates pending validation
 echo "Fetching certificates pending validation..."
 arns=$(aws acm list-certificates \
-  --certificate-statuses PENDING_VALIDATION \
+  --certificate-statuses FAILED \
   --includes keyTypes=RSA_1024,RSA_2048,RSA_3072,RSA_4096,EC_prime256v1,EC_secp384r1,EC_secp521r1 \
   2>/dev/null |
   jq -r '.CertificateSummaryList[] | .CertificateArn') ||

From 85c4800dda457bb4d100241325d6177dc07ddd16 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 11:23:51 +0000
Subject: [PATCH 5/6] fix: C&P error

---
 infra/scripts/certs.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/infra/scripts/certs.sh b/infra/scripts/certs.sh
index 0ded89cd47c9..7284463de6b3 100755
--- a/infra/scripts/certs.sh
+++ b/infra/scripts/certs.sh
@@ -37,7 +37,7 @@ aws sts get-caller-identity >/dev/null 2>&1 || {
 # Fetch certificates pending validation
 echo "Fetching certificates pending validation..."
 arns=$(aws acm list-certificates \
-  --certificate-statuses FAILED \
+  --certificate-statuses PENDING_VALIDATION \
   --includes keyTypes=RSA_1024,RSA_2048,RSA_3072,RSA_4096,EC_prime256v1,EC_secp384r1,EC_secp521r1 \
   2>/dev/null |
   jq -r '.CertificateSummaryList[] | .CertificateArn') ||

From 0e20152fcee6bb4094984bee3a2867e7075e860f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=B3berta=20Andersen?= <roberta@andes.is>
Date: Fri, 13 Dec 2024 11:25:16 +0000
Subject: [PATCH 6/6] fix:remove signoff

---
 infra/scripts/certs.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/infra/scripts/certs.sh b/infra/scripts/certs.sh
index 7284463de6b3..2745ea6bdca8 100755
--- a/infra/scripts/certs.sh
+++ b/infra/scripts/certs.sh
@@ -81,5 +81,3 @@ for arn in $arns; do
     }
   done
 done
-
-printf "Með kveðju\n\nApró ehf." >>"$OUTPUT_FILE"