From 73f2a0d2c5df461567da84c1cd4624381056429d Mon Sep 17 00:00:00 2001
From: Tobias McNulty <tobias.mcnulty@gmail.com>
Date: Tue, 26 Sep 2017 21:40:07 -0400
Subject: [PATCH] pass AWS::NoValue to SubjectAlternativeNames if no alternate
 domains were provided to the stack

---
 stack/assets.py       | 13 +++----------
 stack/certificates.py |  6 +++---
 stack/domain.py       |  9 ++++++++-
 3 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/stack/assets.py b/stack/assets.py
index 55096c8..25f119b 100644
--- a/stack/assets.py
+++ b/stack/assets.py
@@ -1,6 +1,6 @@
 import os
 
-from troposphere import Equals, GetAtt, If, Join, Output, Ref, Split, iam
+from troposphere import GetAtt, If, Join, Output, Ref, Split, iam
 from troposphere.cloudfront import (
     DefaultCacheBehavior,
     Distribution,
@@ -19,16 +19,9 @@
 )
 
 from .common import arn_prefix
-from .domain import domain_name, domain_name_alternates
+from .domain import domain_name, domain_name_alternates, no_alt_domains
 from .template import template
 
-no_alt_domains_condition = "NoAlternateDomains"
-template.add_condition(
-    no_alt_domains_condition,
-    # Equals() only supports strings, so convert domain_name_alternates to one first
-    Equals(Join("", domain_name_alternates), ""),
-)
-
 common_bucket_conf = dict(
     VersioningConfiguration=VersioningConfiguration(
         Status="Enabled"
@@ -39,7 +32,7 @@
             AllowedOrigins=Split(";", Join("", [
                 "https://", domain_name,
                 If(
-                    no_alt_domains_condition,
+                    no_alt_domains,
                     # if we don't have any alternate domains, return an empty string
                     "",
                     # otherwise, return the ';https://' that will be needed by the first domain
diff --git a/stack/certificates.py b/stack/certificates.py
index 387c97b..78414da 100644
--- a/stack/certificates.py
+++ b/stack/certificates.py
@@ -1,14 +1,14 @@
-from troposphere import Ref
+from troposphere import If, Ref
 from troposphere.certificatemanager import Certificate, DomainValidationOption
 
-from .domain import domain_name, domain_name_alternates
+from .domain import domain_name, domain_name_alternates, no_alt_domains
 from .template import template
 
 application = Ref(template.add_resource(
     Certificate(
         'Certificate',
         DomainName=domain_name,
-        SubjectAlternativeNames=domain_name_alternates,
+        SubjectAlternativeNames=If(no_alt_domains, Ref("AWS::NoValue"), domain_name_alternates),
         DomainValidationOptions=[
             DomainValidationOption(
                 DomainName=domain_name,
diff --git a/stack/domain.py b/stack/domain.py
index 916a122..32d39f6 100644
--- a/stack/domain.py
+++ b/stack/domain.py
@@ -1,4 +1,4 @@
-from troposphere import Parameter, Ref
+from troposphere import Equals, Join, Parameter, Ref
 
 from .template import template
 
@@ -14,3 +14,10 @@
                 "the Subject Alternative Name extension of the SSL certificate.",
     Type="CommaDelimitedList",
 )))
+
+no_alt_domains = "NoAlternateDomains"
+template.add_condition(
+    no_alt_domains,
+    # Equals() only supports strings, so convert domain_name_alternates to one first
+    Equals(Join("", domain_name_alternates), ""),
+)