From cb55d5eb742d60cd684892776f7a61c957276afc Mon Sep 17 00:00:00 2001 From: Elad Ben-Israel Date: Mon, 17 Jun 2019 23:36:39 +0300 Subject: [PATCH] refactor: clean up API for removal policy across the library BREAKING CHANGE: multiple modules have been changed to use `cdk.RemovalPolicy` to configure the resource's removal policy. * **core:** `applyRemovalPolicy` is now `CfnResource.applyRemovalPolicy`. * **core:** `RemovalPolicy.Orphan` has been renamed to `Retain`. * **core:** `RemovalPolicy.Forbid` has been removed, use `Retain`. * **ecr:** `RepositoryProps.retain` is now `removalPolicy`, and defaults to `Retain` instead of remove since ECR is a stateful resource * **kms:** `KeyProps.retain` is now `removalPolicy` * **logs:** `LogGroupProps.retainLogGroup` is now `removalPolicy` * **logs:** `LogStreamProps.retainLogStream` is now `removalPolicy` * **rds:** `DatabaseClusterProps.deleteReplacePolicy` is now `removalPolicy` * **rds:** `DatabaseInstanceNewProps.deleteReplacePolicy` is now `removalPolicy` --- .../test/integ.cicd.expected.json | 3 +- ...eg.cloudfront-bucket-logging.expected.json | 1 + ...teg.cloudfront-ipv6-disabled.expected.json | 1 + ...loudfront-lambda-association.expected.json | 1 + .../test/integ.cloudfront-s3.expected.json | 1 + .../test/integ.cloudfront.expected.json | 1 + .../test/integ.cloudtrail.lit.expected.json | 5 ++- .../test/integ.caching.expected.json | 1 + .../test/integ.ecr.lit.expected.json | 1 + .../test/integ.project-bucket.expected.json | 1 + ...-secondary-sources-artifacts.expected.json | 1 + .../test/integ.lambda-pipeline.expected.json | 1 + .../integ.pipeline-alexa-deploy.expected.json | 1 + ...eg.pipeline-cfn-cross-region.expected.json | 1 + ...ipeline-cfn-wtih-action-role.expected.json | 1 + .../test/integ.pipeline-cfn.expected.json | 1 + ...uild-multiple-inputs-outputs.expected.json | 1 + .../integ.pipeline-code-deploy.expected.json | 1 + .../integ.pipeline-ecr-source.expected.json | 4 +- .../integ.pipeline-ecs-deploy.expected.json | 4 +- .../integ.pipeline-s3-deploy.expected.json | 1 + .../@aws-cdk/aws-codepipeline/lib/pipeline.ts | 2 +- packages/@aws-cdk/aws-ecr/lib/repository.ts | 15 +++----- .../aws-ecr/test/integ.basic.expected.json | 1 + .../@aws-cdk/aws-ecr/test/test.repository.ts | 26 +++++++++++-- packages/@aws-cdk/aws-kms/lib/key.ts | 11 +++--- .../aws-kms/test/integ.key-sharing.lit.ts | 3 +- packages/@aws-cdk/aws-kms/test/integ.key.ts | 4 +- packages/@aws-cdk/aws-kms/test/test.key.ts | 4 +- .../test/integ.s3.expected.json | 1 + packages/@aws-cdk/aws-logs/lib/log-group.ts | 12 +++--- packages/@aws-cdk/aws-logs/lib/log-stream.ts | 17 ++++----- .../test/integ.metricfilter.lit.expected.json | 1 + .../aws-logs/test/integ.metricfilter.lit.ts | 4 +- .../@aws-cdk/aws-logs/test/test.loggroup.ts | 9 +++-- packages/@aws-cdk/aws-rds/lib/cluster.ts | 19 +++++----- packages/@aws-cdk/aws-rds/lib/instance.ts | 24 ++++++------ ...nteg.cloudfront-alias-target.expected.json | 3 +- .../integ.bucket-deployment.expected.json | 3 +- .../test/integ.notifications.expected.json | 2 + .../integ.bucket-notifications.expected.json | 2 + ...teg.sns-bucket-notifications.expected.json | 1 + .../integ.bucket-notifications.expected.json | 2 + packages/@aws-cdk/aws-s3/lib/bucket.ts | 4 +- .../integ.bucket-sharing.lit.expected.json | 1 + .../integ.bucket.domain-name.expected.json | 1 + .../aws-s3/test/integ.bucket.expected.json | 2 + .../test/integ.bucket.url.lit.expected.json | 3 +- .../aws-s3/test/integ.lifecycle.expected.json | 1 + packages/@aws-cdk/aws-s3/test/test.bucket.ts | 5 ++- packages/@aws-cdk/cdk/lib/cfn-resource.ts | 28 ++++++++++++++ packages/@aws-cdk/cdk/lib/removal-policy.ts | 37 ++++++++----------- packages/@aws-cdk/cdk/test/test.resource.ts | 26 ++++++++----- 53 files changed, 197 insertions(+), 110 deletions(-) diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json index e5ef742e49f34..8d3452ccb316c 100644 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json +++ b/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json @@ -1,6 +1,7 @@ { "Resources": { "ArtifactBucket7410C9EF": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "CodePipelineRoleB3A660B4": { @@ -281,4 +282,4 @@ } } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json index aa89c33d039c6..0ecdcc63eb1ab 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-bucket-logging.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "AnAmazingWebsiteProbablyCFDistribution47E3983B": { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-ipv6-disabled.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-ipv6-disabled.expected.json index 2ac63ff9337c8..0a2324cd51747 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-ipv6-disabled.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-ipv6-disabled.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyDistributionCFDistributionDE147309": { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json index 8c91845416ef1..9a5787c650747 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "LambdaServiceRoleA8ED4D3B": { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-s3.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-s3.expected.json index 042b831d8cc76..1893492fbfeca 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-s3.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-s3.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "BucketPolicyE9A3008A": { diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront.expected.json index afaf9f12a2178..24de06e3d5e25 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyDistributionCFDistributionDE147309": { diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json index 4e753f510e057..cfde3aca8cf7f 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail.lit.expected.json @@ -1,7 +1,8 @@ { "Resources": { "Bucket83908E77": { - "Type": "AWS::S3::Bucket" + "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete" }, "TrailS30071F172": { "Type": "AWS::S3::Bucket", @@ -124,4 +125,4 @@ ] } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json index 57686badca7fe..95ab4cb3c2a5d 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json @@ -1,6 +1,7 @@ { "Resources": { "CacheBucket41D9D0B0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyProjectRole9BBE5233": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json index 6e1d7e8eb23cc..5bac318649a12 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyRepoF4F48043": { + "DeletionPolicy": "Retain", "Type": "AWS::ECR::Repository", "Properties": { "RepositoryPolicyText": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json index 16e306296839d..515a318115853 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyProjectRole9BBE5233": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json index 901e4a91c0046..0f8366ee1ce80 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyProjectRole9BBE5233": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index 8503cc4ad4a51..58afdf9cc9518 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -378,6 +378,7 @@ }, "PipelineBucketB967BD35": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json index 366dd7e4cd44d..2b65b738ce939 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json @@ -68,6 +68,7 @@ }, "PipelineBucketB967BD35": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json index 27580b9b03a0b..7d1c7317d9df9 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json @@ -2,6 +2,7 @@ "Resources": { "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-wtih-action-role.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-wtih-action-role.expected.json index 0f7db21bdaf76..58d74f95354c6 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-wtih-action-role.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-wtih-action-role.expected.json @@ -2,6 +2,7 @@ "Resources": { "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json index 21978f4abc275..1817ed56039c6 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json @@ -373,6 +373,7 @@ }, "PipelineBucketB967BD35": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index e5da37a432750..90f288eb9f8f9 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -74,6 +74,7 @@ }, "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json index 0a3e241126f71..2c1373e13b14d 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json @@ -87,6 +87,7 @@ }, "CodeDeployPipelineIntegTest9F618D61": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json index 130f3c920aebb..72935b3ad5341 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyPipelineRoleC0D47CA4": { @@ -226,7 +227,8 @@ } }, "MyEcrRepo767466D0": { - "Type": "AWS::ECR::Repository" + "Type": "AWS::ECR::Repository", + "DeletionPolicy": "Retain" }, "MyEcrRepoawscdkcodepipelineecrsourceMyPipeline63CF3194SourceEventRule911FDB6D": { "Type": "AWS::Events::Rule", diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json index 0001b338b25da..903e8398d86e2 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json @@ -194,7 +194,8 @@ "Type": "AWS::ECS::Cluster" }, "EcrRepoBB83A592": { - "Type": "AWS::ECR::Repository" + "Type": "AWS::ECR::Repository", + "DeletionPolicy": "Retain" }, "TaskDefTaskRole1EDB4A67": { "Type": "AWS::IAM::Role", @@ -310,6 +311,7 @@ }, "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "VersioningConfiguration": { "Status": "Enabled" diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json index 0701c8b8925dc..ebf160e8cfca6 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json @@ -67,6 +67,7 @@ } }, "PipelineBucketB967BD35": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket", "Properties": { "VersioningConfiguration": { diff --git a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts index 580d3f633243a..ad49d43c55365 100644 --- a/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts +++ b/packages/@aws-cdk/aws-codepipeline/lib/pipeline.ts @@ -231,7 +231,7 @@ export class Pipeline extends PipelineBase { bucketName: PhysicalName.auto({ crossEnvironment: true }), encryptionKey, encryption: s3.BucketEncryption.Kms, - removalPolicy: RemovalPolicy.Orphan + removalPolicy: RemovalPolicy.Retain }); } this.artifactBucket = propsBucket; diff --git a/packages/@aws-cdk/aws-ecr/lib/repository.ts b/packages/@aws-cdk/aws-ecr/lib/repository.ts index d8227d75edced..b3015e097fbec 100644 --- a/packages/@aws-cdk/aws-ecr/lib/repository.ts +++ b/packages/@aws-cdk/aws-ecr/lib/repository.ts @@ -1,6 +1,6 @@ import events = require('@aws-cdk/aws-events'); import iam = require('@aws-cdk/aws-iam'); -import { Construct, DeletionPolicy, IConstruct, IResource, Lazy, Resource, Stack, Token } from '@aws-cdk/cdk'; +import { Construct, IConstruct, IResource, Lazy, RemovalPolicy, Resource, Stack, Token } from '@aws-cdk/cdk'; import { CfnRepository } from './ecr.generated'; import { CountType, LifecycleRule, TagStatus } from './lifecycle'; @@ -248,14 +248,11 @@ export interface RepositoryProps { readonly lifecycleRegistryId?: string; /** - * Retain the repository on stack deletion + * Determine what happens to the repository when the resource/stack is deleted. * - * If you don't set this to true, the registry must be empty, otherwise - * your stack deletion will fail. - * - * @default false + * @default RemovalPolicy.Retain */ - readonly retain?: boolean; + readonly removalPolicy?: RemovalPolicy; } export interface RepositoryAttributes { @@ -347,9 +344,7 @@ export class Repository extends RepositoryBase { lifecyclePolicy: Lazy.anyValue({ produce: () => this.renderLifecyclePolicy() }), }); - if (props.retain) { - resource.options.deletionPolicy = DeletionPolicy.Retain; - } + resource.applyRemovalPolicy(props.removalPolicy); this.registryId = props.lifecycleRegistryId; if (props.lifecycleRules) { diff --git a/packages/@aws-cdk/aws-ecr/test/integ.basic.expected.json b/packages/@aws-cdk/aws-ecr/test/integ.basic.expected.json index 5282d802cbfda..55fa17cc6b50d 100644 --- a/packages/@aws-cdk/aws-ecr/test/integ.basic.expected.json +++ b/packages/@aws-cdk/aws-ecr/test/integ.basic.expected.json @@ -2,6 +2,7 @@ "Resources": { "Repo02AC86CF": { "Type": "AWS::ECR::Repository", + "DeletionPolicy": "Retain", "Properties": { "LifecyclePolicy": { "LifecyclePolicyText": "{\"rules\":[{\"rulePriority\":1,\"selection\":{\"tagStatus\":\"any\",\"countType\":\"imageCountMoreThan\",\"countNumber\":5},\"action\":{\"type\":\"expire\"}}]}" diff --git a/packages/@aws-cdk/aws-ecr/test/test.repository.ts b/packages/@aws-cdk/aws-ecr/test/test.repository.ts index dfc92cc8b2d31..169b31a3aa4b7 100644 --- a/packages/@aws-cdk/aws-ecr/test/test.repository.ts +++ b/packages/@aws-cdk/aws-ecr/test/test.repository.ts @@ -1,6 +1,7 @@ import { expect, haveResource, haveResourceLike, ResourcePart } from '@aws-cdk/assert'; import iam = require('@aws-cdk/aws-iam'); import cdk = require('@aws-cdk/cdk'); +import { RemovalPolicy } from '@aws-cdk/cdk'; import { Test } from 'nodeunit'; import ecr = require('../lib'); @@ -18,7 +19,8 @@ export = { expect(stack).toMatch({ Resources: { Repo02AC86CF: { - Type: "AWS::ECR::Repository" + Type: "AWS::ECR::Repository", + DeletionPolicy: "Retain" } } }); @@ -320,12 +322,12 @@ export = { } }, - '"retain" can be used to retain the repo when the resource is deleted'(test: Test) { + 'removal policy is "Retain" by default'(test: Test) { // GIVEN const stack = new cdk.Stack(); // WHEN - new ecr.Repository(stack, 'Repo', { retain: true }); + new ecr.Repository(stack, 'Repo'); // THEN expect(stack).to(haveResource('AWS::ECR::Repository', { @@ -333,5 +335,23 @@ export = { "DeletionPolicy": "Retain" }, ResourcePart.CompleteDefinition)); test.done(); + }, + + '"Delete" removal policy can be set explicitly'(test: Test) { + // GIVEN + const stack = new cdk.Stack(); + + // WHEN + new ecr.Repository(stack, 'Repo', { + removalPolicy: RemovalPolicy.Destroy + }); + + // THEN + expect(stack).to(haveResource('AWS::ECR::Repository', { + "Type": "AWS::ECR::Repository", + "DeletionPolicy": "Delete" + }, ResourcePart.CompleteDefinition)); + test.done(); } + }; diff --git a/packages/@aws-cdk/aws-kms/lib/key.ts b/packages/@aws-cdk/aws-kms/lib/key.ts index 8deba0e077386..77ff9776cc0a5 100644 --- a/packages/@aws-cdk/aws-kms/lib/key.ts +++ b/packages/@aws-cdk/aws-kms/lib/key.ts @@ -1,6 +1,6 @@ import iam = require('@aws-cdk/aws-iam'); import { PolicyDocument, PolicyStatement } from '@aws-cdk/aws-iam'; -import { Construct, DeletionPolicy, IResource, Resource, Stack } from '@aws-cdk/cdk'; +import { Construct, IResource, RemovalPolicy, Resource, Stack } from '@aws-cdk/cdk'; import { Alias } from './alias'; import { CfnKey } from './kms.generated'; @@ -177,9 +177,9 @@ export interface KeyProps { * Whether the encryption key should be retained when it is removed from the Stack. This is useful when one wants to * retain access to data that was encrypted with a key that is being retired. * - * @default true + * @default RemovalPolicy.Retain */ - readonly retain?: boolean; + readonly removalPolicy?: RemovalPolicy; } /** @@ -225,9 +225,8 @@ export class Key extends KeyBase { }); this.keyArn = resource.keyArn; - resource.options.deletionPolicy = props.retain === false - ? DeletionPolicy.Delete - : DeletionPolicy.Retain; + + resource.applyRemovalPolicy(props.removalPolicy); } /** diff --git a/packages/@aws-cdk/aws-kms/test/integ.key-sharing.lit.ts b/packages/@aws-cdk/aws-kms/test/integ.key-sharing.lit.ts index 1395bc8a67543..29ab674461b32 100644 --- a/packages/@aws-cdk/aws-kms/test/integ.key-sharing.lit.ts +++ b/packages/@aws-cdk/aws-kms/test/integ.key-sharing.lit.ts @@ -1,5 +1,6 @@ /// !cdk-integ * import cdk = require('@aws-cdk/cdk'); +import { RemovalPolicy } from '@aws-cdk/cdk'; import kms = require('../lib'); const app = new cdk.App(); @@ -14,7 +15,7 @@ class KeyStack extends cdk.Stack { constructor(scope: cdk.App, id: string, props?: cdk.StackProps) { super(scope, id, props); - this.key = new kms.Key(this, 'MyKey', { retain: false }); + this.key = new kms.Key(this, 'MyKey', { removalPolicy: RemovalPolicy.Destroy }); } } diff --git a/packages/@aws-cdk/aws-kms/test/integ.key.ts b/packages/@aws-cdk/aws-kms/test/integ.key.ts index 973207603b52a..275566a8f90f2 100644 --- a/packages/@aws-cdk/aws-kms/test/integ.key.ts +++ b/packages/@aws-cdk/aws-kms/test/integ.key.ts @@ -1,13 +1,13 @@ import { PolicyStatement } from '@aws-cdk/aws-iam'; import iam = require('@aws-cdk/aws-iam'); -import { App, Stack } from '@aws-cdk/cdk'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/cdk'; import { Key } from '../lib'; const app = new App(); const stack = new Stack(app, `aws-cdk-kms-1`); -const key = new Key(stack, 'MyKey', { retain: false }); +const key = new Key(stack, 'MyKey', { removalPolicy: RemovalPolicy.Destroy }); key.addToResourcePolicy(new PolicyStatement({ resources: ['*'], diff --git a/packages/@aws-cdk/aws-kms/test/test.key.ts b/packages/@aws-cdk/aws-kms/test/test.key.ts index 137207670e887..897305a919248 100644 --- a/packages/@aws-cdk/aws-kms/test/test.key.ts +++ b/packages/@aws-cdk/aws-kms/test/test.key.ts @@ -1,6 +1,6 @@ import { exactlyMatchTemplate, expect, haveResource, ResourcePart } from '@aws-cdk/assert'; import { PolicyStatement, User } from '@aws-cdk/aws-iam'; -import { App, Stack, Tag } from '@aws-cdk/cdk'; +import { App, RemovalPolicy, Stack, Tag } from '@aws-cdk/cdk'; import { Test } from 'nodeunit'; import { Key } from '../lib'; @@ -68,7 +68,7 @@ export = { const app = new App(); const stack = new Stack(app, 'TestStack'); - new Key(stack, 'MyKey', { retain: false }); + new Key(stack, 'MyKey', { removalPolicy: RemovalPolicy.Destroy }); expect(stack).to(haveResource('AWS::KMS::Key', { DeletionPolicy: "Delete" }, ResourcePart.CompleteDefinition)); test.done(); diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json index 615e8c3652d8a..ba1999bf6d136 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.s3.expected.json @@ -83,6 +83,7 @@ } }, "B08E7C7AF": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "BNotificationsEB8DA980": { diff --git a/packages/@aws-cdk/aws-logs/lib/log-group.ts b/packages/@aws-cdk/aws-logs/lib/log-group.ts index 6881d573ecc0f..04828a31ba81d 100644 --- a/packages/@aws-cdk/aws-logs/lib/log-group.ts +++ b/packages/@aws-cdk/aws-logs/lib/log-group.ts @@ -1,6 +1,6 @@ import cloudwatch = require('@aws-cdk/aws-cloudwatch'); import iam = require('@aws-cdk/aws-iam'); -import { applyRemovalPolicy, Construct, IResource, RemovalPolicy, Resource, Stack } from '@aws-cdk/cdk'; +import { Construct, IResource, RemovalPolicy, Resource, Stack } from '@aws-cdk/cdk'; import { LogStream } from './log-stream'; import { CfnLogGroup } from './logs.generated'; import { MetricFilter } from './metric-filter'; @@ -289,16 +289,16 @@ export interface LogGroupProps { readonly retentionDays?: RetentionDays; /** - * Retain the log group if the stack or containing construct ceases to exist + * Determine the removal policy of this log group. * * Normally you want to retain the log group so you can diagnose issues * from logs even after a deployment that no longer includes the log group. * In that case, use the normal date-based retention policy to age out your * logs. * - * @default true + * @default RemovalPolicy.Retain */ - readonly retainLogGroup?: boolean; + readonly removalPolicy?: RemovalPolicy; } /** @@ -343,9 +343,7 @@ export class LogGroup extends LogGroupBase { retentionInDays, }); - if (props.retainLogGroup !== false) { - applyRemovalPolicy(resource, RemovalPolicy.Orphan); - } + resource.applyRemovalPolicy(props.removalPolicy); this.logGroupArn = resource.logGroupArn; this.logGroupName = resource.logGroupName; diff --git a/packages/@aws-cdk/aws-logs/lib/log-stream.ts b/packages/@aws-cdk/aws-logs/lib/log-stream.ts index b807dc2bf814b..67d28d1683a17 100644 --- a/packages/@aws-cdk/aws-logs/lib/log-stream.ts +++ b/packages/@aws-cdk/aws-logs/lib/log-stream.ts @@ -1,4 +1,4 @@ -import { Construct, DeletionPolicy, IResource, Resource } from '@aws-cdk/cdk'; +import { Construct, IResource, RemovalPolicy, Resource } from '@aws-cdk/cdk'; import { ILogGroup } from './log-group'; import { CfnLogStream } from './logs.generated'; @@ -29,17 +29,18 @@ export interface LogStreamProps { readonly logStreamName?: string; /** - * Retain the log stream if the stack or containing construct ceases to exist + * Determine what happens when the log stream resource is removed from the + * app. * - * Normally you want to retain the log stream so you can diagnose issues - * from logs even after a deployment that no longer includes the log stream. + * Normally you want to retain the log stream so you can diagnose issues from + * logs even after a deployment that no longer includes the log stream. * * The date-based retention policy of your log group will age out the logs * after a certain time. * - * @default true + * @default RemovalPolicy.Retain */ - readonly retainLogStream?: boolean; + readonly removalPolicy?: RemovalPolicy; } /** @@ -70,9 +71,7 @@ export class LogStream extends Resource implements ILogStream { logStreamName: props.logStreamName }); - if (props.retainLogStream !== false) { - resource.options.deletionPolicy = DeletionPolicy.Retain; - } + resource.applyRemovalPolicy(props.removalPolicy); this.logStreamName = resource.logStreamName; } diff --git a/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.expected.json b/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.expected.json index 1d054c1c41845..50e8fc5c2b174 100644 --- a/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.expected.json +++ b/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.expected.json @@ -2,6 +2,7 @@ "Resources": { "LogGroupF5B46931": { "Type": "AWS::Logs::LogGroup", + "DeletionPolicy": "Delete", "Properties": { "RetentionInDays": 731 } diff --git a/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.ts b/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.ts index 9e585ec0a8b69..130b340a22550 100644 --- a/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.ts +++ b/packages/@aws-cdk/aws-logs/test/integ.metricfilter.lit.ts @@ -1,4 +1,4 @@ -import { App, Stack, StackProps } from '@aws-cdk/cdk'; +import { App, RemovalPolicy, Stack, StackProps } from '@aws-cdk/cdk'; import { FilterPattern, LogGroup, MetricFilter } from '../lib'; class MetricFilterIntegStack extends Stack { @@ -6,7 +6,7 @@ class MetricFilterIntegStack extends Stack { super(scope, id, props); const logGroup = new LogGroup(this, 'LogGroup', { - retainLogGroup: false + removalPolicy: RemovalPolicy.Destroy }); /// !show diff --git a/packages/@aws-cdk/aws-logs/test/test.loggroup.ts b/packages/@aws-cdk/aws-logs/test/test.loggroup.ts index 16d13706284d0..ad6ccc2fb4312 100644 --- a/packages/@aws-cdk/aws-logs/test/test.loggroup.ts +++ b/packages/@aws-cdk/aws-logs/test/test.loggroup.ts @@ -1,6 +1,6 @@ import { expect, haveResource, matchTemplate } from '@aws-cdk/assert'; import iam = require('@aws-cdk/aws-iam'); -import { Stack } from '@aws-cdk/cdk'; +import { RemovalPolicy, Stack } from '@aws-cdk/cdk'; import { Test } from 'nodeunit'; import { LogGroup, RetentionDays } from '../lib'; @@ -66,14 +66,17 @@ export = { // WHEN new LogGroup(stack, 'LogGroup', { retentionDays: Infinity, - retainLogGroup: false + removalPolicy: RemovalPolicy.Destroy }); // THEN expect(stack).to(matchTemplate({ Resources: { - LogGroupF5B46931: { Type: "AWS::Logs::LogGroup" } + LogGroupF5B46931: { + Type: "AWS::Logs::LogGroup", + DeletionPolicy: "Delete" } + } })); test.done(); diff --git a/packages/@aws-cdk/aws-rds/lib/cluster.ts b/packages/@aws-cdk/aws-rds/lib/cluster.ts index 082a14efa92fc..5cb58b07c84a1 100644 --- a/packages/@aws-cdk/aws-rds/lib/cluster.ts +++ b/packages/@aws-cdk/aws-rds/lib/cluster.ts @@ -1,7 +1,7 @@ import ec2 = require('@aws-cdk/aws-ec2'); import kms = require('@aws-cdk/aws-kms'); import secretsmanager = require('@aws-cdk/aws-secretsmanager'); -import { Construct, DeletionPolicy, Resource, Token } from '@aws-cdk/cdk'; +import { Construct, RemovalPolicy, Resource, Token } from '@aws-cdk/cdk'; import { DatabaseClusterAttributes, IDatabaseCluster } from './cluster-ref'; import { DatabaseSecret } from './database-secret'; import { Endpoint } from './endpoint'; @@ -122,12 +122,12 @@ export interface DatabaseClusterProps { readonly parameterGroup?: IParameterGroup; /** - * The CloudFormation policy to apply when the cluster and its instances - * are removed from the stack or replaced during an update. + * The removal policy to apply when the cluster and its instances are removed + * from the stack or replaced during an update. * * @default - Retain cluster. */ - readonly deleteReplacePolicy?: DeletionPolicy + readonly removalPolicy?: RemovalPolicy } /** @@ -321,9 +321,9 @@ export class DatabaseCluster extends DatabaseClusterBase { storageEncrypted: props.kmsKey ? true : props.storageEncrypted }); - const deleteReplacePolicy = props.deleteReplacePolicy || DeletionPolicy.Retain; - cluster.options.deletionPolicy = deleteReplacePolicy; - cluster.options.updateReplacePolicy = deleteReplacePolicy; + cluster.applyRemovalPolicy(props.removalPolicy, { + applyToUpdateReplacePolicy: true + }); this.clusterIdentifier = cluster.refAsString; @@ -368,8 +368,9 @@ export class DatabaseCluster extends DatabaseClusterBase { dbParameterGroupName: props.instanceProps.parameterGroup && props.instanceProps.parameterGroup.parameterGroupName, }); - instance.options.deletionPolicy = deleteReplacePolicy; - instance.options.updateReplacePolicy = deleteReplacePolicy; + instance.applyRemovalPolicy(props.removalPolicy, { + applyToUpdateReplacePolicy: true + }); // We must have a dependency on the NAT gateway provider here to create // things in the right order. diff --git a/packages/@aws-cdk/aws-rds/lib/instance.ts b/packages/@aws-cdk/aws-rds/lib/instance.ts index 687f3503ffe64..7a3a244a2e76b 100644 --- a/packages/@aws-cdk/aws-rds/lib/instance.ts +++ b/packages/@aws-cdk/aws-rds/lib/instance.ts @@ -5,7 +5,7 @@ import kms = require('@aws-cdk/aws-kms'); import lambda = require('@aws-cdk/aws-lambda'); import logs = require('@aws-cdk/aws-logs'); import secretsmanager = require('@aws-cdk/aws-secretsmanager'); -import { Construct, DeletionPolicy, IResource, Resource, SecretValue, Stack, Token } from '@aws-cdk/cdk'; +import { Construct, IResource, RemovalPolicy, Resource, SecretValue, Stack, Token } from '@aws-cdk/cdk'; import { DatabaseSecret } from './database-secret'; import { Endpoint } from './endpoint'; import { IOptionGroup} from './option-group'; @@ -445,9 +445,9 @@ export interface DatabaseInstanceNewProps { * The CloudFormation policy to apply when the instance is removed from the * stack or replaced during an update. * - * @default Retain + * @default RemovalPolicy.Retain */ - readonly deleteReplacePolicy?: DeletionPolicy + readonly removalPolicy?: RemovalPolicy } /** @@ -741,9 +741,9 @@ export class DatabaseInstance extends DatabaseInstanceSource implements IDatabas const portAttribute = Token.asNumber(instance.dbInstanceEndpointPort); this.instanceEndpoint = new Endpoint(instance.dbInstanceEndpointAddress, portAttribute); - const deleteReplacePolicy = props.deleteReplacePolicy || DeletionPolicy.Retain; - instance.options.deletionPolicy = deleteReplacePolicy; - instance.options.updateReplacePolicy = deleteReplacePolicy; + instance.applyRemovalPolicy(props.removalPolicy, { + applyToUpdateReplacePolicy: true + }); if (secret) { this.secret = secret.addTargetAttachment('AttachedSecret', { @@ -835,9 +835,9 @@ export class DatabaseInstanceFromSnapshot extends DatabaseInstanceSource impleme const portAttribute = Token.asNumber(instance.dbInstanceEndpointPort); this.instanceEndpoint = new Endpoint(instance.dbInstanceEndpointAddress, portAttribute); - const deleteReplacePolicy = props.deleteReplacePolicy || DeletionPolicy.Retain; - instance.options.deletionPolicy = deleteReplacePolicy; - instance.options.updateReplacePolicy = deleteReplacePolicy; + instance.applyRemovalPolicy(props.removalPolicy, { + applyToUpdateReplacePolicy: true + }); if (secret) { this.secret = secret.addTargetAttachment('AttachedSecret', { @@ -912,9 +912,9 @@ export class DatabaseInstanceReadReplica extends DatabaseInstanceNew implements const portAttribute = Token.asNumber(instance.dbInstanceEndpointPort); this.instanceEndpoint = new Endpoint(instance.dbInstanceEndpointAddress, portAttribute); - const deleteReplacePolicy = props.deleteReplacePolicy || DeletionPolicy.Retain; - instance.options.deletionPolicy = deleteReplacePolicy; - instance.options.updateReplacePolicy = deleteReplacePolicy; + instance.applyRemovalPolicy(props.removalPolicy, { + applyToUpdateReplacePolicy: true + }); this.connections = new ec2.Connections({ securityGroups: [this.securityGroup], diff --git a/packages/@aws-cdk/aws-route53-targets/test/integ.cloudfront-alias-target.expected.json b/packages/@aws-cdk/aws-route53-targets/test/integ.cloudfront-alias-target.expected.json index 28d030f8977ae..372a8eb65e47c 100644 --- a/packages/@aws-cdk/aws-route53-targets/test/integ.cloudfront-alias-target.expected.json +++ b/packages/@aws-cdk/aws-route53-targets/test/integ.cloudfront-alias-target.expected.json @@ -26,6 +26,7 @@ } }, "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyDistributionCFDistributionDE147309": { @@ -75,4 +76,4 @@ } } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json index 69cf9b444c5e8..f2960a75110a2 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json @@ -2,6 +2,7 @@ "Resources": { "Destination920A3C57": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "WebsiteConfiguration": { "IndexDocument": "index.html" @@ -447,4 +448,4 @@ "Description": "Artifact hash for asset \"test-bucket-deployments-1/DeployWithPrefix/Asset\"" } } -} \ No newline at end of file +} diff --git a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json index ef4b540ae5256..9b7bb66066352 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket83908E77": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "BucketNotifications8F2E257D": { @@ -263,6 +264,7 @@ } }, "Bucket25524B414": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "Bucket2NotificationsD9BA2A77": { diff --git a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json index 9c3ab42650608..73e1aaa046e7e 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/lambda/integ.bucket-notifications.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyBucketNotifications46AC0CD2": { @@ -150,6 +151,7 @@ } }, "YourBucketC6A57364": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "YourBucketNotifications8D39901A": { diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json index 3bab240f35cd4..ec5c5ae7f71e9 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sns/integ.sns-bucket-notifications.expected.json @@ -99,6 +99,7 @@ } }, "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "MyBucketNotifications46AC0CD2": { diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json index 4e2224aa5b8cc..74b7ef9728947 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json @@ -1,6 +1,7 @@ { "Resources": { "Bucket12520700A": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "Bucket1NotificationsBC5D9A45": { @@ -223,6 +224,7 @@ } }, "Bucket25524B414": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" }, "Bucket2NotificationsD9BA2A77": { diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index 31359131e79b2..057bebfa207e4 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -1,7 +1,7 @@ import events = require('@aws-cdk/aws-events'); import iam = require('@aws-cdk/aws-iam'); import kms = require('@aws-cdk/aws-kms'); -import { applyRemovalPolicy, Construct, IResource, Lazy, PhysicalName, +import { Construct, IResource, Lazy, PhysicalName, RemovalPolicy, Resource, ResourceIdentifiers, Stack, Token } from '@aws-cdk/cdk'; import { EOL } from 'os'; import { BucketPolicy } from './bucket-policy'; @@ -904,7 +904,7 @@ export class Bucket extends BucketBase { corsConfiguration: Lazy.anyValue({ produce: () => this.parseCorsConfiguration() }) }); - applyRemovalPolicy(resource, props.removalPolicy !== undefined ? props.removalPolicy : RemovalPolicy.Orphan); + resource.applyRemovalPolicy(props.removalPolicy); this.versioned = props.versioned; this.encryptionKey = encryptionKey; diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json index 6ca6fca9f839d..c7eefed3a4520 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json @@ -2,6 +2,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" } }, diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.domain-name.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.domain-name.expected.json index 06ba9c9e7466d..a823f27281c01 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket.domain-name.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.domain-name.expected.json @@ -1,6 +1,7 @@ { "Resources": { "MyBucketF68F3FF0": { + "DeletionPolicy": "Delete", "Type": "AWS::S3::Bucket" } }, diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json index 2175996d83ed2..70f427a6a8a34 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json @@ -69,6 +69,7 @@ }, "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ @@ -89,6 +90,7 @@ }, "MyOtherBucket543F3540": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.url.lit.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.url.lit.expected.json index 0ed62b177dc05..3a56b818acbce 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket.url.lit.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.url.lit.expected.json @@ -1,7 +1,8 @@ { "Resources": { "MyBucketF68F3FF0": { - "Type": "AWS::S3::Bucket" + "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-s3/test/integ.lifecycle.expected.json b/packages/@aws-cdk/aws-s3/test/integ.lifecycle.expected.json index aee30e192cb26..47a22903017c3 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.lifecycle.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.lifecycle.expected.json @@ -2,6 +2,7 @@ "Resources": { "MyBucketF68F3FF0": { "Type": "AWS::S3::Bucket", + "DeletionPolicy": "Delete", "Properties": { "LifecycleConfiguration": { "Rules": [ diff --git a/packages/@aws-cdk/aws-s3/test/test.bucket.ts b/packages/@aws-cdk/aws-s3/test/test.bucket.ts index ffcfc7a633268..012c3e169b701 100644 --- a/packages/@aws-cdk/aws-s3/test/test.bucket.ts +++ b/packages/@aws-cdk/aws-s3/test/test.bucket.ts @@ -534,7 +534,10 @@ export = { 'removal policy can be used to specify behavior upon delete'(test: Test) { const stack = new cdk.Stack(); - new s3.Bucket(stack, 'MyBucket', { removalPolicy: cdk.RemovalPolicy.Orphan, encryption: s3.BucketEncryption.Unencrypted }); + new s3.Bucket(stack, 'MyBucket', { + removalPolicy: cdk.RemovalPolicy.Retain, + encryption: s3.BucketEncryption.Unencrypted + }); expect(stack).toMatch({ Resources: { diff --git a/packages/@aws-cdk/cdk/lib/cfn-resource.ts b/packages/@aws-cdk/cdk/lib/cfn-resource.ts index 38317256cf8f3..39cbe72e3897b 100644 --- a/packages/@aws-cdk/cdk/lib/cfn-resource.ts +++ b/packages/@aws-cdk/cdk/lib/cfn-resource.ts @@ -5,6 +5,7 @@ import { CfnCondition } from './cfn-condition'; import { CfnRefElement } from './cfn-element'; import { Construct, IConstruct } from './construct'; import { CfnReference } from './private/cfn-reference'; +import { RemovalPolicy, RemovalPolicyOptions } from './removal-policy'; import { IResolvable } from './resolvable'; import { CreationPolicy, DeletionPolicy, UpdatePolicy } from './resource-policy'; import { TagManager } from './tag-manager'; @@ -116,6 +117,33 @@ export class CfnResource extends CfnRefElement { } } + /** + * Sets the deletion policy of the resource based on the removal policy specified. + */ + public applyRemovalPolicy(policy: RemovalPolicy | undefined, options: RemovalPolicyOptions = {}) { + policy = policy || options.default || RemovalPolicy.Retain; + + let deletionPolicy; + + switch (policy) { + case RemovalPolicy.Destroy: + deletionPolicy = DeletionPolicy.Delete; + break; + + case RemovalPolicy.Retain: + deletionPolicy = DeletionPolicy.Retain; + break; + + default: + throw new Error(`Invalid removal policy: ${policy}`); + } + + this.options.deletionPolicy = deletionPolicy; + if (options.applyToUpdateReplacePolicy) { + this.options.updateReplacePolicy = deletionPolicy; + } + } + /** * Returns a token for an runtime attribute of this resource. * Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility diff --git a/packages/@aws-cdk/cdk/lib/removal-policy.ts b/packages/@aws-cdk/cdk/lib/removal-policy.ts index 6e8248d9d6fe8..b2a423a588ed0 100644 --- a/packages/@aws-cdk/cdk/lib/removal-policy.ts +++ b/packages/@aws-cdk/cdk/lib/removal-policy.ts @@ -1,34 +1,27 @@ -import { CfnResource } from './cfn-resource'; -import { DeletionPolicy } from './resource-policy'; - export enum RemovalPolicy { /** - * This is the default removal policy for most resources. It means that when the resource - * is removed from the app, it will be physically destroyed. + * This is the default removal policy. It means that when the resource is + * removed from the app, it will be physically destroyed. */ - Destroy = 0, + Destroy = 'destroy', /** * This uses the 'Retain' DeletionPolicy, which will cause the resource to be retained * in the account, but orphaned from the stack. */ - Orphan, + Retain = 'retain', +} +export interface RemovalPolicyOptions { /** - * This will apply the 'Retain' DeletionPolicy and also add metadata for the toolkit - * to apply a CloudFormation stack policy which forbids the deletion of resource. + * The default policy to apply in case the removal policy is not defined. + * + * @default RemovalPolicy.Retain */ - Forbid -} - -export function applyRemovalPolicy(resource: CfnResource, removalPolicy: RemovalPolicy | undefined) { - if (removalPolicy === RemovalPolicy.Orphan || removalPolicy === RemovalPolicy.Forbid) { - resource.options.deletionPolicy = DeletionPolicy.Retain; - } + readonly default?: RemovalPolicy; - // attach metadata that will tell the toolkit to protect this resource by - // applying an appropriate stack update policy. - if (removalPolicy === RemovalPolicy.Forbid) { - resource.node.addMetadata('aws:cdk:protected', true); - } -} + /** + * Apply the same deletion policy to the resource's "UpdateReplacePolicy" + */ + readonly applyToUpdateReplacePolicy?: boolean; +} \ No newline at end of file diff --git a/packages/@aws-cdk/cdk/test/test.resource.ts b/packages/@aws-cdk/cdk/test/test.resource.ts index ce2bba32967c8..0e08a7facefa1 100644 --- a/packages/@aws-cdk/cdk/test/test.resource.ts +++ b/packages/@aws-cdk/cdk/test/test.resource.ts @@ -1,6 +1,6 @@ import cxapi = require('@aws-cdk/cx-api'); import { Test } from 'nodeunit'; -import { App, App as Root, applyRemovalPolicy, CfnCondition, +import { App, App as Root, CfnCondition, CfnResource, Construct, ConstructNode, DeletionPolicy, Fn, RemovalPolicy, Stack } from '../lib'; import { toCloudFormation } from './util'; @@ -294,18 +294,24 @@ export = { 'removal policy is a high level abstraction of deletion policy used by l2'(test: Test) { const stack = new Stack(); - const orphan = new CfnResource(stack, 'Orphan', { type: 'T1' }); - const forbid = new CfnResource(stack, 'Forbid', { type: 'T2' }); + const retain = new CfnResource(stack, 'Retain', { type: 'T1' }); const destroy = new CfnResource(stack, 'Destroy', { type: 'T3' }); + const def = new CfnResource(stack, 'Default1', { type: 'T4' }); + const def2 = new CfnResource(stack, 'Default2', { type: 'T4' }); - applyRemovalPolicy(orphan, RemovalPolicy.Orphan); - applyRemovalPolicy(forbid, RemovalPolicy.Forbid); - applyRemovalPolicy(destroy, RemovalPolicy.Destroy); + retain.applyRemovalPolicy(RemovalPolicy.Retain); + destroy.applyRemovalPolicy(RemovalPolicy.Destroy); + def.applyRemovalPolicy(undefined, { default: RemovalPolicy.Destroy }); + def2.applyRemovalPolicy(undefined); - test.deepEqual(toCloudFormation(stack), { Resources: - { Orphan: { Type: 'T1', DeletionPolicy: 'Retain' }, - Forbid: { Type: 'T2', DeletionPolicy: 'Retain' }, - Destroy: { Type: 'T3' } } }); + test.deepEqual(toCloudFormation(stack), { + Resources: { + Retain: { Type: 'T1', DeletionPolicy: 'Retain' }, + Destroy: { Type: 'T3', DeletionPolicy: 'Delete' }, + Default1: { Type: 'T4', DeletionPolicy: 'Delete' }, // explicit default + Default2: { Type: 'T4', DeletionPolicy: 'Retain' } // implicit default + } + }); test.done(); },