Skip to content

fix(codepipeline): allow re-deploying the pipeline stack after cdk destroy #4400

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mergify merged 2 commits into from
Oct 10, 2019
Merged

fix(codepipeline): allow re-deploying the pipeline stack after cdk destroy #4400

mergify merged 2 commits into from
Oct 10, 2019

Conversation

@skinny85
Copy link
Contributor

@skinny85 skinny85 commented Oct 7, 2019
edited
Loading

Currently, the KMS key and alias used for the default CodePipeline artifact bucket are created with RemovalPolicy.RETAIN. That is problematic when trying to re-deploy a stack after running cdk destroy, as the alias name will already be taken. Because of that, change the removal policy of both the key and the alias to RemovalPolicy.DESTROY - there is a grace period of a few days on the key before it's removed permanently, so that should be good enough if anyone needs it, and it doesn't seem like directly reading the artifacts of the pipeline is an important use case anyway, especially after it has been deleted.

Fixes #4336

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@skinny85
fix(codepipeline): do not retain the default bucket key and alias
23e8e8c 
Currently, the KMS key and alias used for the default CodePipeline artifact bucket are created with RemovalPolicy.RETAIN.
That is problematic when trying to re-deploy a stack after running `cdk destroy`,
as the alias name will already be taken.
Because of that, change the removal policy of both the key and the alias to RemovalPolicy.DESTROY -
there is a grace period of a few days on the key before it's removed permanently,
so that should be good enough if anyone needs it,
and it doesn't seem like directly reading the artifacts of the pipeline is an important use case anyway,
especially after it has been deleted.

Fixes aws#4336
@skinny85 skinny85 requested a review from rix0rrr October 7, 2019 23:22
@skinny85 skinny85 requested a review from eladb as a code owner October 7, 2019 23:22
@skinny85 skinny85 mentioned this pull request Oct 7, 2019
Closed
@mergify
Copy link
Contributor

mergify bot commented Oct 7, 2019

Thanks so much for taking the time to contribute to the AWS CDK ❤️

We will shortly assign someone to review this pull request and help get it
merged. In the meantime, please take a minute to make sure you follow this
checklist:

  • PR title type(scope): text
    • type: fix, feat, refactor go into CHANGELOG, chore is hidden
    • scope: name of module without aws- or cdk- prefix or postfix (e.g. s3 instead of aws-s3-deployment)
    • text: use all lower-case, do not end with a period, do not include issue refs
  • PR Description
    • Rationale: describe rationale of change and approach taken
    • Issues: indicate issues fixed via: fixes #xxx or closes #xxx
    • Breaking?: last paragraph: BREAKING CHANGE: <describe what changed + link for details>
  • Testing
    • Unit test added. Prefer to add a new test rather than modify existing tests
    • CLI or init templates change? Re-run/add CLI integration tests
  • Documentation
    • README: update module README to describe new features
    • API docs: public APIs must be documented. Copy from official AWS docs when possible
    • Design: for significant features, follow design process

@skinny85 skinny85 added the pr/do-not-merge This PR should not be merged at this time. label Oct 7, 2019
@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Oct 7, 2019

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@NGL321 NGL321 assigned eladb and skinny85 and unassigned eladb Oct 8, 2019
eladb
eladb suggested changes Oct 9, 2019
View reviewed changes
Copy link
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about the bucket(s)? If we destroy the keys, there is no reason to keep the buckets, right?

Also:

  1. PR title for bugs should describe the problem, not the solution
  2. Please reformat the PR description (line breaks, capitazliation, backpacks, etc)

@skinny85 skinny85 changed the title fix(codepipeline): do not retain the default bucket key and alias fix(codepipeline): allow re-deploying the pipeline stack after cdk destroy Oct 9, 2019
@skinny85
Copy link
Contributor Author

skinny85 commented Oct 9, 2019
edited
Loading

What about the bucket(s)? If we destroy the keys, there is no reason to keep the buckets, right?

Unfortunately, we can't destroy the buckets, as that will fail if they're not empty, and require a manual intervention by the user. Like I said, the keys are still available for a few days, so if for some reason you want to read the artifacts, the key will be there (and you can always opt-out of the key deletion in the console if you need to keep it for longer). Anyway, based on my experience working on the @aws-cdk/aws-codepipeline module, I don't think the use-case of manually reading the CodePipeline artifacts from S3 is a very important one.

Also:

  1. PR title for bugs should describe the problem, not the solution
  2. Please reformat the PR description (line breaks, capitazliation, backpacks, etc)

Done.

@skinny85 skinny85 requested a review from eladb October 10, 2019 01:33
@skinny85 skinny85 removed the pr/do-not-merge This PR should not be merged at this time. label Oct 10, 2019
@mergify
Copy link
Contributor

mergify bot commented Oct 10, 2019

Thank you for contributing! Your pull request is now being automatically merged.

@aws-cdk-automation
Copy link
Collaborator

aws-cdk-automation commented Oct 10, 2019

AWS CodeBuild CI Report

  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 9740ed3 into aws:master Oct 10, 2019
@skinny85 skinny85 deleted the fix/pipeline-kms-alias-woes branch October 10, 2019 17:38
@SomayaB SomayaB added the contribution/core This is a PR that came from AWS. label Nov 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rix0rrr rix0rrr Awaiting requested review from rix0rrr

1 more reviewer

@eladb eladb eladb approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@skinny85 skinny85

Labels

contribution/core This is a PR that came from AWS.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Stack/BuildPipeline/ArtifactsBucketEncryptionKeyAlias fails to get recreated when cdk deploy follows cd destroy

4 participants

@skinny85 @aws-cdk-automation @eladb @SomayaB