From 86d74996714dec431ee854facfab0e0976a3d89e Mon Sep 17 00:00:00 2001 From: Romaric Kanyamibwa Date: Tue, 7 Nov 2023 14:45:42 +0100 Subject: [PATCH] Add Retain as deletion policy for buckets Set retain as deletion policy for buckets so that cloudformation either does not try to delete buckets during rollbacks or so that if the bucket exists it can be imported. --- src/e3/aws/troposphere/s3/bucket.py | 2 +- tests/tests_e3_aws/troposphere/config/config_test.py | 1 + .../troposphere/s3/bucket-with-roles-trusted-accounts.json | 1 + tests/tests_e3_aws/troposphere/s3/bucket-with-roles.json | 3 ++- tests/tests_e3_aws/troposphere/s3/bucket.json | 1 + tests/tests_e3_aws/troposphere/s3/bucket_multi_encryption.json | 3 ++- .../troposphere/s3/bucket_notification_string_arns.json | 1 + tests/tests_e3_aws/troposphere/s3websitedistribution.json | 3 ++- .../tests_e3_aws/troposphere/s3websitedistribution_bucket.json | 1 + .../troposphere/s3websitedistribution_iam_path.json | 1 + .../troposphere/s3websitedistribution_logging.json | 1 + .../troposphere/s3websitedistribution_logging_default.json | 1 + tests/tests_e3_aws/troposphere/stack/stack_with_outputs.json | 1 + 13 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/e3/aws/troposphere/s3/bucket.py b/src/e3/aws/troposphere/s3/bucket.py index 2f5afad9..a479c1d9 100644 --- a/src/e3/aws/troposphere/s3/bucket.py +++ b/src/e3/aws/troposphere/s3/bucket.py @@ -277,7 +277,7 @@ def resources(self, stack: Stack) -> list[AWSObject]: notification_config, notification_resources = self.notification_setup optional_resources.extend(notification_resources) - attr = {} + attr = {"DeletionPolicy": "Retain"} for key, val in { "BucketName": self.name, "BucketEncryption": bucket_encryption, diff --git a/tests/tests_e3_aws/troposphere/config/config_test.py b/tests/tests_e3_aws/troposphere/config/config_test.py index 43ec2680..ee127cb8 100644 --- a/tests/tests_e3_aws/troposphere/config/config_test.py +++ b/tests/tests_e3_aws/troposphere/config/config_test.py @@ -131,6 +131,7 @@ "DependsOn": "AWSServiceRoleForConfig", }, "ConfigTestBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "config-test-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3/bucket-with-roles-trusted-accounts.json b/tests/tests_e3_aws/troposphere/s3/bucket-with-roles-trusted-accounts.json index db6be215..a7004fa5 100644 --- a/tests/tests_e3_aws/troposphere/s3/bucket-with-roles-trusted-accounts.json +++ b/tests/tests_e3_aws/troposphere/s3/bucket-with-roles-trusted-accounts.json @@ -1,5 +1,6 @@ { "TestBucketWithRoles": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "test-bucket-with-roles", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3/bucket-with-roles.json b/tests/tests_e3_aws/troposphere/s3/bucket-with-roles.json index 0fe369d4..4b602a5d 100644 --- a/tests/tests_e3_aws/troposphere/s3/bucket-with-roles.json +++ b/tests/tests_e3_aws/troposphere/s3/bucket-with-roles.json @@ -1,5 +1,6 @@ { "TestBucketWithRoles": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "test-bucket-with-roles", "BucketEncryption": { @@ -192,4 +193,4 @@ }, "Type": "AWS::IAM::Role" } -} +} \ No newline at end of file diff --git a/tests/tests_e3_aws/troposphere/s3/bucket.json b/tests/tests_e3_aws/troposphere/s3/bucket.json index 767a4699..7a573a5e 100644 --- a/tests/tests_e3_aws/troposphere/s3/bucket.json +++ b/tests/tests_e3_aws/troposphere/s3/bucket.json @@ -29,6 +29,7 @@ "Type": "AWS::Lambda::Function" }, "TestBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "test-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3/bucket_multi_encryption.json b/tests/tests_e3_aws/troposphere/s3/bucket_multi_encryption.json index ef7d47fe..091e1bdc 100644 --- a/tests/tests_e3_aws/troposphere/s3/bucket_multi_encryption.json +++ b/tests/tests_e3_aws/troposphere/s3/bucket_multi_encryption.json @@ -1,5 +1,6 @@ { "TestBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "test-bucket", "PublicAccessBlockConfiguration": { @@ -69,4 +70,4 @@ }, "Type": "AWS::S3::BucketPolicy" } -} +} \ No newline at end of file diff --git a/tests/tests_e3_aws/troposphere/s3/bucket_notification_string_arns.json b/tests/tests_e3_aws/troposphere/s3/bucket_notification_string_arns.json index 6fa91033..9380823e 100644 --- a/tests/tests_e3_aws/troposphere/s3/bucket_notification_string_arns.json +++ b/tests/tests_e3_aws/troposphere/s3/bucket_notification_string_arns.json @@ -1,5 +1,6 @@ { "TestBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "test-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3websitedistribution.json b/tests/tests_e3_aws/troposphere/s3websitedistribution.json index 7b58c4b8..e9407bf6 100644 --- a/tests/tests_e3_aws/troposphere/s3websitedistribution.json +++ b/tests/tests_e3_aws/troposphere/s3websitedistribution.json @@ -1,5 +1,6 @@ { "HostBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "host-bucket", "BucketEncryption": { @@ -374,4 +375,4 @@ }, "Type": "AWS::Route53::RecordSet" } -} +} \ No newline at end of file diff --git a/tests/tests_e3_aws/troposphere/s3websitedistribution_bucket.json b/tests/tests_e3_aws/troposphere/s3websitedistribution_bucket.json index baaf2390..e9407bf6 100644 --- a/tests/tests_e3_aws/troposphere/s3websitedistribution_bucket.json +++ b/tests/tests_e3_aws/troposphere/s3websitedistribution_bucket.json @@ -1,5 +1,6 @@ { "HostBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "host-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3websitedistribution_iam_path.json b/tests/tests_e3_aws/troposphere/s3websitedistribution_iam_path.json index 1a6f6d80..9a068a0d 100644 --- a/tests/tests_e3_aws/troposphere/s3websitedistribution_iam_path.json +++ b/tests/tests_e3_aws/troposphere/s3websitedistribution_iam_path.json @@ -1,5 +1,6 @@ { "HostBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "host-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3websitedistribution_logging.json b/tests/tests_e3_aws/troposphere/s3websitedistribution_logging.json index dfdeab45..898cd6a0 100644 --- a/tests/tests_e3_aws/troposphere/s3websitedistribution_logging.json +++ b/tests/tests_e3_aws/troposphere/s3websitedistribution_logging.json @@ -1,5 +1,6 @@ { "HostBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "host-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/s3websitedistribution_logging_default.json b/tests/tests_e3_aws/troposphere/s3websitedistribution_logging_default.json index ff9217a4..321e8a78 100644 --- a/tests/tests_e3_aws/troposphere/s3websitedistribution_logging_default.json +++ b/tests/tests_e3_aws/troposphere/s3websitedistribution_logging_default.json @@ -1,5 +1,6 @@ { "HostBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "host-bucket", "BucketEncryption": { diff --git a/tests/tests_e3_aws/troposphere/stack/stack_with_outputs.json b/tests/tests_e3_aws/troposphere/stack/stack_with_outputs.json index a567f7e4..149f83ab 100644 --- a/tests/tests_e3_aws/troposphere/stack/stack_with_outputs.json +++ b/tests/tests_e3_aws/troposphere/stack/stack_with_outputs.json @@ -1,5 +1,6 @@ { "MyBucket": { + "DeletionPolicy": "Retain", "Properties": { "BucketName": "my-bucket", "BucketEncryption": {