diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js index 32b676820b865..48261e12d82e5 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js @@ -300,9 +300,6 @@ exports.certificateRequestHandler = async function (event, context) { responseData.Arn = physicalResourceId = certificateArn; break; case 'Delete': - if (event.ResourceProperties.RemovalPolicy === 'retain') { - break; - } physicalResourceId = event.PhysicalResourceId; // If the resource didn't create correctly, the physical resource ID won't be the // certificate ARN, so don't try to delete it in that case. diff --git a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js index 5c627c0e6f27c..37697f69b6e2e 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js +++ b/packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js @@ -835,38 +835,6 @@ describe('DNS Validated Certificate Handler', () => { }); }); - test('Delete operation does not delete the certificate if RemovalPolicy===retain', () => { - const describeCertificateFake = sinon.fake.resolves({ - Certificate: { - CertificateArn: testCertificateArn, - } - }); - AWS.mock('ACM', 'describeCertificate', describeCertificateFake); - - const deleteCertificateFake = sinon.fake.resolves({}); - AWS.mock('ACM', 'deleteCertificate', deleteCertificateFake); - - const request = nock(ResponseURL).put('/', body => { - return body.Status === 'SUCCESS'; - }).reply(200); - - return LambdaTester(handler.certificateRequestHandler) - .event({ - RequestType: 'Delete', - RequestId: testRequestId, - PhysicalResourceId: testCertificateArn, - ResourceProperties: { - Region: 'us-east-1', - RemovalPolicy: 'retain', - } - }) - .expectResolve(() => { - sinon.assert.notCalled(describeCertificateFake); - sinon.assert.notCalled(deleteCertificateFake); - expect(request.isDone()).toBe(true); - }); - }); - test('Delete operation is idempotent', () => { const error = new Error(); error.name = 'ResourceNotFoundException'; diff --git a/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts b/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts index b01062021fb2a..eb4044cb7833f 100644 --- a/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts +++ b/packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts @@ -79,7 +79,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi private normalizedZoneName: string; private hostedZoneId: string; private domainName: string; - private _removalPolicy?: cdk.RemovalPolicy; constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps) { super(scope, id); @@ -133,7 +132,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi HostedZoneId: this.hostedZoneId, Region: props.region, Route53Endpoint: props.route53Endpoint, - RemovalPolicy: cdk.Lazy.any({ produce: () => this._removalPolicy }), // Custom resources properties are always converted to strings; might as well be explict here. CleanupRecords: props.cleanupRoute53Records ? 'true' : undefined, Tags: cdk.Lazy.list({ produce: () => this.tags.renderTags() }), @@ -145,10 +143,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi this.node.addValidation({ validate: () => this.validateDnsValidatedCertificate() }); } - public applyRemovalPolicy(policy: cdk.RemovalPolicy): void { - this._removalPolicy = policy; - } - private validateDnsValidatedCertificate(): string[] { const errors: string[] = []; // Ensure the zone name is a parent zone of the certificate domain name diff --git a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts index 688a17ef25a69..5ed77764de122 100644 --- a/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts +++ b/packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts @@ -1,7 +1,7 @@ import { Template } from '@aws-cdk/assertions'; import * as iam from '@aws-cdk/aws-iam'; import { HostedZone, PublicHostedZone } from '@aws-cdk/aws-route53'; -import { App, Stack, Token, Tags, RemovalPolicy } from '@aws-cdk/core'; +import { App, Stack, Token, Tags } from '@aws-cdk/core'; import { DnsValidatedCertificate } from '../lib/dns-validated-certificate'; test('creates CloudFormation Custom Resource', () => { @@ -266,36 +266,4 @@ test('test transparency logging settings is passed to the custom resource', () = }, CertificateTransparencyLoggingPreference: 'DISABLED', }); -}); - -test('can set removal policy', () => { - const stack = new Stack(); - - const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', { - zoneName: 'example.com', - }); - - const cert = new DnsValidatedCertificate(stack, 'Certificate', { - domainName: 'test.example.com', - hostedZone: exampleDotComZone, - subjectAlternativeNames: ['test2.example.com'], - cleanupRoute53Records: true, - }); - cert.applyRemovalPolicy(RemovalPolicy.RETAIN); - - Template.fromStack(stack).hasResourceProperties('AWS::CloudFormation::CustomResource', { - DomainName: 'test.example.com', - SubjectAlternativeNames: ['test2.example.com'], - RemovalPolicy: 'retain', - ServiceToken: { - 'Fn::GetAtt': [ - 'CertificateCertificateRequestorFunction5E845413', - 'Arn', - ], - }, - HostedZoneId: { - Ref: 'ExampleDotCom4D1B83AA', - }, - CleanupRecords: 'true', - }); -}); +}); \ No newline at end of file