Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(app-staging-synthesizer): clean up staging resources on deletion #25906

Merged
merged 53 commits into from
Jun 21, 2023
Merged
Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
5cb4473
custom resource bindings package
kaizencc Jun 7, 2023
4d49560
aws-cdk-lib now consumes custom-resource-bindings
kaizencc Jun 7, 2023
cbe32c6
allow package to be built up
kaizencc Jun 7, 2023
838cab4
app-staging-synthesizer now consumes custom-resource-bindings
kaizencc Jun 7, 2023
851f231
use custom resource provider in app staging synthesizer
kaizencc Jun 8, 2023
b904480
add scripts folder
kaizencc Jun 8, 2023
f3e060d
pr feedback
kaizencc Jun 8, 2023
e87a089
test custom resources
kaizencc Jun 8, 2023
ea80d13
pr feedback
kaizencc Jun 8, 2023
135b798
add nodejs-entrypoint to custom resource handler pkg
kaizencc Jun 12, 2023
94e6a0b
rename handlers
kaizencc Jun 13, 2023
2dddb42
autodeletestagingassets
kaizencc Jun 14, 2023
0998986
uncommit extraneous files
kaizencc Jun 14, 2023
7c8e0ce
minor improvements
kaizencc Jun 14, 2023
200f007
readme
kaizencc Jun 14, 2023
dd38301
turn default autodelete to true
kaizencc Jun 16, 2023
c0a6955
pr comments
kaizencc Jun 16, 2023
9ac0a32
pr comments on airlifting
kaizencc Jun 16, 2023
3835fe1
merge from main
kaizencc Jun 16, 2023
3098d2a
snapshots
kaizencc Jun 16, 2023
818bfbd
no ts-node
kaizencc Jun 19, 2023
79e9e7c
Merge branch 'main' into conroy/crs
kaizencc Jun 19, 2023
69f3e55
remove dep
kaizencc Jun 19, 2023
ec02e8b
Merge branch 'conroy/crs' of https://github.com/aws/aws-cdk into conr…
kaizencc Jun 19, 2023
6de37f1
add jest dev dep
kaizencc Jun 19, 2023
ca24b87
add ts-jest dev dep
kaizencc Jun 19, 2023
5e6be9a
remove ts-jest dev dep
kaizencc Jun 19, 2023
3a100b6
Regen yarn.lock
rix0rrr Jun 19, 2023
aa0f254
remove nohoist
kaizencc Jun 19, 2023
2f4a3c3
Merge branch 'main' into conroy/crs
kaizencc Jun 19, 2023
1be7e80
add tests for nodejs-entrypoint
kaizencc Jun 19, 2023
8671b3e
Merge branch 'conroy/crs' of https://github.com/aws/aws-cdk into conr…
kaizencc Jun 19, 2023
d002aa2
tpl
kaizencc Jun 19, 2023
7cd87f8
tpl
kaizencc Jun 19, 2023
bb2e809
jest config
kaizencc Jun 19, 2023
b2a4c73
revert tpls
kaizencc Jun 19, 2023
caf78be
add back third party license change
kaizencc Jun 20, 2023
0f2ab19
Empty-Commit
kaizencc Jun 20, 2023
05297a1
third party licenses one more time
kaizencc Jun 20, 2023
32e9add
tpl
kaizencc Jun 20, 2023
55bc3ab
move custom-resource-handlers under scope
kaizencc Jun 20, 2023
14d5c86
update integ test
kaizencc Jun 20, 2023
c45a78f
airlift files
kaizencc Jun 20, 2023
e4f6d35
Merge branch 'main' into conroy/crs
kaizencc Jun 20, 2023
5752abe
snapshots
kaizencc Jun 20, 2023
79318d0
update integ test for appstagingsynth
kaizencc Jun 20, 2023
135a988
Merge branch 'conroy/crs' of https://github.com/aws/aws-cdk into conr…
kaizencc Jun 20, 2023
263fc43
Merge branch 'main' into conroy/crs
kaizencc Jun 20, 2023
c28063c
volatile tests
kaizencc Jun 20, 2023
95b881f
add esbuild devdep
kaizencc Jun 20, 2023
d6c1752
Merge branch 'conroy/crs' of https://github.com/aws/aws-cdk into conr…
kaizencc Jun 20, 2023
a203c3b
snapshots
kaizencc Jun 20, 2023
555afcf
appstagingsynth snap
kaizencc Jun 20, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions lerna.json
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"packages": [
"packages/aws-cdk-lib",
"packages/cdk-assets",
"packages/custom-resource-bindings",
"packages/aws-cdk",
"packages/cdk",
"packages/@aws-cdk/*",
Expand Down
3 changes: 3 additions & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
"packages/aws-cdk",
"packages/cdk",
"packages/cdk-assets",
"packages/custom-resource-bindings",
"packages/@aws-cdk/*",
"packages/awslint",
"packages/@aws-cdk-containers/*",
Expand Down Expand Up @@ -139,6 +140,8 @@
"@aws-cdk/pipelines/aws-sdk/**",
"@aws-cdk/yaml-cfn/yaml",
"@aws-cdk/yaml-cfn/yaml/**",
"aws-cdk-lib/@aws-cdk/custom-resource-bindings",
"aws-cdk-lib/@aws-cdk/custom-resource-bindings/**",
"aws-cdk-lib/@balena/dockerignore",
"aws-cdk-lib/@balena/dockerignore/**",
"aws-cdk-lib/case",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ import * as path from 'path';
import {
App,
ArnFormat,
CustomResource,
CustomResourceProvider,
builtInCustomResourceProviderNodeRuntime,
BootstraplessSynthesizer,
DockerImageAssetSource,
Duration,
Expand All @@ -11,6 +14,7 @@ import {
RemovalPolicy,
Stack,
StackProps,
Tags,
} from 'aws-cdk-lib';
import * as ecr from 'aws-cdk-lib/aws-ecr';
import * as iam from 'aws-cdk-lib/aws-iam';
Expand All @@ -21,6 +25,8 @@ import { BootstrapRole } from './bootstrap-roles';
import { FileStagingLocation, IStagingResources, IStagingResourcesFactory, ImageStagingLocation } from './staging-stack';

export const DEPLOY_TIME_PREFIX = 'deploy-time/';
const AUTO_DELETE_OBJECTS_RESOURCE_TYPE = 'Custom::S3AutoDeleteObjects';
const AUTO_DELETE_OBJECTS_TAG = 'aws-cdk:auto-delete-objects';

/**
* User configurable options to the DefaultStagingStack.
Expand Down Expand Up @@ -353,9 +359,58 @@ export class DefaultStagingStack extends Stack implements IStagingResources {
expiration: this.props.deployTimeFileAssetLifetime ?? Duration.days(30),
});

this.enableAutoDeleteObjects(bucket);

return stagingBucketName;
}

private enableAutoDeleteObjects(bucket: s3.Bucket) {
const provider = CustomResourceProvider.getOrCreateProvider(this, AUTO_DELETE_OBJECTS_RESOURCE_TYPE, {
codeDirectory: path.join(__dirname, '..', 'custom-resource-bindings', 'aws-s3', 'auto-delete-objects-handler'),
inlineCode: true,
runtime: builtInCustomResourceProviderNodeRuntime(bucket),
description: `Lambda function for auto-deleting objects in ${bucket.bucketName} S3 bucket.`,
});

// Use a bucket policy to allow the custom resource to delete
// objects in the bucket
bucket.addToResourcePolicy(new iam.PolicyStatement({
actions: [
// list objects
's3:GetBucket*',
's3:List*',
's3:DeleteObject*', // and then delete them
],
resources: [
bucket.bucketArn,
bucket.arnForObjects('*'),
],
principals: [new iam.ArnPrincipal(provider.roleArn)],
}));

const customResource = new CustomResource(this, 'AutoDeleteObjectsCustomResource', {
resourceType: AUTO_DELETE_OBJECTS_RESOURCE_TYPE,
serviceToken: provider.serviceToken,
properties: {
BucketName: bucket.bucketName,
},
});

// Ensure bucket policy is deleted AFTER the custom resource otherwise
// we don't have permissions to list and delete in the bucket.
// (add a `if` to make TS happy)
if (bucket.policy) {
customResource.node.addDependency(bucket.policy);
}

// We also tag the bucket to record the fact that we want it autodeleted.
// The custom resource will check this tag before actually doing the delete.
// Because tagging and untagging will ALWAYS happen before the CR is deleted,
// we can set `autoDeleteObjects: false` without the removal of the CR emptying
// the bucket as a side effect.
Tags.of(bucket).add(AUTO_DELETE_OBJECTS_TAG, 'true');
}

/**
* Returns the well-known name of the repo
*/
Expand Down
6 changes: 5 additions & 1 deletion packages/@aws-cdk/app-staging-synthesizer-alpha/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,9 @@
"announce": false
},
"cdk-build": {
"pre": [
"./scripts/airlift-custom-resource-bindings.sh"
],
"env": {
"AWSLINT_BASE_CONSTRUCT": true
}
Expand All @@ -93,7 +96,8 @@
"@aws-cdk/integ-tests-alpha": "0.0.0",
"constructs": "^10.0.0",
"@aws-cdk/cdk-build-tools": "0.0.0",
"@aws-cdk/pkglint": "0.0.0"
"@aws-cdk/pkglint": "0.0.0",
"@aws-cdk/custom-resource-bindings": "0.0.0"
},
"peerDependencies": {
"aws-cdk-lib": "0.0.0",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash

scriptdir=$(cd $(dirname $0) && pwd)
customresourcedir=${scriptdir}/../../../custom-resource-bindings
kaizencc marked this conversation as resolved.
Show resolved Hide resolved
packagedir=${scriptdir}/..

cd ${packagedir}

mkdir -p custom-resource-bindings/aws-s3/auto-delete-objects-handler
mkdir -p custom-resource-bindings/aws-ecr/auto-delete-images-handler

cp ${customresourcedir}/lib/aws-s3/auto-delete-objects-handler/index.js ${packagedir}/custom-resource-bindings/aws-s3/auto-delete-objects-handler
cp ${customresourcedir}/lib/aws-ecr/auto-delete-images-handler/index.js ${packagedir}/custom-resource-bindings/aws-ecr/auto-delete-images-handler
2 changes: 1 addition & 1 deletion packages/aws-cdk-lib/aws-ecr/lib/repository.ts
Original file line number Diff line number Diff line change
Expand Up @@ -819,7 +819,7 @@ export class Repository extends RepositoryBase {
// Use a iam policy to allow the custom resource to list & delete
// images in the repository and the ability to get all repositories to find the arn needed on delete.
const provider = CustomResourceProvider.getOrCreateProvider(this, AUTO_DELETE_IMAGES_RESOURCE_TYPE, {
codeDirectory: path.join(__dirname, 'auto-delete-images-handler'),
codeDirectory: path.join(__dirname, '..', '..', 'custom-resource-bindings', 'lib', 'aws-ecr', 'auto-delete-images-handler'),
runtime: builtInCustomResourceProviderNodeRuntime(this),
description: `Lambda function for auto-deleting images in ${this.repositoryName} repository.`,
policyStatements: [
Expand Down
Loading