fix(rds): propagate RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE to helper resources#37990
Open
suhas38222 wants to merge 1 commit into
Open
fix(rds): propagate RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE to helper resources#37990suhas38222 wants to merge 1 commit into
suhas38222 wants to merge 1 commit into
Conversation
…r resources Fixes aws#37780 RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETE was not propagated to the helper resources (subnet groups, cluster instances) created by DatabaseCluster, DatabaseInstance, and ServerlessCluster. Three places in the RDS private utilities compared against RemovalPolicy.RETAIN only, so RETAIN_ON_UPDATE_OR_DELETE silently fell through to DESTROY, leaving child resources with no explicit deletion policy (CloudFormation default: Delete). Changes: - helperRemovalPolicy: pass RETAIN_ON_UPDATE_OR_DELETE through as-is so helper resources receive RetainExceptOnCreate, which still allows cleanup if the helper's own creation fails during a rollback - defaultDeletionProtection: auto-enable deletion protection when removalPolicy is RETAIN_ON_UPDATE_OR_DELETE, consistent with the existing RETAIN behaviour - ServerlessClusterNew: replace inline RETAIN-only check with helperRemovalPolicy + renderUnless, consistent with DatabaseCluster and DatabaseInstance Unit tests added for all three constructs covering the new policy value. Integration test added as a regression guard.
github-actions
Bot
added
beginning-contributor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
Closes #37780.
Reason for this change
RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETEwas not propagated to the helper resources (subnet groups, cluster instances) created byDatabaseCluster,DatabaseInstance, andServerlessCluster. Three places in the RDS private utilities compared againstRemovalPolicy.RETAINonly —RETAIN_ON_UPDATE_OR_DELETEsilently fell through toDESTROY, leaving those child resources with no explicit deletion policy at all (CloudFormation default: Delete).Description of changes
packages/aws-cdk-lib/aws-rds/lib/private/util.tshelperRemovalPolicy: extended the condition to passRETAIN_ON_UPDATE_OR_DELETEthrough as-is instead of collapsing it toDESTROY.RetainExceptOnCreateis correct here: it still permits cleanup of the helper if its own creation fails during a rollback, while retaining it on normal updates and deletes.defaultDeletionProtection: extended the condition to also auto-enable deletion protection whenremovalPolicyisRETAIN_ON_UPDATE_OR_DELETE, consistent with the existingRETAINbehaviour.packages/aws-cdk-lib/aws-rds/lib/serverless-cluster.tsprops.removalPolicy === RemovalPolicy.RETAIN ? props.removalPolicy : undefinedcheck withrenderUnless(helperRemovalPolicy(props.removalPolicy), RemovalPolicy.DESTROY), bringing it in line withDatabaseClusterandDatabaseInstance.Describe any new or updated permissions being added
None. This is a pure bug fix with no IAM or AWS service interaction.
Description of how you validated changes
Unit tests (
packages/aws-cdk-lib/aws-rds/test/):cluster.test.ts: addedRETAIN_ON_UPDATE_OR_DELETErow to both existingtest.eachblocks that coverDeletionPolicy/UpdateReplacePolicyon the cluster, instance, and subnet group. Added a newtest.eachblock verifyingDeletionProtectionis auto-enabled for bothRETAINandRETAIN_ON_UPDATE_OR_DELETE.instance.test.ts: same additions —RETAIN_ON_UPDATE_OR_DELETErow in the existing policy propagation test, plus a newDeletionProtectionauto-enable test.serverless-cluster.test.ts: new test asserting the subnet group getsRetainExceptOnCreatewhen the cluster is created withRETAIN_ON_UPDATE_OR_DELETE.Integration test (
packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-instance-removal-policy.ts):Creates a
DatabaseClusterand aDatabaseInstanceeach withremovalPolicy: RemovalPolicy.RETAIN_ON_UPDATE_OR_DELETEand verifies that the subnet groups and cluster instances inheritRetainExceptOnCreate. Snapshot generated locally viacdk synth.Checklist