Skip to content

Add default stack policy to prevent replace and delete on KMS and RDS #341

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
Sep 25, 2018
Merged

Add default stack policy to prevent replace and delete on KMS and RDS #341

merged 14 commits into from
Sep 25, 2018

Conversation

mneil
Copy link
Contributor

@mneil mneil commented Sep 25, 2018

No description provided.

mneil added 12 commits September 24, 2018 08:41
@mneil
Issue #273 - Added default policy and changed upsert signature
872201d 
A stack policy exists in the assets and is currently added to
all stacks. The policy does not allow replace or delete actions
on RDS or KMS resources.

I plan to pass the policy in as a string to upsert stack as
a way to set the policy later through extensions or cli flags.
@mneil
Issue #273 - Changes to makefile for linting assets.go
bbd7932
@mneil
Issue #273 - Remove Makefile workarounds for go bindata
f1d503b 
Switching to packr removed the need to have lint workarounds
@mneil
Issue #273 - Rename approve data loss flag to allow data loss
bfdac15
@mneil
Issue #273 - Pass policy into upsert stack and get default policy
611679b
@mneil
Issue #273 - Update tests to start checking that policy is set
a3fc7b9
@mneil
Issue #273 - Tests policy flag to allow override
a60f302
@mneil
Issue #273 - Update cfn methods with allowDataLoss flag
5dcdb99
@mneil
Issue #273 - Add default policy to stacks with KMS keys
bbdad68
@mneil
Issue #273 - Update template with ToString method
3796a9d
@mneil
Issue #273 - Refactor templates
38349c4 
 - Define constants for policies
 - Update references to use GetAsset
 - Update tests

Tests still failing. Looks like tests are just bad and
need to be updated.
@mneil
Issue #273 - Update references to template.GetAsset
ce13eab 
- Fixed issue where template processing was still required
- Added tests to template methods
- Add template processing on templates where needed
@mneil mneil requested a review from cplee September 25, 2018 21:43
cplee
cplee suggested changes Sep 25, 2018
View reviewed changes
Copy link
Contributor

@cplee cplee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

feedback inline...

provider/aws/cloudformation.go Outdated
return err
}
templateBody := aws.String(templateBodyBytes.String())
templateBody, err := templates.GetAsset(templateName, templates.AddData(templateData),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i like what you have going here, but i think it'd be even cleaner to use a fluent api so that you get:

                      .AddData(templateData)
                      .DecorateTemplate(cfnMgr.extensionsManager, stackName)

thoughts?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah I'd considered it. As a heavy user of nodejs though I've ran into so many issues with fluent api's in native Promise chaining that turn code into huge try/catch blocks with poor error propagation and 100 line stack traces. It also means I need a struct to reference so I can return it from each of these funcs. In general I think it just adds unnecessary complexity.

mneil added a commit to mneil/mu that referenced this pull request Sep 25, 2018
@mneil
Issue stelligent#273 - Template refactor to resolve suggestions in PR s…
a8b88f3 
…telligent#341
@cplee cplee merged commit 2d1aa17 into develop Sep 25, 2018
@cplee cplee deleted the issue-273 branch September 25, 2018 23:47
@cplee cplee mentioned this pull request Sep 25, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cplee cplee cplee approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mneil @cplee