feat(docdb): support snapshot removal policy #28798
Conversation
github-actions
bot
added
bug
There was a problem hiding this comment.
The pull request linter has failed. See the aws-cdk-automation comment below for failure reasons. If you believe this pull request should receive an exemption, please comment and provide a justification.
A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed add Clarification Request to a comment.
|
Exemption Request. |
aws-cdk-automation
added
pr-linter/exemption-requested
|
@lpizzinidev but is it a good idea to silently fallback to another removal policy here? Personally I find it better to know that something is not supported instead of learning sometime later in production that there is no snapshot although my infrastructure code says there should be. |
|
@kornicameister |
|
@lpizzinidev suggestion remains. If user wants to retain w security group it may create one before creating a cluster or an instance. That way, at least, caller is aware of a setting instead of it being magically transformed between incompatible resources. What it user wishes to remove security group but retain cluster. What is there is a need to remove cluster but retain a group. All in all there's more than one combination and I find it better to let caller decide. Finally... isn't what you are proposing, potentially dangerous, precedence? I know CDK comes with reasonable defaults but, at least to my knowledge, dealing with security group is always exposed for caller to customize. It is like that here but there is this one extra bit that requires extra documentation. Are there more places hacking their way through escape hatches like that? Or is it really a precedence? |
|
@lpizzinidev your link leads to RDS. Also I tried setting up snapshot policy for cluster but |
|
@kornicameister |
|
@lpizzinidev I rest my case about it being unsupported...my bad. However that begs a question where is this list and how we can update it. That's a bit of a separate issue I am happy to report. Nonetheless I still do not agree with this fallback. It still sounds a bit like hidden hack here. Perhaps it's time to get other people here to express opinion because I am just one guy and it feels wrong just for me which is hardly an argument if general attitude in cdk is to let those hacks happen. In that case I have to live with it 😝. Long story short such discussion is wonderful idea but I would argue that it should start with general RFC here and handle things globally in sort of unified manner instead of dealing with it here and leaving rest of CDK untouched. Given that is what is happening, because I am not sure of it. Once again a greater number of contributors must express what they think of it. We can play ping pong all day long...but where does it take us? |
aws-cdk-automation
dismissed
their stale review
✅ Updated pull request passes all PRLinter validations. Dismissing previous PRLinter review.
|
@kornicameister |
There was a problem hiding this comment.
I am partly agreeing with this change.
To be fair, I agree with the security group change for the following reason:
- The default removal policy for security group is
DELETE. It makes sense to me to fall back to the default policy. - Users wasn't able to use
SNAPSHOTpolicy on DocDB cluster resource prior to this fix, so it won't cause breaking change. - Users can always provide their own security group if they want other removal policy (and we should add an example to readme to set a custom deletion policy on security group with
SNAPSHOTpolicy on docdb cluster).
However, I'm a bit hesitant on the DocDB instance part. I appreciate the fact that this PR now adds support for SNAPSHOT deletion policy for cluster. Correct me if wrong, but there's no way to specify RETAIN instance while using SNAPSHOT on cluster.
Edit
but there's no way to specify
RETAINinstance while usingSNAPSHOTon cluster.
I guess this is not entirely true, as there's a pretty ugly workaround like the following
cluster.node.children.forEach(child => {
if (child instanceof docdb.CfnDBInstance) {
child.applyRemovalPolicy(cdk.RemovalPolicy.RETAIN, { applyToUpdateReplacePolicy: true } as cdk.RemovalPolicyOptions);
}
});
I personally don't like this workaround but I also can't think of a better way other than creating another property (which I hate even more). I'll bring it up for team discussion for a second thought.
That's correct. |
|
On there other hand. |
|
@lpizzinidev @GavinZZ ; friendly ping here. Based on CloudFormation: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-docdb-dbcluster.html#cfn-docdb-dbcluster-restoretotime we do have quite a few options to consider. |
|
@kornicameister I would think that as a separate issue and PR. @lpizzinidev I do agree with you that adding a separate props for the removal policy is the best way to go here. Would you be available to work on it? If not I can help pushing commits to this PR. |
|
@GavinZZ later in the evening I will submit another ticket for passing sourceSnapshot into cluster to make restoration possible. |
|
@GavinZZ |
lpizzinidev
force-pushed
the
gh-28773
branch
from
3ecc28b to
5d19137
Compare
aws-cdk-automation
added
pr/needs-maintainer-review
|
@lpizzinidev @GavinZZ issue is already created by someone else: #27188. |
...aws-cdk-testing/framework-integ/test/aws-docdb/test/integ.cluster-removal-policy-snapshot.ts
Outdated
Show resolved
Hide resolved
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
aws-cdk-automation
removed
the
pr/needs-maintainer-review
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
|
@mergify update |
❌ Mergify doesn't have permission to updateFor security reasons, Mergify can't update this pull request. Try updating locally. |
mergify
bot
dismissed
GavinZZ’s stale review
Pull request has been modified.
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Adds support for
removalPolicy: RemovalPolicy.SNAPSHOTfor DocumentDB clusters as specified in the documentation.To allow users to specify custom policies for the cluster's instances and security group the following properties have been added:
instanceRemovalPolicysecurityGroupRemovalPolicyCloses #28773.
Closes #28861
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license