Remove --removal-policy arg and hardcode DESTROY in its place; set de…

…fault pending window days to 7 Signed-off-by: Grant Linville <[email protected]>
acorn-io · Sep 16, 2023 · 1223172 · 1223172
1 parent 873b14d
commit 1223172
Show file tree

Hide file tree

Showing 5 changed files with 6 additions and 34 deletions.
diff --git a/kms/key/Acornfile b/kms/key/Acornfile
@@ -22,12 +22,10 @@ args: {
 	keySpec: "SYMMETRIC_DEFAULT"
 	// The usage for the Key. Options are "ENCRYPT_DECRYPT", "SIGN_VERIFY", and "GENERATE_VERIFY_HMAC". Each keySpec is only compatible with certain keyUsages - see README for more info. Default is "ENCRYPT_DECRYPT".
 	keyUsage: "ENCRYPT_DECRYPT"
-	// The time (in days) that must pass after key deletion is requested before the key is deleted. Default is 30. Minimum is 7. Maximum is 30.
-	pendingWindowDays: 30
+	// The time (in days) that must pass after key deletion is requested before the key is deleted. Default is 7. Minimum is 7. Maximum is 30.
+	pendingWindowDays: 7
 	// AWS IAM policy to attach to the Key. Optional.
 	keyPolicy: {}
-	// Removal policy for the key. Valid options are "DESTROY" (key will be scheduled for deletion when this acorn is deleted) and "RETAIN" (key will remain in AWS even after this acorn is deleted). Default is "DESTROY".
-	removalPolicy: "DESTROY"
 }
 
 services: key: {

diff --git a/kms/key/README.md b/kms/key/README.md
@@ -70,10 +70,9 @@ containers: mycontainer: {
 | `--description`         | Description to attach to the key.                                                                                                                                                                                                                    | No       | "Acorn created KMS Key" |
 | `--key-spec`            | The type of key to create.                                                                                                                                                                                                                           | Yes      | `SYMMETRIC_DEFAULT`     |
 | `--key-usage`           | The usage of the key. Each key spec only supports certain usages. See table below for details.                                                                                                                                                       | Yes      | `ENCRYPT_DECRYPT`       |
-| `--pending-window-days` | The time (in days) that must pass after key deletion is requested before the key is deleted. Must be between 7 and 30 (inclusive)                                                                                                                    | Yes      | 30                      |
+| `--pending-window-days` | The time (in days) that must pass after key deletion is requested before the key is deleted. Must be between 7 and 30 (inclusive)                                                                                                                    | Yes      | 7                       |
 | `--key-policy`          | The key policy to attach to the key. This must be in JSON format.                                                                                                                                                                                    | No       | (created by AWS)        |
 | `--tags`                | Tags to attach to the key.                                                                                                                                                                                                                           | No       | (none)                  |
-| `--removal-policy`      | The removal policy for the key. Must be either `DESTROY` or `RETAIN`. `DESTROY` will schedule the key for deletion when this acorn is deleted. `RETAIN` will leave the key in AWS after this acorn is deleted, and the key must be deleted manually. | Yes      | `DESTROY`               |
 
 #### Key Specs and Usages
 

diff --git a/kms/key/kms.go b/kms/key/kms.go
@@ -30,9 +30,8 @@ func NewKMSKeyStack(scope constructs.Construct, id string, props *props.KMSKeySt
 		KeyUsage:          keyUsage,
 		PendingWindow:     awscdk.Duration_Days(jsii.Number(props.PendingWindowDays)),
 
-		// Intentionally withhold the ability to configure the removal policy to avoid accidental key deletion.
-		// The RETAIN policy means that the key will be orphaned and left behind if the CloudFormation stack is deleted.
-		RemovalPolicy: awscdk.RemovalPolicy(props.RemovalPolicy),
+		// Hardcode this to `DESTROY` in order to prevent the user from leaving behind a KMS key that they can't delete.
+		RemovalPolicy: awscdk.RemovalPolicy_DESTROY,
 	}
 
 	// Set optional properties

diff --git a/kms/key/props/props.go b/kms/key/props/props.go
@@ -26,7 +26,6 @@ type KMSKeyStackProps struct {
 	KeyUsage          string                 `json:"keyUsage"`
 	PendingWindowDays int                    `json:"pendingWindowDays"`
 	KeyPolicy         map[string]interface{} `json:"keyPolicy"`
-	RemovalPolicy     string                 `json:"removalPolicy"`
 }
 
 // Source: https://pkg.go.dev/github.com/aws/aws-cdk-go/awscdk/v2/[email protected]#KeySpec
@@ -56,14 +55,11 @@ func (ksp *KMSKeyStackProps) SetDefaults() {
 		ksp.KeyUsage = "ENCRYPT_DECRYPT"
 	}
 	if ksp.PendingWindowDays == 0 {
-		ksp.PendingWindowDays = 30
+		ksp.PendingWindowDays = 7
 	}
 	if ksp.Description == "" {
 		ksp.Description = "Acorn created KMS Key"
 	}
-	if ksp.RemovalPolicy == "" {
-		ksp.RemovalPolicy = "DESTROY"
-	}
 }
 
 func (ksp *KMSKeyStackProps) ValidateProps() error {
@@ -79,9 +75,6 @@ func (ksp *KMSKeyStackProps) ValidateProps() error {
 	if ksp.PendingWindowDays < 7 || ksp.PendingWindowDays > 30 {
 		errs = append(errs, fmt.Errorf("pendingWindowDays must be between 7 and 30 (inclusive)"))
 	}
-	if ksp.RemovalPolicy != "DESTROY" && ksp.RemovalPolicy != "RETAIN" {
-		errs = append(errs, fmt.Errorf("removalPolicy must be either DESTROY or RETAIN"))
-	}
 	return errors.Join(errs...)
 }
 

diff --git a/kms/key/props/props_test.go b/kms/key/props/props_test.go
@@ -18,7 +18,6 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "RSA_3072",
 				KeyUsage:          "ENCRYPT_DECRYPT",
 				PendingWindowDays: 10,
-				RemovalPolicy:     "DESTROY",
 			},
 		},
 		{
@@ -28,7 +27,6 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "RSA_3072",
 				KeyUsage:          "ENCRYPT_DECRYPT",
 				PendingWindowDays: 10,
-				RemovalPolicy:     "DESTROY",
 			},
 			errContains: "failed to parse adminArn",
 		},
@@ -39,7 +37,6 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "INVALID",
 				KeyUsage:          "ENCRYPT_DECRYPT",
 				PendingWindowDays: 10,
-				RemovalPolicy:     "DESTROY",
 			},
 			errContains: "invalid key spec INVALID",
 		},
@@ -50,7 +47,6 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "RSA_3072",
 				KeyUsage:          "INVALID",
 				PendingWindowDays: 10,
-				RemovalPolicy:     "DESTROY",
 			},
 			errContains: "invalid key usage: INVALID",
 		},
@@ -61,7 +57,6 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "SYMMETRIC_DEFAULT",
 				KeyUsage:          "GENERATE_VERIFY_MAC",
 				PendingWindowDays: 10,
-				RemovalPolicy:     "DESTROY",
 			},
 			errContains: "invalid key usage GENERATE_VERIFY_MAC for key spec: SYMMETRIC_DEFAULT",
 		},
@@ -72,21 +67,9 @@ func TestPropsValidation(t *testing.T) {
 				KeySpec:           "RSA_3072",
 				KeyUsage:          "ENCRYPT_DECRYPT",
 				PendingWindowDays: 5,
-				RemovalPolicy:     "DESTROY",
 			},
 			errContains: "pendingWindowDays must be between 7 and 30 (inclusive)",
 		},
-		{
-			name: "invalid removalPolicy",
-			props: KMSKeyStackProps{
-				AdminArn:          "arn:aws:iam:us-east-2:123456789012:root",
-				KeySpec:           "RSA_3072",
-				KeyUsage:          "ENCRYPT_DECRYPT",
-				PendingWindowDays: 10,
-				RemovalPolicy:     "INVALID",
-			},
-			errContains: "removalPolicy must be either DESTROY or RETAIN",
-		},
 	}
 
 	for _, tt := range tests {