WIP: S3 deletion policy

Makefile

@@ -27,9 +27,13 @@ tag:
 install-aws-codegen:
 	${MAKE} -C code-generation install
 
+.PHONY: build-codegen
+build-codegen:
+	${MAKE} -C code-generation rebuild
+
 .PHONY: aws-codegen
 aws-codegen:
-	aws-service-operator-codegen process
+	./code-generation/aws-service-operator-codegen process
 
 .PHONY: k8s-codegen
 k8s-codegen:
@@ -39,4 +43,4 @@ k8s-codegen:
 codegen: aws-codegen k8s-codegen
 
 .PHONY: rebuild
-rebuild: codegen build
+rebuild: build-codegen codegen build

code-generation/Makefile

@@ -16,6 +16,7 @@ install-bindata:
 .PHONY: update-bindata
 update-bindata:
 	go generate ./pkg/codegen/
+	go fmt ./...
 
 .PHONY: rebuild
 rebuild: update-bindata build

configs/aws-service-operator.yaml

@@ -150,13 +150,15 @@ items:
     - pods
     - configmaps
     - services
+    - events
     verbs:
     - get
     - list
     - watch
     - create
     - delete
     - update
+    - patch
   - apiGroups:
     - apiextensions.k8s.io
     resources:
@@ -203,7 +205,7 @@ items:
     template:
       metadata:
         annotations:
-          iam.amazonaws.com/role: arn:aws:iam::<ACCOUNT_ID>:role/aws-service-operator
+          iam.amazonaws.com/role: aws-service-operator
         labels:
           app: aws-service-operator
       spec:

examples/cloudformationtemplates/s3bucket.yaml

@@ -80,23 +80,55 @@ data:
           - BucketOwnerFullControl
           - AwsExecRead
         Default: "Private"
+      BucketDeletionPolicy:
+        Description: >-
+          Deletion policy to attempt. If the bucket is set to delete but not empty,
+          then delete will fail
+        Type: String
+        AllowedValues:
+          - Retain
+          - Delete
+        Default: Retain
+      EnableStaticSite:
+        Description: enable static site
+        Type: String
+        AllowedValues:
+          - 'true'
+          - 'false'
+        Default: 'false'
+      StaticSiteIndex:
+        Description: Index document for the S3 bucket static site
+        Type: String
+        Default: index.html
+      StaticSiteError:
+        Description: Error document for the S3 bucket static site
+        Type: String
+        Default: 500.html
     Mappings: {}
     Conditions:
-      UseLogging: !Equals 
+      UseLogging: !Equals
         - !Ref EnableLogging
         - 'true'
-      UseGlacierLifeCycle: !Equals 
+      UseGlacierLifeCycle: !Equals
         - !Ref EnableGlacierLifeCycle
         - 'true'
-      UseVersioning: !Equals 
+      UseVersioning: !Equals
         - !Ref EnableVersioning
         - 'true'
+      UseAsStaticSite: !Equals
+        - !Ref EnableStaticSite
+        - 'true'
     Resources:
       S3bucket:
         Type: 'AWS::S3::Bucket'
         Properties:
           BucketName: !Ref BucketName
           AccessControl: !Ref BucketAccessControl
+          WebsiteConfiguration: !If
+            - UseAsStaticSite
+            - IndexDocument: !Ref StaticSiteIndex
+              ErrorDocument: !Ref StaticSiteError
+            - !Ref 'AWS::NoValue'
           LifecycleConfiguration:
             Rules:
               - Id: GlacierRule
@@ -106,7 +138,7 @@ data:
                 Transitions:
                   - TransitionInDays: !Ref GlacierLifeCycleTransitionInDays
                     StorageClass: Glacier
-          LoggingConfiguration: !If 
+          LoggingConfiguration: !If
             - UseLogging
             - DestinationBucketName: !Ref LoggingBucket
               LogFilePrefix: !Ref LoggingPrefix
@@ -122,18 +154,35 @@ data:
               Value: !Ref ClusterName
             - Key: Heritage
               Value: operator.aws
-          VersioningConfiguration: !If 
+          VersioningConfiguration: !If
             - UseVersioning
             - Status: Enabled
             - !Ref 'AWS::NoValue'
-        DeletionPolicy: Retain
+        DeletionPolicy: !Ref BucketDeletionPolicy
+      WebsiteBucketPolicy:
+        Type: 'AWS::S3::BucketPolicy'
+        Condition: UseAsStaticSite
+        Properties:
+          Bucket: !Ref S3bucket
+          PolicyDocument:
+            Statement:
+              - Action:
+                  - 's3:GetObject'
+                Effect: Allow
+                Principal: '*'
+                Resource:
+                  'Fn::Join':
+                    - ''
+                    - - 'arn:aws:s3:::'
+                      - !Ref S3bucket
+                      - /*
       LoggingBucket:
         Condition: UseLogging
         Type: 'AWS::S3::Bucket'
         DeletionPolicy: Retain
         Properties:
           AccessControl: LogDeliveryWrite
-          BucketName: !Join 
+          BucketName: !Join
             - ''
             - - !Ref BucketName
               - logging
@@ -142,7 +191,12 @@ data:
         Value: !Ref S3bucket
         Description: Name of the sample Amazon S3 bucket.
       BucketArn:
-        Value: !GetAtt 
+        Value: !GetAtt
           - S3bucket
           - Arn
         Description: Name of the Amazon S3 bucket
+      WebsiteURL:
+        Value: !GetAtt
+          - S3bucket
+          - WebsiteURL
+        Description: URL of the bucket that was created

models/s3bucket.yaml

@@ -39,6 +39,13 @@ spec:
           Default Bucket ACL, each item can have it's own ACL as well.
         structKey: AccessControl
         templateKey: BucketAccessControl
+      - key: deletionPolicy
+        type: string
+        default: "Retain"
+        description: |
+          Deletion Policy to attempt. If the bucket is set to delete, but contents still exist, then deletion will fail.
+        structKey: DeletionPolicy
+        templateKey: BucketDeletionPolicy
       - key: logging
         type: object
         description: |

pkg/apis/service-operator.aws/v1alpha1/s3bucket.go

@@ -32,6 +32,7 @@ type S3BucketSpec struct {
 	RollbackCount                   int             `json:"rollbackCount"`
 	Versioning                      bool            `json:"versioning"`
 	AccessControl                   string          `json:"accessControl"`
+	DeletionPolicy                  string          `json:"deletionPolicy"`
 	Logging                         S3BucketLogging `json:"logging"`
 	Website                         S3BucketWebsite `json:"website"`
 }