fix(core): fix upgrade to v1.2.1 from v1.2.0 (#423)

nachundu-amzn · web-flow · commit ae631c4badae · 2020-10-13T10:30:58.000-04:00
* fixed issue while doing upgrade to 1.2.1 from 1.2.0

* fixed error while reading log archive central bucket

* fixed test issues
diff --git a/src/deployments/cdk/src/deployments/cleanup/step-1.ts b/src/deployments/cdk/src/deployments/cleanup/step-1.ts
@@ -3,7 +3,7 @@ import { AccountStacks } from '../../common/account-stacks';
 import { StackOutput } from '@aws-accelerator/common-outputs/src/stack-output';
 import { IamRoleOutputFinder } from '@aws-accelerator/common-outputs/src/iam-role';
 import { ResourceCleanup } from '@aws-accelerator/custom-resource-cleanup';
-import { AccountBucketOutput } from '../defaults';
+import { AccountBucketOutputFinder } from '../defaults';
 import { Account } from '../../utils/accounts';
 import { ResourceCleanupOutputFinder } from './outputs';
 
@@ -33,40 +33,39 @@ export async function step1(props: VpcFlowLogsBucketPermissionsCleanupProps) {
     return;
   }
 
-  // Find the account default buckets in the outputs
-  const accountBuckets = AccountBucketOutput.getAccountBuckets({
-    accounts,
-    accountStacks,
-    config,
-    outputs,
-  });
-
-  const logArchiveAccount = config['global-options']['central-log-services'].account;
   const securityAccount = config['global-options']['central-security-services'].account;
-  for (const accountKey of Object.keys(accountBuckets)) {
+  for (const account of accounts) {
+    const accountBucket = AccountBucketOutputFinder.tryFindOneByName({
+      outputs,
+      accountKey: account.key,
+    });
+    if (!accountBucket) {
+      continue;
+    }
+
     // Skip deletion of Log Archive and Security account default bucket policy
-    if (logArchiveAccount === accountKey || securityAccount === accountKey) {
-      console.log(`Skipping the deletion of bucket policy for account ${accountKey}`);
+    if (securityAccount === account.key) {
+      console.log(`Skipping the deletion of bucket policy for account ${account.key}`);
       continue;
     }
 
     const cleanupRoleOutput = IamRoleOutputFinder.tryFindOneByName({
       outputs,
-      accountKey,
+      accountKey: account.key,
       roleKey: 'ResourceCleanupRole',
     });
     if (!cleanupRoleOutput) {
       continue;
     }
 
-    const accountStack = accountStacks.tryGetOrCreateAccountStack(accountKey);
+    const accountStack = accountStacks.tryGetOrCreateAccountStack(account.key);
     if (!accountStack) {
-      console.warn(`Cannot find account stack ${accountKey}`);
+      console.warn(`Cannot find account stack ${account.key}`);
       continue;
     }
 
-    new ResourceCleanup(accountStack, `BucketPolicyCleanup${accountKey}`, {
-      bucketName: accountBuckets[accountKey].bucketName,
+    new ResourceCleanup(accountStack, `BucketPolicyCleanup${account.key}`, {
+      bucketName: accountBucket.bucketName,
       roleArn: cleanupRoleOutput.roleArn,
     });
   }
diff --git a/src/deployments/cdk/src/deployments/defaults/outputs.ts b/src/deployments/cdk/src/deployments/defaults/outputs.ts
@@ -10,6 +10,7 @@ import { StructuredOutput, createCfnStructuredOutput } from '../../common/struct
 import { EbsKmsOutput } from '@aws-accelerator/common-outputs/src/ebs';
 import { SsmKmsOutput } from '@aws-accelerator/common-outputs/src/ssm';
 import { optional } from '@aws-accelerator/common-types';
+import { createStructuredOutputFinder } from '@aws-accelerator/common-outputs/src/structured-output';
 
 export const CfnEbsKmsOutput = createCfnStructuredOutput(EbsKmsOutput);
 
@@ -96,6 +97,15 @@ export const CfnLogBucketOutput = createCfnStructuredOutput(LogBucketOutputType)
 export const CfnCentralBucketOutput = createCfnStructuredOutput(CentralBucketOutputType);
 export const CfnAesBucketOutput = createCfnStructuredOutput(AesBucketOutputType);
 
+export const AccountBucketOutputFinder = createStructuredOutputFinder(AccountBucketOutputType, finder => ({
+  tryFindOneByName: (props: { outputs: StackOutput[]; accountKey?: string; region?: string }) =>
+    finder.tryFindOne({
+      outputs: props.outputs,
+      accountKey: props.accountKey,
+      region: props.region,
+    }),
+}));
+
 export namespace AccountBucketOutput {
   /**
    * Helper method to import the account buckets from different phases. It includes the log bucket.
diff --git a/src/deployments/cdk/test/apps/__snapshots__/unsupported-changed.spec.ts.snap b/src/deployments/cdk/test/apps/__snapshots__/unsupported-changed.spec.ts.snap
@@ -630,8 +630,6 @@ exports[`there should not be any unsupported resource changes for AWS::Budgets::
 
 exports[`there should not be any unsupported resource changes for AWS::Budgets::Budget: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::Budgets::Budget: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::Budgets::Budget: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::Budgets::Budget: SharedServicesPhase2 1`] = `Array []`;
@@ -775,8 +773,6 @@ exports[`there should not be any unsupported resource changes for AWS::Directory
 
 exports[`there should not be any unsupported resource changes for AWS::DirectoryService::MicrosoftAD: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::DirectoryService::MicrosoftAD: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::DirectoryService::MicrosoftAD: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::DirectoryService::MicrosoftAD: SharedServicesPhase2 1`] = `Array []`;
@@ -1040,8 +1036,6 @@ exports[`there should not be any unsupported resource changes for AWS::EC2::Inst
 
 exports[`there should not be any unsupported resource changes for AWS::EC2::Instance: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::EC2::Instance: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::EC2::Instance: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::EC2::Instance: SharedServicesPhase2 1`] = `Array []`;
@@ -1176,8 +1170,6 @@ exports[`there should not be any unsupported resource changes for AWS::EC2::Tran
 
 exports[`there should not be any unsupported resource changes for AWS::EC2::TransitGateway: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::EC2::TransitGateway: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::EC2::TransitGateway: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::EC2::TransitGateway: SharedServicesPhase2 1`] = `Array []`;
@@ -1307,8 +1299,6 @@ exports[`there should not be any unsupported resource changes for AWS::ElasticLo
 
 exports[`there should not be any unsupported resource changes for AWS::ElasticLoadBalancingV2::LoadBalancer: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::ElasticLoadBalancingV2::LoadBalancer: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::ElasticLoadBalancingV2::LoadBalancer: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::ElasticLoadBalancingV2::LoadBalancer: SharedServicesPhase2 1`] = `Array []`;
@@ -1514,8 +1504,6 @@ exports[`there should not be any unsupported resource changes for AWS::S3::Bucke
 
 exports[`there should not be any unsupported resource changes for AWS::S3::Bucket: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::S3::Bucket: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::S3::Bucket: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::S3::Bucket: SharedServicesPhase2 1`] = `Array []`;
@@ -1691,8 +1679,6 @@ exports[`there should not be any unsupported resource changes for AWS::SecretsMa
 
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::ResourcePolicy: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::SecretsManager::ResourcePolicy: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::ResourcePolicy: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::ResourcePolicy: SharedServicesPhase2 1`] = `Array []`;
@@ -1870,8 +1856,6 @@ exports[`there should not be any unsupported resource changes for AWS::SecretsMa
 
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::Secret: SharedNetworkPhase3 1`] = `Array []`;
 
-exports[`there should not be any unsupported resource changes for AWS::SecretsManager::Secret: SharedServicesPhase0 1`] = `Array []`;
-
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::Secret: SharedServicesPhase1 1`] = `Array []`;
 
 exports[`there should not be any unsupported resource changes for AWS::SecretsManager::Secret: SharedServicesPhase2 1`] = `Array []`;
