Revert "fix(certificatemanager): unable to set removal policy on DnsValidatedCertificate (#22040)" (#22056)

This reverts commit b3c9464.


----

### All Submissions:

* [ ] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [ ] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/main/INTEGRATION_TESTS.md)?
	* [ ] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: corymhall

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/lib/index.js

@@ -300,9 +300,6 @@ exports.certificateRequestHandler = async function (event, context) {
         responseData.Arn = physicalResourceId = certificateArn;
         break;
       case 'Delete':
-        if (event.ResourceProperties.RemovalPolicy === 'retain') {
-          break;
-        }
         physicalResourceId = event.PhysicalResourceId;
         // If the resource didn't create correctly, the physical resource ID won't be the
         // certificate ARN, so don't try to delete it in that case.

packages/@aws-cdk/aws-certificatemanager/lambda-packages/dns_validated_certificate_handler/test/handler.test.js

@@ -835,38 +835,6 @@ describe('DNS Validated Certificate Handler', () => {
       });
   });
 
-  test('Delete operation does not delete the certificate if RemovalPolicy===retain', () => {
-    const describeCertificateFake = sinon.fake.resolves({
-      Certificate: {
-        CertificateArn: testCertificateArn,
-      }
-    });
-    AWS.mock('ACM', 'describeCertificate', describeCertificateFake);
-
-    const deleteCertificateFake = sinon.fake.resolves({});
-    AWS.mock('ACM', 'deleteCertificate', deleteCertificateFake);
-
-    const request = nock(ResponseURL).put('/', body => {
-      return body.Status === 'SUCCESS';
-    }).reply(200);
-
-    return LambdaTester(handler.certificateRequestHandler)
-      .event({
-        RequestType: 'Delete',
-        RequestId: testRequestId,
-        PhysicalResourceId: testCertificateArn,
-        ResourceProperties: {
-          Region: 'us-east-1',
-          RemovalPolicy: 'retain',
-        }
-      })
-      .expectResolve(() => {
-        sinon.assert.notCalled(describeCertificateFake);
-        sinon.assert.notCalled(deleteCertificateFake);
-        expect(request.isDone()).toBe(true);
-      });
-  });
-
   test('Delete operation is idempotent', () => {
     const error = new Error();
     error.name = 'ResourceNotFoundException';

packages/@aws-cdk/aws-certificatemanager/lib/dns-validated-certificate.ts

@@ -79,7 +79,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi
   private normalizedZoneName: string;
   private hostedZoneId: string;
   private domainName: string;
-  private _removalPolicy?: cdk.RemovalPolicy;
 
   constructor(scope: Construct, id: string, props: DnsValidatedCertificateProps) {
     super(scope, id);
@@ -133,7 +132,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi
         HostedZoneId: this.hostedZoneId,
         Region: props.region,
         Route53Endpoint: props.route53Endpoint,
-        RemovalPolicy: cdk.Lazy.any({ produce: () => this._removalPolicy }),
         // Custom resources properties are always converted to strings; might as well be explict here.
         CleanupRecords: props.cleanupRoute53Records ? 'true' : undefined,
         Tags: cdk.Lazy.list({ produce: () => this.tags.renderTags() }),
@@ -145,10 +143,6 @@ export class DnsValidatedCertificate extends CertificateBase implements ICertifi
     this.node.addValidation({ validate: () => this.validateDnsValidatedCertificate() });
   }
 
-  public applyRemovalPolicy(policy: cdk.RemovalPolicy): void {
-    this._removalPolicy = policy;
-  }
-
   private validateDnsValidatedCertificate(): string[] {
     const errors: string[] = [];
     // Ensure the zone name is a parent zone of the certificate domain name

packages/@aws-cdk/aws-certificatemanager/test/dns-validated-certificate.test.ts

@@ -1,7 +1,7 @@
 import { Template } from '@aws-cdk/assertions';
 import * as iam from '@aws-cdk/aws-iam';
 import { HostedZone, PublicHostedZone } from '@aws-cdk/aws-route53';
-import { App, Stack, Token, Tags, RemovalPolicy } from '@aws-cdk/core';
+import { App, Stack, Token, Tags } from '@aws-cdk/core';
 import { DnsValidatedCertificate } from '../lib/dns-validated-certificate';
 
 test('creates CloudFormation Custom Resource', () => {
@@ -266,36 +266,4 @@ test('test transparency logging settings is passed to the custom resource', () =
     },
     CertificateTransparencyLoggingPreference: 'DISABLED',
   });
-});
-
-test('can set removal policy', () => {
-  const stack = new Stack();
-
-  const exampleDotComZone = new PublicHostedZone(stack, 'ExampleDotCom', {
-    zoneName: 'example.com',
-  });
-
-  const cert = new DnsValidatedCertificate(stack, 'Certificate', {
-    domainName: 'test.example.com',
-    hostedZone: exampleDotComZone,
-    subjectAlternativeNames: ['test2.example.com'],
-    cleanupRoute53Records: true,
-  });
-  cert.applyRemovalPolicy(RemovalPolicy.RETAIN);
-
-  Template.fromStack(stack).hasResourceProperties('AWS::CloudFormation::CustomResource', {
-    DomainName: 'test.example.com',
-    SubjectAlternativeNames: ['test2.example.com'],
-    RemovalPolicy: 'retain',
-    ServiceToken: {
-      'Fn::GetAtt': [
-        'CertificateCertificateRequestorFunction5E845413',
-        'Arn',
-      ],
-    },
-    HostedZoneId: {
-      Ref: 'ExampleDotCom4D1B83AA',
-    },
-    CleanupRecords: 'true',
-  });
-});
+});