feat(codepipeline): allow to disable stage transition (#19911)

Add a `transitionToEnabled` options to disable transition to a stage. A reason
can be optionally specified with `transitionDisabledReason`.

Closes #1649


----

### All Submissions:

* [x] Have you followed the guidelines in our [Contributing guide?](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md)

### Adding new Unconventional Dependencies:

* [ ] This PR adds new unconventional dependencies following the process described [here](https://github.com/aws/aws-cdk/blob/master/CONTRIBUTING.md/#adding-new-unconventional-dependencies)

### New Features

* [x] Have you added the new feature to an [integration test](https://github.com/aws/aws-cdk/blob/master/INTEGRATION_TESTS.md)?
	* [x] Did you use `yarn integ` to deploy the infrastructure and generate the snapshot (i.e. `yarn integ` without `--dry-run`)?

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

Author: jogold

packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.ts

@@ -23,6 +23,10 @@ const deployBucket = new s3.Bucket(stack, 'DeployBucket', {
   removalPolicy: cdk.RemovalPolicy.DESTROY,
 });
 
+const otherDeployBucket = new s3.Bucket(stack, 'OtherDeployBucket', {
+  removalPolicy: cdk.RemovalPolicy.DESTROY,
+});
+
 new codepipeline.Pipeline(stack, 'Pipeline', {
   artifactBucket: bucket,
   stages: [
@@ -45,6 +49,17 @@ new codepipeline.Pipeline(stack, 'Pipeline', {
         }),
       ],
     },
+    {
+      stageName: 'Disabled',
+      transitionToEnabled: false,
+      actions: [
+        new cpactions.S3DeployAction({
+          actionName: 'DisabledDeployAction',
+          input: sourceOutput,
+          bucket: otherDeployBucket,
+        }),
+      ],
+    },
   ],
 });
 

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-s3-deploy.integ.snapshot/aws-cdk-codepipeline-s3-deploy.template.json

@@ -15,6 +15,11 @@
    "UpdateReplacePolicy": "Delete",
    "DeletionPolicy": "Delete"
   },
+  "OtherDeployBucket7B0CCE57": {
+   "Type": "AWS::S3::Bucket",
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
   "PipelineRoleD68726F7": {
    "Type": "AWS::IAM::Role",
    "Properties": {
@@ -89,6 +94,16 @@
          "Arn"
         ]
        }
+      },
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Resource": {
+        "Fn::GetAtt": [
+         "PipelineDisabledDisabledDeployActionCodePipelineActionRole9CEF3915",
+         "Arn"
+        ]
+       }
       }
      ],
      "Version": "2012-10-17"
@@ -176,14 +191,52 @@
        }
       ],
       "Name": "Deploy"
+     },
+     {
+      "Actions": [
+       {
+        "ActionTypeId": {
+         "Category": "Deploy",
+         "Owner": "AWS",
+         "Provider": "S3",
+         "Version": "1"
+        },
+        "Configuration": {
+         "BucketName": {
+          "Ref": "OtherDeployBucket7B0CCE57"
+         },
+         "Extract": "true"
+        },
+        "InputArtifacts": [
+         {
+          "Name": "SourceArtifact"
+         }
+        ],
+        "Name": "DisabledDeployAction",
+        "RoleArn": {
+         "Fn::GetAtt": [
+          "PipelineDisabledDisabledDeployActionCodePipelineActionRole9CEF3915",
+          "Arn"
+         ]
+        },
+        "RunOrder": 1
+       }
+      ],
+      "Name": "Disabled"
      }
     ],
     "ArtifactStore": {
      "Location": {
       "Ref": "PipelineBucketB967BD35"
      },
      "Type": "S3"
-    }
+    },
+    "DisableInboundStageTransitions": [
+     {
+      "Reason": "Transition disabled",
+      "StageName": "Disabled"
+     }
+    ]
    },
    "DependsOn": [
     "PipelineRoleDefaultPolicyC7A05455",
@@ -426,6 +479,114 @@
      }
     ]
    }
+  },
+  "PipelineDisabledDisabledDeployActionCodePipelineActionRole9CEF3915": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "AWS": {
+         "Fn::Join": [
+          "",
+          [
+           "arn:",
+           {
+            "Ref": "AWS::Partition"
+           },
+           ":iam::",
+           {
+            "Ref": "AWS::AccountId"
+           },
+           ":root"
+          ]
+         ]
+        }
+       }
+      }
+     ],
+     "Version": "2012-10-17"
+    }
+   }
+  },
+  "PipelineDisabledDisabledDeployActionCodePipelineActionRoleDefaultPolicyB1AF629C": {
+   "Type": "AWS::IAM::Policy",
+   "Properties": {
+    "PolicyDocument": {
+     "Statement": [
+      {
+       "Action": [
+        "s3:DeleteObject*",
+        "s3:PutObject*",
+        "s3:Abort*"
+       ],
+       "Effect": "Allow",
+       "Resource": [
+        {
+         "Fn::GetAtt": [
+          "OtherDeployBucket7B0CCE57",
+          "Arn"
+         ]
+        },
+        {
+         "Fn::Join": [
+          "",
+          [
+           {
+            "Fn::GetAtt": [
+             "OtherDeployBucket7B0CCE57",
+             "Arn"
+            ]
+           },
+           "/*"
+          ]
+         ]
+        }
+       ]
+      },
+      {
+       "Action": [
+        "s3:GetObject*",
+        "s3:GetBucket*",
+        "s3:List*"
+       ],
+       "Effect": "Allow",
+       "Resource": [
+        {
+         "Fn::GetAtt": [
+          "PipelineBucketB967BD35",
+          "Arn"
+         ]
+        },
+        {
+         "Fn::Join": [
+          "",
+          [
+           {
+            "Fn::GetAtt": [
+             "PipelineBucketB967BD35",
+             "Arn"
+            ]
+           },
+           "/*"
+          ]
+         ]
+        }
+       ]
+      }
+     ],
+     "Version": "2012-10-17"
+    },
+    "PolicyName": "PipelineDisabledDisabledDeployActionCodePipelineActionRoleDefaultPolicyB1AF629C",
+    "Roles": [
+     {
+      "Ref": "PipelineDisabledDisabledDeployActionCodePipelineActionRole9CEF3915"
+     }
+    ]
+   }
   }
  }
 }

packages/@aws-cdk/aws-codepipeline-actions/test/pipeline-s3-deploy.integ.snapshot/manifest.json

@@ -28,6 +28,12 @@
             "data": "DeployBucket67E2C076"
           }
         ],
+        "/aws-cdk-codepipeline-s3-deploy/OtherDeployBucket/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "OtherDeployBucket7B0CCE57"
+          }
+        ],
         "/aws-cdk-codepipeline-s3-deploy/Pipeline/Role/Resource": [
           {
             "type": "aws:cdk:logicalId",
@@ -69,6 +75,18 @@
             "type": "aws:cdk:logicalId",
             "data": "PipelineDeployDeployActionCodePipelineActionRoleDefaultPolicyE194961B"
           }
+        ],
+        "/aws-cdk-codepipeline-s3-deploy/Pipeline/Disabled/DisabledDeployAction/CodePipelineActionRole/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "PipelineDisabledDisabledDeployActionCodePipelineActionRole9CEF3915"
+          }
+        ],
+        "/aws-cdk-codepipeline-s3-deploy/Pipeline/Disabled/DisabledDeployAction/CodePipelineActionRole/DefaultPolicy/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "PipelineDisabledDisabledDeployActionCodePipelineActionRoleDefaultPolicyB1AF629C"
+          }
         ]
       },
       "displayName": "aws-cdk-codepipeline-s3-deploy"