Skip to content

Commit

Permalink
update methods and testing
Browse files Browse the repository at this point in the history
  • Loading branch information
@jatorcasso
jatorcasso committed Mar 21, 2022
1 parent 6a5a1d2 commit a987ca1
Show file tree
Hide file tree
Showing 2 changed files with 74 additions and 32 deletions.
21 changes: 12 additions & 9 deletions plugins/modules/rds_instance.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1312,16 +1312,19 @@ def main():

instance_id = get_final_identifier(method_name, module)

# Check IAM roles
if state != 'absent':
iam_roles = module.params.get('iam_roles')
purge_iam_roles = module.params.get('purge_iam_roles')
if iam_roles or purge_iam_roles:
changed |= ensure_iam_roles(client, module, get_instance(client, module, instance_id), instance_id, iam_roles, purge_iam_roles)

# Check tagging/promoting/rebooting/starting/stopping instance
if state != 'absent' and (not module.check_mode or instance):
changed |= update_instance(client, module, instance, instance_id)
# Check tagging/promoting/rebooting/starting/stopping instance
if not module.check_mode or instance:
changed |= update_instance(client, module, instance, instance_id)

# Check IAM roles
if module.params.get('iam_roles') or module.params.get('purge_iam_roles'):
instance = get_instance(client, module, instance_id)
instance = camel_dict_to_snake_dict(instance, ignore_list=['Tags', 'ProcessorFeatures'])
purge_iam_roles = module.params.get('purge_iam_roles')
target_roles = module.params.get('iam_roles')
existing_roles = instance.get('associated_roles', [])
changed |= ensure_iam_roles(client, module, instance_id, existing_roles, target_roles, purge_iam_roles)

if changed:
instance = get_instance(client, module, instance_id)
Expand Down
85 changes: 62 additions & 23 deletions tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,26 +43,7 @@
managed_policy: "{{ s3_integration_policy.policy.arn }}"
register: s3_integration_role_3

- name: Create a postgresql instance
rds_instance:
id: "{{ instance_id }}"
state: present
engine: postgres
engine_version: "{{ postgres_db_engine_version }}"
allow_major_version_upgrade: true
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: "{{ postgres_db_instance_class }}"
allocated_storage: "{{ allocated_storage }}"
register: result

- assert:
that:
- result.changed
- "result.db_instance_identifier == '{{ instance_id }}'"
- result.associated_roles | length == 0

- name: Add IAM roles to db instance
- name: Create DB instance with IAM roles
rds_instance:
id: "{{ instance_id }}"
state: present
Expand Down Expand Up @@ -91,7 +72,7 @@
- "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}"

- name: Add IAM roles to db instance (idempotence)
- name: Create DB instance with IAM roles (idempotence)
rds_instance:
id: "{{ instance_id }}"
state: present
Expand Down Expand Up @@ -120,7 +101,7 @@
- "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}"

- name: Add IAM roles to db instance (idempotence) - purge roles
- name: Create DB instance with IAM roles (idempotence) - purge roles
rds_instance:
id: "{{ instance_id }}"
state: present
Expand Down Expand Up @@ -226,7 +207,7 @@
- "result.db_instance_identifier == '{{ instance_id }}'"
- result.associated_roles | length == 0

- name: Remove IAM role from db instance (idempotence)
- name: Remove IAM roles from db instance (idempotence)
rds_instance:
id: "{{ instance_id }}"
state: present
Expand All @@ -246,6 +227,64 @@
- "result.db_instance_identifier == '{{ instance_id }}'"
- result.associated_roles | length == 0

- name: Add IAM roles to existing db instance
rds_instance:
id: "{{ instance_id }}"
state: present
engine: postgres
engine_version: "{{ postgres_db_engine_version }}"
allow_major_version_upgrade: true
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: "{{ postgres_db_instance_class }}"
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ s3_integration_role_1.arn }}"
feature_name: 's3Export'
- role_arn: "{{ s3_integration_role_2.arn }}"
feature_name: 'Lambda'
- role_arn: "{{ s3_integration_role_3.arn }}"
feature_name: 's3Import'
register: result

- assert:
that:
- result.changed
- "result.db_instance_identifier == '{{ instance_id }}'"
- result.associated_roles | length == 3
- "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}"

- name: Add IAM roles to existing db instance (idempotence)
rds_instance:
id: "{{ instance_id }}"
state: present
engine: postgres
engine_version: "{{ postgres_db_engine_version }}"
allow_major_version_upgrade: true
username: "{{ username }}"
password: "{{ password }}"
db_instance_class: "{{ postgres_db_instance_class }}"
allocated_storage: "{{ allocated_storage }}"
iam_roles:
- role_arn: "{{ s3_integration_role_1.arn }}"
feature_name: 's3Export'
- role_arn: "{{ s3_integration_role_2.arn }}"
feature_name: 'Lambda'
- role_arn: "{{ s3_integration_role_3.arn }}"
feature_name: 's3Import'
register: result

- assert:
that:
- not result.changed
- "result.db_instance_identifier == '{{ instance_id }}'"
- result.associated_roles | length == 3
- "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}"
- "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}"

always:
- name: Delete IAM policy
iam_managed_policy:
Expand Down

0 comments on commit a987ca1

Please sign in to comment.