Add flag to enable/disable public access for RDS instances created du…

…ring Test (#1957) * Update RDS postgres app implementation, execute postgres command from Deployment Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Fix Lint Remove unnecessary trailing new line Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Initialize testWorkloadName field Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Move BastionWorkload function to be used as utility * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Remove export of BastionWorkload() utility function Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Add app name in error messages Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Update RDS Aurora app implementation, execute mysql query from Deployment Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Remove unused methods from rds aurora app Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Add helper methods to add DBSubnetGroup Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * add callers to create and delete dbsubnetGroups in rds postgres app test Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * add callers to create and delete dbsubnetGroups in rds aurora app test Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Refactor code * Refactor code Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * remove duplicate import Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * minor refactor * correct indentation * Fix error * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Update RDS Aurora app implementation, execute mysql query from Deployment Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Remove unused methods from rds aurora app Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor refactor Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * minor refactor * Minor refactor * Modify Create RDS Snapshot function to add dbSubnetGroup as outputArtifact * Modify RestoreRDSSnapshot and ExportRDSLocation function to accept dbSubnetGroup as optional argument Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Add provision to enable/disable public access for RDS instances created during test Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Pass VpcId while creating security group * Modify Create RDS Snapshot function to add dbSubnetGroup as outputArtifact * Modify RestoreRDSSnapshot and ExportRDSLocation function to accept dbSubnetGroup as optional argument Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Use securityGroup ID instead of security group name to authorizeSecurityGroupIngress Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Modify Create RDS Snapshot function to add dbSubnetGroup as outputArtifact * Modify RestoreRDSSnapshot and ExportRDSLocation function to accept dbSubnetGroup as optional argument Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Minor Fix * Modify Create RDS Snapshot function to add dbSubnetGroup as outputArtifact * Modify RestoreRDSSnapshot and ExportRDSLocation function to accept dbSubnetGroup as optional argument Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Set Public Access to false by default Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com> * Remove unnecessary changes * Refactor CreateDBInstance function * Correct typos, fix parameters * Refactor code --------- Signed-off-by: Akanksha Kumari <akankshakumari393@gmail.com>
kanisterio · Mar 29, 2023 · 7cde857 · 7cde857
1 parent b1a4792
commit 7cde857
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 22 deletions.
diff --git a/pkg/app/rds_aurora_mysql.go b/pkg/app/rds_aurora_mysql.go
@@ -63,6 +63,7 @@ type RDSAuroraMySQLDB struct {
 	securityGroupID          string
 	securityGroupName        string
 	bastionDebugWorkloadName string
+	publicAccess             bool
 	vpcID                    string
 }
 
@@ -75,6 +76,7 @@ func NewRDSAuroraMySQLDB(name, region string) App {
 		username:          "admin",
 		password:          "secret99",
 		dbName:            "testdb",
+		publicAccess:      false,
 	}
 }
 
@@ -184,7 +186,7 @@ func (a *RDSAuroraMySQLDB) Install(ctx context.Context, namespace string) error
 	}
 
 	// create db instance in the cluster
-	_, err = rdsCli.CreateDBInstanceInCluster(ctx, a.id, fmt.Sprintf("%s-instance-1", a.id), AuroraDBInstanceClass, string(function.DBEngineAuroraMySQL), a.dbSubnetGroup)
+	_, err = rdsCli.CreateDBInstance(ctx, nil, AuroraDBInstanceClass, fmt.Sprintf("%s-instance-1", a.id), string(function.DBEngineAuroraMySQL), "", "", nil, awssdk.Bool(a.publicAccess), awssdk.String(a.id), a.dbSubnetGroup)
 	if err != nil {
 		return errors.Wrap(err, "Error creating an instance in Aurora DB cluster")
 	}

diff --git a/pkg/app/rds_postgres.go b/pkg/app/rds_postgres.go
@@ -59,6 +59,7 @@ type RDSPostgresDB struct {
 	configMapName            string
 	secretName               string
 	bastionDebugWorkloadName string
+	publicAccess             bool
 	vpcID                    string
 }
 
@@ -79,6 +80,7 @@ func NewRDSPostgresDB(name string, customRegion string) App {
 		region:            customRegion,
 		configMapName:     fmt.Sprintf("%s-config", name),
 		secretName:        fmt.Sprintf("%s-secret", name),
+		publicAccess:      false,
 	}
 }
 
@@ -178,7 +180,7 @@ func (pdb *RDSPostgresDB) Install(ctx context.Context, ns string) error {
 
 	// Create RDS instance
 	log.Info().Print("Creating RDS instance.", field.M{"app": pdb.name, "id": pdb.id})
-	_, err = rdsCli.CreateDBInstance(ctx, 20, dbInstanceType, pdb.id, "postgres", pdb.username, pdb.password, []string{pdb.securityGroupID})
+	_, err = rdsCli.CreateDBInstance(ctx, awssdk.Int64(20), dbInstanceType, pdb.id, "postgres", pdb.username, pdb.password, []string{pdb.securityGroupID}, awssdk.Bool(pdb.publicAccess), nil, "")
 	if err != nil {
 		return err
 	}

diff --git a/pkg/aws/rds/rds.go b/pkg/aws/rds/rds.go
@@ -48,15 +48,29 @@ func NewClient(ctx context.Context, awsConfig *aws.Config, region string) (*RDS,
 }
 
 // CreateDBInstanceWithContext
-func (r RDS) CreateDBInstance(ctx context.Context, storage int64, instanceClass, instanceID, engine, username, password string, sgIDs []string) (*rds.CreateDBInstanceOutput, error) {
+func (r RDS) CreateDBInstance(ctx context.Context, storage *int64, instanceClass, instanceID, engine, username, password string, sgIDs []string, publicAccess *bool, restoredClusterID *string, dbSubnetGroup string) (*rds.CreateDBInstanceOutput, error) {
 	dbi := &rds.CreateDBInstanceInput{
-		AllocatedStorage:     &storage,
-		DBInstanceIdentifier: &instanceID,
-		VpcSecurityGroupIds:  convertSGIDs(sgIDs),
 		DBInstanceClass:      &instanceClass,
+		DBInstanceIdentifier: &instanceID,
 		Engine:               &engine,
-		MasterUsername:       &username,
-		MasterUserPassword:   &password,
+	}
+
+	// check if the instance is being restored from an existing cluster
+	switch {
+	case restoredClusterID != nil && publicAccess != nil:
+		dbi.DBClusterIdentifier = restoredClusterID
+		dbi.DBSubnetGroupName = aws.String(dbSubnetGroup)
+		dbi.PubliclyAccessible = publicAccess
+	case restoredClusterID != nil && publicAccess == nil:
+		dbi.DBClusterIdentifier = restoredClusterID
+		dbi.DBSubnetGroupName = aws.String(dbSubnetGroup)
+	default:
+		// if not restoring from an existing cluster, create a new instance input
+		dbi.AllocatedStorage = storage
+		dbi.VpcSecurityGroupIds = convertSGIDs(sgIDs)
+		dbi.MasterUsername = aws.String(username)
+		dbi.MasterUserPassword = aws.String(password)
+		dbi.PubliclyAccessible = publicAccess
 	}
 	return r.CreateDBInstanceWithContext(ctx, dbi)
 }
@@ -73,19 +87,6 @@ func (r RDS) CreateDBCluster(ctx context.Context, storage int64, instanceClass,
 	return r.CreateDBClusterWithContext(ctx, dbi)
 }
 
-func (r RDS) CreateDBInstanceInCluster(ctx context.Context, restoredClusterID, instanceID, instanceClass, dbEngine, dbSubnetGroup string) (*rds.CreateDBInstanceOutput, error) {
-	pa := true
-	dbi := &rds.CreateDBInstanceInput{
-		DBClusterIdentifier:  &restoredClusterID,
-		DBInstanceClass:      &instanceClass,
-		DBInstanceIdentifier: &instanceID,
-		DBSubnetGroupName:    &dbSubnetGroup,
-		Engine:               &dbEngine,
-		PubliclyAccessible:   &pa,
-	}
-	return r.CreateDBInstanceWithContext(ctx, dbi)
-}
-
 func (r RDS) WaitUntilDBInstanceAvailable(ctx context.Context, instanceID string) error {
 	ctx, cancel := context.WithTimeout(ctx, rdsReadyTimeout)
 	defer cancel()

diff --git a/pkg/function/restore_rds_snapshot.go b/pkg/function/restore_rds_snapshot.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"fmt"
 
+	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	rdserr "github.com/aws/aws-sdk-go/service/rds"
 	"github.com/hashicorp/go-version"
@@ -307,7 +308,7 @@ func restoreAuroraFromSnapshot(ctx context.Context, rdsCli *rds.RDS, instanceID,
 
 	log.WithContext(ctx).Print("Creating DB instance in the cluster")
 	// After Aurora cluster is created, we will have to explictly create the DB instance
-	dbInsOp, err := rdsCli.CreateDBInstanceInCluster(ctx, *op.DBCluster.DBClusterIdentifier, fmt.Sprintf("%s-%s", *op.DBCluster.DBClusterIdentifier, restoredAuroraInstanceSuffix), defaultAuroraInstanceClass, dbEngine, subnetGroup)
+	dbInsOp, err := rdsCli.CreateDBInstance(ctx, nil, defaultAuroraInstanceClass, fmt.Sprintf("%s-%s", *op.DBCluster.DBClusterIdentifier, restoredAuroraInstanceSuffix), dbEngine, "", "", nil, nil, aws.String(*op.DBCluster.DBClusterIdentifier), subnetGroup)
 	if err != nil {
 		return errors.Wrap(err, "Error while creating Aurora DB instance in the cluster.")
 	}