From a987ca185a0e539c87161abfa31dedd40b9ecb96 Mon Sep 17 00:00:00 2001 From: Joseph Torcasso Date: Mon, 21 Mar 2022 11:00:39 -0400 Subject: [PATCH] update methods and testing --- plugins/modules/rds_instance.py | 21 +++-- .../rds_instance/tasks/test_iam_roles.yml | 85 ++++++++++++++----- 2 files changed, 74 insertions(+), 32 deletions(-) diff --git a/plugins/modules/rds_instance.py b/plugins/modules/rds_instance.py index dc14d02e6ea..084eaf390cd 100644 --- a/plugins/modules/rds_instance.py +++ b/plugins/modules/rds_instance.py @@ -1312,16 +1312,19 @@ def main(): instance_id = get_final_identifier(method_name, module) - # Check IAM roles if state != 'absent': - iam_roles = module.params.get('iam_roles') - purge_iam_roles = module.params.get('purge_iam_roles') - if iam_roles or purge_iam_roles: - changed |= ensure_iam_roles(client, module, get_instance(client, module, instance_id), instance_id, iam_roles, purge_iam_roles) - - # Check tagging/promoting/rebooting/starting/stopping instance - if state != 'absent' and (not module.check_mode or instance): - changed |= update_instance(client, module, instance, instance_id) + # Check tagging/promoting/rebooting/starting/stopping instance + if not module.check_mode or instance: + changed |= update_instance(client, module, instance, instance_id) + + # Check IAM roles + if module.params.get('iam_roles') or module.params.get('purge_iam_roles'): + instance = get_instance(client, module, instance_id) + instance = camel_dict_to_snake_dict(instance, ignore_list=['Tags', 'ProcessorFeatures']) + purge_iam_roles = module.params.get('purge_iam_roles') + target_roles = module.params.get('iam_roles') + existing_roles = instance.get('associated_roles', []) + changed |= ensure_iam_roles(client, module, instance_id, existing_roles, target_roles, purge_iam_roles) if changed: instance = get_instance(client, module, instance_id) diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml index f04c9dc0778..bc53a0cc5a3 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml @@ -43,26 +43,7 @@ managed_policy: "{{ s3_integration_policy.policy.arn }}" register: s3_integration_role_3 - - name: Create a postgresql instance - rds_instance: - id: "{{ instance_id }}" - state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - allow_major_version_upgrade: true - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" - register: result - - - assert: - that: - - result.changed - - "result.db_instance_identifier == '{{ instance_id }}'" - - result.associated_roles | length == 0 - - - name: Add IAM roles to db instance + - name: Create DB instance with IAM roles rds_instance: id: "{{ instance_id }}" state: present @@ -91,7 +72,7 @@ - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" - - name: Add IAM roles to db instance (idempotence) + - name: Create DB instance with IAM roles (idempotence) rds_instance: id: "{{ instance_id }}" state: present @@ -120,7 +101,7 @@ - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" - - name: Add IAM roles to db instance (idempotence) - purge roles + - name: Create DB instance with IAM roles (idempotence) - purge roles rds_instance: id: "{{ instance_id }}" state: present @@ -226,7 +207,7 @@ - "result.db_instance_identifier == '{{ instance_id }}'" - result.associated_roles | length == 0 - - name: Remove IAM role from db instance (idempotence) + - name: Remove IAM roles from db instance (idempotence) rds_instance: id: "{{ instance_id }}" state: present @@ -246,6 +227,64 @@ - "result.db_instance_identifier == '{{ instance_id }}'" - result.associated_roles | length == 0 + - name: Add IAM roles to existing db instance + rds_instance: + id: "{{ instance_id }}" + state: present + engine: postgres + engine_version: "{{ postgres_db_engine_version }}" + allow_major_version_upgrade: true + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ postgres_db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + iam_roles: + - role_arn: "{{ s3_integration_role_1.arn }}" + feature_name: 's3Export' + - role_arn: "{{ s3_integration_role_2.arn }}" + feature_name: 'Lambda' + - role_arn: "{{ s3_integration_role_3.arn }}" + feature_name: 's3Import' + register: result + + - assert: + that: + - result.changed + - "result.db_instance_identifier == '{{ instance_id }}'" + - result.associated_roles | length == 3 + - "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}" + - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" + - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" + + - name: Add IAM roles to existing db instance (idempotence) + rds_instance: + id: "{{ instance_id }}" + state: present + engine: postgres + engine_version: "{{ postgres_db_engine_version }}" + allow_major_version_upgrade: true + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ postgres_db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + iam_roles: + - role_arn: "{{ s3_integration_role_1.arn }}" + feature_name: 's3Export' + - role_arn: "{{ s3_integration_role_2.arn }}" + feature_name: 'Lambda' + - role_arn: "{{ s3_integration_role_3.arn }}" + feature_name: 's3Import' + register: result + + - assert: + that: + - not result.changed + - "result.db_instance_identifier == '{{ instance_id }}'" + - result.associated_roles | length == 3 + - "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}" + - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" + - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" + always: - name: Delete IAM policy iam_managed_policy: