Fix RDS test suite and minor bugs revealed (#57940)
* Update testing policy to be correct for RDS test suite * Create read replica in same region to avoid more permissions being required * Ensure modifying DB doesn't try to downgrade engine version * Add tags to main test suite to limit number of tests run for problem solving
This commit is contained in:
Will Thames
Sloane Hertel
parent
48af9bdfec
commit
a09aa205e1
4 changed files with 56 additions and 45 deletions
|
|
@ -1,62 +1,70 @@
|
|||
{
|
||||
"Version": "2012-10-17",
|
||||
"Statement": [
|
||||
{
|
||||
"Action": "iam:CreateServiceLinkedRole",
|
||||
"Effect": "Allow",
|
||||
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
|
||||
"Condition": {
|
||||
"StringLike": {
|
||||
"iam:AWSServiceName":"rds.amazonaws.com"
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"Sid": "AllowRDSReadEverywhere",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"rds:ListTagsForResource",
|
||||
"rds:DescribeDBInstances",
|
||||
"rds:DescribeDBParameterGroups",
|
||||
"rds:DescribeDBParameters",
|
||||
"rds:DescribeDBSnapshots"
|
||||
],
|
||||
"Resource": ["*"]
|
||||
},
|
||||
{
|
||||
"Sid": "AllowRDSModuleTests",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"rds:DescribeDBInstances",
|
||||
"rds:AddTagsToResource",
|
||||
"rds:CreateDBInstance",
|
||||
"rds:DeleteDBInstance",
|
||||
"rds:ModifyDBInstance",
|
||||
"rds:ListTagsForResource",
|
||||
"rds:DeleteDBInstance"
|
||||
"rds:PromoteReadReplica",
|
||||
"rds:RebootDBInstance",
|
||||
"rds:RemoveTagsFromResource",
|
||||
"rds:StartDBInstance",
|
||||
"rds:StopDBInstance"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Sid": "AllowRDSInstanceManageOwnInstance",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"rds:CreateDBInstance",
|
||||
"rds:ModifyDBInstance",
|
||||
"rds:ListTagsForResource",
|
||||
"rds:DescribeDBInstances"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Sid": "AllowRDSSnapshotManageSnapshots",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"rds:DescribeDBSnapshots",
|
||||
"rds:DescribeDBInstances",
|
||||
"rds:DescribeDBSnapshots",
|
||||
"rds:DeleteDBInstance",
|
||||
"rds:AddTagsToResource",
|
||||
"rds:CreateDBSnapshot",
|
||||
"rds:DeleteDBInstance",
|
||||
"rds:DeleteDBSnapshot",
|
||||
"rds:RemoveTagsFromResource",
|
||||
"rds:RestoreDBInstanceFromDBSnapshot",
|
||||
"rds:CreateDBInstanceReadReplica"
|
||||
],
|
||||
"Resource": [
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*",
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*",
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
|
||||
]
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:ansible-test*",
|
||||
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
|
||||
]
|
||||
},
|
||||
{
|
||||
"Sid": "AllowRDSParameterGroupManagement",
|
||||
"Effect": "Allow",
|
||||
"Action": [
|
||||
"rds:DescribeDBParameterGroups",
|
||||
"rds:DescribeDBParameters",
|
||||
"rds:CreateDBParameterGroup",
|
||||
"rds:DeleteDBParameterGroup",
|
||||
"rds:ModifyDBParameterGroup",
|
||||
"rds:ListTagsForResource",
|
||||
"rds:AddTagsToResource",
|
||||
"rds:RemoveTagsFromResource"
|
||||
],
|
||||
|
|
|
|||
|
|
@ -2,15 +2,26 @@
|
|||
- block:
|
||||
|
||||
- include: ./credential_tests.yml
|
||||
tags: credentials
|
||||
- include: ./test_states.yml
|
||||
tags: states
|
||||
- include: ./test_tags.yml
|
||||
tags: tags
|
||||
- include: ./test_modification.yml # TODO: test availability_zone and multi_az
|
||||
tags: modification
|
||||
- include: ./test_bad_options.yml
|
||||
tags: bad_options
|
||||
- include: ./test_processor_features.yml
|
||||
tags: processor_features
|
||||
- include: ./test_encryption.yml
|
||||
tags: encryption
|
||||
- include: ./test_final_snapshot.yml
|
||||
tags: final_snapshot
|
||||
- include: ./test_read_replica.yml
|
||||
tags: read_replica
|
||||
- include: ./test_vpc_security_groups.yml
|
||||
tags: vpc_security_groups
|
||||
|
||||
#- include: ./test_restore_instance.yml # TODO: point-in-time, snapshot, s3
|
||||
# TODO: uncomment after adding rds_cluster module
|
||||
#- include: ./test_aurora.yml
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
id: "{{ instance_id }}"
|
||||
state: present
|
||||
engine: mariadb
|
||||
engine_version: "10.1.26"
|
||||
username: "{{ username }}"
|
||||
password: "{{ password }}"
|
||||
db_instance_class: "{{ db_instance_class }}"
|
||||
|
|
@ -122,7 +123,7 @@
|
|||
backup_retention_period: 2
|
||||
preferred_backup_window: "05:00-06:00"
|
||||
preferred_maintenance_window: "mon:06:20-mon:06:50"
|
||||
engine_version: "10.1.26"
|
||||
engine_version: "10.2.21"
|
||||
allow_major_version_upgrade: true
|
||||
auto_minor_version_upgrade: false
|
||||
port: 1150
|
||||
|
|
@ -133,10 +134,10 @@
|
|||
- assert:
|
||||
that:
|
||||
- result.changed
|
||||
- result.pending_modified_values.allocated_storage == 30
|
||||
- result.pending_modified_values.port == 1150
|
||||
- 'result.pending_modified_values.db_instance_class == "db.t2.medium"'
|
||||
- 'result.pending_modified_values.engine_version == "10.1.26"'
|
||||
- '"allocated_storage" in result.pending_modified_values or result.allocated_storage == 30'
|
||||
- '"port" in result.pending_modified_values or result.endpoint.port == 1150'
|
||||
- '"db_instance_class" in result.pending_modified_values or result.db_instance_class == "db.t2.medium"'
|
||||
- '"engine_version" in result.pending_modified_values or result.engine_version == "10.2.21"'
|
||||
|
||||
- name: Idempotence modifying several pending attributes
|
||||
rds_instance:
|
||||
|
|
@ -147,7 +148,7 @@
|
|||
backup_retention_period: 2
|
||||
preferred_backup_window: "05:00-06:00"
|
||||
preferred_maintenance_window: "mon:06:20-mon:06:50"
|
||||
engine_version: "10.1.26"
|
||||
engine_version: "10.2.21"
|
||||
allow_major_version_upgrade: true
|
||||
auto_minor_version_upgrade: false
|
||||
port: 1150
|
||||
|
|
@ -163,16 +164,7 @@
|
|||
- '"allocated_storage" in result.pending_modified_values or result.allocated_storage == 30'
|
||||
- '"port" in result.pending_modified_values or result.endpoint.port == 1150'
|
||||
- '"db_instance_class" in result.pending_modified_values or result.db_instance_class == "db.t2.medium"'
|
||||
- '"engine_version" in result.pending_modified_values or result.engine_version == "10.1.26"'
|
||||
|
||||
- name: Reboot the instance to update the modified values and add tags
|
||||
rds_instance:
|
||||
id: '{{ instance_id }}'
|
||||
state: rebooted
|
||||
tags:
|
||||
Created_by: Ansible rds_instance tests
|
||||
<<: *aws_connection_info
|
||||
register: result
|
||||
- '"engine_version" in result.pending_modified_values or result.engine_version == "10.2.21"'
|
||||
|
||||
- name: Delete the instance
|
||||
rds_instance:
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
- name: set the two regions for the source DB and the replica
|
||||
set_fact:
|
||||
region_src: "{{ aws_region }}"
|
||||
region_dest: "us-east-2"
|
||||
region_dest: "{{ aws_region }}"
|
||||
|
||||
- name: set up aws connection info
|
||||
set_fact:
|
||||
|
|
|
|||
Loading…
Reference in a new issue