cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Fix RDS test suite and minor bugs revealed (#57940)

Browse source 
* Update testing policy to be correct for RDS test suite
* Create read replica in same region to avoid more permissions being
  required
* Ensure modifying DB doesn't try to downgrade engine version
* Add tags to main test suite to limit number of tests run for problem
  solving
This commit is contained in:
Will Thames 2019-06-25 23:54:03 +10:00 committed by Sloane Hertel
parent 48af9bdfec
commit a09aa205e1
4 changed files with 56 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
hacking/aws_config/testing_policies/database-policy.json
View file

@ -1,62 +1,70 @@
{ {
"Version": "2012-10-17", "Version": "2012-10-17",
"Statement": [ "Statement": [
{
"Action": "iam:CreateServiceLinkedRole",
"Effect": "Allow",
"Resource": "arn:aws:iam::*:role/aws-service-role/rds.amazonaws.com/AWSServiceRoleForRDS",
"Condition": {
"StringLike": {
"iam:AWSServiceName":"rds.amazonaws.com"
}
}
},
{
"Sid": "AllowRDSReadEverywhere",
"Effect": "Allow",
"Action": [
"rds:ListTagsForResource",
"rds:DescribeDBInstances",
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:DescribeDBSnapshots"
],
"Resource": ["*"]
},
{ {
"Sid": "AllowRDSModuleTests", "Sid": "AllowRDSModuleTests",
"Effect": "Allow", "Effect": "Allow",
"Action": [ "Action": [
"rds:DescribeDBInstances", "rds:AddTagsToResource",
"rds:CreateDBInstance", "rds:CreateDBInstance",
"rds:DeleteDBInstance",
"rds:ModifyDBInstance", "rds:ModifyDBInstance",
"rds:ListTagsForResource", "rds:PromoteReadReplica",
"rds:DeleteDBInstance" "rds:RebootDBInstance",
"rds:RemoveTagsFromResource",
"rds:StartDBInstance",
"rds:StopDBInstance"
], ],
"Resource": [ "Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-testing*" "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
]
},
{
"Sid": "AllowRDSInstanceManageOwnInstance",
"Effect": "Allow",
"Action": [
"rds:CreateDBInstance",
"rds:ModifyDBInstance",
"rds:ListTagsForResource",
"rds:DescribeDBInstances"
],
"Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*"
] ]
}, },
{ {
"Sid": "AllowRDSSnapshotManageSnapshots", "Sid": "AllowRDSSnapshotManageSnapshots",
"Effect": "Allow", "Effect": "Allow",
"Action": [ "Action": [
"rds:DescribeDBSnapshots", "rds:AddTagsToResource",
"rds:DescribeDBInstances",
"rds:DescribeDBSnapshots",
"rds:DeleteDBInstance",
"rds:CreateDBSnapshot", "rds:CreateDBSnapshot",
"rds:DeleteDBInstance",
"rds:DeleteDBSnapshot", "rds:DeleteDBSnapshot",
"rds:RemoveTagsFromResource",
"rds:RestoreDBInstanceFromDBSnapshot", "rds:RestoreDBInstanceFromDBSnapshot",
"rds:CreateDBInstanceReadReplica" "rds:CreateDBInstanceReadReplica"
], ],
"Resource": [ "Resource": [
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:snapshot-*", "arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:ansible-test*",
"arn:aws:rds:{{aws_region}}:{{aws_account}}:snapshot:rds-*", "arn:aws:rds:{{aws_region}}:{{aws_account}}:db:ansible-test*"
"arn:aws:rds:{{aws_region}}:{{aws_account}}:db:rds-*" ]
]
}, },
{ {
"Sid": "AllowRDSParameterGroupManagement", "Sid": "AllowRDSParameterGroupManagement",
"Effect": "Allow", "Effect": "Allow",
"Action": [ "Action": [
"rds:DescribeDBParameterGroups",
"rds:DescribeDBParameters",
"rds:CreateDBParameterGroup", "rds:CreateDBParameterGroup",
"rds:DeleteDBParameterGroup", "rds:DeleteDBParameterGroup",
"rds:ModifyDBParameterGroup", "rds:ModifyDBParameterGroup",
"rds:ListTagsForResource",
"rds:AddTagsToResource", "rds:AddTagsToResource",
"rds:RemoveTagsFromResource" "rds:RemoveTagsFromResource"
], ],

11
test/integration/targets/rds_instance/tasks/main.yml
View file

@ -2,15 +2,26 @@
- block: - block:
- include: ./credential_tests.yml - include: ./credential_tests.yml
tags: credentials
- include: ./test_states.yml - include: ./test_states.yml
tags: states
- include: ./test_tags.yml - include: ./test_tags.yml
tags: tags
- include: ./test_modification.yml # TODO: test availability_zone and multi_az - include: ./test_modification.yml # TODO: test availability_zone and multi_az
tags: modification
- include: ./test_bad_options.yml - include: ./test_bad_options.yml
tags: bad_options
- include: ./test_processor_features.yml - include: ./test_processor_features.yml
tags: processor_features
- include: ./test_encryption.yml - include: ./test_encryption.yml
tags: encryption
- include: ./test_final_snapshot.yml - include: ./test_final_snapshot.yml
tags: final_snapshot
- include: ./test_read_replica.yml - include: ./test_read_replica.yml
tags: read_replica
- include: ./test_vpc_security_groups.yml - include: ./test_vpc_security_groups.yml
tags: vpc_security_groups
#- include: ./test_restore_instance.yml # TODO: point-in-time, snapshot, s3 #- include: ./test_restore_instance.yml # TODO: point-in-time, snapshot, s3
# TODO: uncomment after adding rds_cluster module # TODO: uncomment after adding rds_cluster module
#- include: ./test_aurora.yml #- include: ./test_aurora.yml

24
test/integration/targets/rds_instance/tasks/test_modification.yml
View file

@ -27,6 +27,7 @@
id: "{{ instance_id }}" id: "{{ instance_id }}"
state: present state: present
engine: mariadb engine: mariadb
engine_version: "10.1.26"
username: "{{ username }}" username: "{{ username }}"
password: "{{ password }}" password: "{{ password }}"
db_instance_class: "{{ db_instance_class }}" db_instance_class: "{{ db_instance_class }}"
@ -122,7 +123,7 @@
backup_retention_period: 2 backup_retention_period: 2
preferred_backup_window: "05:00-06:00" preferred_backup_window: "05:00-06:00"
preferred_maintenance_window: "mon:06:20-mon:06:50" preferred_maintenance_window: "mon:06:20-mon:06:50"
engine_version: "10.1.26" engine_version: "10.2.21"
allow_major_version_upgrade: true allow_major_version_upgrade: true
auto_minor_version_upgrade: false auto_minor_version_upgrade: false
port: 1150 port: 1150
@ -133,10 +134,10 @@
- assert: - assert:
that: that:
- result.changed - result.changed
- result.pending_modified_values.allocated_storage == 30 - '"allocated_storage" in result.pending_modified_values or result.allocated_storage == 30'
- result.pending_modified_values.port == 1150 - '"port" in result.pending_modified_values or result.endpoint.port == 1150'
- 'result.pending_modified_values.db_instance_class == "db.t2.medium"' - '"db_instance_class" in result.pending_modified_values or result.db_instance_class == "db.t2.medium"'
- 'result.pending_modified_values.engine_version == "10.1.26"' - '"engine_version" in result.pending_modified_values or result.engine_version == "10.2.21"'
- name: Idempotence modifying several pending attributes - name: Idempotence modifying several pending attributes
rds_instance: rds_instance:
@ -147,7 +148,7 @@
backup_retention_period: 2 backup_retention_period: 2
preferred_backup_window: "05:00-06:00" preferred_backup_window: "05:00-06:00"
preferred_maintenance_window: "mon:06:20-mon:06:50" preferred_maintenance_window: "mon:06:20-mon:06:50"
engine_version: "10.1.26" engine_version: "10.2.21"
allow_major_version_upgrade: true allow_major_version_upgrade: true
auto_minor_version_upgrade: false auto_minor_version_upgrade: false
port: 1150 port: 1150
@ -163,16 +164,7 @@
- '"allocated_storage" in result.pending_modified_values or result.allocated_storage == 30' - '"allocated_storage" in result.pending_modified_values or result.allocated_storage == 30'
- '"port" in result.pending_modified_values or result.endpoint.port == 1150' - '"port" in result.pending_modified_values or result.endpoint.port == 1150'
- '"db_instance_class" in result.pending_modified_values or result.db_instance_class == "db.t2.medium"' - '"db_instance_class" in result.pending_modified_values or result.db_instance_class == "db.t2.medium"'
- '"engine_version" in result.pending_modified_values or result.engine_version == "10.1.26"' - '"engine_version" in result.pending_modified_values or result.engine_version == "10.2.21"'
- name: Reboot the instance to update the modified values and add tags
rds_instance:
id: '{{ instance_id }}'
state: rebooted
tags:
Created_by: Ansible rds_instance tests
<<: *aws_connection_info
register: result
- name: Delete the instance - name: Delete the instance
rds_instance: rds_instance:

2
test/integration/targets/rds_instance/tasks/test_read_replica.yml
View file

@ -4,7 +4,7 @@
- name: set the two regions for the source DB and the replica - name: set the two regions for the source DB and the replica
set_fact: set_fact:
region_src: "{{ aws_region }}" region_src: "{{ aws_region }}"
region_dest: "us-east-2" region_dest: "{{ aws_region }}"
- name: set up aws connection info - name: set up aws connection info
set_fact: set_fact: