diff --git a/plugins/modules/rds_instance.py b/plugins/modules/rds_instance.py index 09cb6c06979..083042d7d91 100644 --- a/plugins/modules/rds_instance.py +++ b/plugins/modules/rds_instance.py @@ -38,7 +38,7 @@ type: str force_update_password: description: - - Set to True to update your cluster password with I(master_user_password). Since comparing passwords to determine + - Set to C(True) to update your instance password with I(master_user_password). Since comparing passwords to determine if it needs to be updated is not possible this is set to False by default to allow idempotence. type: bool default: False @@ -52,12 +52,12 @@ default: True read_replica: description: - - Set to False to promote a read replica cluster or true to create one. When creating a read replica C(creation_source) should + - Set to C(False) to promote a read replica instance or true to create one. When creating a read replica C(creation_source) should be set to 'instance' or not provided. C(source_db_instance_identifier) must be provided with this option. type: bool wait: description: - - Whether to wait for the cluster to be available, stopped, or deleted. At a later time a wait_timeout option may be added. + - Whether to wait for the instance to be available, stopped, or deleted. At a later time a I(wait_timeout) option may be added. Following each API call to create/modify/delete the instance a waiter is used with a 60 second delay 30 times until the instance reaches the expected state (available/stopped/deleted). The total task time may also be influenced by AWSRetry which helps stabilize if the instance is in an invalid state to operate on to begin with (such as if you try to stop it when it is in the process of rebooting). @@ -76,7 +76,7 @@ type: bool apply_immediately: description: - - A value that specifies whether modifying a cluster with I(new_db_instance_identifier) and I(master_user_password) + - A value that specifies whether modifying an instance with I(new_db_instance_identifier) and I(master_user_password) should be applied as soon as possible, regardless of the I(preferred_maintenance_window) setting. If false, changes are applied during the next maintenance window. type: bool @@ -87,8 +87,8 @@ type: bool availability_zone: description: - - A list of EC2 Availability Zones that instances in the DB cluster can be created in. - May be used when creating a cluster or when restoring from S3 or a snapshot. Mutually exclusive with I(multi_az). + - A list of EC2 Availability Zones that the DB instance can be created in. + May be used when creating an instance or when restoring from S3 or a snapshot. Mutually exclusive with I(multi_az). aliases: - az - zone @@ -97,7 +97,7 @@ description: - The number of days for which automated backups are retained. - When set to C(0), automated backups will be disabled. (Not applicable if the DB instance is a source to read replicas) - - May be used when creating a new cluster, when restoring from S3, or when modifying a cluster. + - May be used when creating a new instance, when restoring from S3, or when modifying an instance. type: int ca_certificate_identifier: description: @@ -105,7 +105,7 @@ type: str character_set_name: description: - - The character set to associate with the DB cluster. + - The character set to associate with the DB instance. type: str copy_tags_to_snapshot: description: @@ -152,8 +152,11 @@ elements: str db_snapshot_identifier: description: - - The identifier for the DB snapshot to restore from if using I(creation_source=snapshot). + - The identifier or ARN of the DB snapshot to restore from when using I(creation_source=snapshot). type: str + aliases: + - snapshot_identifier + - snapshot_id db_subnet_group_name: description: - The DB subnet group name to use for the DB instance. @@ -185,7 +188,7 @@ enable_iam_database_authentication: description: - Enable mapping of AWS Identity and Access Management (IAM) accounts to database accounts. - If this option is omitted when creating the cluster, Amazon RDS sets this to False. + If this option is omitted when creating the instance, Amazon RDS sets this to False. type: bool enable_performance_insights: description: @@ -256,7 +259,7 @@ type: str master_username: description: - - The name of the master user for the DB cluster. Must be 1-16 letters or numbers and begin with a letter. + - The name of the master user for the DB instance. Must be 1-16 letters or numbers and begin with a letter. aliases: - username type: str @@ -279,7 +282,7 @@ type: bool new_db_instance_identifier: description: - - The new DB cluster (lowercase) identifier for the DB cluster when renaming a DB instance. The identifier must contain + - The new DB instance (lowercase) identifier for the DB instance when renaming a DB instance. The identifier must contain from 1 to 63 letters, numbers, or hyphens and the first character must be a letter and may not end in a hyphen or contain consecutive hyphens. Use I(apply_immediately) to rename immediately, otherwise it is updated during the next maintenance window. @@ -369,14 +372,10 @@ type: str skip_final_snapshot: description: - - Whether a final DB cluster snapshot is created before the DB cluster is deleted. If this is false I(final_db_snapshot_identifier) + - Whether a final DB instance snapshot is created before the DB instance is deleted. If this is false I(final_db_snapshot_identifier) must be provided. type: bool default: false - snapshot_identifier: - description: - - The ARN of the DB snapshot to restore from when using I(creation_source=snapshot). - type: str source_db_instance_identifier: description: - The identifier or ARN of the source DB instance from which to restore when creating a read replica or spinning up a point-in-time @@ -410,7 +409,7 @@ type: str tags: description: - - A dictionary of key value pairs to assign the DB cluster. + - A dictionary of key value pairs to assign the DB instance. type: dict tde_credential_arn: description: @@ -439,7 +438,7 @@ - restore_from_latest vpc_security_group_ids: description: - - A list of EC2 VPC security groups to associate with the DB cluster. + - A list of EC2 VPC security groups to associate with the DB instance. type: list elements: str purge_security_groups: @@ -528,13 +527,25 @@ community.aws.rds_instance: id: "my-instance-id" state: present - engine: postgres - engine_version: 14.2 - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: db.m6g.large - allocated_storage: "{{ allocated_storage }}" purge_iam_roles: yes + +# Restore DB instance from snapshot +- name: Create a snapshot and wait until completion + community.aws.rds_instance_snapshot: + instance_id: 'my-instance-id' + snapshot_id: 'my-new-snapshot' + state: present + wait: yes + register: snapshot + +- name: Restore DB from snapshot + community.aws.rds_instance: + id: 'my-restored-db' + creation_source: snapshot + snapshot_identifier: 'my-new-snapshot' + engine: mariadb + state: present + register: restored_db ''' RETURN = r''' @@ -1267,7 +1278,7 @@ def main(): db_name=dict(), db_parameter_group_name=dict(), db_security_groups=dict(type='list', elements='str'), - db_snapshot_identifier=dict(), + db_snapshot_identifier=dict(type='str', aliases=['snapshot_identifier', 'snapshot_id']), db_subnet_group_name=dict(aliases=['subnet_group']), deletion_protection=dict(type='bool'), domain=dict(), @@ -1304,7 +1315,6 @@ def main(): s3_ingestion_role_arn=dict(), s3_prefix=dict(), skip_final_snapshot=dict(type='bool', default=False), - snapshot_identifier=dict(), source_db_instance_identifier=dict(), source_engine=dict(choices=['mysql']), source_engine_version=dict(), @@ -1325,13 +1335,13 @@ def main(): ('engine', 'aurora-mysql', ('db_cluster_identifier',)), ('engine', 'aurora-postresql', ('db_cluster_identifier',)), ('storage_type', 'io1', ('iops', 'allocated_storage')), - ('creation_source', 'snapshot', ('snapshot_identifier', 'engine')), + ('creation_source', 'snapshot', ('db_snapshot_identifier', 'engine')), ('creation_source', 's3', ( 's3_bucket_name', 'engine', 'master_username', 'master_user_password', 'source_engine', 'source_engine_version', 's3_ingestion_role_arn')), ] mutually_exclusive = [ - ('s3_bucket_name', 'source_db_instance_identifier', 'snapshot_identifier'), + ('s3_bucket_name', 'source_db_instance_identifier', 'db_snapshot_identifier'), ('use_latest_restorable_time', 'restore_time'), ('availability_zone', 'multi_az'), ] diff --git a/tests/integration/targets/rds_instance/aliases b/tests/integration/targets/rds_instance/aliases index e30a1801b1e..d79ad32a38f 100644 --- a/tests/integration/targets/rds_instance/aliases +++ b/tests/integration/targets/rds_instance/aliases @@ -1,3 +1,4 @@ slow cloud/aws +rds_instance_info diff --git a/tests/integration/targets/rds_instance/inventory b/tests/integration/targets/rds_instance/inventory index a8774ec9907..960ac7a2dcf 100644 --- a/tests/integration/targets/rds_instance/inventory +++ b/tests/integration/targets/rds_instance/inventory @@ -1,26 +1,20 @@ # inventory names shortened down to fit resource name length limits [tests] -# processor feature tests processor -# restore instance tests restore -# security groups db tests sgroups -# modify complex tests complex -# other tests states modify tagging replica upgrade +snapshot +aurora # TODO: uncomment after adding iam:CreatePolicy and iam:DeletePolicy # iam_roles -# TODO: uncomment after adding rds_cluster module -# aurora - [all:vars] ansible_connection=local diff --git a/tests/integration/targets/rds_instance/main.yml b/tests/integration/targets/rds_instance/main.yml index 7d0dd4f8990..b5338ceeab0 100644 --- a/tests/integration/targets/rds_instance/main.yml +++ b/tests/integration/targets/rds_instance/main.yml @@ -6,6 +6,5 @@ - hosts: all gather_facts: no strategy: free - serial: 9 roles: - rds_instance diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/defaults/main.yml b/tests/integration/targets/rds_instance/roles/rds_instance/defaults/main.yml index 0dd2db59c2b..e7385e6a9d3 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/defaults/main.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/defaults/main.yml @@ -33,3 +33,6 @@ mariadb_engine_version_2: 10.4.21 # For iam roles tests postgres_db_instance_class: db.m6g.large # smallest psql instance postgres_db_engine_version: 14.2 + +# For snapshot tests +snapshot_id: "{{ instance_id }}-ss" diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_aurora.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_aurora.yml index 031d0b8464e..1c3ac8a22f4 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_aurora.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_aurora.yml @@ -20,6 +20,8 @@ cluster_id: "{{ cluster_id }}" username: "{{ username }}" password: "{{ password }}" + tags: + CreatedBy: rds_instance integration tests - name: Create an Aurora instance rds_instance: @@ -38,29 +40,24 @@ - "result.db_instance_identifier == '{{ instance_id }}'" - "result.tags | length == 1" - - name: Modify tags + - name: Create an Aurora instance with both username/password and id - invalid rds_instance: - id: "{{ instance_id }}" + id: "{{ instance_id }}-new" + cluster_id: "{{ cluster_id }}" + engine: aurora state: present + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ aurora_db_instance_class }}" tags: - Test: rds_instance - register: result - - - assert: - that: - - result.changed - - result.tags | length == 1 - - "result.tags.Test == 'rds_instance'" - - - name: Test idempotence - rds_instance: - id: "{{ instance_id }}" - state: present + CreatedBy: rds_instance integration tests register: result + ignore_errors: yes - assert: that: - - not result.changed + - result.failed + - "'Set master user password for the DB Cluster' in result.msg" - name: Attempt to modify password (a cluster-managed attribute) rds_instance: @@ -92,20 +89,6 @@ - "'Modify database endpoint port number for the DB Cluster using the ModifyDbCluster API' in result.msg" - "'Please see rds_cluster' in result.msg" - - name: Modify Aurora instance identifier - rds_instance: - id: "{{ instance_id }}" - state: present - purge_tags: False - new_id: "{{ modified_instance_id }}" - apply_immediately: True - register: result - - - assert: - that: - - result.changed - - "result.db_instance_identifier == '{{ modified_instance_id }}'" - always: - name: Delete the instance diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_complex.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_complex.yml index 7e3ef087c32..e7fa4a4e9e2 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_complex.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_complex.yml @@ -139,9 +139,6 @@ port: 1150 max_allocated_storage: 150 register: result - retries: 30 - delay: 10 - until: result is not failed check_mode: yes - assert: @@ -165,9 +162,6 @@ port: 1150 max_allocated_storage: 150 register: result - retries: 30 - delay: 10 - until: result is not failed - assert: that: @@ -185,3 +179,10 @@ skip_final_snapshot: True wait: false ignore_errors: yes + + - name: Remove enhanced monitoring role + iam_role: + assume_role_policy_document: "{{ lookup('file','files/enhanced_monitoring_assume_policy.json') }}" + name: "{{ instance_id }}-role" + state: absent + ignore_errors: yes diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml index a12919d0f0e..b27b3ec0b7e 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_iam_roles.yml @@ -12,6 +12,24 @@ - not result.changed ignore_errors: yes + - name: Create postgresql instance + rds_instance: + id: "{{ instance_id }}" + state: present + engine: postgres + engine_version: "{{ postgres_db_engine_version }}" + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ postgres_db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + allow_major_version_upgrade: yes + register: result + + - assert: + that: + - result.changed + - "result.db_instance_identifier == '{{ instance_id }}'" + - name: Create s3 integration policy iam_managed_policy: policy_name: "{{ instance_id }}-s3-policy" @@ -45,17 +63,10 @@ # ------------------------------------------------------------------------------------------ - - name: Create DB instance with IAM roles - check_mode + - name: Add IAM roles - check_mode rds_instance: id: "{{ instance_id }}" state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" - allow_major_version_upgrade: yes iam_roles: - role_arn: "{{ s3_integration_role_1.arn }}" feature_name: 's3Export' @@ -70,17 +81,10 @@ that: - result.changed - - name: Create DB instance with IAM roles + - name: Add IAM roles rds_instance: id: "{{ instance_id }}" state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" - allow_major_version_upgrade: yes iam_roles: - role_arn: "{{ s3_integration_role_1.arn }}" feature_name: 's3Export' @@ -99,16 +103,10 @@ - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" - - name: Create DB instance with IAM roles (idempotence) - check_mode + - name: Add IAM roles (idempotence) - check_mode rds_instance: id: "{{ instance_id }}" state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" iam_roles: - role_arn: "{{ s3_integration_role_1.arn }}" feature_name: 's3Export' @@ -123,16 +121,10 @@ that: - not result.changed - - name: Create DB instance with IAM roles (idempotence) + - name: Add IAM roles (idempotence) rds_instance: id: "{{ instance_id }}" state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" iam_roles: - role_arn: "{{ s3_integration_role_1.arn }}" feature_name: 's3Export' @@ -151,16 +143,10 @@ - "{{ 'Lambda' in result.associated_roles | map(attribute='feature_name') }}" - "{{ 's3Import' in result.associated_roles | map(attribute='feature_name') }}" - - name: Create DB instance with IAM roles (idempotence) - purge roles + - name: Add IAM roles (idempotence) - purge roles rds_instance: id: "{{ instance_id }}" state: present - engine: postgres - engine_version: "{{ postgres_db_engine_version }}" - username: "{{ username }}" - password: "{{ password }}" - db_instance_class: "{{ postgres_db_instance_class }}" - allocated_storage: "{{ allocated_storage }}" iam_roles: - role_arn: "{{ s3_integration_role_1.arn }}" feature_name: 's3Export' @@ -310,69 +296,6 @@ - "result.db_instance_identifier == '{{ instance_id }}'" - result.associated_roles | length == 0 - # ------------------------------------------------------------------------------------------ - - - name: Add IAM role to existing db instance - check_mode - rds_instance: - id: "{{ instance_id }}" - state: present - iam_roles: - - role_arn: "{{ s3_integration_role_1.arn }}" - feature_name: 's3Export' - register: result - check_mode: yes - - - assert: - that: - - result.changed - - - name: Add IAM role to existing db instance - rds_instance: - id: "{{ instance_id }}" - state: present - iam_roles: - - role_arn: "{{ s3_integration_role_1.arn }}" - feature_name: 's3Export' - register: result - - - assert: - that: - - result.changed - - "result.db_instance_identifier == '{{ instance_id }}'" - - result.associated_roles | length == 1 - - "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}" - - - name: Add IAM role to existing db instance (idempotence) - check_mode - rds_instance: - id: "{{ instance_id }}" - state: present - iam_roles: - - role_arn: "{{ s3_integration_role_1.arn }}" - feature_name: 's3Export' - register: result - check_mode: yes - - - assert: - that: - - not result.changed - - - name: Add IAM role to existing db instance (idempotence) - rds_instance: - id: "{{ instance_id }}" - state: present - - iam_roles: - - role_arn: "{{ s3_integration_role_1.arn }}" - feature_name: 's3Export' - register: result - - - assert: - that: - - not result.changed - - "result.db_instance_identifier == '{{ instance_id }}'" - - result.associated_roles | length == 1 - - "{{ 's3Export' in result.associated_roles | map(attribute='feature_name') }}" - always: - name: Delete IAM policy iam_managed_policy: diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_modify.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_modify.yml index 7206d8956af..26b3bd38691 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_modify.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_modify.yml @@ -13,14 +13,6 @@ - not result.changed ignore_errors: yes - - name: Create an enhanced monitoring role - iam_role: - assume_role_policy_document: "{{ lookup('file','files/enhanced_monitoring_assume_policy.json') }}" - name: "{{ instance_id }}-role" - state: present - managed_policy: "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" - register: enhanced_monitoring_role - - name: Create a mariadb instance rds_instance: id: "{{ instance_id }}" @@ -32,6 +24,9 @@ password: "{{ password }}" db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" + tags: + Name: "{{ instance_id }}" + Created_by: Ansible rds_instance tests register: result - assert: @@ -39,12 +34,55 @@ - result.changed - "result.db_instance_identifier == '{{ instance_id }}'" + - name: Create a DB instance with an invalid engine + rds_instance: + id: "{{ instance_id }}" + state: present + engine: thisisnotavalidengine + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + register: result + ignore_errors: True + + - assert: + that: + - result.failed + - '"value of engine must be one of" in result.msg' + + - name: Add IAM roles to mariadb (should fail - iam roles not supported for mariadb) + rds_instance: + id: "{{ instance_id }}" + state: present + engine: mariadb + engine_version: "{{ mariadb_engine_version }}" + allow_major_version_upgrade: true + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + iam_roles: + - role_arn: 'my_role' + feature_name: 'my_feature' + register: result + ignore_errors: True + + - assert: + that: + - result.failed + - '"is not valid for adding IAM roles" in result.msg' + + # TODO: test modifying db_subnet_group_name, db_security_groups, db_parameter_group_name, option_group_name, + # monitoring_role_arn, monitoring_interval, domain, domain_iam_role_name, cloudwatch_logs_export_configuration + + # ------------------------------------------------------------------------------------------ + - name: Modify the instance name without immediate application - check_mode rds_instance: id: "{{ instance_id }}" state: present new_id: "{{ modified_instance_id }}" - password: "{{ password }}" apply_immediately: False register: result check_mode: yes @@ -58,7 +96,6 @@ id: "{{ instance_id }}" state: present new_id: "{{ modified_instance_id }}" - password: "{{ password }}" apply_immediately: False register: result @@ -100,5 +137,7 @@ state: absent skip_final_snapshot: True wait: false - loop: ["{{ instance_id }}", "{{ modified_instance_id }}"] ignore_errors: yes + loop: + - "{{ instance_id }}" + - "{{ modified_instance_id }}" diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_processor.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_processor.yml index 453097c1c45..4d328e9d286 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_processor.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_processor.yml @@ -105,8 +105,10 @@ - assert: that: - not result.changed - - 'result.pending_modified_values.processor_features.coreCount == "{{ modified_processor_features.coreCount }}"' - - 'result.pending_modified_values.processor_features.threadsPerCore == "{{ modified_processor_features.threadsPerCore }}"' + - 'result.pending_modified_values.processor_features.coreCount == "{{ modified_processor_features.coreCount }}" + or result.processor_features.coreCount == "{{ modified_processor_features.coreCount }}"' + - 'result.pending_modified_values.processor_features.threadsPerCore == "{{ modified_processor_features.threadsPerCore }}" + or result.processor_features.threadsPerCore == "{{ modified_processor_features.threadsPerCore }}"' always: diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_sgroups.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_sgroups.yml index 4624aa5d27d..110d1985d57 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_sgroups.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_sgroups.yml @@ -279,6 +279,10 @@ - "{{ resource_prefix }}-sg-1" - "{{ resource_prefix }}-sg-2" - "{{ resource_prefix }}-sg-3" + ignore_errors: yes + retries: 30 + until: sgs_result is not failed + delay: 10 - name: remove subnets ec2_vpc_subnet: diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_snapshot.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_snapshot.yml new file mode 100644 index 00000000000..e57e34d0c33 --- /dev/null +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_snapshot.yml @@ -0,0 +1,216 @@ +--- +- block: + - name: Ensure the resource doesn't exist + rds_instance: + id: "{{ instance_id }}" + state: absent + skip_final_snapshot: True + register: result + + - assert: + that: + - not result.changed + ignore_errors: yes + + - name: Create a mariadb instance + rds_instance: + id: "{{ instance_id }}" + state: present + engine: mariadb + username: "{{ username }}" + password: "{{ password }}" + db_instance_class: "{{ db_instance_class }}" + allocated_storage: "{{ allocated_storage }}" + tags: + Name: "{{ instance_id }}" + Created_by: Ansible rds_instance tests + register: result + + - assert: + that: + - result.changed + - "result.db_instance_identifier == '{{ instance_id }}'" + - "result.tags | length == 2" + - "result.tags.Name == '{{ instance_id }}'" + - "result.tags.Created_by == 'Ansible rds_instance tests'" + + - name: Create a snapshot + rds_instance_snapshot: + instance_id: "{{ instance_id }}" + snapshot_id: "{{ snapshot_id }}" + state: present + wait: yes + register: result + + - assert: + that: + - result.changed + - result.db_instance_identifier == "{{ instance_id }}" + - result.db_snapshot_identifier == "{{ snapshot_id }}" + + # ------------------------------------------------------------------------------------------ + # Test restoring db from snapshot + + - name: Restore DB from snapshot - check_mode + rds_instance: + id: "{{ snapshot_id }}" + creation_source: snapshot + snapshot_identifier: "{{ snapshot_id }}" + engine: mariadb + state: present + register: result + check_mode: yes + + - assert: + that: + - result.changed + + - name: Restore DB from snapshot + rds_instance: + id: "{{ snapshot_id }}" + creation_source: snapshot + snapshot_identifier: "{{ snapshot_id }}" + engine: mariadb + state: present + register: result + + - assert: + that: + - result.changed + - result.db_instance_identifier == "{{ snapshot_id }}" + - result.tags | length == 2 + - result.tags.Name == "{{ instance_id }}" + - result.tags.Created_by == 'Ansible rds_instance tests' + - result.db_instance_status == 'available' + + - name: Restore DB from snapshot (idempotence) - check_mode + rds_instance: + id: "{{ snapshot_id }}" + creation_source: snapshot + snapshot_identifier: "{{ snapshot_id }}" + engine: mariadb + state: present + register: result + check_mode: yes + + - assert: + that: + - not result.changed + + - name: Restore DB from snapshot (idempotence) + rds_instance: + id: "{{ snapshot_id }}" + creation_source: snapshot + snapshot_identifier: "{{ snapshot_id }}" + engine: mariadb + state: present + register: result + + - assert: + that: + - not result.changed + - result.db_instance_identifier == "{{ snapshot_id }}" + - result.tags | length == 2 + - result.tags.Name == "{{ instance_id }}" + - result.tags.Created_by == 'Ansible rds_instance tests' + - result.db_instance_status == 'available' + + # ------------------------------------------------------------------------------------------ + # Test final snapshot on deletion + + - name: Ensure instance exists prior to deleting + rds_instance_info: + db_instance_identifier: '{{ instance_id }}' + register: db_info + + - assert: + that: + - db_info.instances | length == 1 + + - name: Delete the instance keeping snapshot - check_mode + rds_instance: + id: "{{ instance_id }}" + state: absent + final_snapshot_identifier: "{{ instance_id }}" + register: result + check_mode: yes + + - assert: + that: + - result.changed + + - name: Delete the instance keeping snapshot + rds_instance: + id: "{{ instance_id }}" + state: absent + final_snapshot_identifier: "{{ instance_id }}" + register: result + + - assert: + that: + - result.changed + - "result.final_snapshot.db_instance_identifier == '{{ instance_id }}'" + + - name: Check that snapshot exists + rds_snapshot_info: + db_snapshot_identifier: "{{ instance_id }}" + register: result + + - assert: + that: + - "result.snapshots | length == 1" + - "result.snapshots.0.engine == 'mariadb'" + + - name: Ensure instance was deleted + rds_instance_info: + db_instance_identifier: '{{ instance_id }}' + register: db_info + + - assert: + that: + - db_info.instances | length == 0 + + - name: Delete the instance (idempotence) - check_mode + rds_instance: + id: "{{ instance_id }}" + state: absent + skip_final_snapshot: True + register: result + check_mode: yes + + - assert: + that: + - not result.changed + + - name: Delete the instance (idempotence) + rds_instance: + id: "{{ instance_id }}" + state: absent + skip_final_snapshot: True + register: result + + - assert: + that: + - not result.changed + + always: + - name: Remove snapshots + rds_instance_snapshot: + db_snapshot_identifier: "{{ item }}" + state: absent + wait: false + ignore_errors: yes + with_items: + - "{{ instance_id }}" + - "{{ snapshot_id }}" + + - name: Remove DB instances + rds_instance: + id: "{{ item }}" + state: absent + skip_final_snapshot: True + wait: false + ignore_errors: yes + with_items: + - "{{ instance_id }}" + - "{{ snapshot_id }}" diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_states.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_states.yml index dee43a77405..c670702e403 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_states.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_states.yml @@ -12,9 +12,6 @@ - not result.changed ignore_errors: yes - - # ------------------------------------------------------------------------------------------ - - name: Create a mariadb instance - check_mode rds_instance: id: "{{ instance_id }}" @@ -24,6 +21,7 @@ password: "{{ password }}" db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" + deletion_protection: True tags: Name: "{{ instance_id }}" Created_by: Ansible rds_instance tests @@ -43,6 +41,7 @@ password: "{{ password }}" db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" + deletion_protection: True tags: Name: "{{ instance_id }}" Created_by: Ansible rds_instance tests @@ -55,6 +54,7 @@ - "result.tags | length == 2" - "result.tags.Name == '{{ instance_id }}'" - "result.tags.Created_by == 'Ansible rds_instance tests'" + - result.deletion_protection == True - name: Create a mariadb instance (idempotence) - check_mode rds_instance: @@ -65,6 +65,7 @@ password: "{{ password }}" db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" + deletion_protection: True tags: Name: "{{ instance_id }}" Created_by: Ansible rds_instance tests @@ -84,6 +85,7 @@ password: "{{ password }}" db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" + deletion_protection: True tags: Name: "{{ instance_id }}" Created_by: Ansible rds_instance tests @@ -96,6 +98,7 @@ - "result.tags | length == 2" - "result.tags.Name == '{{ instance_id }}'" - "result.tags.Created_by == 'Ansible rds_instance tests'" + - result.deletion_protection == True # ------------------------------------------------------------------------------------------ # Test stopping / rebooting instances @@ -210,6 +213,7 @@ - not result.changed # ------------------------------------------------------------------------------------------ + # Test deletion protection / deletion - name: Ensure instance exists prior to deleting rds_instance_info: @@ -220,6 +224,29 @@ that: - db_info.instances | length == 1 + - name: Attempt to delete DB instance with deletion protection (should fail) + rds_instance: + id: "{{ instance_id }}" + state: absent + skip_final_snapshot: True + register: result + ignore_errors: yes + + - assert: + that: + - result.failed + + - name: Turn off deletion protection + rds_instance: + id: "{{ instance_id }}" + deletion_protection: false + register: result + + - assert: + that: + - result.changed + - result.deletion_protection == False + - name: Delete the instance - check_mode rds_instance: id: "{{ instance_id }}" diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_tagging.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_tagging.yml index a84cda69445..edfe7272253 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_tagging.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_tagging.yml @@ -181,37 +181,7 @@ - "result.tags | length == 2" - "result.tags.Name == '{{ instance_id }}-new'" - # Test final snapshot on deletion - - name: Delete the DB instance - rds_instance: - id: "{{ instance_id }}" - state: absent - final_snapshot_identifier: "{{ instance_id }}" - register: result - - - assert: - that: - - result.changed - - "result.final_snapshot.db_instance_identifier == '{{ instance_id }}'" - - - name: Check that snapshot exists - rds_snapshot_info: - db_snapshot_identifier: "{{ instance_id }}" - register: result - - - assert: - that: - - "result.snapshots | length == 1" - - "result.snapshots.0.engine == 'mariadb'" - always: - - name: remove final snapshot - rds_instance_snapshot: - db_snapshot_identifier: "{{ instance_id }}" - state: absent - wait: false - ignore_errors: yes - - name: Remove DB instance rds_instance: id: "{{ instance_id }}" diff --git a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_upgrade.yml b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_upgrade.yml index aee0ca5b27f..4994442ef79 100644 --- a/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_upgrade.yml +++ b/tests/integration/targets/rds_instance/roles/rds_instance/tasks/test_upgrade.yml @@ -82,9 +82,6 @@ db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" register: result - retries: 30 - delay: 10 - until: result is not failed check_mode: yes ### Specifying allow_major_version_upgrade with check_mode will always result in changed=True @@ -105,9 +102,6 @@ db_instance_class: "{{ db_instance_class }}" allocated_storage: "{{ allocated_storage }}" register: result - retries: 30 - delay: 10 - until: result is not failed - assert: that: