diff --git a/changelogs/fragments/1459-rds_instance-add-support-for-ca_certificate_identifier-to-create-update-instance.yml b/changelogs/fragments/1459-rds_instance-add-support-for-ca_certificate_identifier-to-create-update-instance.yml new file mode 100644 index 00000000000..349a148abe3 --- /dev/null +++ b/changelogs/fragments/1459-rds_instance-add-support-for-ca_certificate_identifier-to-create-update-instance.yml @@ -0,0 +1,3 @@ +--- +bugfixes: +- rds_instance - add support for CACertificateIdentifier to create/update rds instance (https://github.com/ansible-collections/amazon.aws/pull/1459)." diff --git a/plugins/module_utils/rds.py b/plugins/module_utils/rds.py index 7f5fef8e524..2de153d0446 100644 --- a/plugins/module_utils/rds.py +++ b/plugins/module_utils/rds.py @@ -363,7 +363,7 @@ def arg_spec_to_rds_params(options_dict): processor_features = options_dict.pop("processor_features") camel_options = snake_dict_to_camel_dict(options_dict, capitalize_first=True) for key in list(camel_options.keys()): - for old, new in (("Db", "DB"), ("Iam", "IAM"), ("Az", "AZ")): + for old, new in (("Db", "DB"), ("Iam", "IAM"), ("Az", "AZ"), ("Ca", "CA")): if old in key: camel_options[key.replace(old, new)] = camel_options.pop(key) camel_options["Tags"] = tags diff --git a/plugins/modules/rds_instance.py b/plugins/modules/rds_instance.py index 3f23faa7287..ab80af2df13 100644 --- a/plugins/modules/rds_instance.py +++ b/plugins/modules/rds_instance.py @@ -580,7 +580,9 @@ type: int sample: 1 ca_certificate_identifier: - description: The identifier of the CA certificate for the DB instance. + description: + - The identifier of the CA certificate for the DB instance. + - Requires minimum botocore version 1.29.44. returned: always type: str sample: rds-ca-2015 @@ -1019,7 +1021,10 @@ def get_options_with_changing_values(client, module, parameters): apply_immediately = parameters.pop("ApplyImmediately", None) cloudwatch_logs_enabled = module.params["enable_cloudwatch_logs_exports"] purge_security_groups = module.params["purge_security_groups"] + ca_certificate_identifier = module.params["ca_certificate_identifier"] + if ca_certificate_identifier: + parameters["CACertificateIdentifier"] = ca_certificate_identifier if port: parameters["DBPortNumber"] = port if not force_update_password: @@ -1394,7 +1399,7 @@ def main(): auto_minor_version_upgrade=dict(type="bool"), availability_zone=dict(aliases=["az", "zone"]), backup_retention_period=dict(type="int"), - ca_certificate_identifier=dict(), + ca_certificate_identifier=dict(type="str"), character_set_name=dict(), copy_tags_to_snapshot=dict(type="bool"), db_cluster_identifier=dict(aliases=["cluster_id"]), @@ -1487,6 +1492,11 @@ def main(): supports_check_mode=True, ) + if module.params["ca_certificate_identifier"]: + module.require_botocore_at_least( + "1.29.44", reason="to use 'ca_certificate_identifier' while creating/updating rds instance" + ) + # Sanitize instance identifiers module.params["db_instance_identifier"] = module.params["db_instance_identifier"].lower() if module.params["new_db_instance_identifier"]: diff --git a/tests/integration/targets/rds_instance_modify/meta/main.yml b/tests/integration/targets/rds_instance_modify/meta/main.yml new file mode 100644 index 00000000000..697673f5864 --- /dev/null +++ b/tests/integration/targets/rds_instance_modify/meta/main.yml @@ -0,0 +1,5 @@ +--- +dependencies: + - role: setup_botocore_pip + vars: + botocore_version: "1.29.44" \ No newline at end of file diff --git a/tests/integration/targets/rds_instance_modify/tasks/main.yml b/tests/integration/targets/rds_instance_modify/tasks/main.yml index e13573416e9..1d5795f253f 100644 --- a/tests/integration/targets/rds_instance_modify/tasks/main.yml +++ b/tests/integration/targets/rds_instance_modify/tasks/main.yml @@ -193,6 +193,119 @@ - result.changed - result.db_instance_identifier == "{{ modified_instance_id }}" + + # Test modifying CA certificate identifier ------------------------------------------- + + - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - check_mode + rds_instance: + state: present + db_instance_identifier: '{{ modified_instance_id }}' + allow_major_version_upgrade: true + ca_certificate_identifier: rds-ca-ecc384-g1 + apply_immediately: true + tags: + Name: '{{ modified_instance_id }}' + Created_by: Ansible rds_instance tests + register: result + check_mode: true + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get curent CA certificate identifier + rds_instance_info: + db_instance_identifier: '{{ modified_instance_id }}' + register: db_info + - name: Assert that CA certificate identifier has been modified - check_mode + assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].ca_certificate_identifier != "rds-ca-ecc384-g1" + + - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 + rds_instance: + state: present + db_instance_identifier: '{{ modified_instance_id }}' + allow_major_version_upgrade: true + ca_certificate_identifier: rds-ca-ecc384-g1 + apply_immediately: true + tags: + Name: '{{ modified_instance_id }}' + Created_by: Ansible rds_instance tests + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get curent CA certificate identifier + rds_instance_info: + db_instance_identifier: '{{ modified_instance_id }}' + register: db_info + retries: 20 + delay: 10 + until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + - name: Assert that CA certificate identifier has been modified + assert: + that: + - result is changed + - result is not failed + - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + + - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - idempotent + rds_instance: + state: present + db_instance_identifier: '{{ modified_instance_id }}' + ca_certificate_identifier: rds-ca-ecc384-g1 + apply_immediately: true + tags: + Name: '{{ modified_instance_id }}' + Created_by: Ansible rds_instance tests + register: result + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get curent CA certificate identifier + rds_instance_info: + db_instance_identifier: '{{ modified_instance_id }}' + register: db_info + retries: 20 + delay: 10 + until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + - name: Assert that CA certificate identifier has been modified + assert: + that: + - result is not changed + - result is not failed + - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + + - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - idempotent - check_mode + rds_instance: + state: present + db_instance_identifier: '{{ modified_instance_id }}' + ca_certificate_identifier: rds-ca-ecc384-g1 + apply_immediately: true + tags: + Name: '{{ modified_instance_id }}' + Created_by: Ansible rds_instance tests + register: result + check_mode: true + vars: + ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}" + + - name: Get curent CA certificate identifier + rds_instance_info: + db_instance_identifier: '{{ modified_instance_id }}' + register: db_info + retries: 20 + delay: 10 + until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + - name: Assert that CA certificate identifier has been modified + assert: + that: + - result is not changed + - result is not failed + - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1" + # Test modifying CA certificate identifier Complete------------------------------------------- + always: - name: Delete the instance rds_instance: