Merge pull request #126 from stefanhorning/elasticache_test_permissions

Allow a bunch of elasticache actions for CI testing elasticache module
mattclay · Feb 26, 2021 · 3a78745 · 3a78745
2 parents e6858db + cdfa6e2
commit 3a78745
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 0 deletions.
diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml
@@ -30,6 +30,21 @@ Statement:
       - dynamodb:DeleteTable
       - dynamodb:UpdateTable
       - dynamodb:TagResource
+      - elasticache:AddTagsToResource
+      - elasticache:CreateCacheSecurityGroup
+      - elasticache:CreateCacheSubnetGroup
+      - elasticache:DeleteCacheCluster
+      - elasticache:DeleteCacheSecurityGroup
+      - elasticache:DeleteCacheSubnetGroup
+      - elasticache:DescribeCacheClusters
+      - elasticache:DescribeCacheEngineVersions
+      - elasticache:DescribeCacheParameterGroups
+      - elasticache:DescribeCacheParameters
+      - elasticache:DescribeCacheSecurityGroups
+      - elasticache:DescribeCacheSubnetGroups
+      - elasticache:DescribeEngineDefaultParameters
+      - elasticache:DescribeUpdateActions
+      - elasticache:RemoveTagsFromResource
       - glacier:ListVaults
       - glacier:CreateVault
       - glacier:DeleteVault
@@ -58,6 +73,10 @@ Statement:
     Resource:
       - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
       - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*'
+      - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
+      - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*'
+      - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:parametergroup:*'
+      - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:securitygroup:*'
       - 'arn:aws:glacier:{{ aws_region }}:{{ aws_account_id }}:vaults/*'
       - 'arn:aws:redshift:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
@@ -67,7 +86,9 @@ Statement:
     Effect: Allow
     Action:
       - rds:CreateDBCluster
+      - elasticache:CreateCacheCluster
       - redshift:CreateCluster
     Resource:
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
+      - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
       - 'arn:aws:redshift:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
diff --git a/aws/terminator/data_services.py b/aws/terminator/data_services.py
@@ -21,6 +21,28 @@ def terminate(self):
         self.client.delete_replication_subnet_group(ReplicationSubnetGroupIdentifier=self.id)
 
 
+class Elasticache(Terminator):
+    @staticmethod
+    def create(credentials):
+        return Terminator._create(credentials, Elasticache, 'elasticache', lambda client: client.describe_cache_clusters()['CacheClusters'])
+
+    @property
+    def name(self):
+        # Name is used like an ID
+        return self.instance['CacheClusterId']
+
+    @property
+    def id(self):
+        return self.instance['CacheClusterId']
+
+    @property
+    def created_time(self):
+        return self.instance['CacheClusterCreateTime']
+
+    def terminate(self):
+        self.client.delete_cache_cluster(CacheClusterId=self.id)
+
+
 class GlueConnection(Terminator):
     @staticmethod
     def create(credentials):