[DBParameterGroup] Include parameters in the ReadHandler response (#406)

This commit adds DBParameterGroup.parameters in the ReadHandler response. The motivation for this change is to enable drift detector on independent group parameters. At the moment this collection is defined aas WriteOnly, instructing the drift detector to ignore it completely.
aws-cloudformation · Feb 27, 2023 · 8f036a3 · 8f036a3
1 parent 5b4b0ff
commit 8f036a3
Show file tree

Hide file tree

Showing 16 changed files with 607 additions and 236 deletions.
diff --git a/aws-rds-cfn-common/src/main/java/software/amazon/rds/common/logging/LoggingProxyClient.java b/aws-rds-cfn-common/src/main/java/software/amazon/rds/common/logging/LoggingProxyClient.java
@@ -19,52 +19,55 @@ public class LoggingProxyClient<ClientT> implements ProxyClient<ClientT> {
  final private ProxyClient<ClientT> proxyClient;
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseT
- injectCredentialsAndInvokeV2(RequestT request, Function<RequestT, ResponseT> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseT injectCredentialsAndInvokeV2(
+ final RequestT request,
+ final Function<RequestT, ResponseT> requestFunction
+ ) {
+ return logRequestResponseAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- CompletableFuture<ResponseT>
- injectCredentialsAndInvokeV2Async(RequestT request,
-  Function<RequestT, CompletableFuture<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Async);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> CompletableFuture<ResponseT> injectCredentialsAndInvokeV2Async(
+  final RequestT request,
+  final Function<RequestT, CompletableFuture<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Async);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse, IterableT extends SdkIterable<ResponseT>>
- IterableT
- injectCredentialsAndInvokeIterableV2(RequestT request, Function<RequestT, IterableT> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeIterableV2);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse, IterableT extends SdkIterable<ResponseT>> IterableT injectCredentialsAndInvokeIterableV2(
+ final RequestT request,
+ final Function<RequestT, IterableT> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeIterableV2);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseInputStream<ResponseT>
- injectCredentialsAndInvokeV2InputStream(RequestT request,
-  Function<RequestT, ResponseInputStream<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2InputStream);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseInputStream<ResponseT> injectCredentialsAndInvokeV2InputStream(
+  final RequestT request,
+  final Function<RequestT, ResponseInputStream<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2InputStream);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseBytes<ResponseT>
- injectCredentialsAndInvokeV2Bytes(RequestT request,
-  Function<RequestT, ResponseBytes<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Bytes);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseBytes<ResponseT> injectCredentialsAndInvokeV2Bytes(
+  final RequestT request,
+  final Function<RequestT, ResponseBytes<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Bytes);
  }
 
  @Override
  public ClientT client() {
  return proxyClient.client();
  }
 
- private <RequestT extends AwsRequest, ResultT> ResultT logAndDelegate(
+ private <RequestT extends AwsRequest, ResultT> ResultT logRequestResponseAndDelegate(
  final RequestT request,
  final Function<RequestT, ResultT> requestFunction,
- final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials) {
+ final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials
+ ) {
  ResultT result = null;
  try {
  requestLogger.log(request);
@@ -76,5 +79,19 @@ private <RequestT extends AwsRequest, ResultT> ResultT logAndDelegate(
  return result;
  }
 
-
+ private <RequestT extends AwsRequest, ResultT> ResultT logRequestAndDelegate(
+ final RequestT request,
+ final Function<RequestT, ResultT> requestFunction,
+ final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials
+ ) {
+ ResultT result = null;
+ try {
+ requestLogger.log(request);
+ result = injectCredentials.apply(request, requestFunction);
+ } catch (Exception e) {
+ requestLogger.logAndThrow(e);
+ }
+ requestLogger.log("[Result log omitted]");
+ return result;
+ }
 }
diff --git a/...s-cfn-common/src/test/java/software/amazon/rds/common/logging/LoggingProxyClientTest.java b/...s-cfn-common/src/test/java/software/amazon/rds/common/logging/LoggingProxyClientTest.java
@@ -82,25 +82,25 @@ void test_injectCredentialsAndInvokeV2Bytes() {
  ResponseBytes<AwsResponse> response = ResponseBytes.fromByteArray(awsResponse, awsResponse.toString().getBytes());
  when(proxy.injectCredentialsAndInvokeV2Bytes(any(), any())).thenReturn(response);
  proxyRdsClient.injectCredentialsAndInvokeV2Bytes(awsRequest, request -> response);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(STACK_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(STACK_ID)).isTrue();
  }
 
  @Test
  void test_injectCredentialsAndInvokeIterableV2() {
  ProxyClient<RdsClient> proxyRdsClient = getProxyRdsClient(logger);
  when(proxy.injectCredentialsAndInvokeIterableV2(any(), any())).thenReturn(sdkIterable);
  proxyRdsClient.injectCredentialsAndInvokeIterableV2(awsRequest, request -> sdkIterable);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(AWS_ACCOUNT_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(AWS_ACCOUNT_ID)).isTrue();
  }
 
  @Test
  void test_injectCredentialsAndInvokeV2Async() {
  ProxyClient<RdsClient> proxyRdsClient = getProxyRdsClient(logger);
  when(proxy.injectCredentialsAndInvokeV2Async(any(), any())).thenReturn(awsResponseCompletableFuture);
  proxyRdsClient.injectCredentialsAndInvokeV2Async(awsRequest, request -> awsResponseCompletableFuture);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(STACK_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(STACK_ID)).isTrue();
  }
 }
diff --git a/...mon/src/main/java/software/amazon/rds/test/common/verification/AccessPermissionAlias.java b/...mon/src/main/java/software/amazon/rds/test/common/verification/AccessPermissionAlias.java
@@ -0,0 +1,13 @@
+package software.amazon.rds.test.common.verification;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@AllArgsConstructor
+public class AccessPermissionAlias {
+ @Getter
+ private AccessPermission origin;
+
+ @Getter
+ private AccessPermission equivalent;
+}
diff --git a/...n/java/software/amazon/rds/test/common/verification/AccessPermissionVerificationMode.java b/...n/java/software/amazon/rds/test/common/verification/AccessPermissionVerificationMode.java
@@ -1,7 +1,9 @@
 package software.amazon.rds.test.common.verification;
 
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.json.JSONArray;
@@ -19,9 +21,11 @@
 public class AccessPermissionVerificationMode implements VerificationMode {
 
  private final Set<AccessPermission> permissions;
+ private final Map<AccessPermission, AccessPermission> aliases;
 
  public AccessPermissionVerificationMode() {
  this.permissions = new HashSet<>();
+ this.aliases = new HashMap<>();
  }
 
  public AccessPermissionVerificationMode enablePermission(final AccessPermission permission) {
@@ -49,14 +53,24 @@ public AccessPermissionVerificationMode withSchemaPermissions(final JSONObject s
  return this;
  }
 
+ @ExcludeFromJacocoGeneratedReport
+ public AccessPermissionVerificationMode withAliases(AccessPermissionAlias... aliases) {
+ for (final AccessPermissionAlias alias : aliases) {
+ this.aliases.put(alias.getOrigin(), alias.getEquivalent());
+ }
+
+ return this;
+ }
+
  private MockitoAssertionError missingRequiredPermission(final AccessPermission permission) {
  return new MockitoAssertionError(String.format("Missing a required access permission: %s", permission));
  }
 
  private void verifyInvocationPermissions(final Invocation invocation) {
- final AccessPermission requiredPermission = AccessPermissionFactory.fromInvocation(invocation);
- if (!permissions.contains(requiredPermission)) {
- throw missingRequiredPermission(requiredPermission);
+ AccessPermission requiredPermission = AccessPermissionFactory.fromInvocation(invocation);
+ AccessPermission permissionAlias = this.aliases.get(requiredPermission);
+ if (!permissions.contains(requiredPermission) && !permissions.contains(permissionAlias)) {
+ throw missingRequiredPermission(permissionAlias == null ? requiredPermission : permissionAlias);
  }
  }
 

diff --git a/...mmon/src/test/java/software/amazon/rds/test/common/verification/AccessPermissionTest.java b/...mmon/src/test/java/software/amazon/rds/test/common/verification/AccessPermissionTest.java
@@ -0,0 +1,15 @@
+package software.amazon.rds.test.common.verification;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import software.amazon.rds.test.common.core.ServiceProvider;
+
+class AccessPermissionTest {
+
+ @Test
+ public void test_toString() {
+ final AccessPermission permission = new AccessPermission(ServiceProvider.RDS, "TestMethod");
+ Assertions.assertThat(permission.toString()).isEqualTo("rds:TestMethod");
+ }
+}
diff --git a/...va/software/amazon/rds/test/common/verification/AccessPermissionVerificationModeTest.java b/...va/software/amazon/rds/test/common/verification/AccessPermissionVerificationModeTest.java
@@ -15,13 +15,16 @@ class AccessPermissionVerificationModeTest {
  static class RdsClient {
  public void testMethod() {
  }
+
+ public void testMethodAlias() {
+ }
  }
 
  @Test
  public void test_unknownPermissionThrowsMockitoAssertionError() {
  final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode();
- RdsClient mock = Mockito.mock(RdsClient.class);
 
+ RdsClient mock = Mockito.mock(RdsClient.class);
  mock.testMethod();
 
  Assertions.assertThatThrownBy(() -> {
@@ -32,13 +35,30 @@ public void test_unknownPermissionThrowsMockitoAssertionError() {
  @Test
  public void test_enabledPermissionVerifiedSuccessfully() {
  final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode();
- RdsClient mock = Mockito.mock(RdsClient.class);
  verificationMode.enablePermission(new AccessPermission(ServiceProvider.RDS, "TestMethod"));
 
+ RdsClient mock = Mockito.mock(RdsClient.class);
  mock.testMethod();
 
  Assertions.assertThatCode(() -> {
  verificationMode.verify(new VerificationDataImpl(MockUtil.getInvocationContainer(mock), null));
  }).doesNotThrowAnyException();
  }
+
+ @Test
+ public void test_enabledPermissionAliasVerifiedSuccessfully() {
+ final AccessPermission origin = new AccessPermission(ServiceProvider.RDS, "TestMethodAlias");
+ final AccessPermission equivalent = new AccessPermission(ServiceProvider.RDS, "TestMethod");
+
+ final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode()
+ .enablePermission(equivalent)
+ .withAliases(new AccessPermissionAlias(origin, equivalent));
+
+ RdsClient mock = Mockito.mock(RdsClient.class);
+ mock.testMethodAlias();
+
+ Assertions.assertThatCode(() -> {
+ verificationMode.verify(new VerificationDataImpl(MockUtil.getInvocationContainer(mock), null));
+ }).doesNotThrowAnyException();
+ }
 }
diff --git a/aws-rds-dbparametergroup/aws-rds-dbparametergroup.json b/aws-rds-dbparametergroup/aws-rds-dbparametergroup.json
@@ -71,23 +71,23 @@
  "/properties/Description",
  "/properties/Family"
  ],
- "writeOnlyProperties": [
- "/properties/Parameters"
- ],
  "handlers": {
  "create": {
  "permissions": [
  "rds:AddTagsToResource",
  "rds:CreateDBParameterGroup",
  "rds:DescribeDBParameterGroups",
+ "rds:DescribeDBParameters",
  "rds:DescribeEngineDefaultParameters",
- "rds:ModifyDBParameterGroup",
- "rds:ListTagsForResource"
+ "rds:ListTagsForResource",
+ "rds:ModifyDBParameterGroup"
  ]
  },
  "read": {
  "permissions": [
  "rds:DescribeDBParameterGroups",
+ "rds:DescribeDBParameters",
+ "rds:DescribeEngineDefaultParameters",
  "rds:ListTagsForResource"
  ]
  },