[DBParameterGroup] Include parameters in the ReadHandler response

aws-rds-cfn-common/src/main/java/software/amazon/rds/common/logging/LoggingProxyClient.java

@@ -19,52 +19,55 @@ public class LoggingProxyClient<ClientT> implements ProxyClient<ClientT> {
  final private ProxyClient<ClientT> proxyClient;
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseT
- injectCredentialsAndInvokeV2(RequestT request, Function<RequestT, ResponseT> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseT injectCredentialsAndInvokeV2(
+ final RequestT request,
+ final Function<RequestT, ResponseT> requestFunction
+ ) {
+ return logRequestResponseAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- CompletableFuture<ResponseT>
- injectCredentialsAndInvokeV2Async(RequestT request,
-  Function<RequestT, CompletableFuture<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Async);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> CompletableFuture<ResponseT> injectCredentialsAndInvokeV2Async(
+  final RequestT request,
+  final Function<RequestT, CompletableFuture<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Async);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse, IterableT extends SdkIterable<ResponseT>>
- IterableT
- injectCredentialsAndInvokeIterableV2(RequestT request, Function<RequestT, IterableT> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeIterableV2);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse, IterableT extends SdkIterable<ResponseT>> IterableT injectCredentialsAndInvokeIterableV2(
+ final RequestT request,
+ final Function<RequestT, IterableT> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeIterableV2);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseInputStream<ResponseT>
- injectCredentialsAndInvokeV2InputStream(RequestT request,
-  Function<RequestT, ResponseInputStream<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2InputStream);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseInputStream<ResponseT> injectCredentialsAndInvokeV2InputStream(
+  final RequestT request,
+  final Function<RequestT, ResponseInputStream<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2InputStream);
  }
 
  @Override
- public <RequestT extends AwsRequest, ResponseT extends AwsResponse>
- ResponseBytes<ResponseT>
- injectCredentialsAndInvokeV2Bytes(RequestT request,
-  Function<RequestT, ResponseBytes<ResponseT>> requestFunction) {
- return logAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Bytes);
+ public <RequestT extends AwsRequest, ResponseT extends AwsResponse> ResponseBytes<ResponseT> injectCredentialsAndInvokeV2Bytes(
+  final RequestT request,
+  final Function<RequestT, ResponseBytes<ResponseT>> requestFunction
+ ) {
+ return logRequestAndDelegate(request, requestFunction, proxyClient::injectCredentialsAndInvokeV2Bytes);
  }
 
  @Override
  public ClientT client() {
  return proxyClient.client();
  }
 
- private <RequestT extends AwsRequest, ResultT> ResultT logAndDelegate(
+ private <RequestT extends AwsRequest, ResultT> ResultT logRequestResponseAndDelegate(
  final RequestT request,
  final Function<RequestT, ResultT> requestFunction,
- final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials) {
+ final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials
+ ) {
  ResultT result = null;
  try {
  requestLogger.log(request);
@@ -76,5 +79,19 @@ private <RequestT extends AwsRequest, ResultT> ResultT logAndDelegate(
  return result;
  }
 
-
+ private <RequestT extends AwsRequest, ResultT> ResultT logRequestAndDelegate(
+ final RequestT request,
+ final Function<RequestT, ResultT> requestFunction,
+ final BiFunction<RequestT, Function<RequestT, ResultT>, ResultT> injectCredentials
+ ) {
+ ResultT result = null;
+ try {
+ requestLogger.log(request);
+ result = injectCredentials.apply(request, requestFunction);
+ } catch (Exception e) {
+ requestLogger.logAndThrow(e);
+ }
+ requestLogger.log("[Result log omitted]");
+ return result;
+ }
 }

aws-rds-cfn-common/src/test/java/software/amazon/rds/common/logging/LoggingProxyClientTest.java

@@ -82,25 +82,25 @@ void test_injectCredentialsAndInvokeV2Bytes() {
  ResponseBytes<AwsResponse> response = ResponseBytes.fromByteArray(awsResponse, awsResponse.toString().getBytes());
  when(proxy.injectCredentialsAndInvokeV2Bytes(any(), any())).thenReturn(response);
  proxyRdsClient.injectCredentialsAndInvokeV2Bytes(awsRequest, request -> response);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(STACK_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(STACK_ID)).isTrue();
  }
 
  @Test
  void test_injectCredentialsAndInvokeIterableV2() {
  ProxyClient<RdsClient> proxyRdsClient = getProxyRdsClient(logger);
  when(proxy.injectCredentialsAndInvokeIterableV2(any(), any())).thenReturn(sdkIterable);
  proxyRdsClient.injectCredentialsAndInvokeIterableV2(awsRequest, request -> sdkIterable);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(AWS_ACCOUNT_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(AWS_ACCOUNT_ID)).isTrue();
  }
 
  @Test
  void test_injectCredentialsAndInvokeV2Async() {
  ProxyClient<RdsClient> proxyRdsClient = getProxyRdsClient(logger);
  when(proxy.injectCredentialsAndInvokeV2Async(any(), any())).thenReturn(awsResponseCompletableFuture);
  proxyRdsClient.injectCredentialsAndInvokeV2Async(awsRequest, request -> awsResponseCompletableFuture);
- verify(logger, times(2)).log(captor.capture());
- assertThat(captor.getValue().contains(STACK_ID)).isTrue();
+ verify(logger, times(3)).log(captor.capture());
+ assertThat(captor.getAllValues().get(0).contains(STACK_ID)).isTrue();
  }
 }

aws-rds-cfn-test-common/src/main/java/software/amazon/rds/test/common/verification/AccessPermissionAlias.java

@@ -0,0 +1,13 @@
+package software.amazon.rds.test.common.verification;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@AllArgsConstructor
+public class AccessPermissionAlias {
+ @Getter
+ private AccessPermission origin;
+
+ @Getter
+ private AccessPermission equivalent;
+}

aws-rds-cfn-test-common/src/main/java/software/amazon/rds/test/common/verification/AccessPermissionVerificationMode.java

@@ -1,7 +1,9 @@
 package software.amazon.rds.test.common.verification;
 
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import org.json.JSONArray;
@@ -19,9 +21,11 @@
 public class AccessPermissionVerificationMode implements VerificationMode {
 
  private final Set<AccessPermission> permissions;
+ private final Map<AccessPermission, AccessPermission> aliases;
 
  public AccessPermissionVerificationMode() {
  this.permissions = new HashSet<>();
+ this.aliases = new HashMap<>();
  }
 
  public AccessPermissionVerificationMode enablePermission(final AccessPermission permission) {
@@ -49,14 +53,24 @@ public AccessPermissionVerificationMode withSchemaPermissions(final JSONObject s
  return this;
  }
 
+ @ExcludeFromJacocoGeneratedReport
+ public AccessPermissionVerificationMode withAliases(AccessPermissionAlias... aliases) {
+ for (final AccessPermissionAlias alias : aliases) {
+ this.aliases.put(alias.getOrigin(), alias.getEquivalent());
+ }
+
+ return this;
+ }
+
  private MockitoAssertionError missingRequiredPermission(final AccessPermission permission) {
  return new MockitoAssertionError(String.format("Missing a required access permission: %s", permission));
  }
 
  private void verifyInvocationPermissions(final Invocation invocation) {
- final AccessPermission requiredPermission = AccessPermissionFactory.fromInvocation(invocation);
- if (!permissions.contains(requiredPermission)) {
- throw missingRequiredPermission(requiredPermission);
+ AccessPermission requiredPermission = AccessPermissionFactory.fromInvocation(invocation);
+ AccessPermission permissionAlias = this.aliases.get(requiredPermission);
+ if (!permissions.contains(requiredPermission) && !permissions.contains(permissionAlias)) {
+ throw missingRequiredPermission(permissionAlias == null ? requiredPermission : permissionAlias);
  }
  }
 

aws-rds-cfn-test-common/src/test/java/software/amazon/rds/test/common/verification/AccessPermissionTest.java

@@ -0,0 +1,15 @@
+package software.amazon.rds.test.common.verification;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+
+import software.amazon.rds.test.common.core.ServiceProvider;
+
+class AccessPermissionTest {
+
+ @Test
+ public void test_toString() {
+ final AccessPermission permission = new AccessPermission(ServiceProvider.RDS, "TestMethod");
+ Assertions.assertThat(permission.toString()).isEqualTo("rds:TestMethod");
+ }
+}

aws-rds-cfn-test-common/src/test/java/software/amazon/rds/test/common/verification/AccessPermissionVerificationModeTest.java

@@ -15,13 +15,16 @@ class AccessPermissionVerificationModeTest {
  static class RdsClient {
  public void testMethod() {
  }
+
+ public void testMethodAlias() {
+ }
  }
 
  @Test
  public void test_unknownPermissionThrowsMockitoAssertionError() {
  final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode();
- RdsClient mock = Mockito.mock(RdsClient.class);
 
+ RdsClient mock = Mockito.mock(RdsClient.class);
  mock.testMethod();
 
  Assertions.assertThatThrownBy(() -> {
@@ -32,13 +35,30 @@ public void test_unknownPermissionThrowsMockitoAssertionError() {
  @Test
  public void test_enabledPermissionVerifiedSuccessfully() {
  final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode();
- RdsClient mock = Mockito.mock(RdsClient.class);
  verificationMode.enablePermission(new AccessPermission(ServiceProvider.RDS, "TestMethod"));
 
+ RdsClient mock = Mockito.mock(RdsClient.class);
  mock.testMethod();
 
  Assertions.assertThatCode(() -> {
  verificationMode.verify(new VerificationDataImpl(MockUtil.getInvocationContainer(mock), null));
  }).doesNotThrowAnyException();
  }
+
+ @Test
+ public void test_enabledPermissionAliasVerifiedSuccessfully() {
+ final AccessPermission origin = new AccessPermission(ServiceProvider.RDS, "TestMethodAlias");
+ final AccessPermission equivalent = new AccessPermission(ServiceProvider.RDS, "TestMethod");
+
+ final AccessPermissionVerificationMode verificationMode = new AccessPermissionVerificationMode()
+ .enablePermission(equivalent)
+ .withAliases(new AccessPermissionAlias(origin, equivalent));
+
+ RdsClient mock = Mockito.mock(RdsClient.class);
+ mock.testMethodAlias();
+
+ Assertions.assertThatCode(() -> {
+ verificationMode.verify(new VerificationDataImpl(MockUtil.getInvocationContainer(mock), null));
+ }).doesNotThrowAnyException();
+ }
 }

aws-rds-dbparametergroup/aws-rds-dbparametergroup.json

@@ -71,23 +71,23 @@
  "/properties/Description",
  "/properties/Family"
  ],
- "writeOnlyProperties": [
- "/properties/Parameters"
- ],
  "handlers": {
  "create": {
  "permissions": [
  "rds:AddTagsToResource",
  "rds:CreateDBParameterGroup",
  "rds:DescribeDBParameterGroups",
+ "rds:DescribeDBParameters",
  "rds:DescribeEngineDefaultParameters",
- "rds:ModifyDBParameterGroup",
- "rds:ListTagsForResource"
+ "rds:ListTagsForResource",
+ "rds:ModifyDBParameterGroup"
  ]
  },
  "read": {
  "permissions": [
  "rds:DescribeDBParameterGroups",
+ "rds:DescribeDBParameters",
+ "rds:DescribeEngineDefaultParameters",
  "rds:ListTagsForResource"
  ]
  },