ansible-collections · softwarefactory-project-zuul · May 15, 2023 · Apr 14, 2023 · Apr 14, 2023 · Apr 14, 2023
diff --git a/...1459-rds_instance-add-support-for-ca_certificate_identifier-to-create-update-instance.yml b/...1459-rds_instance-add-support-for-ca_certificate_identifier-to-create-update-instance.yml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+- rds_instance - add support for CACertificateIdentifier to create/update rds instance (https://github.com/ansible-collections/amazon.aws/pull/1459)."
diff --git a/plugins/module_utils/rds.py b/plugins/module_utils/rds.py
@@ -363,7 +363,7 @@ def arg_spec_to_rds_params(options_dict):
         processor_features = options_dict.pop("processor_features")
     camel_options = snake_dict_to_camel_dict(options_dict, capitalize_first=True)
     for key in list(camel_options.keys()):
-        for old, new in (("Db", "DB"), ("Iam", "IAM"), ("Az", "AZ")):
+        for old, new in (("Db", "DB"), ("Iam", "IAM"), ("Az", "AZ"), ("Ca", "CA")):
             if old in key:
                 camel_options[key.replace(old, new)] = camel_options.pop(key)
     camel_options["Tags"] = tags

diff --git a/plugins/modules/rds_instance.py b/plugins/modules/rds_instance.py
@@ -580,7 +580,9 @@
   type: int
   sample: 1
 ca_certificate_identifier:
-  description: The identifier of the CA certificate for the DB instance.
+  description:
+    - The identifier of the CA certificate for the DB instance.
+    - Requires minimum botocore version 1.29.44.
   returned: always
   type: str
   sample: rds-ca-2015
@@ -1019,7 +1021,10 @@ def get_options_with_changing_values(client, module, parameters):
     apply_immediately = parameters.pop("ApplyImmediately", None)
     cloudwatch_logs_enabled = module.params["enable_cloudwatch_logs_exports"]
     purge_security_groups = module.params["purge_security_groups"]
+    ca_certificate_identifier = module.params["ca_certificate_identifier"]
 
+    if ca_certificate_identifier:
+        parameters["CACertificateIdentifier"] = ca_certificate_identifier
     if port:
         parameters["DBPortNumber"] = port
     if not force_update_password:
@@ -1394,7 +1399,7 @@ def main():
         auto_minor_version_upgrade=dict(type="bool"),
         availability_zone=dict(aliases=["az", "zone"]),
         backup_retention_period=dict(type="int"),
-        ca_certificate_identifier=dict(),
+        ca_certificate_identifier=dict(type="str"),
         character_set_name=dict(),
         copy_tags_to_snapshot=dict(type="bool"),
         db_cluster_identifier=dict(aliases=["cluster_id"]),
@@ -1487,6 +1492,11 @@ def main():
         supports_check_mode=True,
     )
 
+    if module.params["ca_certificate_identifier"]:
+        module.require_botocore_at_least(
+            "1.29.44", reason="to use 'ca_certificate_identifier' while creating/updating rds instance"
+        )
+
     # Sanitize instance identifiers
     module.params["db_instance_identifier"] = module.params["db_instance_identifier"].lower()
     if module.params["new_db_instance_identifier"]:

diff --git a/tests/integration/targets/rds_instance_modify/meta/main.yml b/tests/integration/targets/rds_instance_modify/meta/main.yml
@@ -0,0 +1,5 @@
+---
+dependencies:
+   - role: setup_botocore_pip
+     vars:
+        botocore_version: "1.29.44"
diff --git a/tests/integration/targets/rds_instance_modify/tasks/main.yml b/tests/integration/targets/rds_instance_modify/tasks/main.yml
@@ -193,6 +193,119 @@
       - result.changed
       - result.db_instance_identifier == "{{ modified_instance_id }}"
 
+
+  # Test modifying CA certificate identifier -------------------------------------------
+
+  - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - check_mode
+    rds_instance:
+      state: present
+      db_instance_identifier: '{{ modified_instance_id }}'
+      allow_major_version_upgrade: true
+      ca_certificate_identifier: rds-ca-ecc384-g1
+      apply_immediately: true
+      tags:
+        Name: '{{ modified_instance_id }}'
+        Created_by: Ansible rds_instance tests
+    register: result
+    check_mode: true
+    vars:
+      ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+
+  - name: Get curent CA certificate identifier
+    rds_instance_info:
+      db_instance_identifier: '{{ modified_instance_id }}'
+    register: db_info
+  - name: Assert that CA certificate identifier has been modified - check_mode
+    assert:
+      that:
+        - result is changed
+        - result is not failed
+        - db_info.instances[0].ca_certificate_identifier != "rds-ca-ecc384-g1"
+
+  - name: Modify the CA certificate identifier to rds-ca-ecc384-g1
+    rds_instance:
+      state: present
+      db_instance_identifier: '{{ modified_instance_id }}'
+      allow_major_version_upgrade: true
+      ca_certificate_identifier: rds-ca-ecc384-g1
+      apply_immediately: true
+      tags:
+        Name: '{{ modified_instance_id }}'
+        Created_by: Ansible rds_instance tests
+    register: result
+    vars:
+      ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+
+  - name: Get curent CA certificate identifier
+    rds_instance_info:
+      db_instance_identifier: '{{ modified_instance_id }}'
+    register: db_info
+    retries: 20
+    delay: 10
+    until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+  - name: Assert that CA certificate identifier has been modified
+    assert:
+      that:
+        - result is changed
+        - result is not failed
+        - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+
+  - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - idempotent
+    rds_instance:
+      state: present
+      db_instance_identifier: '{{ modified_instance_id }}'
+      ca_certificate_identifier: rds-ca-ecc384-g1
+      apply_immediately: true
+      tags:
+        Name: '{{ modified_instance_id }}'
+        Created_by: Ansible rds_instance tests
+    register: result
+    vars:
+      ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+
+  - name: Get curent CA certificate identifier
+    rds_instance_info:
+      db_instance_identifier: '{{ modified_instance_id }}'
+    register: db_info
+    retries: 20
+    delay: 10
+    until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+  - name: Assert that CA certificate identifier has been modified
+    assert:
+      that:
+        - result is not changed
+        - result is not failed
+        - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+
+  - name: Modify the CA certificate identifier to rds-ca-ecc384-g1 - idempotent - check_mode
+    rds_instance:
+      state: present
+      db_instance_identifier: '{{ modified_instance_id }}'
+      ca_certificate_identifier: rds-ca-ecc384-g1
+      apply_immediately: true
+      tags:
+        Name: '{{ modified_instance_id }}'
+        Created_by: Ansible rds_instance tests
+    register: result
+    check_mode: true
+    vars:
+      ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+
+  - name: Get curent CA certificate identifier
+    rds_instance_info:
+      db_instance_identifier: '{{ modified_instance_id }}'
+    register: db_info
+    retries: 20
+    delay: 10
+    until: db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+  - name: Assert that CA certificate identifier has been modified
+    assert:
+      that:
+        - result is not changed
+        - result is not failed
+        - db_info.instances[0].ca_certificate_identifier == "rds-ca-ecc384-g1"
+  # Test modifying CA certificate identifier Complete-------------------------------------------
+
   always:
   - name: Delete the instance
     rds_instance: