Merge branch 'master' into dbinstance/automated-backup-replicaton

aws-rds-cfn-common/src/main/java/software/amazon/rds/common/handler/Tagging.java

@@ -22,7 +22,6 @@
 import software.amazon.awssdk.services.rds.model.Tag;
 import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
 import software.amazon.cloudformation.proxy.HandlerErrorCode;
-import software.amazon.cloudformation.proxy.OperationStatus;
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.rds.common.error.ErrorCode;
@@ -32,7 +31,7 @@
 public final class Tagging {
     public static final ErrorRuleSet IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET = ErrorRuleSet
             .extend(ErrorRuleSet.EMPTY_RULE_SET)
-            .withErrorCodes(ErrorStatus.ignore(OperationStatus.IN_PROGRESS),
+            .withErrorCodes(ErrorStatus.ignore(),
                     ErrorCode.AccessDenied,
                     ErrorCode.AccessDeniedException)
             .build();

aws-rds-customdbengineversion/src/main/java/software/amazon/rds/customdbengineversion/BaseHandlerStd.java

@@ -187,9 +187,7 @@ private ProgressEvent<ResourceModel, CallbackContext> getTaggingErrorRuleSet(fin
                 DEFAULT_CUSTOM_DB_ENGINE_VERSION_ERROR_RULE_SET.extendWith(
                         Tagging.getUpdateTagsAccessDeniedRuleSet(
                                 tagsToAdd,
-                                tagsToRemove,
-                                Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                tagsToRemove
                         )
                 )
         );

aws-rds-customdbengineversion/src/test/java/software/amazon/rds/customdbengineversion/UpdateHandlerTest.java

@@ -215,7 +215,9 @@ public void handleRequest_HardFailingTaggingOnAddTags() {
     }
 
     @Test
-    public void handleRequest_SoftFailingTaggingOnRemoveTags() {
+    public void handleRequest_HardFailWithUnauthorizedTagsOnRemove() {
+        when(rdsProxy.client().modifyCustomDBEngineVersion(any(ModifyCustomDbEngineVersionRequest.class)))
+                .thenReturn(ModifyCustomDbEngineVersionResponse.builder().build());
         when(rdsProxy.client().removeTagsFromResource(any(RemoveTagsFromResourceRequest.class)))
                 .thenThrow(
                         RdsException.builder().awsErrorDetails(AwsErrorDetails.builder()
@@ -226,19 +228,22 @@ public void handleRequest_SoftFailingTaggingOnRemoveTags() {
         test_handleRequest_base(
                 context,
                 ResourceHandlerRequest.<ResourceModel>builder()
-                        .previousSystemTags(Translator.translateTagsToRequest(TAG_LIST))
-                        .systemTags(Translator.translateTagsToRequest(TAG_LIST_EMPTY)),
+                        .previousResourceTags(Translator.translateTagsToRequest(TAG_LIST))
+                        .desiredResourceTags(Translator.translateTagsToRequest(TAG_LIST_EMPTY)),
                 () -> DB_ENGINE_VERSION_AVAILABLE,
                 () -> RESOURCE_MODEL_BUILDER().build(),
-                () -> RESOURCE_MODEL_BUILDER().build(),
-                expectSuccess()
+                () -> RESOURCE_MODEL_BUILDER().status("inactive").build(),
+                expectFailed(HandlerErrorCode.UnauthorizedTaggingOperation)
         );
 
+        verify(rdsProxy.client(), times(1)).modifyCustomDBEngineVersion(any(ModifyCustomDbEngineVersionRequest.class));
         verify(rdsProxy.client(), times(1)).removeTagsFromResource(any(RemoveTagsFromResourceRequest.class));
     }
 
     @Test
-    public void handleRequest_SoftFailingTaggingOnAddTags() {
+    public void handleRequest_HardFailWithUnauthorizedTagsOnAdd() {
+        when(rdsProxy.client().modifyCustomDBEngineVersion(any(ModifyCustomDbEngineVersionRequest.class)))
+                .thenReturn(ModifyCustomDbEngineVersionResponse.builder().build());
         when(rdsProxy.client().addTagsToResource(any(AddTagsToResourceRequest.class)))
                 .thenThrow(
                         RdsException.builder().awsErrorDetails(AwsErrorDetails.builder()
@@ -253,10 +258,11 @@ public void handleRequest_SoftFailingTaggingOnAddTags() {
                         .systemTags(Translator.translateTagsToRequest(TAG_LIST)),
                 () -> DB_ENGINE_VERSION_AVAILABLE,
                 () -> RESOURCE_MODEL_BUILDER().build(),
-                () -> RESOURCE_MODEL_BUILDER().build(),
-                expectSuccess()
+                () -> RESOURCE_MODEL_BUILDER().status("inactive").build(),
+                expectFailed(HandlerErrorCode.UnauthorizedTaggingOperation)
         );
 
+        verify(rdsProxy.client(), times(1)).modifyCustomDBEngineVersion(any(ModifyCustomDbEngineVersionRequest.class));
         verify(rdsProxy.client(), times(1)).addTagsToResource(any(AddTagsToResourceRequest.class));
     }
 }

aws-rds-dbclusterendpoint/src/main/java/software/amazon/rds/dbclusterendpoint/ReadHandler.java

@@ -1,5 +1,8 @@
 package software.amazon.rds.dbclusterendpoint;
 
+import java.util.Optional;
+import java.util.Set;
+
 import software.amazon.awssdk.services.rds.RdsClient;
 import software.amazon.awssdk.services.rds.model.DBClusterEndpoint;
 import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
@@ -12,9 +15,6 @@
 import software.amazon.rds.common.handler.HandlerConfig;
 import software.amazon.rds.common.handler.Tagging;
 
-import java.util.Optional;
-import java.util.Set;
-
 public class ReadHandler extends BaseHandlerStd {
 
     public ReadHandler() {
@@ -73,7 +73,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> readTags(
             return Commons.handleException(
                     ProgressEvent.progress(model, context),
                     exception,
-                    DEFAULT_DB_CLUSTER_ENDPOINT_ERROR_RULE_SET.extendWith(Tagging.STACK_TAGS_ERROR_RULE_SET)
+                    DEFAULT_DB_CLUSTER_ENDPOINT_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
             );
         }
         return ProgressEvent.success(model, context);

aws-rds-dbclusterparametergroup/src/main/java/software/amazon/rds/dbclusterparametergroup/BaseHandlerStd.java

@@ -1,8 +1,6 @@
 package software.amazon.rds.dbclusterparametergroup;
 
 import java.time.Duration;
-import java.util.ArrayList;
-import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -178,9 +176,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> updateTags(
                     DEFAULT_DB_CLUSTER_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(
                             Tagging.getUpdateTagsAccessDeniedRuleSet(
                                     tagsToAdd,
-                                    tagsToRemove,
-                                    Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                    Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                    tagsToRemove
                             )
                     )
             );

aws-rds-dbclusterparametergroup/src/main/java/software/amazon/rds/dbclusterparametergroup/ReadHandler.java

@@ -89,7 +89,7 @@ private ProgressEvent<ResourceModel, CallbackContext> readTags(
             return Commons.handleException(
                     ProgressEvent.progress(model, context),
                     exception,
-                    DEFAULT_DB_CLUSTER_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(Tagging.STACK_TAGS_ERROR_RULE_SET)
+                    DEFAULT_DB_CLUSTER_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
             );
         }
         return ProgressEvent.success(model, context);

aws-rds-dbparametergroup/src/main/java/software/amazon/rds/dbparametergroup/BaseHandlerStd.java

@@ -151,9 +151,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> updateTags(
                     DEFAULT_DB_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(
                             Tagging.getUpdateTagsAccessDeniedRuleSet(
                                     tagsToAdd,
-                                    tagsToRemove,
-                                    Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                    Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                    tagsToRemove
                             )
                     )
             );

aws-rds-dbparametergroup/src/main/java/software/amazon/rds/dbparametergroup/ReadHandler.java

@@ -103,7 +103,7 @@ private ProgressEvent<ResourceModel, CallbackContext> readTags(
             return Commons.handleException(
                     ProgressEvent.progress(model, context),
                     exception,
-                    DEFAULT_DB_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(Tagging.STACK_TAGS_ERROR_RULE_SET)
+                    DEFAULT_DB_PARAMETER_GROUP_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
             );
         }
         return ProgressEvent.success(model, context);

aws-rds-dbsubnetgroup/src/main/java/software/amazon/rds/dbsubnetgroup/BaseHandlerStd.java

@@ -123,9 +123,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> updateTags(
                     DEFAULT_DB_SUBNET_GROUP_ERROR_RULE_SET.extendWith(
                             Tagging.getUpdateTagsAccessDeniedRuleSet(
                                     tagsToAdd,
-                                    tagsToRemove,
-                                    Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                    Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                    tagsToRemove
                             )
                     )
             );

aws-rds-dbsubnetgroup/src/main/java/software/amazon/rds/dbsubnetgroup/ReadHandler.java

@@ -70,7 +70,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> readTags(
             return Commons.handleException(
                     ProgressEvent.progress(model, context),
                     exception,
-                    DEFAULT_DB_SUBNET_GROUP_ERROR_RULE_SET.extendWith(Tagging.STACK_TAGS_ERROR_RULE_SET)
+                    DEFAULT_DB_SUBNET_GROUP_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
             );
         }
         return ProgressEvent.success(model, context);

aws-rds-eventsubscription/src/main/java/software/amazon/rds/eventsubscription/BaseHandlerStd.java

@@ -137,9 +137,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> updateTags(
                     DEFAULT_EVENT_SUBSCRIPTION_ERROR_RULE_SET.extendWith(
                                     Tagging.getUpdateTagsAccessDeniedRuleSet(
                                             tagsToAdd,
-                                            tagsToRemove,
-                                            Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                            Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                            tagsToRemove
                                     )
                             )
             );

aws-rds-eventsubscription/src/main/java/software/amazon/rds/eventsubscription/ReadHandler.java

@@ -49,7 +49,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> readTags(
             return Commons.handleException(
                     ProgressEvent.progress(model, context),
                     exception,
-                    DEFAULT_EVENT_SUBSCRIPTION_ERROR_RULE_SET.extendWith(Tagging.STACK_TAGS_ERROR_RULE_SET)
+                    DEFAULT_EVENT_SUBSCRIPTION_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
             );
         }
         return ProgressEvent.success(model, context);

aws-rds-optiongroup/src/main/java/software/amazon/rds/optiongroup/BaseHandlerStd.java

@@ -137,9 +137,7 @@ protected ProgressEvent<ResourceModel, CallbackContext> updateTags(
                                 DEFAULT_OPTION_GROUP_ERROR_RULE_SET.extendWith(
                                         Tagging.getUpdateTagsAccessDeniedRuleSet(
                                                 tagsToAdd,
-                                                tagsToRemove,
-                                                Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET,
-                                                Tagging.RESOURCE_TAG_ERROR_RULE_SET
+                                                tagsToRemove
                                         )
                                 )
                         );

aws-rds-optiongroup/src/main/java/software/amazon/rds/optiongroup/CallbackContext.java

@@ -9,6 +9,7 @@
 @lombok.EqualsAndHashCode(callSuper = true)
 public class CallbackContext extends StdCallbackContext implements TaggingContext.Provider {
     private TaggingContext taggingContext;
+    private String optionGroupGroupArn;
 
     public CallbackContext() {
         super();

aws-rds-optiongroup/src/main/java/software/amazon/rds/optiongroup/ReadHandler.java

@@ -1,22 +1,17 @@
 package software.amazon.rds.optiongroup;
 
-import java.util.ArrayList;
 import java.util.List;
-import java.util.Objects;
-
-import org.apache.commons.collections.CollectionUtils;
 
 import software.amazon.awssdk.services.rds.RdsClient;
-import software.amazon.awssdk.services.rds.model.Option;
 import software.amazon.awssdk.services.rds.model.OptionGroup;
-import software.amazon.awssdk.services.rds.model.OptionSetting;
 import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
 import software.amazon.cloudformation.proxy.Logger;
 import software.amazon.cloudformation.proxy.ProgressEvent;
 import software.amazon.cloudformation.proxy.ProxyClient;
 import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
 import software.amazon.rds.common.handler.Commons;
 import software.amazon.rds.common.handler.HandlerConfig;
+import software.amazon.rds.common.handler.Tagging;
 
 public class ReadHandler extends BaseHandlerStd {
 
@@ -53,18 +48,36 @@ protected ProgressEvent<ResourceModel, CallbackContext> handleRequest(
                     final OptionGroup optionGroup = describeResponse.optionGroupsList().stream().findFirst().get();
                     final List<OptionConfiguration> optionConfigurations = Translator.translateOptionConfigurationsFromSdk(optionGroup.options());
 
-                    final List<Tag> tags = listTags(proxyInvocation, optionGroup.optionGroupArn());
-                    return ProgressEvent.success(
+                    context.setOptionGroupGroupArn(optionGroup.optionGroupArn());
+                    return ProgressEvent.progress(
                             ResourceModel.builder()
                                     .optionGroupName(optionGroup.optionGroupName())
                                     .engineName(optionGroup.engineName())
                                     .majorEngineVersion(optionGroup.majorEngineVersion())
                                     .optionGroupDescription(optionGroup.optionGroupDescription())
                                     .optionConfigurations(optionConfigurations)
-                                    .tags(tags)
                                     .build(),
                             context
                     );
-                });
+                }).then(progress -> readTags(proxyClient, progress));
+    }
+
+    protected ProgressEvent<ResourceModel, CallbackContext> readTags(
+            final ProxyClient<RdsClient> proxyClient,
+            final ProgressEvent<ResourceModel, CallbackContext> progress) {
+        ResourceModel model = progress.getResourceModel();
+        CallbackContext context = progress.getCallbackContext();
+        try {
+            String arn = context.getOptionGroupGroupArn();
+            List<Tag> resourceTags = Translator.translateTagsFromSdk(Tagging.listTagsForResource(proxyClient, arn));
+            model.setTags(resourceTags);
+        } catch (Exception exception) {
+            return Commons.handleException(
+                    ProgressEvent.progress(model, context),
+                    exception,
+                    DEFAULT_OPTION_GROUP_ERROR_RULE_SET.extendWith(Tagging.IGNORE_LIST_TAGS_PERMISSION_DENIED_ERROR_RULE_SET)
+            );
+        }
+        return ProgressEvent.success(model, context);
     }
 }

aws-rds-optiongroup/src/test/java/software/amazon/rds/optiongroup/UpdateHandlerTest.java

@@ -13,22 +13,38 @@
 import java.util.Collections;
 import java.util.Map;
 
-import com.google.common.collect.ImmutableList;
-import com.google.common.collect.ImmutableMap;
-import com.google.common.collect.ImmutableSet;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
 
+import com.google.common.collect.ImmutableList;
+import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
 import lombok.Getter;
 import software.amazon.awssdk.awscore.exception.AwsErrorDetails;
 import software.amazon.awssdk.services.rds.RdsClient;
-import software.amazon.awssdk.services.rds.model.*;
+import software.amazon.awssdk.services.rds.model.AddTagsToResourceRequest;
+import software.amazon.awssdk.services.rds.model.AddTagsToResourceResponse;
+import software.amazon.awssdk.services.rds.model.DescribeOptionGroupsRequest;
+import software.amazon.awssdk.services.rds.model.DescribeOptionGroupsResponse;
+import software.amazon.awssdk.services.rds.model.ListTagsForResourceRequest;
+import software.amazon.awssdk.services.rds.model.ListTagsForResourceResponse;
+import software.amazon.awssdk.services.rds.model.ModifyOptionGroupRequest;
+import software.amazon.awssdk.services.rds.model.ModifyOptionGroupResponse;
+import software.amazon.awssdk.services.rds.model.OptionGroupNotFoundException;
+import software.amazon.awssdk.services.rds.model.RdsException;
+import software.amazon.awssdk.services.rds.model.RemoveTagsFromResourceRequest;
+import software.amazon.awssdk.services.rds.model.RemoveTagsFromResourceResponse;
 import software.amazon.awssdk.services.rds.model.Tag;
-import software.amazon.cloudformation.proxy.*;
+import software.amazon.cloudformation.proxy.AmazonWebServicesClientProxy;
+import software.amazon.cloudformation.proxy.HandlerErrorCode;
+import software.amazon.cloudformation.proxy.OperationStatus;
+import software.amazon.cloudformation.proxy.ProgressEvent;
+import software.amazon.cloudformation.proxy.ProxyClient;
+import software.amazon.cloudformation.proxy.ResourceHandlerRequest;
 import software.amazon.rds.common.error.ErrorCode;
 import software.amazon.rds.common.handler.HandlerConfig;
 import software.amazon.rds.test.common.core.HandlerName;
@@ -227,8 +243,6 @@ public void handleRequest_SoftFailingTaggingOnRemoveTags() {
                 )
         );
 
-        when(proxyClient.client().listTagsForResource(any(ListTagsForResourceRequest.class)))
-                .thenReturn(ListTagsForResourceResponse.builder().build());
         final DescribeOptionGroupsResponse describeDbClusterParameterGroupsResponse = DescribeOptionGroupsResponse.builder()
                 .optionGroupsList(OPTION_GROUP_ACTIVE).build();
         when(proxyClient.client().describeOptionGroups(any(DescribeOptionGroupsRequest.class)))
@@ -253,15 +267,14 @@ public void handleRequest_SoftFailingTaggingOnRemoveTags() {
         final ProgressEvent<ResourceModel, CallbackContext> response = handler.handleRequest(proxy, request, new CallbackContext(), proxyClient, logger);
 
         assertThat(response).isNotNull();
-        assertThat(response.getStatus()).isEqualTo(OperationStatus.SUCCESS);
+        assertThat(response.getStatus()).isEqualTo(OperationStatus.FAILED);
         assertThat(response.getCallbackDelaySeconds()).isEqualTo(0);
+        assertThat(response.getMessage()).isNotNull();
+        assertThat(response.getErrorCode()).isEqualTo(HandlerErrorCode.UnauthorizedTaggingOperation);
         assertThat(response.getResourceModels()).isNull();
-        assertThat(response.getMessage()).isNull();
-        assertThat(response.getErrorCode()).isNull();
 
         verify(proxyClient.client(), times(1)).removeTagsFromResource(any(RemoveTagsFromResourceRequest.class));
-        verify(proxyClient.client(), times(2)).describeOptionGroups(any(DescribeOptionGroupsRequest.class));
-        verify(proxyClient.client(), times(1)).listTagsForResource(any(ListTagsForResourceRequest.class));
+        verify(proxyClient.client(), times(1)).describeOptionGroups(any(DescribeOptionGroupsRequest.class));
     }
 
     @Test