Bump new version (#93)

Author: lechuk47

CHANGELOG.md

@@ -1,5 +1,18 @@
 # ChangeLog
 
+## 0.5.0
+
+- HCL version release.
+- Bump external-resources-io
+- Bump er-terraform-base image
+- Improved verssion validations.
+
+## 0.4.x
+
+- First HCL version
+- Interim Version to migrate existing resources to HCL
+- Parameter group dependency fix
+
 ## 0.2.0
 
 - Use Konflux to build the image

Dockerfile

@@ -1,6 +1,6 @@
-FROM quay.io/redhat-services-prod/app-sre-tenant/er-base-terraform-main/er-base-terraform-main:tf-1.6.6-py-3.12-v0.3.0-1@sha256:db5eac3155679679656d200e60c7865851f9a661b85d8a0a94d2815b300be591  AS base
+FROM quay.io/redhat-services-prod/app-sre-tenant/er-base-terraform-main/er-base-terraform-main:tf-1.6.6-py-3.12-v0.3.2-1 AS base
 # keep in sync with pyproject.toml
-LABEL konflux.additional-tags="0.4.0"
+LABEL konflux.additional-tags="0.5.0"
 
 FROM base AS builder
 COPY --from=ghcr.io/astral-sh/uv:0.5.25@sha256:a73176b27709bff700a1e3af498981f31a83f27552116f21ae8371445f0be710 /uv /bin/uv

Makefile

@@ -8,8 +8,6 @@ format:
 
 .PHONY: image_tests
 image_tests:
-	# validate_plan.py must exist
-	[ -f "hooks/pre_plan.py" ]
 	[ -f "hooks/post_plan.py" ]
 
 .PHONY: code_tests
@@ -22,6 +20,7 @@ code_tests:
 .PHONY: terraform_tests
 terraform_tests:
 	terraform fmt -check -diff module/
+
 .PHONY: test
 test: image_tests code_tests terraform_tests
 

er_aws_rds/config.py

@@ -1,9 +1,11 @@
 from external_resources_io.input import (
-    create_backend_tf_file,
-    create_tf_vars_json,
     parse_model,
     read_input_from_file,
 )
+from external_resources_io.terraform.generators import (
+    create_backend_tf_file,
+    create_tf_vars_json,
+)
 
 from er_aws_rds.input import AppInterfaceInput, TerraformModuleData
 

hooks/post_plan.py

@@ -69,6 +69,11 @@ def resource_creations(self) -> list[ResourceChange]:
             if c.change and Action.ActionCreate in c.change.actions
         ]
 
+    @property
+    def aws_db_instance_creations(self) -> list[ResourceChange]:
+        "Gets the RDS isntance creations"
+        return [c for c in self.resource_creations if c.type == "aws_db_instance"]
+
     @property
     def aws_db_instance_updates(self) -> list[ResourceChange]:
         "Gets the RDS isntance updates"
@@ -79,7 +84,19 @@ def aws_db_instance_deletions(self) -> list[ResourceChange]:
         "Gets the RDS instance deletions"
         return [c for c in self.resource_deletions if c.type == "aws_db_instance"]
 
-    def _validate_major_version_upgrade(self) -> None:
+    def _validate_version_on_create(self) -> None:
+        """Validates the RDS instance desired version (new instance)"""
+        for u in self.aws_db_instance_creations:
+            if not u.change or not u.change.after:
+                continue
+            engine = u.change.after["engine"]
+            version = u.change.after["engine_version"]
+            if not self.aws_api.is_rds_engine_version_available(
+                engine=engine, version=version
+            ):
+                self.errors.append(f"{engine} version {version} is not available.")
+
+    def _validate_version_upgrade(self) -> None:
         for u in self.aws_db_instance_updates:
             if not u.change or not u.change.before or not u.change.after:
                 continue
@@ -94,7 +111,7 @@ def _validate_major_version_upgrade(self) -> None:
                         "Engine version cannot be updated. "
                         f"Current_version: {current_version}, "
                         f"Desired_version: {desired_version}, "
-                        f"Valid update versions: %{valid_update_versions}"
+                        f"Valid update versions: {valid_update_versions}"
                     )
 
                 # Major version upgrade validation
@@ -122,7 +139,7 @@ def _validate_deletion_protection_not_enabled_on_destroy(self) -> None:
                 )
 
     def _validate_resource_renaming(self) -> None:
-        # is it a rename?
+        # This validation was used to migrate resources from CDKTF to HCL
         if (
             len(self.resource_deletions) != 0
             and len(self.resource_creations) != 0
@@ -133,12 +150,11 @@ def _validate_resource_renaming(self) -> None:
         ):
             self.errors.append("Deletions and Creations mismatch")
 
-    def validate(self, *, exclude_deletion_protection_test: bool = False) -> bool:
+    def validate(self) -> bool:
         """Validate method"""
-        self._validate_major_version_upgrade()
-        if not exclude_deletion_protection_test:
-            self._validate_deletion_protection_not_enabled_on_destroy()
-        self._validate_resource_renaming()
+        self._validate_version_on_create()
+        self._validate_version_upgrade()
+        self._validate_deletion_protection_not_enabled_on_destroy()
         return not self.errors
 
 
@@ -157,9 +173,7 @@ def validate(self, *, exclude_deletion_protection_test: bool = False) -> bool:
     logger.info("Running RDS terraform plan validation")
     parser = TerraformJsonPlanParser(plan_path=terraform_plan_json)
     validator = RDSPlanValidator(parser.plan, app_interface_input)
-    # Excluding this test temporary to migrate from CDKTF
-    # Remove this once all resources have been migrated to Terraform
-    if not validator.validate(exclude_deletion_protection_test=True):
+    if not validator.validate():
         logger.error(validator.errors)
         sys.exit(1)
     else:

hooks/pre_plan.py

@@ -20,6 +20,16 @@ def get_rds_client(self) -> RDSClient:
         """Gets a boto RDS client"""
         return self.session.client("rds", config=self.config)
 
+    def is_rds_engine_version_available(self, engine: str, version: str) -> bool:
+        """Gets the available versions for an Rds engine"""
+        data = (
+            self.get_rds_client()
+            .describe_db_engine_versions(Engine=engine, EngineVersion=version)
+            .get("DBEngineVersions", [])
+        )
+
+        return len(data) == 1 and data[0].get("EngineVersion") == version
+
     def get_rds_valid_update_versions(self, engine: str, version: str) -> set[str]:
         """Gets the valid update versions"""
         data = self.get_rds_client().describe_db_engine_versions(

hooks/utils/aws_api.py

@@ -1,14 +1,14 @@
 [project]
 name = "er-aws-rds"
-version = "0.1.0"
+version = "0.5.0"
 description = "ERv2 module for managing AWS rds instances"
 authors = [{ name = "AppSRE", email = "[email protected]" }]
 license = { text = "Apache 2.0" }
 readme = "README.md"
 requires-python = "~= 3.12.0"
 dependencies = [
     "boto3 ~=1.35.47",
-    "external-resources-io ~=0.4.0",
+    "external-resources-io ~=0.6.0",
     "mypy_boto3_rds ~=1.35.72",
     "pip>=25.0",
     "pydantic ~=2.10.0",

pyproject.toml

@@ -1,12 +1,79 @@
+from typing import Any
+from unittest.mock import Mock, patch
+
+import boto3
+import pytest
 from external_resources_io.terraform import Action, Plan
 
 from hooks.post_plan import RDSPlanValidator
+from hooks.utils.aws_api import AWSApi
 
 from .conftest import input_object
 
 
+@pytest.fixture
+def new_instance_plan() -> dict[str, Any]:
+    "Return a plan for an rds instance creation"
+    return {
+        "resource_changes": [
+            {
+                "type": "aws_db_instance",
+                "change": {
+                    "actions": [Action.ActionCreate],
+                    "before": None,
+                    "after": {
+                        "engine": "postgres",
+                        "engine_version": "16.1",
+                        "deletion_protection": False,
+                    },
+                    "after_unknown": None,
+                },
+            }
+        ]
+    }
+
+
+@pytest.fixture
+def rds_client_mock() -> Mock:
+    """Return a mock of the boto3 rds client"""
+    return Mock(boto3.client("rds", region_name="us-east-1"))
+
+
+def test_validate_desired_version_ok(
+    new_instance_plan: dict[str, Any], rds_client_mock: Mock
+) -> None:
+    """Test engine version available in AWS"""
+    rds_client_mock.describe_db_engine_versions.return_value = {
+        "DBEngineVersions": [
+            {"EngineVersion": "16.1"},
+        ]
+    }
+
+    with patch.object(AWSApi, "get_rds_client", return_value=rds_client_mock):
+        plan = Plan.model_validate(new_instance_plan)
+        validator = RDSPlanValidator(plan, input_object())
+        validator.validate()
+        assert validator.errors == []
+
+
+def test_validate_desired_version_nok(
+    new_instance_plan: dict[str, Any], rds_client_mock: Mock
+) -> None:
+    """Test engine version not available in AWS"""
+    rds_client_mock.describe_db_engine_versions.return_value = {
+        "DBEngineVersions": [
+            {"EngineVersion": "16.2"},
+        ]
+    }
+    with patch.object(AWSApi, "get_rds_client", return_value=rds_client_mock):
+        plan = Plan.model_validate(new_instance_plan)
+        validator = RDSPlanValidator(plan, input_object())
+        validator.validate()
+        assert validator.errors == ["postgres version 16.1 is not available."]
+
+
 def test_validate_deletion_protection_not_enabled_on_destroy() -> None:
-    """Test deletion protection is not enabled on destroy"""
+    """Test instance deletion protection is not set when destroying the instance"""
     plan = Plan.model_validate({
         "resource_changes": [
             {