From 1b17602782a4c083bb58a9733606bf5ee6f5ecc5 Mon Sep 17 00:00:00 2001
From: jillr <jillr@redhat.com>
Date: Tue, 1 Aug 2023 22:38:19 +0000
Subject: [PATCH] Add permissions and terminator for rds global cluster

---
 aws/policy/data-services.yaml   | 10 ++++++++--
 aws/terminator/data_services.py | 30 ++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml
index d78fbe36..6f1bdd10 100644
--- a/aws/policy/data-services.yaml
+++ b/aws/policy/data-services.yaml
@@ -15,7 +15,7 @@ Statement:
       - glue:DeleteConnection
       - glue:UpdateConnection
       - glue:GetConnections
-      - rds:DescribeDB*
+      - rds:Describe*
       - rds:List*
     Resource: "*"
   - Sid: AllowGlobalResourceRestrictedActionsWhichIncurNoFees
@@ -76,6 +76,7 @@ Statement:
       - rds:CreateDBClusterParameterGroup
       - rds:CreateDBSubnetGroup
       - rds:DeleteDBCluster
+      - rds:DeleteGlobalCluster
       - rds:DeleteDBParameterGroup
       - rds:DeleteDBClusterParameterGroup
       - rds:DeleteDBSubnetGroup
@@ -99,7 +100,6 @@ Statement:
       - rds:ModifyDBClusterParameterGroup
       - rds:ModifyDBSubnetGroup
       - rds:RemoveTagsFromResource
-      - rds:DescribeOptionGroups
       - rds:CreateOptionGroup
       - rds:ModifyOptionGroup
       - rds:DeleteOptionGroup
@@ -129,6 +129,7 @@ Statement:
       - 'arn:aws:redshift:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:subgrp:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster:*'
+      - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:global-cluster:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:db:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:pg:*'
       - 'arn:aws:rds:{{ aws_region }}:{{ aws_account_id }}:cluster-pg:*'
@@ -185,3 +186,8 @@ Statement:
       - kafka:UpdateConfiguration
       - kafka:UpdateMonitoring
     Resource: "*"
+  - Sid: Global RDS
+    Effect: Allow
+    Action:
+      - rds:CreateGlobalCluster
+    Resource: "*"
diff --git a/aws/terminator/data_services.py b/aws/terminator/data_services.py
index 5816be9d..738a8efb 100644
--- a/aws/terminator/data_services.py
+++ b/aws/terminator/data_services.py
@@ -393,3 +393,33 @@ def age_limit(self):
 
     def terminate(self):
         self.client.delete_cluster(ClusterArn=self.id)
+
+
+class RdsGlobalCluster(DbTerminator):
+    @staticmethod
+    def create(credentials):
+        return Terminator._create(credentials, RdsDbCluster, 'rds', lambda client: client.describe_global_clusters()['GlobalClusters'])
+
+    @property
+    def id(self):
+        return self.instance['GlobalClusterArn']
+
+    @property
+    def name(self):
+        return self.instance['GlobalClusterIdentifier']
+
+    @property
+    def age_limit(self):
+        return datetime.timedelta(minutes=60)
+
+    @property
+    def members(self):
+        return self.instance['GlobalClusterMembers']
+
+    def terminate(self):
+        # The primary and secondary clusters must already be detached or destroyed first.
+        for db in self.members:
+            self.client.remove_from_global_cluster(GlobalClusterIdentifier=self.id, DbClusterIdentifier=[db['DBClusterArn']
+
+        self.client.modify_global_cluster(GlobalClusterIdentifier=self.name, DeletionProtection=False)
+        self.client.delete_global_cluster(GlobalClusterIdentifier=self.name)