WIP: add iam roles to redshift

moto/redshift/models.py

@@ -67,7 +67,7 @@ class Cluster(TaggableResourceMixin, BaseModel):
                  preferred_maintenance_window, cluster_parameter_group_name,
                  automated_snapshot_retention_period, port, cluster_version,
                  allow_version_upgrade, number_of_nodes, publicly_accessible,
-                 encrypted, region_name, tags=None):
+                 encrypted, region_name, tags=None, iam_roles=None):
         super(Cluster, self).__init__(region_name, tags)
         self.redshift_backend = redshift_backend
         self.cluster_identifier = cluster_identifier
@@ -112,6 +112,9 @@ class Cluster(TaggableResourceMixin, BaseModel):
         else:
             self.number_of_nodes = 1
 
+        if iam_roles:
+            self.iam_roles = iam_roles
+
     @classmethod
     def create_from_cloudformation_json(cls, resource_name, cloudformation_json, region_name):
         redshift_backend = redshift_backends[region_name]

moto/redshift/responses.py

@@ -99,6 +99,12 @@ class RedshiftResponse(BaseResponse):
             vpc_security_group_ids = self._get_multi_param('VpcSecurityGroupIds.VpcSecurityGroupId')
         return vpc_security_group_ids
 
+    def _get_iam_roles(self):
+        iam_roles = self._get_multi_param('IamRoles.member')
+        if not iam_roles:
+            iam_roles = self._get_multi_param('IamRoles.IamRoleArn')
+        return iam_roles
+
     def _get_subnet_ids(self):
         subnet_ids = self._get_multi_param('SubnetIds.member')
         if not subnet_ids:
@@ -127,7 +133,8 @@ class RedshiftResponse(BaseResponse):
             "publicly_accessible": self._get_param("PubliclyAccessible"),
             "encrypted": self._get_param("Encrypted"),
             "region_name": self.region,
-            "tags": self.unpack_complex_list_params('Tags.Tag', ('Key', 'Value'))
+            "tags": self.unpack_complex_list_params('Tags.Tag', ('Key', 'Value')),
+            "iam_roles": self._get_iam_roles(),
         }
         cluster = self.redshift_backend.create_cluster(**cluster_kwargs).to_json()
         cluster['ClusterStatus'] = 'creating'
@@ -162,6 +169,7 @@ class RedshiftResponse(BaseResponse):
             "automated_snapshot_retention_period": self._get_int_param(
                 'AutomatedSnapshotRetentionPeriod'),
             "region_name": self.region,
+            "iam_roles": self._get_iam_roles(),
         }
         cluster = self.redshift_backend.restore_from_cluster_snapshot(**restore_kwargs).to_json()
         cluster['ClusterStatus'] = 'creating'
@@ -209,6 +217,7 @@ class RedshiftResponse(BaseResponse):
             "number_of_nodes": self._get_int_param('NumberOfNodes'),
             "publicly_accessible": self._get_param("PubliclyAccessible"),
             "encrypted": self._get_param("Encrypted"),
+            "iam_roles": self._get_iam_roles(),
         }
         cluster_kwargs = {}
         # We only want parameters that were actually passed in, otherwise

tests/test_redshift/test_redshift.py

@@ -294,6 +294,24 @@ def test_create_cluster_with_vpc_security_groups_boto3():
     list(group_ids).should.equal([security_group.id])
 
 
+@mock_redshift
+def test_create_cluster_with_iam_roles():
+    iam_role = 'arn:aws:iam:::role/my-iam-role'
+    client = boto3.client('redshift', region_name='us-east-1')
+    cluster_id = 'my_cluster'
+    client.create_cluster(
+        ClusterIdentifier=cluster_id,
+        NodeType="dw.hs1.xlarge",
+        MasterUsername="username",
+        MasterUserPassword="password",
+        IamRoles=[iam_role],
+    )
+    response = client.describe_clusters(ClusterIdentifier=cluster_id)
+    cluster = response['Clusters'][0]
+    iam_roles = [role['IamRoleArn'] for role in cluster['IamRoles']]
+    list(iam_roles).should.equal([iam_role.arn])
+
+
 @mock_redshift_deprecated
 def test_create_cluster_with_parameter_group():
     conn = boto.connect_redshift()