From 67251732b7486f760579eca9946899a024033512 Mon Sep 17 00:00:00 2001 From: Kalpesh Pandya Date: Thu, 6 Jan 2022 12:59:49 +0530 Subject: [PATCH] test_sts: Changing code for proper cleanup This solves: https://tracker.ceph.com/issues/53090 The solution is: We need to delete the role_policy and user_policy attached user which was causing the failure. Signed-off-by: Kalpesh Pandya (cherry picked from commit 1af1880b7a771bc6dc1d429fad3636b4b15c7a84) --- s3tests_boto3/functional/test_sts.py | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/s3tests_boto3/functional/test_sts.py b/s3tests_boto3/functional/test_sts.py index fb4ab11..cce5cbc 100644 --- a/s3tests_boto3/functional/test_sts.py +++ b/s3tests_boto3/functional/test_sts.py @@ -78,7 +78,7 @@ def put_user_policy(iam_client,username,policyname,policy_document): role_response = iam_client.put_user_policy(UserName=username,PolicyName=policyname,PolicyDocument=policy_document) except ClientError as e: role_err = e.response['Code'] - return (role_err,role_response) + return (role_err,role_response,policyname) @attr(resource='get session token') @attr(method='get') @@ -92,7 +92,7 @@ def test_get_session_token(): default_endpoint=get_config_endpoint() user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}" - (resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy) + (resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy) eq(resp['ResponseMetadata']['HTTPStatusCode'],200) response=sts_client.get_session_token() @@ -106,9 +106,12 @@ def test_get_session_token(): region_name='', ) bucket_name = get_new_bucket_name() - s3bucket = s3_client.create_bucket(Bucket=bucket_name) - eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200) - finish=s3_client.delete_bucket(Bucket=bucket_name) + try: + s3bucket = s3_client.create_bucket(Bucket=bucket_name) + eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200) + finish=s3_client.delete_bucket(Bucket=bucket_name) + finally: # clean up user policy even if create_bucket/delete_bucket fails + iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name) @attr(resource='get session token') @attr(method='get') @@ -125,7 +128,7 @@ def test_get_session_token_permanent_creds_denied(): s3_main_secret_key=get_main_aws_secret_key() user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}" - (resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy) + (resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy) eq(resp['ResponseMetadata']['HTTPStatusCode'],200) response=sts_client.get_session_token() @@ -144,6 +147,7 @@ def test_get_session_token_permanent_creds_denied(): except ClientError as e: s3bucket_error = e.response.get("Error", {}).get("Code") eq(s3bucket_error,'AccessDenied') + iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name) @attr(resource='assume role') @attr(method='get')