mirror of
https://github.com/ceph/s3-tests.git
synced 2024-11-22 09:29:43 +00:00
test_sts: Changing code for proper cleanup
This solves: https://tracker.ceph.com/issues/53090
The solution is: We need to delete the role_policy and
user_policy attached user which was causing the failure.
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
(cherry picked from commit 1af1880b7a
)
This commit is contained in:
parent
bbf65028e5
commit
67251732b7
1 changed files with 10 additions and 6 deletions
|
@ -78,7 +78,7 @@ def put_user_policy(iam_client,username,policyname,policy_document):
|
||||||
role_response = iam_client.put_user_policy(UserName=username,PolicyName=policyname,PolicyDocument=policy_document)
|
role_response = iam_client.put_user_policy(UserName=username,PolicyName=policyname,PolicyDocument=policy_document)
|
||||||
except ClientError as e:
|
except ClientError as e:
|
||||||
role_err = e.response['Code']
|
role_err = e.response['Code']
|
||||||
return (role_err,role_response)
|
return (role_err,role_response,policyname)
|
||||||
|
|
||||||
@attr(resource='get session token')
|
@attr(resource='get session token')
|
||||||
@attr(method='get')
|
@attr(method='get')
|
||||||
|
@ -92,7 +92,7 @@ def test_get_session_token():
|
||||||
default_endpoint=get_config_endpoint()
|
default_endpoint=get_config_endpoint()
|
||||||
|
|
||||||
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
||||||
(resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
(resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
||||||
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
|
|
||||||
response=sts_client.get_session_token()
|
response=sts_client.get_session_token()
|
||||||
|
@ -106,9 +106,12 @@ def test_get_session_token():
|
||||||
region_name='',
|
region_name='',
|
||||||
)
|
)
|
||||||
bucket_name = get_new_bucket_name()
|
bucket_name = get_new_bucket_name()
|
||||||
s3bucket = s3_client.create_bucket(Bucket=bucket_name)
|
try:
|
||||||
eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200)
|
s3bucket = s3_client.create_bucket(Bucket=bucket_name)
|
||||||
finish=s3_client.delete_bucket(Bucket=bucket_name)
|
eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
|
finish=s3_client.delete_bucket(Bucket=bucket_name)
|
||||||
|
finally: # clean up user policy even if create_bucket/delete_bucket fails
|
||||||
|
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||||
|
|
||||||
@attr(resource='get session token')
|
@attr(resource='get session token')
|
||||||
@attr(method='get')
|
@attr(method='get')
|
||||||
|
@ -125,7 +128,7 @@ def test_get_session_token_permanent_creds_denied():
|
||||||
s3_main_secret_key=get_main_aws_secret_key()
|
s3_main_secret_key=get_main_aws_secret_key()
|
||||||
|
|
||||||
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
||||||
(resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
(resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
||||||
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
|
|
||||||
response=sts_client.get_session_token()
|
response=sts_client.get_session_token()
|
||||||
|
@ -144,6 +147,7 @@ def test_get_session_token_permanent_creds_denied():
|
||||||
except ClientError as e:
|
except ClientError as e:
|
||||||
s3bucket_error = e.response.get("Error", {}).get("Code")
|
s3bucket_error = e.response.get("Error", {}).get("Code")
|
||||||
eq(s3bucket_error,'AccessDenied')
|
eq(s3bucket_error,'AccessDenied')
|
||||||
|
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||||
|
|
||||||
@attr(resource='assume role')
|
@attr(resource='assume role')
|
||||||
@attr(method='get')
|
@attr(method='get')
|
||||||
|
|
Loading…
Reference in a new issue