forked from TrueCloudLab/s3-tests
test_sts: Changing code for proper cleanup
This solves: https://tracker.ceph.com/issues/53090 The solution is: We need to delete the role_policy and user_policy attached user which was causing the failure. Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
This commit is contained in:
parent
9a6a1e9f19
commit
c03fd082cc
1 changed files with 10 additions and 6 deletions
|
@ -85,7 +85,7 @@ def put_user_policy(iam_client,username,policyname,policy_document):
|
||||||
role_response = iam_client.put_user_policy(UserName=username,PolicyName=policyname,PolicyDocument=policy_document)
|
role_response = iam_client.put_user_policy(UserName=username,PolicyName=policyname,PolicyDocument=policy_document)
|
||||||
except ClientError as e:
|
except ClientError as e:
|
||||||
role_err = e.response['Code']
|
role_err = e.response['Code']
|
||||||
return (role_err,role_response)
|
return (role_err,role_response,policyname)
|
||||||
|
|
||||||
def get_s3_client_using_iam_creds():
|
def get_s3_client_using_iam_creds():
|
||||||
iam_access_key = get_iam_access_key()
|
iam_access_key = get_iam_access_key()
|
||||||
|
@ -161,7 +161,7 @@ def test_get_session_token():
|
||||||
default_endpoint=get_config_endpoint()
|
default_endpoint=get_config_endpoint()
|
||||||
|
|
||||||
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
||||||
(resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
(resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
||||||
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
|
|
||||||
response=sts_client.get_session_token()
|
response=sts_client.get_session_token()
|
||||||
|
@ -175,9 +175,12 @@ def test_get_session_token():
|
||||||
region_name='',
|
region_name='',
|
||||||
)
|
)
|
||||||
bucket_name = get_new_bucket_name()
|
bucket_name = get_new_bucket_name()
|
||||||
|
try:
|
||||||
s3bucket = s3_client.create_bucket(Bucket=bucket_name)
|
s3bucket = s3_client.create_bucket(Bucket=bucket_name)
|
||||||
eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200)
|
eq(s3bucket['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
finish=s3_client.delete_bucket(Bucket=bucket_name)
|
finish=s3_client.delete_bucket(Bucket=bucket_name)
|
||||||
|
finally: # clean up user policy even if create_bucket/delete_bucket fails
|
||||||
|
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||||
|
|
||||||
@attr(resource='get session token')
|
@attr(resource='get session token')
|
||||||
@attr(method='get')
|
@attr(method='get')
|
||||||
|
@ -194,7 +197,7 @@ def test_get_session_token_permanent_creds_denied():
|
||||||
s3_main_secret_key=get_main_aws_secret_key()
|
s3_main_secret_key=get_main_aws_secret_key()
|
||||||
|
|
||||||
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
user_policy = "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Deny\",\"Action\":\"s3:*\",\"Resource\":[\"*\"],\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}},{\"Effect\":\"Allow\",\"Action\":\"sts:GetSessionToken\",\"Resource\":\"*\",\"Condition\":{\"BoolIfExists\":{\"sts:authentication\":\"false\"}}}]}"
|
||||||
(resp_err,resp)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
(resp_err,resp,policy_name)=put_user_policy(iam_client,sts_user_id,None,user_policy)
|
||||||
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
eq(resp['ResponseMetadata']['HTTPStatusCode'],200)
|
||||||
|
|
||||||
response=sts_client.get_session_token()
|
response=sts_client.get_session_token()
|
||||||
|
@ -213,6 +216,7 @@ def test_get_session_token_permanent_creds_denied():
|
||||||
except ClientError as e:
|
except ClientError as e:
|
||||||
s3bucket_error = e.response.get("Error", {}).get("Code")
|
s3bucket_error = e.response.get("Error", {}).get("Code")
|
||||||
eq(s3bucket_error,'AccessDenied')
|
eq(s3bucket_error,'AccessDenied')
|
||||||
|
iam_client.delete_user_policy(UserName=sts_user_id,PolicyName=policy_name)
|
||||||
|
|
||||||
@attr(resource='assume role')
|
@attr(resource='assume role')
|
||||||
@attr(method='get')
|
@attr(method='get')
|
||||||
|
|
Loading…
Reference in a new issue