From e74782ef8dbf7a19af54dbb2e8e52c9b30b7e2c0 Mon Sep 17 00:00:00 2001 From: nasharatm Date: Fri, 30 Sep 2022 12:49:23 +0100 Subject: [PATCH 1/2] Initial changes for rbac product fixes --- fetch_resources.sh | 2 + tempest/api/workloadmgr/base.py | 141 +++++++++++++++++++++----------- 2 files changed, 96 insertions(+), 47 deletions(-) diff --git a/fetch_resources.sh b/fetch_resources.sh index 82ded4fa..65a9f8f7 100755 --- a/fetch_resources.sh +++ b/fetch_resources.sh @@ -624,6 +624,8 @@ function configure_tempest if [[ ${OPENSTACK_DISTRO,,} == 'mosk'* ]] then echo 'command_prefix = "'$command_prefix'"' >> $TEMPEST_TVAULTCONF + echo 'openstack_distro = "'$OPENSTACK_DISTRO'"' >> $TEMPEST_TVAULTCONF + echo 'wlm_pod = "'$wlm_pod'"' >> $TEMPEST_TVAULTCONF fi sed -i 's/\r//g' $TEMPEST_TVAULTCONF sed -i '/OPENSTACK_DISTRO=/c OPENSTACK_DISTRO='$OPENSTACK_DISTRO'' $TEMPEST_DIR/tools/with_venv.sh diff --git a/tempest/api/workloadmgr/base.py b/tempest/api/workloadmgr/base.py index 45bb1a48..14121625 100644 --- a/tempest/api/workloadmgr/base.py +++ b/tempest/api/workloadmgr/base.py @@ -2359,6 +2359,31 @@ def verify_snapshot_unmount( # raise Exception("Unmounting of a snapshot failed") return is_successful + def add_changes_policyyaml_file(self, role, rule, policy_filepath, policy_changes_cleanup=True): + if role == "newadmin": + old_rule = "admin_api" + LOG.debug("Add %s role in policy.yaml", role) + operations = ["workload:get_storage_usage", "workload:get_nodes"] + + elif role == "backup": + old_rule = "admin_or_owner" + LOG.debug("Add %s role in policy.yaml", role) + operations = ["workload:workload_snapshot", "snapshot:snapshot_delete", "workload:workload_create", + "workload:workload_delete", "snapshot:snapshot_restore", "restore:restore_delete"] + + role_add_command = 'sed -i \'1s/^/{0}:\\n- - role:{1}\\n/\' {2}'.format( + rule, role, policy_filepath) + #role_add_command = 'sed -i \'1s/^/{0}:\\n- - role:{1}\\n/\' /etc/workloadmgr/policy.yaml'.format( + # rule, role) + rule_assign_command = "" + for op in operations: + rule_assign_command += '; ' + 'sed -i \'/{1}/c {1}: rule:{0}\'\ + {2}'.format(rule, op, policy_filepath) + LOG.debug("role_add_command: %s ;\n rule_assign_command: %s", role_add_command, rule_assign_command) + commands = role_add_command + rule_assign_command + LOG.debug("Commands to add role: %s", commands) + return commands + ''' Method to add newadmin role and newadmin_api rule to "workload:get_storage_usage" operation and "workload:get_nodes" @@ -2371,34 +2396,34 @@ def verify_snapshot_unmount( def change_policyyaml_file(self, role, rule, policy_changes_cleanup=True): if len(tvaultconf.tvault_ip) == 0: - raise Exception("Tvault IPs not available") - for ip in tvaultconf.tvault_ip: - ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, - tvaultconf.tvault_password) - if role == "newadmin": - old_rule = "admin_api" - LOG.debug("Add %s role in policy.yaml", role) - operations = ["workload:get_storage_usage", "workload:get_nodes"] - - elif role == "backup": - old_rule = "admin_or_owner" - LOG.debug("Add %s role in policy.yaml", role) - operations = ["workload:workload_snapshot", "snapshot:snapshot_delete", "workload:workload_create", - "workload:workload_delete", "snapshot:snapshot_restore", "restore:restore_delete"] - - role_add_command = 'sed -i \'1s/^/{0}:\\n- - role:{1}\\n/\' /etc/workloadmgr/policy.yaml'.format( - rule, role) - rule_assign_command = "" - for op in operations: - rule_assign_command += '; ' + 'sed -i \'/{1}/c {1}: rule:{0}\'\ - /etc/workloadmgr/policy.yaml'.format(rule, op) - LOG.debug("role_add_command: %s ;\n rule_assign_command: %s", role_add_command, rule_assign_command) - commands = role_add_command + rule_assign_command - LOG.debug("Commands to add role: %s", commands) - stdin, stdout, stderr = ssh.exec_command(commands) - if (tvaultconf.cleanup and policy_changes_cleanup): - self.addCleanup(self.revert_changes_policyyaml, old_rule) - ssh.close() + if (tvaultconf.openstack_distro.lower() == 'mosk'): + #cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' + wlm_file = '/etc/triliovault-wlm/policy.yaml' + #ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, + # tvaultconf.tvault_password) + commands = add_changes_policyyaml_file(role, rule, wlm_file, policy_changes_cleanup=True) + cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- ' + commands + LOG.debug("rbac commands: " + cmd) + #stdin, stdout, stderr = ssh.exec_command(cmd) + p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + LOG.debug(f"stdout: {stdout}; stderr: {stderr}") + if (tvaultconf.cleanup and policy_changes_cleanup): + self.addCleanup(self.revert_changes_policyyaml, old_rule) + #ssh.close() + else: + raise Exception("Tvault IPs not available") + else: + for ip in tvaultconf.tvault_ip: + policy_filepath = '/etc/workloadmgr/policy.yaml' + ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, + tvaultconf.tvault_password) + commands = add_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) + stdin, stdout, stderr = ssh.exec_command(commands) + if (tvaultconf.cleanup and policy_changes_cleanup): + self.addCleanup(self.revert_changes_policyyaml, old_rule) + ssh.close() ''' Method to revert changes of role and rule in policy.json file on tvault @@ -2411,30 +2436,52 @@ def change_policyyaml_file(self, role, rule, policy_changes_cleanup=True): policy.yaml file on tvault ''' + def revert_changes_policyyaml_file(self, role, rule, policy_filepath, policy_changes_cleanup=True): + if rule == "admin_api": + role = "newadmin_api" + operations = ["workload:get_storage_usage", "workload:get_nodes"] + + elif rule == "admin_or_owner": + role = "backup_api" + operations = ["workload:workload_snapshot", "snapshot:snapshot_delete", "workload:workload_create", + "workload:workload_delete", "snapshot:snapshot_restore", "restore:restore_delete"] + + role_delete_command = "sed -i '/^{0}/,+1d' {1}".format(role, policy_filepath) + rule_reassign_command = "" + for op in operations: + rule_reassign_command += '; ' + 'sed -i \'/{1}/c {1}: rule:{0}\'\ + {2}'.format(rule, op, policy_filepath) + LOG.debug("role_delete_command: %s ;\n rule_reassign_command: %s", \ + role_delete_command, rule_reassign_command) + commands = role_delete_command + rule_reassign_command + LOG.debug("Commands to revert policy changes: %s", commands) + return commands + def revert_changes_policyyaml(self, rule): if len(tvaultconf.tvault_ip) == 0: - raise Exception("Tvault IPs not available") + if (tvaultconf.openstack_distro.lower() == 'mosk'): + # cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' + wlm_file = '/etc/triliovault-wlm/policy.yaml' + # ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, + # tvaultconf.tvault_password) + commands = revert_changes_policyyaml_file(role, rule, wlm_file, policy_changes_cleanup=True) + cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- ' + commands + LOG.debug("rbac commands: " + cmd) + # stdin, stdout, stderr = ssh.exec_command(cmd) + p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + LOG.debug(f"stdout: {stdout}; stderr: {stderr}") + if (tvaultconf.cleanup and policy_changes_cleanup): + self.addCleanup(self.revert_changes_policyyaml, old_rule) + # ssh.close() + else: + raise Exception("Tvault IPs not available") for ip in tvaultconf.tvault_ip: + policy_filepath = '/etc/workloadmgr/policy.yaml' ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, tvaultconf.tvault_password) - if rule == "admin_api": - role = "newadmin_api" - operations = ["workload:get_storage_usage", "workload:get_nodes"] - - elif rule == "admin_or_owner": - role = "backup_api" - operations = ["workload:workload_snapshot", "snapshot:snapshot_delete", "workload:workload_create", - "workload:workload_delete", "snapshot:snapshot_restore", "restore:restore_delete"] - - role_delete_command = "sed -i '/^{0}/,+1d' /etc/workloadmgr/policy.yaml".format(role) - rule_reassign_command = "" - for op in operations: - rule_reassign_command += '; ' + 'sed -i \'/{1}/c {1}: rule:{0}\'\ - /etc/workloadmgr/policy.yaml'.format(rule, op) - LOG.debug("role_delete_command: %s ;\n rule_reassign_command: %s", \ - role_delete_command, rule_reassign_command) - commands = role_delete_command + rule_reassign_command - LOG.debug("Commands to revert policy changes: %s", commands) + commands = revert_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) stdin, stdout, stderr = ssh.exec_command(commands) ssh.close() From 180150019a2d6b4968be6362c5e3736e1d96f27e Mon Sep 17 00:00:00 2001 From: nasharatm Date: Tue, 4 Oct 2022 16:11:41 +0100 Subject: [PATCH 2/2] changes for verification --- fetch_resources.sh | 2 + tempest/api/workloadmgr/base.py | 72 ++++++++++--------- ...vault_rbac_backuprole_touser_policyyaml.py | 47 +++++------- 3 files changed, 58 insertions(+), 63 deletions(-) diff --git a/fetch_resources.sh b/fetch_resources.sh index 65a9f8f7..bd7809d5 100755 --- a/fetch_resources.sh +++ b/fetch_resources.sh @@ -372,6 +372,7 @@ function configure_tempest cd /root eval "$(> $TEMPEST_TVAULTCONF echo 'openstack_distro = "'$OPENSTACK_DISTRO'"' >> $TEMPEST_TVAULTCONF echo 'wlm_pod = "'$wlm_pod'"' >> $TEMPEST_TVAULTCONF + echo 'wlm_containers = ["'$wlm_containers'"]' >> $TEMPEST_TVAULTCONF fi sed -i 's/\r//g' $TEMPEST_TVAULTCONF sed -i '/OPENSTACK_DISTRO=/c OPENSTACK_DISTRO='$OPENSTACK_DISTRO'' $TEMPEST_DIR/tools/with_venv.sh diff --git a/tempest/api/workloadmgr/base.py b/tempest/api/workloadmgr/base.py index 14121625..4a1597f9 100644 --- a/tempest/api/workloadmgr/base.py +++ b/tempest/api/workloadmgr/base.py @@ -2382,6 +2382,8 @@ def add_changes_policyyaml_file(self, role, rule, policy_filepath, policy_change LOG.debug("role_add_command: %s ;\n rule_assign_command: %s", role_add_command, rule_assign_command) commands = role_add_command + rule_assign_command LOG.debug("Commands to add role: %s", commands) + if (tvaultconf.cleanup and policy_changes_cleanup): + self.addCleanup(self.revert_changes_policyyaml, old_rule) return commands ''' @@ -2397,21 +2399,23 @@ def add_changes_policyyaml_file(self, role, rule, policy_filepath, policy_change def change_policyyaml_file(self, role, rule, policy_changes_cleanup=True): if len(tvaultconf.tvault_ip) == 0: if (tvaultconf.openstack_distro.lower() == 'mosk'): - #cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' - wlm_file = '/etc/triliovault-wlm/policy.yaml' - #ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, - # tvaultconf.tvault_password) - commands = add_changes_policyyaml_file(role, rule, wlm_file, policy_changes_cleanup=True) - cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- ' + commands - LOG.debug("rbac commands: " + cmd) - #stdin, stdout, stderr = ssh.exec_command(cmd) - p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - stdout, stderr = p.communicate() - LOG.debug(f"stdout: {stdout}; stderr: {stderr}") - if (tvaultconf.cleanup and policy_changes_cleanup): - self.addCleanup(self.revert_changes_policyyaml, old_rule) - #ssh.close() + for wlm_container in tvaultconf.wlm_containers: + #cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' + wlm_file = '/etc/triliovault-wlm/policy.yaml' + #ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, + # tvaultconf.tvault_password) + commands = self.add_changes_policyyaml_file(role, rule, wlm_file, policy_changes_cleanup=True) + #cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- ' + commands + cmd = 'docker exec -itu root' + wlm_container + ' bash -c "' + commands + '"' + LOG.debug("rbac commands: " + cmd) + #stdin, stdout, stderr = ssh.exec_command(cmd) + p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + LOG.debug(f"stdout: {stdout}; stderr: {stderr}") + #if (tvaultconf.cleanup and policy_changes_cleanup): + # self.addCleanup(self.revert_changes_policyyaml, old_rule) + #ssh.close() else: raise Exception("Tvault IPs not available") else: @@ -2419,7 +2423,7 @@ def change_policyyaml_file(self, role, rule, policy_changes_cleanup=True): policy_filepath = '/etc/workloadmgr/policy.yaml' ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, tvaultconf.tvault_password) - commands = add_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) + commands = self.add_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) stdin, stdout, stderr = ssh.exec_command(commands) if (tvaultconf.cleanup and policy_changes_cleanup): self.addCleanup(self.revert_changes_policyyaml, old_rule) @@ -2436,7 +2440,7 @@ def change_policyyaml_file(self, role, rule, policy_changes_cleanup=True): policy.yaml file on tvault ''' - def revert_changes_policyyaml_file(self, role, rule, policy_filepath, policy_changes_cleanup=True): + def revert_changes_policyyaml_file(self, rule, policy_filepath): if rule == "admin_api": role = "newadmin_api" operations = ["workload:get_storage_usage", "workload:get_nodes"] @@ -2460,28 +2464,30 @@ def revert_changes_policyyaml_file(self, role, rule, policy_filepath, policy_cha def revert_changes_policyyaml(self, rule): if len(tvaultconf.tvault_ip) == 0: if (tvaultconf.openstack_distro.lower() == 'mosk'): - # cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' - wlm_file = '/etc/triliovault-wlm/policy.yaml' - # ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, - # tvaultconf.tvault_password) - commands = revert_changes_policyyaml_file(role, rule, wlm_file, policy_changes_cleanup=True) - cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- ' + commands - LOG.debug("rbac commands: " + cmd) - # stdin, stdout, stderr = ssh.exec_command(cmd) - p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, - stderr=subprocess.PIPE) - stdout, stderr = p.communicate() - LOG.debug(f"stdout: {stdout}; stderr: {stderr}") - if (tvaultconf.cleanup and policy_changes_cleanup): - self.addCleanup(self.revert_changes_policyyaml, old_rule) - # ssh.close() + for wlm_container in tvaultconf.wlm_containers: + # cmd = 'kubectl exec ' + tvaultconf.wlm_pod + ' -n triliovault -it -- bash' + wlm_file = '/etc/triliovault-wlm/policy.yaml' + # ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, + # tvaultconf.tvault_password) + commands = self.revert_changes_policyyaml_file(rule, wlm_file) + #cmd = 'kubectl exec ' + wlm_container + ' -n triliovault -it -- ' + commands + cmd = 'docker exec -itu root ' + wlm_container + ' bash -c "' + commands + '"' + LOG.debug("rbac commands: " + cmd) + # stdin, stdout, stderr = ssh.exec_command(cmd) + p = subprocess.Popen(shlex.split(cmd), stdout=subprocess.PIPE, + stderr=subprocess.PIPE) + stdout, stderr = p.communicate() + LOG.debug(f"stdout: {stdout}; stderr: {stderr}") + #if (tvaultconf.cleanup and policy_changes_cleanup): + # self.addCleanup(self.revert_changes_policyyaml, old_rule) + # ssh.close() else: raise Exception("Tvault IPs not available") for ip in tvaultconf.tvault_ip: policy_filepath = '/etc/workloadmgr/policy.yaml' ssh = self.SshRemoteMachineConnection(ip, tvaultconf.tvault_username, tvaultconf.tvault_password) - commands = revert_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) + commands = self.revert_changes_policyyaml_file(role, rule, policy_filepath, policy_changes_cleanup=True) stdin, stdout, stderr = ssh.exec_command(commands) ssh.close() diff --git a/tempest/api/workloadmgr/rbac/test_tvault_rbac_backuprole_touser_policyyaml.py b/tempest/api/workloadmgr/rbac/test_tvault_rbac_backuprole_touser_policyyaml.py index 8a834aee..c7160ff6 100644 --- a/tempest/api/workloadmgr/rbac/test_tvault_rbac_backuprole_touser_policyyaml.py +++ b/tempest/api/workloadmgr/rbac/test_tvault_rbac_backuprole_touser_policyyaml.py @@ -145,7 +145,9 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): # Create workload with CLI by admin role workload_create = command_argument_string.workload_create + \ " --instance instance-id=" + str(self.instances_id[1]) + LOG.debug("workload create command: {}".format(workload_create)) error = cli_parser.cli_error(workload_create) + LOG.debug("Error for workload create: {}".format(error)) if error and (str(error.strip('\n')).find(workload_create_error_str) != -1): LOG.debug( "Command workload_create did not execute correctly by admin role") @@ -156,8 +158,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Command workload_create did not execute correctly by admin role", tvaultconf.FAIL) - raise Exception( - "Command workload_create executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run snapshot_create CLI by admin role snapshot_create = command_argument_string.snapshot_create + \ @@ -174,8 +175,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute snapshot_create command by admin role", tvaultconf.FAIL) - raise Exception( - "Command snapshot_create executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Create one-click restore using CLI command by admin role restore_command = command_argument_string.oneclick_restore + \ @@ -191,8 +191,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute restore_create command by admin role", tvaultconf.FAIL) - raise Exception( - "Command restore_create executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run restore_delete CLI by admin role restore_delete = command_argument_string.restore_delete + \ @@ -208,8 +207,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute restore_delete command by admin role", tvaultconf.FAIL) - raise Exception( - "Command restore_delete executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run snapshot_delete CLI by admin role snapshot_delete = command_argument_string.snapshot_delete + \ @@ -225,8 +223,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute snapshot_delete command by admin role", tvaultconf.FAIL) - raise Exception( - "Command snapshot_delete executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Delete workload with CLI by admin role workload_delete = command_argument_string.workload_delete + \ @@ -242,8 +239,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute workload_delete command by admin role", tvaultconf.FAIL) - raise Exception( - "Command workload_delete executed correctly by admin role") + reporting.set_test_script_status(tvaultconf.FAIL) # Use nonadmin credentials os.environ['OS_USERNAME'] = CONF.identity.nonadmin_user @@ -263,8 +259,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute workload_create command by default role", tvaultconf.FAIL) - raise Exception( - "Command workload_create executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run snapshot_create CLI by default role snapshot_create = command_argument_string.snapshot_create + \ @@ -280,8 +275,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute snapshot_create command by default role", tvaultconf.FAIL) - raise Exception( - "Command snapshot_create executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Create one-click restore using CLI by default role restore_command = command_argument_string.oneclick_restore + \ @@ -297,8 +291,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute restore_create command by default role", tvaultconf.FAIL) - raise Exception( - "Command restore_create executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run restore_delete CLI by default role restore_delete = command_argument_string.restore_delete + \ @@ -314,8 +307,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute restore_delete command by default role", tvaultconf.FAIL) - raise Exception( - "Command restore_delete executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Run snapshot_delete CLI by default role snapshot_delete = command_argument_string.snapshot_delete + \ @@ -332,8 +324,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute snapshot_delete command by default role", tvaultconf.FAIL) - raise Exception( - "Command snapshot_delete executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Delete workload with CLI by default role workload_delete = command_argument_string.workload_delete + \ @@ -349,8 +340,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Can not execute workload_delete command by default role", tvaultconf.FAIL) - raise Exception( - "Command workload_delete executed correctly by default role") + reporting.set_test_script_status(tvaultconf.FAIL) # Use backupuser credentials os.environ['OS_USERNAME'] = CONF.identity.backupuser @@ -364,8 +354,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Execute restore_delete command by backup role", tvaultconf.FAIL) - raise Exception( - "Command restore_delete did not execute correctly by backup role") + reporting.set_test_script_status(tvaultconf.FAIL) else: reporting.add_test_step( "Execute restore_delete command by backup role", @@ -388,8 +377,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Execute snapshot_delete command by backup role", tvaultconf.FAIL) - raise Exception( - "Command snapshot_delete did not execute correctly by backup role") + reporting.set_test_script_status(tvaultconf.FAIL) else: reporting.add_test_step( "Execute snapshot_delete command by backup role", @@ -407,8 +395,7 @@ def test_tvault_rbac_backuprole_touser_policyyaml(self): reporting.add_test_step( "Execute workload_delete command by backup role", tvaultconf.FAIL) - raise Exception( - "RBAC policy fails for workload deletion by backup role") + reporting.set_test_script_status(tvaultconf.FAIL) else: LOG.debug("Workload deleted successfully by backup role") reporting.add_test_step(