From ea867b49ee10b581e7e3dbf62c36e7d1eaa64635 Mon Sep 17 00:00:00 2001
From: Casey Bodley <cbodley@redhat.com>
Date: Thu, 6 Mar 2025 13:13:36 -0500
Subject: [PATCH] qa/vault: create_secrets() cleanup checks for orphaned keys

the vault task creates some keys on startup for use in s3-tests. on
cleanup, check that rgw has removed any temporary bucket keys that
were created during testing. fail with an assertion if the listed keys
differ

Signed-off-by: Casey Bodley <cbodley@redhat.com>
---
 qa/suites/rgw/crypt/2-kms/vault_kv.yaml |  2 +-
 qa/tasks/vault.py                       | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/qa/suites/rgw/crypt/2-kms/vault_kv.yaml b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
index 9ee9366d0c4..0b512117cbb 100644
--- a/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
+++ b/qa/suites/rgw/crypt/2-kms/vault_kv.yaml
@@ -17,7 +17,7 @@ tasks:
       install_sha256: 7725b35d9ca8be3668abe63481f0731ca4730509419b4eb29fa0b0baa4798458
       root_token: test_root_token
       engine: kv
-      prefix: /v1/kv/data/
+      prefix: /v1/kv/
       secrets:
         - path: my-key-1
           secret: a2V5MS5GcWVxKzhzTGNLaGtzQkg5NGVpb1FKcFpGb2c=
diff --git a/qa/tasks/vault.py b/qa/tasks/vault.py
index ae874eb55e3..848d50ec014 100644
--- a/qa/tasks/vault.py
+++ b/qa/tasks/vault.py
@@ -173,8 +173,8 @@ def send_req(ctx, cconfig, client, path, body, method='POST'):
     headers = {'X-Vault-Token': token}
     req.request(method, path, headers=headers, body=body)
     resp = req.getresponse()
-    log.info(resp.read())
     if not (resp.status >= 200 and resp.status < 300):
+        log.info(resp.read())
         raise Exception("Request to Vault server failed with status %d" % resp.status)
     return resp
 
@@ -198,6 +198,7 @@ def create_secrets(ctx, config):
         exportable = secret.get("exportable", flavor == "old")
 
         if engine == 'kv':
+            path = urljoin('data/', path)
             try:
                 data = {
                     "data": {
@@ -216,8 +217,21 @@ def create_secrets(ctx, config):
         ctx.vault.keys[cclient].append({ 'Path': path });
 
     log.info("secrets created")
+
+    list_url = prefix
+    if engine == 'kv':
+        list_url = urljoin(prefix, 'metadata')
+
+    resp = send_req(ctx, cconfig, cclient, list_url, b'', 'LIST')
+    keys_created = json.loads(resp.read())['data']['keys']
+    assert len(keys_created) == len(ctx.vault.keys[cclient])
+
     yield
 
+    # fetch another listing and verify that no additional keys are left over
+    resp = send_req(ctx, cconfig, cclient, list_url, b'', 'LIST')
+    keys_after = json.loads(resp.read())['data']['keys']
+    assert keys_created == keys_after
 
 @contextlib.contextmanager
 def task(ctx, config):
-- 
2.39.5