@@ -575,17 +575,40 @@ def vault_create_policy(self, policy_name=None):
575575 VaultOperationError exception
576576
577577 """
578- policy = (
579- f'path "{ self .vault_backend_path } \n '
580- f' capabilities = ["create", "read", "update","delete"]'
581- f"\n }}\n "
582- f'path "sys/mounts" {{\n '
583- f'capabilities = ["read"]\n '
584- f"}}"
585- )
586- vault_hcl = tempfile .NamedTemporaryFile (mode = "w+" , prefix = "test" , delete = False )
587- with open (vault_hcl .name , "w" ) as hcl :
588- hcl .write (policy )
578+ # Check if policy still exists
579+ cmd_list_policy = "vault policy list --format=json"
580+
581+ out = subprocess .check_output (shlex .split (cmd_list_policy ))
582+ json_out = json .loads (out )
583+ if self .vault_policy_name in json_out :
584+ # if policy already exists append the secondary cluster backend path to the policy
585+ poilcy_data = (
586+ f"\n }}\n "
587+ f'path "{ self .vault_backend_path } \n '
588+ f' capabilities = ["create", "read", "update","delete"]'
589+ )
590+ vault_hcl = tempfile .NamedTemporaryFile (
591+ mode = "a+" , prefix = "test" , delete = False
592+ )
593+ logger .info (
594+ f"Appending secondary cluster backend path to policy: { self .vault_policy_name }
595+ )
596+ with open (vault_hcl .name , "a" ) as hcl :
597+ hcl .write (poilcy_data )
598+ else :
599+ policy = (
600+ f'path "{ self .vault_backend_path } \n '
601+ f' capabilities = ["create", "read", "update","delete"]'
602+ f"\n }}\n "
603+ f'path "sys/mounts" {{\n '
604+ f'capabilities = ["read"]\n '
605+ f"}}"
606+ )
607+ vault_hcl = tempfile .NamedTemporaryFile (
608+ mode = "w+" , prefix = "test" , delete = False
609+ )
610+ with open (vault_hcl .name , "w" ) as hcl :
611+ hcl .write (policy )
589612
590613 if policy_name :
591614 self .vault_policy_name = policy_name
0 commit comments