Adding kms policy name for same kms encryption keys

ocs_ci/utility/kms.py

@@ -129,7 +129,7 @@ def __init__(self):
             "VAULT_BACKEND", defaults.VAULT_DEFAULT_BACKEND_VERSION
         )
         self.kmsid = None
-        self.vault_policy_name = None
+        self.vault_policy_name = self.kms_vault_policy_name
         self.vault_kube_auth_path = "kubernetes"
         self.vault_kube_auth_role = constants.VAULT_KUBERNETES_AUTH_ROLE
         self.vault_kube_auth_namespace = None
@@ -147,6 +147,16 @@ def vault_path_token(self, value):
         # For setting values in test cases
         Vault._vault_path_token = value
 
+    @property
+    def kms_vault_policy_name(self):
+        cluster_name = config.ENV_DATA.get("cluster_name")
+        if config.multicluster:
+            with config.RunWithPrimaryConfigContext():
+                cluster_name = config.ENV_DATA.get("cluster_name")
+        policy_name = f"kpn_{cluster_name}"
+        logger.info(f"Vault policy name will be {policy_name}")
+        return policy_name
+
     def deploy(self):
         """
         This function delegates the deployment of vault
@@ -555,7 +565,7 @@ def vault_create_backend_path(self, backend_path=None, kv_version=None):
                     f"Failed to create path f{self.vault_backend_path}"
                 )
         if not backend_path:
-            self.vault_create_policy()
+            self.vault_create_policy(policy_name=self.vault_policy_name)
 
     def vault_create_policy(self, policy_name=None):
         """
@@ -565,17 +575,40 @@ def vault_create_policy(self, policy_name=None):
             VaultOperationError exception
 
         """
-        policy = (
-            f'path "{self.vault_backend_path}/*" {{\n'
-            f'  capabilities = ["create", "read", "update","delete"]'
-            f"\n}}\n"
-            f'path "sys/mounts" {{\n'
-            f'capabilities = ["read"]\n'
-            f"}}"
-        )
-        vault_hcl = tempfile.NamedTemporaryFile(mode="w+", prefix="test", delete=False)
-        with open(vault_hcl.name, "w") as hcl:
-            hcl.write(policy)
+        # Check if policy still exists
+        cmd_list_policy = "vault policy list --format=json"
+
+        out = subprocess.check_output(shlex.split(cmd_list_policy))
+        json_out = json.loads(out)
+        if self.vault_policy_name in json_out:
+            # if policy already exists append the secondary cluster backend path to the policy
+            poilcy_data = (
+                f"\n}}\n"
+                f'path "{self.vault_backend_path}/*" {{\n'
+                f'  capabilities = ["create", "read", "update","delete"]'
+            )
+            vault_hcl = tempfile.NamedTemporaryFile(
+                mode="a+", prefix="test", delete=False
+            )
+            logger.info(
+                f"Appending secondary cluster backend path to policy: {self.vault_policy_name}"
+            )
+            with open(vault_hcl.name, "a") as hcl:
+                hcl.write(poilcy_data)
+        else:
+            policy = (
+                f'path "{self.vault_backend_path}/*" {{\n'
+                f'  capabilities = ["create", "read", "update","delete"]'
+                f"\n}}\n"
+                f'path "sys/mounts" {{\n'
+                f'capabilities = ["read"]\n'
+                f"}}"
+            )
+            vault_hcl = tempfile.NamedTemporaryFile(
+                mode="w+", prefix="test", delete=False
+            )
+            with open(vault_hcl.name, "w") as hcl:
+                hcl.write(policy)
 
         if policy_name:
             self.vault_policy_name = policy_name
@@ -808,20 +841,25 @@ def remove_vault_policy(self, vault_namespace=None):
         Args:
             vault namespace (str): Namespace in Vault, if exists, where the backend path is created
         """
-
-        if vault_namespace:
-            cmd = f"vault policy delete -namespace={vault_namespace} {self.vault_policy_name} "
-        else:
-            cmd = f"vault policy delete {self.vault_policy_name}"
-        subprocess.check_output(shlex.split(cmd))
-
         # Check if policy still exists
         if vault_namespace:
-            cmd = f"vault policy list -namespace={vault_namespace} --format=json"
+            cmd_list_policy = (
+                f"vault policy list -namespace={vault_namespace} --format=json"
+            )
         else:
-            cmd = "vault policy list --format=json"
+            cmd_list_policy = "vault policy list --format=json"
 
-        out = subprocess.check_output(shlex.split(cmd))
+        out = subprocess.check_output(shlex.split(cmd_list_policy))
+        json_out = json.loads(out)
+        if self.vault_policy_name in json_out:
+            if vault_namespace:
+                cmd = f"vault policy delete -namespace={vault_namespace} {self.vault_policy_name} "
+            else:
+                cmd = f"vault policy delete {self.vault_policy_name}"
+            subprocess.check_output(shlex.split(cmd))
+
+        # Check if policy still exists
+        out = subprocess.check_output(shlex.split(cmd_list_policy))
         json_out = json.loads(out)
         if self.vault_policy_name in json_out:
             raise KMSResourceCleaneupError(