diff options
author | umohnani8 <umohnani@redhat.com> | 2018-04-26 11:29:02 -0400 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-04-26 16:33:25 +0000 |
commit | 6ac8a24db4ab3e2bbc85feca2bee8cb1c868c7f6 (patch) | |
tree | 7fb44c59e3c9feae18d402dda0c899a959e61459 | |
parent | d7d0e13837a0a2ce0b5432373892d28dbbfc0342 (diff) | |
download | podman-6ac8a24db4ab3e2bbc85feca2bee8cb1c868c7f6.tar.gz podman-6ac8a24db4ab3e2bbc85feca2bee8cb1c868c7f6.tar.bz2 podman-6ac8a24db4ab3e2bbc85feca2bee8cb1c868c7f6.zip |
Add --default-mounts-file hidden flag
The hidden flag is used to override the path of the default mounts file
for testing purposes.
Also modified the secrets pkg to allow for this override to happen.
Signed-off-by: umohnani8 <umohnani@redhat.com>
Closes: #678
Approved by: mheon
-rw-r--r-- | cmd/podman/main.go | 5 | ||||
-rw-r--r-- | cmd/podman/utils.go | 3 | ||||
-rw-r--r-- | libpod/container_internal.go | 2 | ||||
-rw-r--r-- | libpod/options.go | 13 | ||||
-rw-r--r-- | libpod/runtime.go | 2 | ||||
-rw-r--r-- | pkg/secrets/secrets.go | 9 | ||||
-rw-r--r-- | test/e2e/run_test.go | 9 |
7 files changed, 34 insertions, 9 deletions
diff --git a/cmd/podman/main.go b/cmd/podman/main.go index a283c2622..aefde3b93 100644 --- a/cmd/podman/main.go +++ b/cmd/podman/main.go @@ -125,6 +125,11 @@ func main() { Usage: "path for the cpu profiling results", }, cli.StringFlag{ + Name: "default-mounts-file", + Usage: "path to default mounts file", + Hidden: true, + }, + cli.StringFlag{ Name: "hooks-dir-path", Usage: "set the OCI hooks directory path", Value: hooks.DefaultHooksDir, diff --git a/cmd/podman/utils.go b/cmd/podman/utils.go index cf0047db9..a74c338cc 100644 --- a/cmd/podman/utils.go +++ b/cmd/podman/utils.go @@ -58,6 +58,9 @@ func getRuntime(c *cli.Context) (*libpod.Runtime, error) { if c.GlobalIsSet("cni-config-dir") { options = append(options, libpod.WithCNIConfigDir(c.GlobalString("cni-config-dir"))) } + if c.GlobalIsSet("default-mounts-file") { + options = append(options, libpod.WithDefaultMountsFile(c.GlobalString("default-mounts-file"))) + } options = append(options, libpod.WithHooksDir(c.GlobalString("hooks-dir-path"))) // TODO flag to set CNI plugins dir? diff --git a/libpod/container_internal.go b/libpod/container_internal.go index 561b8853d..740824e1b 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -753,7 +753,7 @@ func (c *Container) makeBindMounts() error { } // Add Secret Mounts - secretMounts := secrets.SecretMounts(c.config.MountLabel, c.state.RunDir) + secretMounts := secrets.SecretMounts(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile) for _, mount := range secretMounts { if _, ok := c.state.BindMounts[mount.Destination]; !ok { c.state.BindMounts[mount.Destination] = mount.Source diff --git a/libpod/options.go b/libpod/options.go index 2c51b5834..202cfe9a3 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -186,6 +186,19 @@ func WithHooksDir(hooksDir string) RuntimeOption { } } +// WithDefaultMountsFile sets the file to look at for default mounts (mainly secrets) +// Note we are not saving this in the database as it is for testing purposes only +func WithDefaultMountsFile(mountsFile string) RuntimeOption { + return func(rt *Runtime) error { + if rt.valid { + return ErrRuntimeFinalized + } + + rt.config.DefaultMountsFile = []string{mountsFile} + return nil + } +} + // WithTmpDir sets the directory that temporary runtime files which are not // expected to survive across reboots will be stored // This should be located on a tmpfs mount (/tmp or /var/run for example) diff --git a/libpod/runtime.go b/libpod/runtime.go index 168e27c67..f46fc8851 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -131,6 +131,8 @@ type RuntimeConfig struct { CNIPluginDir []string `toml:"cni_plugin_dir"` // HooksDir Path to the directory containing hooks configuration files HooksDir string `toml:"hooks_dir"` + // DefaultMountsFile is the path to the default mounts file for testing purposes only + DefaultMountsFile []string `toml:"-"` } var ( diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go index 9b328575b..54d1ae5ad 100644 --- a/pkg/secrets/secrets.go +++ b/pkg/secrets/secrets.go @@ -127,10 +127,15 @@ func getMountsMap(path string) (string, string, error) { } // SecretMounts copies, adds, and mounts the secrets to the container root filesystem -func SecretMounts(mountLabel, containerWorkingDir string) []rspec.Mount { +func SecretMounts(mountLabel, containerWorkingDir string, mountFile []string) []rspec.Mount { var secretMounts []rspec.Mount // Add secrets from paths given in the mounts.conf files - for _, file := range []string{OverrideMountsFile, DefaultMountsFile} { + // mountFile will have a value if the hidden --default-mounts-file flag is set + // Note for testing purposes only + if len(mountFile) == 0 { + mountFile = append(mountFile, []string{OverrideMountsFile, DefaultMountsFile}...) + } + for _, file := range mountFile { mounts, err := addSecretsFromMountsFile(file, mountLabel, containerWorkingDir) if err != nil { logrus.Warnf("error mounting secrets, skipping: %v", err) diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index cfeabe6a0..5eb21c433 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -260,7 +260,7 @@ var _ = Describe("Podman run", func() { }) It("podman run with secrets", func() { - containersDir := "/usr/share/containers" + containersDir := filepath.Join(podmanTest.TempDir, "containers") err := os.MkdirAll(containersDir, 0755) Expect(err).To(BeNil()) @@ -288,18 +288,15 @@ var _ = Describe("Podman run", func() { execSession.WaitWithDefaultTimeout() Expect(execSession.ExitCode()).To(Equal(0)) - session := podmanTest.Podman([]string{"run", "--rm", ALPINE, "cat", "/run/secrets/test.txt"}) + session := podmanTest.Podman([]string{"--default-mounts-file=" + mountsFile, "run", "--rm", ALPINE, "cat", "/run/secrets/test.txt"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(Equal(secretsString)) - session = podmanTest.Podman([]string{"run", "--rm", ALPINE, "ls", "/run/secrets/mysymlink"}) + session = podmanTest.Podman([]string{"--default-mounts-file=" + mountsFile, "run", "--rm", ALPINE, "ls", "/run/secrets/mysymlink"}) session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) Expect(session.OutputToString()).To(ContainSubstring("key.pem")) - - err = os.RemoveAll(containersDir) - Expect(err).To(BeNil()) }) It("podman run with FIPS mode secrets", func() { |