diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-01 07:19:41 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-01 07:19:41 -0400 |
commit | 5c3369951573d2079eca0be7fdc40a96933ab977 (patch) | |
tree | 33247cbc6f4bc000f44a6ed550b03bb28a8deb63 | |
parent | 331b35996f8e94dac42ca188ff383a5179a4c2bc (diff) | |
parent | 1fb07c4225feb2eec9ffcf7ca039b373cfd69ed7 (diff) | |
download | podman-5c3369951573d2079eca0be7fdc40a96933ab977.tar.gz podman-5c3369951573d2079eca0be7fdc40a96933ab977.tar.bz2 podman-5c3369951573d2079eca0be7fdc40a96933ab977.zip |
Merge pull request #11376 from ashley-cui/envsec
Make secret env var available to exec session
-rw-r--r-- | libpod/oci_conmon_exec_linux.go | 13 | ||||
-rw-r--r-- | test/e2e/exec_test.go | 30 |
2 files changed, 43 insertions, 0 deletions
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go index c4bae9b78..5a7677b04 100644 --- a/libpod/oci_conmon_exec_linux.go +++ b/libpod/oci_conmon_exec_linux.go @@ -684,6 +684,19 @@ func prepareProcessExec(c *Container, options *ExecOptions, env []string, sessio pspec.Env = append(pspec.Env, env...) } + // Add secret envs if they exist + manager, err := c.runtime.SecretsManager() + if err != nil { + return nil, err + } + for name, secr := range c.config.EnvSecrets { + _, data, err := manager.LookupSecretData(secr.Name) + if err != nil { + return nil, err + } + pspec.Env = append(pspec.Env, fmt.Sprintf("%s=%s", name, string(data))) + } + if options.Cwd != "" { pspec.Cwd = options.Cwd } diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 02680e739..65d60b24d 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -2,7 +2,9 @@ package integration import ( "fmt" + "io/ioutil" "os" + "path/filepath" "strings" . "github.com/containers/podman/v3/test/utils" @@ -540,4 +542,32 @@ RUN useradd -u 1000 auser`, fedoraMinimal) stop.WaitWithDefaultTimeout() Expect(stop).Should(Exit(0)) }) + + It("podman exec with env var secret", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "-t", "-i", "-d", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"exec", "secr", "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring(secretsString)) + + session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Not(ContainSubstring(secretsString))) + }) }) |