summaryrefslogtreecommitdiff
path: root/pkg/bindings/test/secrets_test.go
diff options
context:
space:
mode:
authorAshley Cui <acui@redhat.com>2021-01-15 01:27:23 -0500
committerAshley Cui <acui@redhat.com>2021-02-09 09:13:21 -0500
commit832a69b0bee6ec289521fbd59ddd480372493ee3 (patch)
tree4c8a14b7fad879dc454c37f8b59120cf74ceafd1 /pkg/bindings/test/secrets_test.go
parent2aaf631586e82192e6b7b992e6b5c8717eb792d7 (diff)
downloadpodman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.gz
podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.bz2
podman-832a69b0bee6ec289521fbd59ddd480372493ee3.zip
Implement Secrets
Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'pkg/bindings/test/secrets_test.go')
-rw-r--r--pkg/bindings/test/secrets_test.go133
1 files changed, 133 insertions, 0 deletions
diff --git a/pkg/bindings/test/secrets_test.go b/pkg/bindings/test/secrets_test.go
new file mode 100644
index 000000000..17c043e4b
--- /dev/null
+++ b/pkg/bindings/test/secrets_test.go
@@ -0,0 +1,133 @@
+package test_bindings
+
+import (
+ "context"
+ "net/http"
+ "strings"
+ "time"
+
+ "github.com/containers/podman/v2/pkg/bindings"
+ "github.com/containers/podman/v2/pkg/bindings/secrets"
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+ "github.com/onsi/gomega/gexec"
+)
+
+var _ = Describe("Podman secrets", func() {
+ var (
+ bt *bindingTest
+ s *gexec.Session
+ connText context.Context
+ err error
+ )
+
+ BeforeEach(func() {
+ bt = newBindingTest()
+ bt.RestoreImagesFromCache()
+ s = bt.startAPIService()
+ time.Sleep(1 * time.Second)
+ connText, err = bindings.NewConnection(context.Background(), bt.sock)
+ Expect(err).To(BeNil())
+ })
+
+ AfterEach(func() {
+
+ s.Kill()
+ bt.cleanup()
+ })
+
+ It("create secret", func() {
+ r := strings.NewReader("mysecret")
+ name := "mysecret"
+ opts := &secrets.CreateOptions{
+ Name: &name,
+ }
+ _, err := secrets.Create(connText, r, opts)
+ Expect(err).To(BeNil())
+
+ // should not be allowed to create duplicate secret name
+ _, err = secrets.Create(connText, r, opts)
+ Expect(err).To(Not(BeNil()))
+ })
+
+ It("inspect secret", func() {
+ r := strings.NewReader("mysecret")
+ name := "mysecret"
+ opts := &secrets.CreateOptions{
+ Name: &name,
+ }
+ _, err := secrets.Create(connText, r, opts)
+ Expect(err).To(BeNil())
+
+ data, err := secrets.Inspect(connText, name, nil)
+ Expect(err).To(BeNil())
+ Expect(data.Spec.Name).To(Equal(name))
+
+ // inspecting non-existent secret should fail
+ data, err = secrets.Inspect(connText, "notasecret", nil)
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusNotFound))
+ })
+
+ It("list secret", func() {
+ r := strings.NewReader("mysecret")
+ name := "mysecret"
+ opts := &secrets.CreateOptions{
+ Name: &name,
+ }
+ _, err := secrets.Create(connText, r, opts)
+ Expect(err).To(BeNil())
+
+ data, err := secrets.List(connText, nil)
+ Expect(err).To(BeNil())
+ Expect(data[0].Spec.Name).To(Equal(name))
+ })
+
+ It("list multiple secret", func() {
+ r := strings.NewReader("mysecret")
+ name := "mysecret"
+ opts := &secrets.CreateOptions{
+ Name: &name,
+ }
+ _, err := secrets.Create(connText, r, opts)
+ Expect(err).To(BeNil())
+
+ r2 := strings.NewReader("mysecret2")
+ name2 := "mysecret2"
+ opts2 := &secrets.CreateOptions{
+ Name: &name2,
+ }
+ _, err = secrets.Create(connText, r2, opts2)
+ Expect(err).To(BeNil())
+
+ data, err := secrets.List(connText, nil)
+ Expect(err).To(BeNil())
+ Expect(len(data)).To(Equal(2))
+ })
+
+ It("list no secrets", func() {
+ data, err := secrets.List(connText, nil)
+ Expect(err).To(BeNil())
+ Expect(len(data)).To(Equal(0))
+ })
+
+ It("remove secret", func() {
+ r := strings.NewReader("mysecret")
+ name := "mysecret"
+ opts := &secrets.CreateOptions{
+ Name: &name,
+ }
+ _, err := secrets.Create(connText, r, opts)
+ Expect(err).To(BeNil())
+
+ err = secrets.Remove(connText, name)
+ Expect(err).To(BeNil())
+
+ // removing non-existent secret should fail
+ err = secrets.Remove(connText, "nosecret")
+ Expect(err).To(Not(BeNil()))
+ code, _ := bindings.CheckResponseCode(err)
+ Expect(code).To(BeNumerically("==", http.StatusNotFound))
+ })
+
+})