diff options
author | Ashley Cui <acui@redhat.com> | 2021-01-15 01:27:23 -0500 |
---|---|---|
committer | Ashley Cui <acui@redhat.com> | 2021-02-09 09:13:21 -0500 |
commit | 832a69b0bee6ec289521fbd59ddd480372493ee3 (patch) | |
tree | 4c8a14b7fad879dc454c37f8b59120cf74ceafd1 /pkg/bindings/test | |
parent | 2aaf631586e82192e6b7b992e6b5c8717eb792d7 (diff) | |
download | podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.gz podman-832a69b0bee6ec289521fbd59ddd480372493ee3.tar.bz2 podman-832a69b0bee6ec289521fbd59ddd480372493ee3.zip |
Implement Secrets
Implement podman secret create, inspect, ls, rm
Implement podman run/create --secret
Secrets are blobs of data that are sensitive.
Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file.
After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname]
This secret will not be commited to an image on a podman commit
Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'pkg/bindings/test')
-rw-r--r-- | pkg/bindings/test/secrets_test.go | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/pkg/bindings/test/secrets_test.go b/pkg/bindings/test/secrets_test.go new file mode 100644 index 000000000..17c043e4b --- /dev/null +++ b/pkg/bindings/test/secrets_test.go @@ -0,0 +1,133 @@ +package test_bindings + +import ( + "context" + "net/http" + "strings" + "time" + + "github.com/containers/podman/v2/pkg/bindings" + "github.com/containers/podman/v2/pkg/bindings/secrets" + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "github.com/onsi/gomega/gexec" +) + +var _ = Describe("Podman secrets", func() { + var ( + bt *bindingTest + s *gexec.Session + connText context.Context + err error + ) + + BeforeEach(func() { + bt = newBindingTest() + bt.RestoreImagesFromCache() + s = bt.startAPIService() + time.Sleep(1 * time.Second) + connText, err = bindings.NewConnection(context.Background(), bt.sock) + Expect(err).To(BeNil()) + }) + + AfterEach(func() { + + s.Kill() + bt.cleanup() + }) + + It("create secret", func() { + r := strings.NewReader("mysecret") + name := "mysecret" + opts := &secrets.CreateOptions{ + Name: &name, + } + _, err := secrets.Create(connText, r, opts) + Expect(err).To(BeNil()) + + // should not be allowed to create duplicate secret name + _, err = secrets.Create(connText, r, opts) + Expect(err).To(Not(BeNil())) + }) + + It("inspect secret", func() { + r := strings.NewReader("mysecret") + name := "mysecret" + opts := &secrets.CreateOptions{ + Name: &name, + } + _, err := secrets.Create(connText, r, opts) + Expect(err).To(BeNil()) + + data, err := secrets.Inspect(connText, name, nil) + Expect(err).To(BeNil()) + Expect(data.Spec.Name).To(Equal(name)) + + // inspecting non-existent secret should fail + data, err = secrets.Inspect(connText, "notasecret", nil) + code, _ := bindings.CheckResponseCode(err) + Expect(code).To(BeNumerically("==", http.StatusNotFound)) + }) + + It("list secret", func() { + r := strings.NewReader("mysecret") + name := "mysecret" + opts := &secrets.CreateOptions{ + Name: &name, + } + _, err := secrets.Create(connText, r, opts) + Expect(err).To(BeNil()) + + data, err := secrets.List(connText, nil) + Expect(err).To(BeNil()) + Expect(data[0].Spec.Name).To(Equal(name)) + }) + + It("list multiple secret", func() { + r := strings.NewReader("mysecret") + name := "mysecret" + opts := &secrets.CreateOptions{ + Name: &name, + } + _, err := secrets.Create(connText, r, opts) + Expect(err).To(BeNil()) + + r2 := strings.NewReader("mysecret2") + name2 := "mysecret2" + opts2 := &secrets.CreateOptions{ + Name: &name2, + } + _, err = secrets.Create(connText, r2, opts2) + Expect(err).To(BeNil()) + + data, err := secrets.List(connText, nil) + Expect(err).To(BeNil()) + Expect(len(data)).To(Equal(2)) + }) + + It("list no secrets", func() { + data, err := secrets.List(connText, nil) + Expect(err).To(BeNil()) + Expect(len(data)).To(Equal(0)) + }) + + It("remove secret", func() { + r := strings.NewReader("mysecret") + name := "mysecret" + opts := &secrets.CreateOptions{ + Name: &name, + } + _, err := secrets.Create(connText, r, opts) + Expect(err).To(BeNil()) + + err = secrets.Remove(connText, name) + Expect(err).To(BeNil()) + + // removing non-existent secret should fail + err = secrets.Remove(connText, "nosecret") + Expect(err).To(Not(BeNil())) + code, _ := bindings.CheckResponseCode(err) + Expect(code).To(BeNumerically("==", http.StatusNotFound)) + }) + +}) |