Add support for environment variable secrets

Env var secrets are env vars that are set inside the container but not commited to and image. Also support reading from env var when creating a secret. Signed-off-by: Ashley Cui <acui@redhat.com>
author: Ashley Cui <acui@redhat.com> 2021-05-05 10:34:13 -0400
committer: Ashley Cui <acui@redhat.com> 2021-05-06 14:00:57 -0400
commit: 2634cb234f1500b76a2fd89351b9ad8a737a24ea (patch)
tree: 10fb9e9dc38ef35ecd9390b43effe5dc667578b0 /test/e2e/run_test.go
parent: 476c76f580d5cd092ff958765af36857b2a68d6c (diff)
download: podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.tar.gz
podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.tar.bz2
podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.zip
1 files changed, 89 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index 93505d742..4859db524 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1589,6 +1589,95 @@ WORKDIR /madethis`, BB)
 
 	})
 
+	It("podman run --secret source=mysecret,type=mount", func() {
+		secretsString := "somesecretdata"
+		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+		err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal(secretsString))
+
+		session = podmanTest.Podman([]string{"inspect", "secr", "--format", " {{(index .Config.Secrets 0).Name}}"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(ContainSubstring("mysecret"))
+
+	})
+
+	It("podman run --secret source=mysecret,type=env", func() {
+		secretsString := "somesecretdata"
+		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+		err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "printenv", "mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal(secretsString))
+	})
+
+	It("podman run --secret target option", func() {
+		secretsString := "somesecretdata"
+		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+		err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		// target with mount type should fail
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount,target=anotherplace", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env,target=anotherplace", "--name", "secr", ALPINE, "printenv", "anotherplace"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+		Expect(session.OutputToString()).To(Equal(secretsString))
+	})
+
+	It("podman run invalid secret option", func() {
+		secretsString := "somesecretdata"
+		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+		err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+		Expect(err).To(BeNil())
+
+		session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Equal(0))
+
+		// Invalid type
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=other", "--name", "secr", ALPINE, "printenv", "mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
+		// Invalid option
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,invalid=invalid", "--name", "secr", ALPINE, "printenv", "mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
+		// Option syntax not valid
+		session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type", "--name", "secr", ALPINE, "printenv", "mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+
+		// No source given
+		session = podmanTest.Podman([]string{"run", "--secret", "type=env", "--name", "secr", ALPINE, "printenv", "mysecret"})
+		session.WaitWithDefaultTimeout()
+		Expect(session.ExitCode()).To(Not(Equal(0)))
+	})
+
 	It("podman run --requires", func() {
 		depName := "ctr1"
 		depContainer := podmanTest.Podman([]string{"create", "--name", depName, ALPINE, "top"})
author	Ashley Cui <acui@redhat.com>	2021-05-05 10:34:13 -0400
committer	Ashley Cui <acui@redhat.com>	2021-05-06 14:00:57 -0400
commit	2634cb234f1500b76a2fd89351b9ad8a737a24ea (patch)
tree	10fb9e9dc38ef35ecd9390b43effe5dc667578b0 /test/e2e/run_test.go
parent	476c76f580d5cd092ff958765af36857b2a68d6c (diff)
download	podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.tar.gz podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.tar.bz2 podman-2634cb234f1500b76a2fd89351b9ad8a737a24ea.zip