summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorcdoern <cdoern@redhat.com>2022-06-07 16:37:59 -0400
committerCharlie Doern <cdoern@redhat.com>2022-07-20 12:55:33 -0400
commit438fef1caa26a1f09cd7be341e854d4bd5726c2b (patch)
treee449aceae653fcce93fe38aa38a60d08a95bda1e /test
parent8c9eff5b12eebe318be1f905562be6a236285caa (diff)
downloadpodman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.tar.gz
podman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.tar.bz2
podman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.zip
kube secret handling for podman play kube
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file. Kubernetes secrets have a different structure than podman and therefore have to be handeled differently. In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets to come! resolves #12396 Signed-off-by: Charlie Doern <cdoern@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/play_kube_test.go142
1 files changed, 141 insertions, 1 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 457aaebb2..ba8f3cc0d 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -29,6 +29,76 @@ import (
"github.com/opencontainers/selinux/go-selinux"
)
+var secretYaml = `
+apiVersion: v1
+kind: Secret
+metadata:
+ name: newsecret
+type: Opaque
+data:
+ username: dXNlcg==
+ password: NTRmNDFkMTJlOGZh
+`
+
+var complexSecretYaml = `
+apiVersion: v1
+kind: Secret
+metadata:
+ name: newsecrettwo
+type: Opaque
+data:
+ username: Y2RvZXJuCg==
+ password: dGVzdGluZ3Rlc3RpbmcK
+ note: a3ViZSBzZWNyZXRzIGFyZSBjb29sIQo=
+`
+
+var secretPodYaml = `
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mypod
+spec:
+ containers:
+ - name: myctr
+ image: quay.io/libpod/alpine_nginx:latest
+ volumeMounts:
+ - name: foo
+ mountPath: /etc/foo
+ readOnly: true
+ volumes:
+ - name: foo
+ secret:
+ secretName: newsecret
+ optional: false
+`
+
+var secretPodYamlTwo = `
+apiVersion: v1
+kind: Pod
+metadata:
+ name: mypod2
+spec:
+ containers:
+ - name: myctr
+ image: quay.io/libpod/alpine_nginx:latest
+ volumeMounts:
+ - name: foo
+ mountPath: /etc/foo
+ readOnly: true
+ - name: bar
+ mountPath: /etc/bar
+ readOnly: true
+ volumes:
+ - name: foo
+ secret:
+ secretName: newsecret
+ optional: false
+ - name: bar
+ secret:
+ secretName: newsecrettwo
+ optional: false
+`
+
var unknownKindYaml = `
apiVersion: v1
kind: UnknownKind
@@ -3468,7 +3538,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q
SkipIfRemote("cannot run in a remote setup")
address := url.URL{
Scheme: "tcp",
- Host: net.JoinHostPort("localhost", randomPort()),
+ Host: net.JoinHostPort("localhost", "8080"),
}
session := podmanTest.Podman([]string{
@@ -3832,4 +3902,74 @@ ENV OPENJ9_JAVA_OPTIONS=%q
Expect(kube).Should(Exit(125))
})
+ It("podman play kube secret as volume support", func() {
+ err := writeYaml(secretYaml, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ secretList := podmanTest.Podman([]string{"secret", "list"})
+ secretList.WaitWithDefaultTimeout()
+ Expect(secretList).Should(Exit(0))
+ Expect(secretList.OutputToString()).Should(ContainSubstring("newsecret"))
+
+ err = writeYaml(secretPodYaml, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube = podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ exec := podmanTest.Podman([]string{"exec", "-it", "mypod-myctr", "cat", "/etc/foo/username"})
+ exec.WaitWithDefaultTimeout()
+ Expect(exec).Should(Exit(0))
+ Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg=="))
+
+ secretRm := podmanTest.Podman([]string{"secret", "rm", "newsecret"})
+ secretRm.WaitWithDefaultTimeout()
+ Expect(secretRm).Should(Exit(0))
+
+ podRm := podmanTest.Podman([]string{"pod", "rm", "-f", "mypod"})
+ podRm.WaitWithDefaultTimeout()
+ Expect(podRm).Should(Exit(0))
+
+ yamls := []string{secretYaml, secretPodYaml}
+ err = generateMultiDocKubeYaml(yamls, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube = podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ // do not remove newsecret to test that we auto remove on collision
+
+ yamls = []string{secretYaml, complexSecretYaml}
+ err = generateMultiDocKubeYaml(yamls, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube = podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ err = writeYaml(secretPodYamlTwo, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube = podmanTest.Podman([]string{"play", "kube", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube).Should(Exit(0))
+
+ exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/foo/username"})
+ exec.WaitWithDefaultTimeout()
+ Expect(exec).Should(Exit(0))
+ Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg=="))
+
+ exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/bar/username"})
+ exec.WaitWithDefaultTimeout()
+ Expect(exec).Should(Exit(0))
+ Expect(exec.OutputToString()).Should(ContainSubstring("Y2RvZXJuCg=="))
+
+ })
+
})