diff options
author | cdoern <cdoern@redhat.com> | 2022-06-07 16:37:59 -0400 |
---|---|---|
committer | Charlie Doern <cdoern@redhat.com> | 2022-07-20 12:55:33 -0400 |
commit | 438fef1caa26a1f09cd7be341e854d4bd5726c2b (patch) | |
tree | e449aceae653fcce93fe38aa38a60d08a95bda1e /test | |
parent | 8c9eff5b12eebe318be1f905562be6a236285caa (diff) | |
download | podman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.tar.gz podman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.tar.bz2 podman-438fef1caa26a1f09cd7be341e854d4bd5726c2b.zip |
kube secret handling for podman play kube
add support for both creating a secret using yaml and mounting a secret as a volume given a yaml file.
Kubernetes secrets have a different structure than podman and therefore have to be handeled differently.
In this PR, I have introduced the basic usecases of kube secrets with more implementations like env secrets
to come!
resolves #12396
Signed-off-by: Charlie Doern <cdoern@redhat.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/e2e/play_kube_test.go | 142 |
1 files changed, 141 insertions, 1 deletions
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index 457aaebb2..ba8f3cc0d 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -29,6 +29,76 @@ import ( "github.com/opencontainers/selinux/go-selinux" ) +var secretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecret +type: Opaque +data: + username: dXNlcg== + password: NTRmNDFkMTJlOGZh +` + +var complexSecretYaml = ` +apiVersion: v1 +kind: Secret +metadata: + name: newsecrettwo +type: Opaque +data: + username: Y2RvZXJuCg== + password: dGVzdGluZ3Rlc3RpbmcK + note: a3ViZSBzZWNyZXRzIGFyZSBjb29sIQo= +` + +var secretPodYaml = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false +` + +var secretPodYamlTwo = ` +apiVersion: v1 +kind: Pod +metadata: + name: mypod2 +spec: + containers: + - name: myctr + image: quay.io/libpod/alpine_nginx:latest + volumeMounts: + - name: foo + mountPath: /etc/foo + readOnly: true + - name: bar + mountPath: /etc/bar + readOnly: true + volumes: + - name: foo + secret: + secretName: newsecret + optional: false + - name: bar + secret: + secretName: newsecrettwo + optional: false +` + var unknownKindYaml = ` apiVersion: v1 kind: UnknownKind @@ -3468,7 +3538,7 @@ ENV OPENJ9_JAVA_OPTIONS=%q SkipIfRemote("cannot run in a remote setup") address := url.URL{ Scheme: "tcp", - Host: net.JoinHostPort("localhost", randomPort()), + Host: net.JoinHostPort("localhost", "8080"), } session := podmanTest.Podman([]string{ @@ -3832,4 +3902,74 @@ ENV OPENJ9_JAVA_OPTIONS=%q Expect(kube).Should(Exit(125)) }) + It("podman play kube secret as volume support", func() { + err := writeYaml(secretYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube := podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + secretList := podmanTest.Podman([]string{"secret", "list"}) + secretList.WaitWithDefaultTimeout() + Expect(secretList).Should(Exit(0)) + Expect(secretList.OutputToString()).Should(ContainSubstring("newsecret")) + + err = writeYaml(secretPodYaml, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec := podmanTest.Podman([]string{"exec", "-it", "mypod-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + secretRm := podmanTest.Podman([]string{"secret", "rm", "newsecret"}) + secretRm.WaitWithDefaultTimeout() + Expect(secretRm).Should(Exit(0)) + + podRm := podmanTest.Podman([]string{"pod", "rm", "-f", "mypod"}) + podRm.WaitWithDefaultTimeout() + Expect(podRm).Should(Exit(0)) + + yamls := []string{secretYaml, secretPodYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + // do not remove newsecret to test that we auto remove on collision + + yamls = []string{secretYaml, complexSecretYaml} + err = generateMultiDocKubeYaml(yamls, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + err = writeYaml(secretPodYamlTwo, kubeYaml) + Expect(err).To(BeNil()) + + kube = podmanTest.Podman([]string{"play", "kube", kubeYaml}) + kube.WaitWithDefaultTimeout() + Expect(kube).Should(Exit(0)) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/foo/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("dXNlcg==")) + + exec = podmanTest.Podman([]string{"exec", "-it", "mypod2-myctr", "cat", "/etc/bar/username"}) + exec.WaitWithDefaultTimeout() + Expect(exec).Should(Exit(0)) + Expect(exec.OutputToString()).Should(ContainSubstring("Y2RvZXJuCg==")) + + }) + }) |