summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorAshley Cui <acui@redhat.com>2021-05-14 16:29:44 -0400
committerAshley Cui <acui@redhat.com>2021-05-17 14:35:55 -0400
commitcf30f160ad599cac0f3dc300f673d88f60128275 (patch)
tree140d265481fc1b2e02a0f903729253e6c631dada /test
parent2b0b97150a01c5a3c1706dd369a0caeb5cf6ec09 (diff)
downloadpodman-cf30f160ad599cac0f3dc300f673d88f60128275.tar.gz
podman-cf30f160ad599cac0f3dc300f673d88f60128275.tar.bz2
podman-cf30f160ad599cac0f3dc300f673d88f60128275.zip
Support uid,gid,mode options for secrets
Support UID, GID, Mode options for mount type secrets. Also, change default secret permissions to 444 so all users can read secret. Signed-off-by: Ashley Cui <acui@redhat.com>
Diffstat (limited to 'test')
-rw-r--r--test/e2e/run_test.go48
1 files changed, 48 insertions, 0 deletions
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index f27ded5d2..58538b689 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -1669,6 +1669,49 @@ WORKDIR /madethis`, BB)
Expect(session.OutputToString()).To(Equal(secretsString))
})
+ It("podman run --secret mount with uid, gid, mode options", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ // check default permissions
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "secr", ALPINE, "ls", "-l", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ output := session.OutputToString()
+ Expect(output).To(ContainSubstring("-r--r--r--"))
+ Expect(output).To(ContainSubstring("root"))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount,uid=1000,gid=1001,mode=777", "--name", "secr2", ALPINE, "ls", "-ln", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ output = session.OutputToString()
+ Expect(output).To(ContainSubstring("-rwxrwxrwx"))
+ Expect(output).To(ContainSubstring("1000"))
+ Expect(output).To(ContainSubstring("1001"))
+ })
+
+ It("podman run --secret with --user", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "nonroot", "--user", "200:200", ALPINE, "cat", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(secretsString))
+ })
+
It("podman run invalid secret option", func() {
secretsString := "somesecretdata"
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
@@ -1694,6 +1737,11 @@ WORKDIR /madethis`, BB)
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(Not(Equal(0)))
+ // mount option with env type
+ session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env,uid=1000", "--name", "secr", ALPINE, "printenv", "mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+
// No source given
session = podmanTest.Podman([]string{"run", "--secret", "type=env", "--name", "secr", ALPINE, "printenv", "mysecret"})
session.WaitWithDefaultTimeout()