1 files changed, 341 insertions, 18 deletions

diff --git a/pkg/specgen/generate/kube/play_test.go b/pkg/specgen/generate/kube/play_test.go
index 148540e9f..f714826f0 100644
--- a/pkg/specgen/generate/kube/play_test.go
+++ b/pkg/specgen/generate/kube/play_test.go
@@ -1,19 +1,49 @@
 package kube
 
 import (
+	"encoding/json"
+	"io/ioutil"
+	"os"
 	"testing"
 
+	"github.com/containers/common/pkg/secrets"
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/core/v1"
 	v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func TestEnvVarsFromConfigMap(t *testing.T) {
+func createSecrets(t *testing.T, d string) *secrets.SecretsManager {
+	secretsManager, err := secrets.NewManager(d)
+	assert.NoError(t, err)
+
+	driver := "file"
+	driverOpts := map[string]string{
+		"path": d,
+	}
+
+	for _, s := range k8sSecrets {
+		data, err := json.Marshal(s.Data)
+		assert.NoError(t, err)
+
+		_, err = secretsManager.Store(s.ObjectMeta.Name, data, driver, driverOpts)
+		assert.NoError(t, err)
+	}
+
+	return secretsManager
+}
+
+func TestEnvVarsFrom(t *testing.T) {
+	d, err := ioutil.TempDir("", "secrets")
+	assert.NoError(t, err)
+	defer os.RemoveAll(d)
+	secretsManager := createSecrets(t, d)
+
 	tests := []struct {
-		name          string
-		envFrom       v1.EnvFromSource
-		configMapList []v1.ConfigMap
-		expected      map[string]string
+		name     string
+		envFrom  v1.EnvFromSource
+		options  CtrSpecGenOptions
+		succeed  bool
+		expected map[string]string
 	}{
 		{
 			"ConfigMapExists",
@@ -24,7 +54,10 @@ func TestEnvVarsFromConfigMap(t *testing.T) {
 					},
 				},
 			},
-			configMapList,
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			true,
 			map[string]string{
 				"myvar": "foo",
 			},
@@ -38,7 +71,26 @@ func TestEnvVarsFromConfigMap(t *testing.T) {
 					},
 				},
 			},
-			configMapList,
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			false,
+			nil,
+		},
+		{
+			"OptionalConfigMapDoesNotExist",
+			v1.EnvFromSource{
+				ConfigMapRef: &v1.ConfigMapEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "doesnotexist",
+					},
+					Optional: &optional,
+				},
+			},
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			true,
 			map[string]string{},
 		},
 		{
@@ -50,7 +102,74 @@ func TestEnvVarsFromConfigMap(t *testing.T) {
 					},
 				},
 			},
-			[]v1.ConfigMap{},
+			CtrSpecGenOptions{
+				ConfigMaps: []v1.ConfigMap{},
+			},
+			false,
+			nil,
+		},
+		{
+			"OptionalEmptyConfigMapList",
+			v1.EnvFromSource{
+				ConfigMapRef: &v1.ConfigMapEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "foo",
+					},
+					Optional: &optional,
+				},
+			},
+			CtrSpecGenOptions{
+				ConfigMaps: []v1.ConfigMap{},
+			},
+			true,
+			map[string]string{},
+		},
+		{
+			"SecretExists",
+			v1.EnvFromSource{
+				SecretRef: &v1.SecretEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "foo",
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			true,
+			map[string]string{
+				"myvar": "foo",
+			},
+		},
+		{
+			"SecretDoesNotExist",
+			v1.EnvFromSource{
+				SecretRef: &v1.SecretEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "doesnotexist",
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			false,
+			nil,
+		},
+		{
+			"OptionalSecretDoesNotExist",
+			v1.EnvFromSource{
+				SecretRef: &v1.SecretEnvSource{
+					LocalObjectReference: v1.LocalObjectReference{
+						Name: "doesnotexist",
+					},
+					Optional: &optional,
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			true,
 			map[string]string{},
 		},
 	}
@@ -58,18 +177,25 @@ func TestEnvVarsFromConfigMap(t *testing.T) {
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			result := envVarsFromConfigMap(test.envFrom, test.configMapList)
+			result, err := envVarsFrom(test.envFrom, &test.options)
+			assert.Equal(t, err == nil, test.succeed)
 			assert.Equal(t, test.expected, result)
 		})
 	}
 }
 
 func TestEnvVarValue(t *testing.T) {
+	d, err := ioutil.TempDir("", "secrets")
+	assert.NoError(t, err)
+	defer os.RemoveAll(d)
+	secretsManager := createSecrets(t, d)
+
 	tests := []struct {
-		name          string
-		envVar        v1.EnvVar
-		configMapList []v1.ConfigMap
-		expected      string
+		name     string
+		envVar   v1.EnvVar
+		options  CtrSpecGenOptions
+		succeed  bool
+		expected string
 	}{
 		{
 			"ConfigMapExists",
@@ -84,7 +210,10 @@ func TestEnvVarValue(t *testing.T) {
 					},
 				},
 			},
-			configMapList,
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			true,
 			"foo",
 		},
 		{
@@ -100,7 +229,30 @@ func TestEnvVarValue(t *testing.T) {
 					},
 				},
 			},
-			configMapList,
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			false,
+			"",
+		},
+		{
+			"OptionalContainerKeyDoesNotExistInConfigMap",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key:      "doesnotexist",
+						Optional: &optional,
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			true,
 			"",
 		},
 		{
@@ -116,7 +268,30 @@ func TestEnvVarValue(t *testing.T) {
 					},
 				},
 			},
-			configMapList,
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			false,
+			"",
+		},
+		{
+			"OptionalConfigMapDoesNotExist",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "doesnotexist",
+						},
+						Key:      "myvar",
+						Optional: &optional,
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				ConfigMaps: configMapList,
+			},
+			true,
 			"",
 		},
 		{
@@ -132,7 +307,127 @@ func TestEnvVarValue(t *testing.T) {
 					},
 				},
 			},
-			[]v1.ConfigMap{},
+			CtrSpecGenOptions{
+				ConfigMaps: []v1.ConfigMap{},
+			},
+			false,
+			"",
+		},
+		{
+			"OptionalEmptyConfigMapList",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					ConfigMapKeyRef: &v1.ConfigMapKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key:      "myvar",
+						Optional: &optional,
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				ConfigMaps: []v1.ConfigMap{},
+			},
+			true,
+			"",
+		},
+		{
+			"SecretExists",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					SecretKeyRef: &v1.SecretKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key: "myvar",
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			true,
+			"foo",
+		},
+		{
+			"ContainerKeyDoesNotExistInSecret",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					SecretKeyRef: &v1.SecretKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key: "doesnotexist",
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			false,
+			"",
+		},
+		{
+			"OptionalContainerKeyDoesNotExistInSecret",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					SecretKeyRef: &v1.SecretKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "foo",
+						},
+						Key:      "doesnotexist",
+						Optional: &optional,
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			true,
+			"",
+		},
+		{
+			"SecretDoesNotExist",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					SecretKeyRef: &v1.SecretKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "doesnotexist",
+						},
+						Key: "myvar",
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			false,
+			"",
+		},
+		{
+			"OptionalSecretDoesNotExist",
+			v1.EnvVar{
+				Name: "FOO",
+				ValueFrom: &v1.EnvVarSource{
+					SecretKeyRef: &v1.SecretKeySelector{
+						LocalObjectReference: v1.LocalObjectReference{
+							Name: "doesnotexist",
+						},
+						Key:      "myvar",
+						Optional: &optional,
+					},
+				},
+			},
+			CtrSpecGenOptions{
+				SecretsManager: secretsManager,
+			},
+			true,
 			"",
 		},
 	}
@@ -140,7 +435,8 @@ func TestEnvVarValue(t *testing.T) {
 	for _, test := range tests {
 		test := test
 		t.Run(test.name, func(t *testing.T) {
-			result := envVarValue(test.envVar, test.configMapList)
+			result, err := envVarValue(test.envVar, &test.options)
+			assert.Equal(t, err == nil, test.succeed)
 			assert.Equal(t, test.expected, result)
 		})
 	}
@@ -170,3 +466,30 @@ var configMapList = []v1.ConfigMap{
 		},
 	},
 }
+
+var optional = true
+
+var k8sSecrets = []v1.Secret{
+	{
+		TypeMeta: v12.TypeMeta{
+			Kind: "Secret",
+		},
+		ObjectMeta: v12.ObjectMeta{
+			Name: "bar",
+		},
+		Data: map[string][]byte{
+			"myvar": []byte("bar"),
+		},
+	},
+	{
+		TypeMeta: v12.TypeMeta{
+			Kind: "Secret",
+		},
+		ObjectMeta: v12.ObjectMeta{
+			Name: "foo",
+		},
+		Data: map[string][]byte{
+			"myvar": []byte("foo"),
+		},
+	},
+}