diff options
Diffstat (limited to 'test/e2e')
| -rw-r--r-- | test/e2e/commit_test.go | 24 | ||||
| -rw-r--r-- | test/e2e/common_test.go | 7 | ||||
| -rw-r--r-- | test/e2e/play_kube_test.go | 3 | ||||
| -rw-r--r-- | test/e2e/run_test.go | 100 | ||||
| -rw-r--r-- | test/e2e/secret_test.go | 23 |
5 files changed, 148 insertions, 9 deletions
diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go index 0d3f2bed7..70a66124a 100644 --- a/test/e2e/commit_test.go +++ b/test/e2e/commit_test.go @@ -304,4 +304,28 @@ var _ = Describe("Podman commit", func() { Expect(session.ExitCode()).To(Not(Equal(0))) }) + + It("podman commit should not commit env secret", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(secretsString)) + + session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Not(ContainSubstring(secretsString))) + }) }) diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go index 8530d3dd3..359345096 100644 --- a/test/e2e/common_test.go +++ b/test/e2e/common_test.go @@ -605,13 +605,6 @@ func SkipIfRootlessCgroupsV1(reason string) { } } -func SkipIfUnprivilegedCPULimits() { - info := GetHostDistributionInfo() - if isRootless() && info.Distribution == "fedora" { - ginkgo.Skip("Rootless Fedora doesn't have permission to set CPU limits") - } -} - func SkipIfRootless(reason string) { checkReason(reason) if os.Geteuid() != 0 { diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go index d5861e7ba..3908d4075 100644 --- a/test/e2e/play_kube_test.go +++ b/test/e2e/play_kube_test.go @@ -2005,8 +2005,7 @@ VOLUME %s`, ALPINE, hostPathDir+"/") It("podman play kube allows setting resource limits", func() { SkipIfContainerized("Resource limits require a running systemd") - SkipIfRootlessCgroupsV1("Limits require root or cgroups v2") - SkipIfUnprivilegedCPULimits() + SkipIfRootless("CPU limits require root") podmanTest.CgroupManager = "systemd" var ( diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go index d8d7dab07..59220cf01 100644 --- a/test/e2e/run_test.go +++ b/test/e2e/run_test.go @@ -921,6 +921,17 @@ USER mail`, BB) Expect(session.OutputToString()).To(ContainSubstring("mail root")) }) + It("podman run with incorect VOLUME", func() { + dockerfile := fmt.Sprintf(`FROM %s +VOLUME ['/etc/foo'] +WORKDIR /etc/foo`, BB) + podmanTest.BuildImage(dockerfile, "test", "false") + session := podmanTest.Podman([]string{"run", "--rm", "test", "echo", "test"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("test")) + }) + It("podman run --volumes-from flag", func() { vol := filepath.Join(podmanTest.TempDir, "vol-test") err := os.MkdirAll(vol, 0755) @@ -1600,6 +1611,95 @@ WORKDIR /madethis`, BB) }) + It("podman run --secret source=mysecret,type=mount", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(secretsString)) + + session = podmanTest.Podman([]string{"inspect", "secr", "--format", " {{(index .Config.Secrets 0).Name}}"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(ContainSubstring("mysecret")) + + }) + + It("podman run --secret source=mysecret,type=env", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(secretsString)) + }) + + It("podman run --secret target option", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + // target with mount type should fail + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=mount,target=anotherplace", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=env,target=anotherplace", "--name", "secr", ALPINE, "printenv", "anotherplace"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + Expect(session.OutputToString()).To(Equal(secretsString)) + }) + + It("podman run invalid secret option", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + + // Invalid type + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type=other", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + + // Invalid option + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,invalid=invalid", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + + // Option syntax not valid + session = podmanTest.Podman([]string{"run", "--secret", "source=mysecret,type", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + + // No source given + session = podmanTest.Podman([]string{"run", "--secret", "type=env", "--name", "secr", ALPINE, "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Not(Equal(0))) + }) + It("podman run --requires", func() { depName := "ctr1" depContainer := podmanTest.Podman([]string{"create", "--name", depName, ALPINE, "top"}) diff --git a/test/e2e/secret_test.go b/test/e2e/secret_test.go index fbee18442..b54b959bf 100644 --- a/test/e2e/secret_test.go +++ b/test/e2e/secret_test.go @@ -199,4 +199,27 @@ var _ = Describe("Podman secret", func() { Expect(len(session.OutputToStringArray())).To(Equal(1)) }) + It("podman secret creates from environment variable", func() { + // no env variable set, should fail + session := podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) + session.WaitWithDefaultTimeout() + secrID := session.OutputToString() + Expect(session.ExitCode()).To(Not(Equal(0))) + + os.Setenv("MYENVVAR", "somedata") + if IsRemote() { + podmanTest.RestartRemoteService() + } + + session = podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) + session.WaitWithDefaultTimeout() + secrID = session.OutputToString() + Expect(session.ExitCode()).To(Equal(0)) + + inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) + inspect.WaitWithDefaultTimeout() + Expect(inspect.ExitCode()).To(Equal(0)) + Expect(inspect.OutputToString()).To(Equal(secrID)) + }) + }) |