diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/e2e/exec_test.go | 30 | ||||
| -rw-r--r-- | test/system/250-systemd.bats | 42 |
2 files changed, 72 insertions, 0 deletions
diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 02680e739..65d60b24d 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -2,7 +2,9 @@ package integration import ( "fmt" + "io/ioutil" "os" + "path/filepath" "strings" . "github.com/containers/podman/v3/test/utils" @@ -540,4 +542,32 @@ RUN useradd -u 1000 auser`, fedoraMinimal) stop.WaitWithDefaultTimeout() Expect(stop).Should(Exit(0)) }) + + It("podman exec with env var secret", func() { + secretsString := "somesecretdata" + secretFilePath := filepath.Join(podmanTest.TempDir, "secret") + err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755) + Expect(err).To(BeNil()) + + session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "-t", "-i", "-d", "--secret", "source=mysecret,type=env", "--name", "secr", ALPINE, "top"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"exec", "secr", "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + Expect(session.OutputToString()).To(ContainSubstring(secretsString)) + + session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"}) + session.WaitWithDefaultTimeout() + Expect(session).Should(Exit(0)) + + session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "printenv", "mysecret"}) + session.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Not(ContainSubstring(secretsString))) + }) }) diff --git a/test/system/250-systemd.bats b/test/system/250-systemd.bats index 5d4ae4cb1..08fad5e7c 100644 --- a/test/system/250-systemd.bats +++ b/test/system/250-systemd.bats @@ -136,4 +136,46 @@ function service_cleanup() { service_cleanup } +function set_listen_env() { + export LISTEN_PID="100" LISTEN_FDS="1" LISTEN_FDNAMES="listen_fdnames" +} + +function unset_listen_env() { + unset LISTEN_PID LISTEN_FDS LISTEN_FDNAMES +} + +function check_listen_env() { + local stdenv="$1" + local context="$2" + if is_remote; then + is "$output" "$stdenv" "LISTEN Environment did not pass: $context" + else + is "$output" "$stdenv +LISTEN_PID=1 +LISTEN_FDS=1 +LISTEN_FDNAMES=listen_fdnames" "LISTEN Environment passed: $context" + fi +} + +@test "podman pass LISTEN environment " { + # Note that `--hostname=host1` makes sure that all containers have the same + # environment. + run_podman run --hostname=host1 --rm $IMAGE printenv + stdenv=$output + + # podman run + set_listen_env + run_podman run --hostname=host1 --rm $IMAGE printenv + unset_listen_env + check_listen_env "$stdenv" "podman run" + + # podman start + run_podman create --hostname=host1 --rm $IMAGE printenv + cid="$output" + set_listen_env + run_podman start --attach $cid + unset_listen_env + check_listen_env "$stdenv" "podman start" +} + # vim: filetype=sh |