summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/apiv2/50-secrets.at36
-rw-r--r--test/e2e/build_test.go53
-rw-r--r--test/e2e/commit_test.go25
-rw-r--r--test/e2e/common_test.go15
-rw-r--r--test/e2e/generate_kube_test.go35
-rw-r--r--test/e2e/run_test.go26
-rw-r--r--test/e2e/secret_test.go202
7 files changed, 389 insertions, 3 deletions
diff --git a/test/apiv2/50-secrets.at b/test/apiv2/50-secrets.at
new file mode 100644
index 000000000..1ef43381a
--- /dev/null
+++ b/test/apiv2/50-secrets.at
@@ -0,0 +1,36 @@
+# -*- sh -*-
+#
+# secret-related tests
+#
+
+# secret create
+t POST secrets/create '"Name":"mysecret","Data":"c2VjcmV0"' 200\
+ .ID~.* \
+
+# secret create unsupported labels
+t POST secrets/create '"Name":"mysecret","Data":"c2VjcmV0","Labels":{"fail":"fail"}' 400
+
+# secret create name already in use
+t POST secrets/create '"Name":"mysecret","Data":"c2VjcmV0"' 409
+
+# secret inspect
+t GET secrets/mysecret 200\
+ .Spec.Name=mysecret
+
+# secret inspect non-existent secret
+t GET secrets/bogus 404
+
+# secret list
+t GET secrets 200\
+ length=1
+
+# secret list unsupported filters
+t GET secrets?filters=%7B%22name%22%3A%5B%22foo1%22%5D%7D 400
+
+# secret rm
+t DELETE secrets/mysecret 204
+# secret rm non-existent secret
+t DELETE secrets/bogus 404
+
+# secret update not implemented
+t POST secrets/mysecret/update "" 501
diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go
index 71b4c0089..9bab4c926 100644
--- a/test/e2e/build_test.go
+++ b/test/e2e/build_test.go
@@ -194,7 +194,7 @@ var _ = Describe("Podman build", func() {
inspect := podmanTest.Podman([]string{"inspect", string(id)})
inspect.WaitWithDefaultTimeout()
data := inspect.InspectImageJSON()
- Expect(data[0].ID).To(Equal(string(id)))
+ Expect("sha256:" + data[0].ID).To(Equal(string(id)))
})
It("podman Test PATH in built image", func() {
@@ -458,4 +458,55 @@ RUN [[ -L /test/dummy-symlink ]] && echo SYMLNKOK || echo SYMLNKERR`
Expect(ok).To(BeTrue())
})
+ It("podman build --from, --add-host, --cap-drop, --cap-add", func() {
+ targetPath, err := CreateTempDirInTempDir()
+ Expect(err).To(BeNil())
+
+ containerFile := filepath.Join(targetPath, "Containerfile")
+ content := `FROM scratch
+RUN cat /etc/hosts
+RUN grep CapEff /proc/self/status`
+
+ Expect(ioutil.WriteFile(containerFile, []byte(content), 0755)).To(BeNil())
+
+ defer func() {
+ Expect(os.RemoveAll(containerFile)).To(BeNil())
+ }()
+
+ // When
+ session := podmanTest.Podman([]string{
+ "build", "--cap-drop=all", "--cap-add=net_bind_service", "--add-host", "testhost:1.2.3.4", "--from", "alpine", targetPath,
+ })
+ session.WaitWithDefaultTimeout()
+
+ // Then
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(strings.Fields(session.OutputToString())).
+ To(ContainElement("alpine"))
+ Expect(strings.Fields(session.OutputToString())).
+ To(ContainElement("testhost"))
+ Expect(strings.Fields(session.OutputToString())).
+ To(ContainElement("0000000000000400"))
+ })
+
+ It("podman build --arch", func() {
+ targetPath, err := CreateTempDirInTempDir()
+ Expect(err).To(BeNil())
+
+ containerFile := filepath.Join(targetPath, "Containerfile")
+ Expect(ioutil.WriteFile(containerFile, []byte("FROM alpine"), 0755)).To(BeNil())
+
+ defer func() {
+ Expect(os.RemoveAll(containerFile)).To(BeNil())
+ }()
+
+ // When
+ session := podmanTest.Podman([]string{
+ "build", "--arch", "arm64", targetPath,
+ })
+ session.WaitWithDefaultTimeout()
+
+ // Then
+ Expect(session.ExitCode()).To(Equal(0))
+ })
})
diff --git a/test/e2e/commit_test.go b/test/e2e/commit_test.go
index 3c7bbca66..8760978fd 100644
--- a/test/e2e/commit_test.go
+++ b/test/e2e/commit_test.go
@@ -279,4 +279,29 @@ var _ = Describe("Podman commit", func() {
data := check.InspectImageJSON()
Expect(data[0].ID).To(Equal(string(id)))
})
+
+ It("podman commit should not commit secret", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(secretsString))
+
+ session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "cat", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+
+ })
})
diff --git a/test/e2e/common_test.go b/test/e2e/common_test.go
index 54d801e12..53810d882 100644
--- a/test/e2e/common_test.go
+++ b/test/e2e/common_test.go
@@ -491,6 +491,21 @@ func (p *PodmanTestIntegration) CleanupVolume() {
p.Cleanup()
}
+// CleanupSecret cleans up the temporary store
+func (p *PodmanTestIntegration) CleanupSecrets() {
+ // Remove all containers
+ session := p.Podman([]string{"secret", "rm", "-a"})
+ session.Wait(90)
+
+ // Stop remove service on secret cleanup
+ p.StopRemoteService()
+
+ // Nuke tempdir
+ if err := os.RemoveAll(p.TempDir); err != nil {
+ fmt.Printf("%q\n", err)
+ }
+}
+
// InspectContainerToJSON takes the session output of an inspect
// container and returns json
func (s *PodmanSessionIntegration) InspectContainerToJSON() []define.InspectContainerData {
diff --git a/test/e2e/generate_kube_test.go b/test/e2e/generate_kube_test.go
index bcfab0f68..cd949c666 100644
--- a/test/e2e/generate_kube_test.go
+++ b/test/e2e/generate_kube_test.go
@@ -699,4 +699,39 @@ ENTRYPOINT /bin/sleep`
Expect(containers[0].Command).To(Equal([]string{"/bin/sh", "-c", "/bin/sleep"}))
Expect(containers[0].Args).To(Equal([]string{"10s"}))
})
+
+ It("podman generate kube - --privileged container", func() {
+ session := podmanTest.Podman([]string{"create", "--pod", "new:testpod", "--privileged", ALPINE, "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ kube := podmanTest.Podman([]string{"generate", "kube", "testpod"})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ // Now make sure that the capabilities aren't set.
+ pod := new(v1.Pod)
+ err := yaml.Unmarshal(kube.Out.Contents(), pod)
+ Expect(err).To(BeNil())
+
+ containers := pod.Spec.Containers
+ Expect(len(containers)).To(Equal(1))
+ Expect(containers[0].SecurityContext.Capabilities).To(BeNil())
+
+ // Now make sure we can also `play` it.
+ kubeFile := filepath.Join(podmanTest.TempDir, "kube.yaml")
+
+ kube = podmanTest.Podman([]string{"generate", "kube", "testpod", "-f", kubeFile})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ // Remove the pod so play can recreate it.
+ kube = podmanTest.Podman([]string{"pod", "rm", "-f", "testpod"})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ kube = podmanTest.Podman([]string{"play", "kube", kubeFile})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+ })
})
diff --git a/test/e2e/run_test.go b/test/e2e/run_test.go
index caeaf190e..76d362288 100644
--- a/test/e2e/run_test.go
+++ b/test/e2e/run_test.go
@@ -668,8 +668,8 @@ USER bin`
Expect(session.ExitCode()).To(Equal(0))
})
- It("podman run with secrets", func() {
- SkipIfRemote("--default-mounts-file option is not supported in podman-remote")
+ It("podman run with subscription secrets", func() {
+ SkipIfRemote("--default-mount-file option is not supported in podman-remote")
containersDir := filepath.Join(podmanTest.TempDir, "containers")
err := os.MkdirAll(containersDir, 0755)
Expect(err).To(BeNil())
@@ -1448,4 +1448,26 @@ WORKDIR /madethis`
Expect(session.ExitCode()).To(Equal(0))
Expect(session.OutputToString()).To(ContainSubstring(hostnameEnv))
})
+
+ It("podman run --secret", func() {
+ secretsString := "somesecretdata"
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(Equal(secretsString))
+
+ session = podmanTest.Podman([]string{"inspect", "secr", "--format", " {{(index .Config.Secrets 0).Name}}"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(session.OutputToString()).To(ContainSubstring("mysecret"))
+
+ })
})
diff --git a/test/e2e/secret_test.go b/test/e2e/secret_test.go
new file mode 100644
index 000000000..6dad605c5
--- /dev/null
+++ b/test/e2e/secret_test.go
@@ -0,0 +1,202 @@
+package integration
+
+import (
+ "io/ioutil"
+ "os"
+ "path/filepath"
+
+ . "github.com/containers/podman/v2/test/utils"
+ . "github.com/onsi/ginkgo"
+ . "github.com/onsi/gomega"
+)
+
+var _ = Describe("Podman secret", func() {
+ var (
+ tempdir string
+ err error
+ podmanTest *PodmanTestIntegration
+ )
+
+ BeforeEach(func() {
+ tempdir, err = CreateTempDirInTempDir()
+ if err != nil {
+ os.Exit(1)
+ }
+ podmanTest = PodmanTestCreate(tempdir)
+ podmanTest.Setup()
+ podmanTest.SeedImages()
+ })
+
+ AfterEach(func() {
+ podmanTest.CleanupSecrets()
+ f := CurrentGinkgoTestDescription()
+ processTestResult(f)
+
+ })
+
+ It("podman secret create", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ secrID := session.OutputToString()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(Equal(secrID))
+ })
+
+ It("podman secret create bad name should fail", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "?!", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Not(Equal(0)))
+ })
+
+ It("podman secret inspect", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ secrID := session.OutputToString()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"secret", "inspect", secrID})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.IsJSONOutputValid()).To(BeTrue())
+ })
+
+ It("podman secret inspect with --format", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ secrID := session.OutputToString()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(Equal(secrID))
+ })
+
+ It("podman secret inspect multiple secrets", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ secrID := session.OutputToString()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ session2 := podmanTest.Podman([]string{"secret", "create", "b", secretFilePath})
+ session2.WaitWithDefaultTimeout()
+ secrID2 := session2.OutputToString()
+ Expect(session2.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"secret", "inspect", secrID, secrID2})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.IsJSONOutputValid()).To(BeTrue())
+ })
+
+ It("podman secret inspect bogus", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ inspect := podmanTest.Podman([]string{"secret", "inspect", "bogus"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Not(Equal(0)))
+
+ })
+
+ It("podman secret ls", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ list := podmanTest.Podman([]string{"secret", "ls"})
+ list.WaitWithDefaultTimeout()
+ Expect(list.ExitCode()).To(Equal(0))
+ Expect(len(list.OutputToStringArray())).To(Equal(2))
+
+ })
+
+ It("podman secret ls with Go template", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ list := podmanTest.Podman([]string{"secret", "ls", "--format", "table {{.Name}}"})
+ list.WaitWithDefaultTimeout()
+
+ Expect(list.ExitCode()).To(Equal(0))
+ Expect(len(list.OutputToStringArray())).To(Equal(2), list.OutputToString())
+ })
+
+ It("podman secret rm", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ secrID := session.OutputToString()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ removed := podmanTest.Podman([]string{"secret", "rm", "a"})
+ removed.WaitWithDefaultTimeout()
+ Expect(removed.ExitCode()).To(Equal(0))
+ Expect(removed.OutputToString()).To(Equal(secrID))
+
+ session = podmanTest.Podman([]string{"secret", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(1))
+ })
+
+ It("podman secret rm --all", func() {
+ secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
+ err := ioutil.WriteFile(secretFilePath, []byte("mysecret"), 0755)
+ Expect(err).To(BeNil())
+
+ session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ session = podmanTest.Podman([]string{"secret", "create", "b", secretFilePath})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+
+ removed := podmanTest.Podman([]string{"secret", "rm", "-a"})
+ removed.WaitWithDefaultTimeout()
+ Expect(removed.ExitCode()).To(Equal(0))
+
+ session = podmanTest.Podman([]string{"secret", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session.ExitCode()).To(Equal(0))
+ Expect(len(session.OutputToStringArray())).To(Equal(1))
+ })
+
+})