summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/e2e/build/Dockerfile.with-multiple-secret3
-rw-r--r--test/e2e/build/Dockerfile.with-secret2
-rw-r--r--test/e2e/build/Dockerfile.with-secret-verify-leak3
-rw-r--r--test/e2e/build/anothersecret.txt1
-rw-r--r--test/e2e/build/secret.txt1
-rw-r--r--test/e2e/build_test.go39
6 files changed, 49 insertions, 0 deletions
diff --git a/test/e2e/build/Dockerfile.with-multiple-secret b/test/e2e/build/Dockerfile.with-multiple-secret
new file mode 100644
index 000000000..f3478914f
--- /dev/null
+++ b/test/e2e/build/Dockerfile.with-multiple-secret
@@ -0,0 +1,3 @@
+FROM alpine
+RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
+RUN --mount=type=secret,id=mysecret2 cat /run/secrets/mysecret2
diff --git a/test/e2e/build/Dockerfile.with-secret b/test/e2e/build/Dockerfile.with-secret
new file mode 100644
index 000000000..920663a92
--- /dev/null
+++ b/test/e2e/build/Dockerfile.with-secret
@@ -0,0 +1,2 @@
+FROM alpine
+RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
diff --git a/test/e2e/build/Dockerfile.with-secret-verify-leak b/test/e2e/build/Dockerfile.with-secret-verify-leak
new file mode 100644
index 000000000..0957ac6a6
--- /dev/null
+++ b/test/e2e/build/Dockerfile.with-secret-verify-leak
@@ -0,0 +1,3 @@
+FROM alpine
+COPY * /
+RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret
diff --git a/test/e2e/build/anothersecret.txt b/test/e2e/build/anothersecret.txt
new file mode 100644
index 000000000..bc5fdbd32
--- /dev/null
+++ b/test/e2e/build/anothersecret.txt
@@ -0,0 +1 @@
+anothersecret
diff --git a/test/e2e/build/secret.txt b/test/e2e/build/secret.txt
new file mode 100644
index 000000000..d9106c0af
--- /dev/null
+++ b/test/e2e/build/secret.txt
@@ -0,0 +1 @@
+somesecret
diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go
index 420ed929f..c541f25ae 100644
--- a/test/e2e/build_test.go
+++ b/test/e2e/build_test.go
@@ -59,6 +59,45 @@ var _ = Describe("Podman build", func() {
Expect(session).Should(Exit(0))
})
+ It("podman build with a secret from file", func() {
+ session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,src=build/secret.txt", "build/"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("somesecret"))
+
+ session = podmanTest.Podman([]string{"rmi", "secret-test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ })
+
+ It("podman build with multiple secrets from files", func() {
+ session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("somesecret"))
+ Expect(session.OutputToString()).To(ContainSubstring("anothersecret"))
+
+ session = podmanTest.Podman([]string{"rmi", "multiple-secret-test"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ })
+
+ It("podman build with a secret from file and verify if secret file is not leaked into image", func() {
+ session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret-verify-leak", "-t", "secret-test-leak", "--secret", "id=mysecret,src=build/secret.txt", "build/"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(ContainSubstring("somesecret"))
+
+ session = podmanTest.Podman([]string{"run", "--rm", "secret-test-leak", "ls"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ Expect(session.OutputToString()).To(Not(ContainSubstring("podman-build-secret")))
+
+ session = podmanTest.Podman([]string{"rmi", "secret-test-leak"})
+ session.WaitWithDefaultTimeout()
+ Expect(session).Should(Exit(0))
+ })
+
It("podman build with logfile", func() {
logfile := filepath.Join(podmanTest.TempDir, "logfile")
session := podmanTest.Podman([]string{"build", "--pull-never", "--tag", "test", "--logfile", logfile, "build/basicalpine"})