From 9ce3c0a87a6d7da45e71719b2ceb6d6abb0433fe Mon Sep 17 00:00:00 2001 From: Ashley Cui Date: Tue, 8 Mar 2022 09:45:48 -0500 Subject: Move secret-verify-leak containerfile into its own Directory Secret-verify-leak is causing flakes, when running in parallel tests. This is because remote secrets are copied into the context directory to send to the API server, and secret-verify-leak is doing a COPY * and then checking if the temporary secret file ends up in the container or not. Since all the temporary files are prefixed with "podman-build-secret", this test checks if podman-build-secret is in the image. However, when run in parallel with other tests, other temporary podman-build-secrets might be in the context dir. Moving secret-verify-leak into its own directory makes sure that the context dir is used only by this one test. Also renamed Dockerfile -> Containerfile and cleaned up unused Containerfiles. Signed-off-by: Ashley Cui --- test/e2e/build/Containerfile.with-multiple-secret | 3 +++ test/e2e/build/Containerfile.with-secret | 2 ++ test/e2e/build/Dockerfile.test-cp-root-dir | 2 -- test/e2e/build/Dockerfile.with-multiple-secret | 3 --- test/e2e/build/Dockerfile.with-secret | 2 -- test/e2e/build/Dockerfile.with-secret-verify-leak | 3 --- .../build/secret-verify-leak/Containerfile.with-secret-verify-leak | 3 +++ test/e2e/build_test.go | 6 +++--- 8 files changed, 11 insertions(+), 13 deletions(-) create mode 100644 test/e2e/build/Containerfile.with-multiple-secret create mode 100644 test/e2e/build/Containerfile.with-secret delete mode 100644 test/e2e/build/Dockerfile.test-cp-root-dir delete mode 100644 test/e2e/build/Dockerfile.with-multiple-secret delete mode 100644 test/e2e/build/Dockerfile.with-secret delete mode 100644 test/e2e/build/Dockerfile.with-secret-verify-leak create mode 100644 test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak (limited to 'test/e2e') diff --git a/test/e2e/build/Containerfile.with-multiple-secret b/test/e2e/build/Containerfile.with-multiple-secret new file mode 100644 index 000000000..f3478914f --- /dev/null +++ b/test/e2e/build/Containerfile.with-multiple-secret @@ -0,0 +1,3 @@ +FROM alpine +RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret +RUN --mount=type=secret,id=mysecret2 cat /run/secrets/mysecret2 diff --git a/test/e2e/build/Containerfile.with-secret b/test/e2e/build/Containerfile.with-secret new file mode 100644 index 000000000..920663a92 --- /dev/null +++ b/test/e2e/build/Containerfile.with-secret @@ -0,0 +1,2 @@ +FROM alpine +RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret diff --git a/test/e2e/build/Dockerfile.test-cp-root-dir b/test/e2e/build/Dockerfile.test-cp-root-dir deleted file mode 100644 index 9f7de7c32..000000000 --- a/test/e2e/build/Dockerfile.test-cp-root-dir +++ /dev/null @@ -1,2 +0,0 @@ -FROM scratch -COPY Dockerfile.test-cp-root-dir / diff --git a/test/e2e/build/Dockerfile.with-multiple-secret b/test/e2e/build/Dockerfile.with-multiple-secret deleted file mode 100644 index f3478914f..000000000 --- a/test/e2e/build/Dockerfile.with-multiple-secret +++ /dev/null @@ -1,3 +0,0 @@ -FROM alpine -RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret -RUN --mount=type=secret,id=mysecret2 cat /run/secrets/mysecret2 diff --git a/test/e2e/build/Dockerfile.with-secret b/test/e2e/build/Dockerfile.with-secret deleted file mode 100644 index 920663a92..000000000 --- a/test/e2e/build/Dockerfile.with-secret +++ /dev/null @@ -1,2 +0,0 @@ -FROM alpine -RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret diff --git a/test/e2e/build/Dockerfile.with-secret-verify-leak b/test/e2e/build/Dockerfile.with-secret-verify-leak deleted file mode 100644 index 0957ac6a6..000000000 --- a/test/e2e/build/Dockerfile.with-secret-verify-leak +++ /dev/null @@ -1,3 +0,0 @@ -FROM alpine -COPY * / -RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret diff --git a/test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak b/test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak new file mode 100644 index 000000000..0957ac6a6 --- /dev/null +++ b/test/e2e/build/secret-verify-leak/Containerfile.with-secret-verify-leak @@ -0,0 +1,3 @@ +FROM alpine +COPY * / +RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret diff --git a/test/e2e/build_test.go b/test/e2e/build_test.go index 14fa12fa2..c5903f037 100644 --- a/test/e2e/build_test.go +++ b/test/e2e/build_test.go @@ -60,7 +60,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with a secret from file", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-secret", "-t", "secret-test", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) @@ -71,7 +71,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with multiple secrets from files", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/Containerfile.with-multiple-secret", "-t", "multiple-secret-test", "--secret", "id=mysecret,src=build/secret.txt", "--secret", "id=mysecret2,src=build/anothersecret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) @@ -83,7 +83,7 @@ var _ = Describe("Podman build", func() { }) It("podman build with a secret from file and verify if secret file is not leaked into image", func() { - session := podmanTest.Podman([]string{"build", "-f", "build/Dockerfile.with-secret-verify-leak", "-t", "secret-test-leak", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) + session := podmanTest.Podman([]string{"build", "-f", "build/secret-verify-leak/Containerfile.with-secret-verify-leak", "-t", "secret-test-leak", "--secret", "id=mysecret,src=build/secret.txt", "build/"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) Expect(session.OutputToString()).To(ContainSubstring("somesecret")) -- cgit v1.2.3-54-g00ecf