mirror of
https://github.com/containers/podman-compose.git
synced 2025-04-03 13:20:51 +02:00
Merge pull request #1144 from mokibit/automate-secrets-tests
test/integration: Automate manual `secrets` test
This commit is contained in:
commit
2f8ed2137c
@ -1,18 +0,0 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
test:
|
||||
image: busybox
|
||||
command:
|
||||
- cat
|
||||
- /run/secrets/new_secret
|
||||
tmpfs:
|
||||
- /run
|
||||
- /tmp
|
||||
secrets:
|
||||
- new_secret
|
||||
|
||||
secrets:
|
||||
new_secret:
|
||||
external: true
|
||||
name: my_secret
|
||||
|
@ -1,18 +0,0 @@
|
||||
version: "3.8"
|
||||
services:
|
||||
test:
|
||||
image: busybox
|
||||
command:
|
||||
- cat
|
||||
- /run/secrets/my_secret_2
|
||||
tmpfs:
|
||||
- /run
|
||||
- /tmp
|
||||
secrets:
|
||||
- source: my_secret
|
||||
target: new_secret
|
||||
|
||||
secrets:
|
||||
my_secret:
|
||||
external: true
|
||||
|
@ -1,7 +1,3 @@
|
||||
---
|
||||
# echo "sec" | podman secret create my_secret -
|
||||
# echo "sec2" | podman secret create my_secret_2 -
|
||||
# echo "sec3" | podman secret create my_secret_3 -
|
||||
version: "3.8"
|
||||
services:
|
||||
test:
|
||||
@ -14,10 +10,12 @@ services:
|
||||
volumes:
|
||||
- ./print_secrets.sh:/tmp/print_secrets.sh:z
|
||||
secrets:
|
||||
- my_secret
|
||||
- my_secret_2
|
||||
- source: my_secret_3
|
||||
target: my_secret_3
|
||||
- podman_compose_test_secret
|
||||
# Custom name reference for mounted external secret is not supported
|
||||
#- podman_compose_test_secret_2
|
||||
- source: podman_compose_test_secret_3
|
||||
# warning about un-supported "target" field
|
||||
target: podman_compose_test_secret_3
|
||||
uid: '103'
|
||||
gid: '103'
|
||||
mode: 400
|
||||
@ -27,22 +25,24 @@ services:
|
||||
- source: file_secret
|
||||
target: /etc/custom_location
|
||||
- source: file_secret
|
||||
# warning about un-supported "uid", "gid", "mode" fields
|
||||
target: unused_params_warning
|
||||
uid: '103'
|
||||
gid: '103'
|
||||
mode: 400
|
||||
- source: my_secret
|
||||
- source: podman_compose_test_secret
|
||||
target: ENV_SECRET
|
||||
type: env
|
||||
|
||||
secrets:
|
||||
my_secret:
|
||||
podman_compose_test_secret:
|
||||
external: true
|
||||
my_secret_2:
|
||||
# Custom name reference for mounted external secret is not supported
|
||||
#podman_compose_test_secret_2:
|
||||
#external: true
|
||||
#name: podman_compose_test_secret_custom_name
|
||||
podman_compose_test_secret_3:
|
||||
external: true
|
||||
name: my_secret_2
|
||||
my_secret_3:
|
||||
external: true
|
||||
name: my_secret_3
|
||||
name: podman_compose_test_secret_3
|
||||
file_secret:
|
||||
file: ./my_secret
|
||||
|
@ -1,7 +1,5 @@
|
||||
#!/bin/sh
|
||||
|
||||
ls -la /run/secrets/*
|
||||
ls -la /etc/custom_location
|
||||
cat /run/secrets/*
|
||||
cat /etc/custom_location
|
||||
env | grep SECRET
|
||||
grep . /run/secrets/*
|
||||
grep . /etc/custom_location
|
||||
echo "$ENV_SECRET"
|
||||
|
84
tests/integration/secrets/test_podman_compose_secrets.py
Normal file
84
tests/integration/secrets/test_podman_compose_secrets.py
Normal file
@ -0,0 +1,84 @@
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
|
||||
import os
|
||||
import unittest
|
||||
from subprocess import PIPE
|
||||
from subprocess import Popen
|
||||
|
||||
from tests.integration.test_utils import RunSubprocessMixin
|
||||
from tests.integration.test_utils import podman_compose_path
|
||||
from tests.integration.test_utils import test_path
|
||||
|
||||
|
||||
def compose_yaml_path():
|
||||
return os.path.join(os.path.join(test_path(), "secrets"), "docker-compose.yaml")
|
||||
|
||||
|
||||
class TestComposeNoSecrets(unittest.TestCase, RunSubprocessMixin):
|
||||
created_secrets = [
|
||||
"podman_compose_test_secret",
|
||||
"podman_compose_test_secret_2",
|
||||
"podman_compose_test_secret_3",
|
||||
"podman_compose_test_secret_custom_name",
|
||||
]
|
||||
|
||||
def setUp(self):
|
||||
for secret in self.created_secrets:
|
||||
p = Popen(["podman", "secret", "create", secret, "-"], stdin=PIPE)
|
||||
p.communicate(secret.encode('utf-8'))
|
||||
|
||||
def tearDown(self):
|
||||
for secret in self.created_secrets:
|
||||
self.run_subprocess_assert_returncode([
|
||||
"podman",
|
||||
"secret",
|
||||
"rm",
|
||||
f"{secret}",
|
||||
])
|
||||
|
||||
# test if secrets are saved and available in respective files of a container
|
||||
def test_secrets(self):
|
||||
try:
|
||||
_, error, _ = self.run_subprocess(
|
||||
[
|
||||
podman_compose_path(),
|
||||
"-f",
|
||||
compose_yaml_path(),
|
||||
"up",
|
||||
"test",
|
||||
],
|
||||
)
|
||||
|
||||
self.assertIn(
|
||||
b'WARNING: Service "test" uses target: "podman_compose_test_secret_3" '
|
||||
+ b'for secret: "podman_compose_test_secret_3". That is un-supported and '
|
||||
+ b'a no-op and is ignored.',
|
||||
error,
|
||||
)
|
||||
self.assertIn(
|
||||
b'WARNING: Service test uses secret unused_params_warning with uid, '
|
||||
+ b'gid, or mode. These fields are not supported by this implementation '
|
||||
+ b'of the Compose file',
|
||||
error,
|
||||
)
|
||||
|
||||
output, _ = self.run_subprocess_assert_returncode(["podman", "logs", "secrets_test_1"])
|
||||
expected_output = (
|
||||
b'/run/secrets/custom_name:important-secret-is-important\n'
|
||||
+ b'/run/secrets/file_secret:important-secret-is-important\n'
|
||||
+ b'/run/secrets/podman_compose_test_secret:podman_compose_test_secret\n'
|
||||
+ b'/run/secrets/podman_compose_test_secret_3:podman_compose_test_secret_3\n'
|
||||
+ b'/run/secrets/unused_params_warning:important-secret-is-important\n'
|
||||
+ b'important-secret-is-important\n'
|
||||
+ b'podman_compose_test_secret\n'
|
||||
)
|
||||
self.assertEqual(expected_output, output)
|
||||
finally:
|
||||
self.run_subprocess_assert_returncode([
|
||||
podman_compose_path(),
|
||||
"-f",
|
||||
compose_yaml_path(),
|
||||
"down",
|
||||
"-t",
|
||||
"0",
|
||||
])
|
Loading…
Reference in New Issue
Block a user