Merge pull request #1144 from mokibit/automate-secrets-tests

test/integration: Automate manual `secrets` test

tests/integration/secrets/bad_external_name/docker-compose.yaml

@@ -1,18 +0,0 @@
-version: "3.8"
-services:
-    test:
-      image: busybox
-      command:
-        - cat
-        - /run/secrets/new_secret
-      tmpfs:
-        - /run
-        - /tmp
-      secrets:
-        - new_secret
-
-secrets:
-  new_secret:
-    external: true
-    name: my_secret
-

tests/integration/secrets/bad_external_target/docker-compose.yaml

@@ -1,18 +0,0 @@
-version: "3.8"
-services:
-    test:
-      image: busybox
-      command:
-        - cat
-        - /run/secrets/my_secret_2
-      tmpfs:
-        - /run
-        - /tmp
-      secrets:
-        - source: my_secret
-          target: new_secret
-
-secrets:
-  my_secret:
-    external: true
-

tests/integration/secrets/docker-compose.yaml

@@ -1,7 +1,3 @@
----
-# echo "sec" | podman secret create my_secret -
-# echo "sec2" | podman secret create my_secret_2 -
-# echo "sec3" | podman secret create my_secret_3 -
 version: "3.8"
 services:
     test:
@@ -14,10 +10,12 @@ services:
       volumes:
         - ./print_secrets.sh:/tmp/print_secrets.sh:z
       secrets:
-        - my_secret
-        - my_secret_2
-        - source: my_secret_3
-          target: my_secret_3
+        - podman_compose_test_secret
+        # Custom name reference for mounted external secret is not supported
+        #- podman_compose_test_secret_2
+        - source: podman_compose_test_secret_3
+          # warning about un-supported "target" field
+          target: podman_compose_test_secret_3
           uid: '103'
           gid: '103'
           mode: 400
@@ -27,22 +25,24 @@ services:
         - source: file_secret
           target: /etc/custom_location
         - source: file_secret
+          # warning about un-supported "uid", "gid", "mode" fields
           target: unused_params_warning
           uid: '103'
           gid: '103'
           mode: 400
-        - source: my_secret
+        - source: podman_compose_test_secret
           target: ENV_SECRET
           type: env
 
 secrets:
-  my_secret:
+  podman_compose_test_secret:
     external: true
-  my_secret_2:
+  # Custom name reference for mounted external secret is not supported
+  #podman_compose_test_secret_2:
+    #external: true
+    #name: podman_compose_test_secret_custom_name
+  podman_compose_test_secret_3:
     external: true
-    name: my_secret_2
-  my_secret_3:
-    external: true
-    name: my_secret_3
+    name: podman_compose_test_secret_3
   file_secret:
     file: ./my_secret

tests/integration/secrets/print_secrets.sh

@@ -1,7 +1,5 @@
 #!/bin/sh
 
-ls -la /run/secrets/*
-ls -la /etc/custom_location
-cat /run/secrets/*
-cat /etc/custom_location
-env | grep SECRET
+grep . /run/secrets/*
+grep . /etc/custom_location
+echo "$ENV_SECRET"

tests/integration/secrets/test_podman_compose_secrets.py

@@ -0,0 +1,84 @@
+# SPDX-License-Identifier: GPL-2.0
+
+import os
+import unittest
+from subprocess import PIPE
+from subprocess import Popen
+
+from tests.integration.test_utils import RunSubprocessMixin
+from tests.integration.test_utils import podman_compose_path
+from tests.integration.test_utils import test_path
+
+
+def compose_yaml_path():
+    return os.path.join(os.path.join(test_path(), "secrets"), "docker-compose.yaml")
+
+
+class TestComposeNoSecrets(unittest.TestCase, RunSubprocessMixin):
+    created_secrets = [
+        "podman_compose_test_secret",
+        "podman_compose_test_secret_2",
+        "podman_compose_test_secret_3",
+        "podman_compose_test_secret_custom_name",
+    ]
+
+    def setUp(self):
+        for secret in self.created_secrets:
+            p = Popen(["podman", "secret", "create", secret, "-"], stdin=PIPE)
+            p.communicate(secret.encode('utf-8'))
+
+    def tearDown(self):
+        for secret in self.created_secrets:
+            self.run_subprocess_assert_returncode([
+                "podman",
+                "secret",
+                "rm",
+                f"{secret}",
+            ])
+
+    # test if secrets are saved and available in respective files of a container
+    def test_secrets(self):
+        try:
+            _, error, _ = self.run_subprocess(
+                [
+                    podman_compose_path(),
+                    "-f",
+                    compose_yaml_path(),
+                    "up",
+                    "test",
+                ],
+            )
+
+            self.assertIn(
+                b'WARNING: Service "test" uses target: "podman_compose_test_secret_3" '
+                + b'for secret: "podman_compose_test_secret_3". That is un-supported and '
+                + b'a no-op and is ignored.',
+                error,
+            )
+            self.assertIn(
+                b'WARNING: Service test uses secret unused_params_warning with uid, '
+                + b'gid, or mode. These fields are not supported by this implementation '
+                + b'of the Compose file',
+                error,
+            )
+
+            output, _ = self.run_subprocess_assert_returncode(["podman", "logs", "secrets_test_1"])
+            expected_output = (
+                b'/run/secrets/custom_name:important-secret-is-important\n'
+                + b'/run/secrets/file_secret:important-secret-is-important\n'
+                + b'/run/secrets/podman_compose_test_secret:podman_compose_test_secret\n'
+                + b'/run/secrets/podman_compose_test_secret_3:podman_compose_test_secret_3\n'
+                + b'/run/secrets/unused_params_warning:important-secret-is-important\n'
+                + b'important-secret-is-important\n'
+                + b'podman_compose_test_secret\n'
+            )
+            self.assertEqual(expected_output, output)
+        finally:
+            self.run_subprocess_assert_returncode([
+                podman_compose_path(),
+                "-f",
+                compose_yaml_path(),
+                "down",
+                "-t",
+                "0",
+            ])