diff --git a/tests/integration/secrets/bad_external_name/docker-compose.yaml b/tests/integration/secrets/bad_external_name/docker-compose.yaml deleted file mode 100644 index 3e64a7b..0000000 --- a/tests/integration/secrets/bad_external_name/docker-compose.yaml +++ /dev/null @@ -1,18 +0,0 @@ -version: "3.8" -services: - test: - image: busybox - command: - - cat - - /run/secrets/new_secret - tmpfs: - - /run - - /tmp - secrets: - - new_secret - -secrets: - new_secret: - external: true - name: my_secret - diff --git a/tests/integration/secrets/bad_external_target/docker-compose.yaml b/tests/integration/secrets/bad_external_target/docker-compose.yaml deleted file mode 100644 index 80e5cef..0000000 --- a/tests/integration/secrets/bad_external_target/docker-compose.yaml +++ /dev/null @@ -1,18 +0,0 @@ -version: "3.8" -services: - test: - image: busybox - command: - - cat - - /run/secrets/my_secret_2 - tmpfs: - - /run - - /tmp - secrets: - - source: my_secret - target: new_secret - -secrets: - my_secret: - external: true - diff --git a/tests/integration/secrets/docker-compose.yaml b/tests/integration/secrets/docker-compose.yaml index 81bde0f..034fb83 100644 --- a/tests/integration/secrets/docker-compose.yaml +++ b/tests/integration/secrets/docker-compose.yaml @@ -1,7 +1,3 @@ ---- -# echo "sec" | podman secret create my_secret - -# echo "sec2" | podman secret create my_secret_2 - -# echo "sec3" | podman secret create my_secret_3 - version: "3.8" services: test: @@ -14,10 +10,12 @@ services: volumes: - ./print_secrets.sh:/tmp/print_secrets.sh:z secrets: - - my_secret - - my_secret_2 - - source: my_secret_3 - target: my_secret_3 + - podman_compose_test_secret + # Custom name reference for mounted external secret is not supported + #- podman_compose_test_secret_2 + - source: podman_compose_test_secret_3 + # warning about un-supported "target" field + target: podman_compose_test_secret_3 uid: '103' gid: '103' mode: 400 @@ -27,22 +25,24 @@ services: - source: file_secret target: /etc/custom_location - source: file_secret + # warning about un-supported "uid", "gid", "mode" fields target: unused_params_warning uid: '103' gid: '103' mode: 400 - - source: my_secret + - source: podman_compose_test_secret target: ENV_SECRET type: env secrets: - my_secret: + podman_compose_test_secret: external: true - my_secret_2: + # Custom name reference for mounted external secret is not supported + #podman_compose_test_secret_2: + #external: true + #name: podman_compose_test_secret_custom_name + podman_compose_test_secret_3: external: true - name: my_secret_2 - my_secret_3: - external: true - name: my_secret_3 + name: podman_compose_test_secret_3 file_secret: file: ./my_secret diff --git a/tests/integration/secrets/print_secrets.sh b/tests/integration/secrets/print_secrets.sh index 695749c..941a20f 100755 --- a/tests/integration/secrets/print_secrets.sh +++ b/tests/integration/secrets/print_secrets.sh @@ -1,7 +1,5 @@ #!/bin/sh -ls -la /run/secrets/* -ls -la /etc/custom_location -cat /run/secrets/* -cat /etc/custom_location -env | grep SECRET +grep . /run/secrets/* +grep . /etc/custom_location +echo "$ENV_SECRET" diff --git a/tests/integration/secrets/test_podman_compose_secrets.py b/tests/integration/secrets/test_podman_compose_secrets.py new file mode 100644 index 0000000..dedb266 --- /dev/null +++ b/tests/integration/secrets/test_podman_compose_secrets.py @@ -0,0 +1,84 @@ +# SPDX-License-Identifier: GPL-2.0 + +import os +import unittest +from subprocess import PIPE +from subprocess import Popen + +from tests.integration.test_utils import RunSubprocessMixin +from tests.integration.test_utils import podman_compose_path +from tests.integration.test_utils import test_path + + +def compose_yaml_path(): + return os.path.join(os.path.join(test_path(), "secrets"), "docker-compose.yaml") + + +class TestComposeNoSecrets(unittest.TestCase, RunSubprocessMixin): + created_secrets = [ + "podman_compose_test_secret", + "podman_compose_test_secret_2", + "podman_compose_test_secret_3", + "podman_compose_test_secret_custom_name", + ] + + def setUp(self): + for secret in self.created_secrets: + p = Popen(["podman", "secret", "create", secret, "-"], stdin=PIPE) + p.communicate(secret.encode('utf-8')) + + def tearDown(self): + for secret in self.created_secrets: + self.run_subprocess_assert_returncode([ + "podman", + "secret", + "rm", + f"{secret}", + ]) + + # test if secrets are saved and available in respective files of a container + def test_secrets(self): + try: + _, error, _ = self.run_subprocess( + [ + podman_compose_path(), + "-f", + compose_yaml_path(), + "up", + "test", + ], + ) + + self.assertIn( + b'WARNING: Service "test" uses target: "podman_compose_test_secret_3" ' + + b'for secret: "podman_compose_test_secret_3". That is un-supported and ' + + b'a no-op and is ignored.', + error, + ) + self.assertIn( + b'WARNING: Service test uses secret unused_params_warning with uid, ' + + b'gid, or mode. These fields are not supported by this implementation ' + + b'of the Compose file', + error, + ) + + output, _ = self.run_subprocess_assert_returncode(["podman", "logs", "secrets_test_1"]) + expected_output = ( + b'/run/secrets/custom_name:important-secret-is-important\n' + + b'/run/secrets/file_secret:important-secret-is-important\n' + + b'/run/secrets/podman_compose_test_secret:podman_compose_test_secret\n' + + b'/run/secrets/podman_compose_test_secret_3:podman_compose_test_secret_3\n' + + b'/run/secrets/unused_params_warning:important-secret-is-important\n' + + b'important-secret-is-important\n' + + b'podman_compose_test_secret\n' + ) + self.assertEqual(expected_output, output) + finally: + self.run_subprocess_assert_returncode([ + podman_compose_path(), + "-f", + compose_yaml_path(), + "down", + "-t", + "0", + ])