extern/podman-compose
1
0
Fork 1
mirror of https://github.com/containers/podman-compose.git synced 2025-04-04 14:01:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1144 from mokibit/automate-secrets-tests

Browse Source 
test/integration: Automate manual `secrets` test
This commit is contained in:
Povilas Kanapickas 2025-02-20 09:57:11 +02:00 committed by GitHub
commit 2f8ed2137c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 102 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tests/integration/secrets/bad_external_name/docker-compose.yaml
View File

@ -1,18 +0,0 @@
version: "3.8"
services:
test:
image: busybox
command:
- cat
- /run/secrets/new_secret
tmpfs:
- /run
- /tmp
secrets:
- new_secret
secrets:
new_secret:
external: true
name: my_secret

18
tests/integration/secrets/bad_external_target/docker-compose.yaml
View File

@ -1,18 +0,0 @@
version: "3.8"
services:
test:
image: busybox
command:
- cat
- /run/secrets/my_secret_2
tmpfs:
- /run
- /tmp
secrets:
- source: my_secret
target: new_secret
secrets:
my_secret:
external: true

30
tests/integration/secrets/docker-compose.yaml
View File

@ -1,7 +1,3 @@
---
# echo "sec" | podman secret create my_secret -
# echo "sec2" | podman secret create my_secret_2 -
# echo "sec3" | podman secret create my_secret_3 -
version: "3.8" version: "3.8"
services: services:
test: test:
@ -14,10 +10,12 @@ services:
volumes: volumes:
- ./print_secrets.sh:/tmp/print_secrets.sh:z - ./print_secrets.sh:/tmp/print_secrets.sh:z
secrets: secrets:
- my_secret - podman_compose_test_secret
- my_secret_2 # Custom name reference for mounted external secret is not supported
- source: my_secret_3 #- podman_compose_test_secret_2
target: my_secret_3 - source: podman_compose_test_secret_3
# warning about un-supported "target" field
target: podman_compose_test_secret_3
uid: '103' uid: '103'
gid: '103' gid: '103'
mode: 400 mode: 400
@ -27,22 +25,24 @@ services:
- source: file_secret - source: file_secret
target: /etc/custom_location target: /etc/custom_location
- source: file_secret - source: file_secret
# warning about un-supported "uid", "gid", "mode" fields
target: unused_params_warning target: unused_params_warning
uid: '103' uid: '103'
gid: '103' gid: '103'
mode: 400 mode: 400
- source: my_secret - source: podman_compose_test_secret
target: ENV_SECRET target: ENV_SECRET
type: env type: env
secrets: secrets:
my_secret: podman_compose_test_secret:
external: true external: true
my_secret_2: # Custom name reference for mounted external secret is not supported
#podman_compose_test_secret_2:
#external: true
#name: podman_compose_test_secret_custom_name
podman_compose_test_secret_3:
external: true external: true
name: my_secret_2 name: podman_compose_test_secret_3
my_secret_3:
external: true
name: my_secret_3
file_secret: file_secret:
file: ./my_secret file: ./my_secret

8
tests/integration/secrets/print_secrets.sh
View File

@ -1,7 +1,5 @@
#!/bin/sh #!/bin/sh
ls -la /run/secrets/* grep . /run/secrets/*
ls -la /etc/custom_location grep . /etc/custom_location
cat /run/secrets/* echo "$ENV_SECRET"
cat /etc/custom_location
env | grep SECRET

84
tests/integration/secrets/test_podman_compose_secrets.py Normal file
View File

@ -0,0 +1,84 @@
# SPDX-License-Identifier: GPL-2.0
import os
import unittest
from subprocess import PIPE
from subprocess import Popen
from tests.integration.test_utils import RunSubprocessMixin
from tests.integration.test_utils import podman_compose_path
from tests.integration.test_utils import test_path
def compose_yaml_path():
return os.path.join(os.path.join(test_path(), "secrets"), "docker-compose.yaml")
class TestComposeNoSecrets(unittest.TestCase, RunSubprocessMixin):
created_secrets = [
"podman_compose_test_secret",
"podman_compose_test_secret_2",
"podman_compose_test_secret_3",
"podman_compose_test_secret_custom_name",
]
def setUp(self):
for secret in self.created_secrets:
p = Popen(["podman", "secret", "create", secret, "-"], stdin=PIPE)
p.communicate(secret.encode('utf-8'))
def tearDown(self):
for secret in self.created_secrets:
self.run_subprocess_assert_returncode([
"podman",
"secret",
"rm",
f"{secret}",
])
# test if secrets are saved and available in respective files of a container
def test_secrets(self):
try:
_, error, _ = self.run_subprocess(
[
podman_compose_path(),
"-f",
compose_yaml_path(),
"up",
"test",
],
)
self.assertIn(
b'WARNING: Service "test" uses target: "podman_compose_test_secret_3" '
+ b'for secret: "podman_compose_test_secret_3". That is un-supported and '
+ b'a no-op and is ignored.',
error,
)
self.assertIn(
b'WARNING: Service test uses secret unused_params_warning with uid, '
+ b'gid, or mode. These fields are not supported by this implementation '
+ b'of the Compose file',
error,
)
output, _ = self.run_subprocess_assert_returncode(["podman", "logs", "secrets_test_1"])
expected_output = (
b'/run/secrets/custom_name:important-secret-is-important\n'
+ b'/run/secrets/file_secret:important-secret-is-important\n'
+ b'/run/secrets/podman_compose_test_secret:podman_compose_test_secret\n'
+ b'/run/secrets/podman_compose_test_secret_3:podman_compose_test_secret_3\n'
+ b'/run/secrets/unused_params_warning:important-secret-is-important\n'
+ b'important-secret-is-important\n'
+ b'podman_compose_test_secret\n'
)
self.assertEqual(expected_output, output)
finally:
self.run_subprocess_assert_returncode([
podman_compose_path(),
"-f",
compose_yaml_path(),
"down",
"-t",
"0",
])