github.com/containers/podman/v4@v4.9.4/test/e2e/secret_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 8 . "github.com/containers/podman/v4/test/utils" 9 "github.com/containers/storage/pkg/stringid" 10 . "github.com/onsi/ginkgo/v2" 11 . "github.com/onsi/gomega" 12 . "github.com/onsi/gomega/gexec" 13 ) 14 15 var _ = Describe("Podman secret", func() { 16 17 AfterEach(func() { 18 podmanTest.CleanupSecrets() 19 }) 20 21 It("podman secret create", func() { 22 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 23 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 24 Expect(err).ToNot(HaveOccurred()) 25 26 session := podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val", "a", secretFilePath}) 27 session.WaitWithDefaultTimeout() 28 secrID := session.OutputToString() 29 Expect(session).Should(ExitCleanly()) 30 31 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 32 inspect.WaitWithDefaultTimeout() 33 Expect(inspect).Should(ExitCleanly()) 34 Expect(inspect.OutputToString()).To(Equal(secrID)) 35 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID}) 36 inspect.WaitWithDefaultTimeout() 37 Expect(inspect).Should(ExitCleanly()) 38 Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val")) 39 40 session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "a", secretFilePath}) 41 session.WaitWithDefaultTimeout() 42 Expect(session).Should(Exit(125)) 43 Expect(session.ErrorToString()).To(Equal("Error: a: secret name in use")) 44 45 session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "--replace", "a", secretFilePath}) 46 session.WaitWithDefaultTimeout() 47 Expect(session).Should(ExitCleanly()) 48 Expect(session.OutputToString()).To(Not(Equal(secrID))) 49 50 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID}) 51 inspect.WaitWithDefaultTimeout() 52 Expect(inspect).To(ExitWithError()) 53 Expect(inspect.ErrorToString()).To(ContainSubstring(fmt.Sprintf("Error: inspecting secret: no secret with name or id %q: no such secret", secrID))) 54 55 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", "a"}) 56 inspect.WaitWithDefaultTimeout() 57 Expect(inspect).Should(ExitCleanly()) 58 Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val1")) 59 }) 60 61 It("podman secret create bad name should fail", func() { 62 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 63 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 64 Expect(err).ToNot(HaveOccurred()) 65 66 badName := "foo/bar" 67 session := podmanTest.Podman([]string{"secret", "create", badName, secretFilePath}) 68 session.WaitWithDefaultTimeout() 69 Expect(session).To(ExitWithError()) 70 Expect(session.ErrorToString()).To(Equal(fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName))) 71 72 badName = "foo=bar" 73 session = podmanTest.Podman([]string{"secret", "create", badName, secretFilePath}) 74 session.WaitWithDefaultTimeout() 75 Expect(session).To(ExitWithError()) 76 Expect(session.ErrorToString()).To(Equal(fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName))) 77 }) 78 79 It("podman secret inspect", func() { 80 random := stringid.GenerateRandomID() 81 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 82 err := os.WriteFile(secretFilePath, []byte(random), 0755) 83 Expect(err).ToNot(HaveOccurred()) 84 85 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 86 session.WaitWithDefaultTimeout() 87 secrID := session.OutputToString() 88 Expect(session).Should(ExitCleanly()) 89 90 inspect := podmanTest.Podman([]string{"secret", "inspect", secrID}) 91 inspect.WaitWithDefaultTimeout() 92 Expect(inspect).Should(ExitCleanly()) 93 Expect(inspect.OutputToString()).To(BeValidJSON()) 94 95 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{ .SecretData }}", secrID}) 96 inspect.WaitWithDefaultTimeout() 97 Expect(inspect).Should(ExitCleanly()) 98 Expect(inspect.OutputToString()).To(Equal("")) 99 100 inspect = podmanTest.Podman([]string{"secret", "inspect", "--showsecret", "--format", "{{ .SecretData }}", secrID}) 101 inspect.WaitWithDefaultTimeout() 102 Expect(inspect).Should(ExitCleanly()) 103 Expect(inspect.OutputToString()).To(Equal(random)) 104 }) 105 106 It("podman secret inspect with --format", func() { 107 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 108 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 109 Expect(err).ToNot(HaveOccurred()) 110 111 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 112 session.WaitWithDefaultTimeout() 113 secrID := session.OutputToString() 114 Expect(session).Should(ExitCleanly()) 115 116 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 117 inspect.WaitWithDefaultTimeout() 118 Expect(inspect).Should(ExitCleanly()) 119 Expect(inspect.OutputToString()).To(Equal(secrID)) 120 }) 121 122 It("podman secret inspect with --pretty", func() { 123 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 124 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 125 Expect(err).ToNot(HaveOccurred()) 126 127 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 128 session.WaitWithDefaultTimeout() 129 secrID := session.OutputToString() 130 Expect(session).Should(ExitCleanly()) 131 132 inspect := podmanTest.Podman([]string{"secret", "inspect", "--pretty", secrID}) 133 inspect.WaitWithDefaultTimeout() 134 Expect(inspect).Should(ExitCleanly()) 135 Expect(inspect.OutputToString()).To(ContainSubstring("Name:")) 136 Expect(inspect.OutputToString()).To(ContainSubstring(secrID)) 137 }) 138 139 It("podman secret inspect multiple secrets", func() { 140 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 141 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 142 Expect(err).ToNot(HaveOccurred()) 143 144 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 145 session.WaitWithDefaultTimeout() 146 secrID := session.OutputToString() 147 Expect(session).Should(ExitCleanly()) 148 149 session2 := podmanTest.Podman([]string{"secret", "create", "b", secretFilePath}) 150 session2.WaitWithDefaultTimeout() 151 secrID2 := session2.OutputToString() 152 Expect(session2).Should(ExitCleanly()) 153 154 inspect := podmanTest.Podman([]string{"secret", "inspect", secrID, secrID2}) 155 inspect.WaitWithDefaultTimeout() 156 Expect(inspect).Should(ExitCleanly()) 157 Expect(inspect.OutputToString()).To(BeValidJSON()) 158 }) 159 160 It("podman secret inspect bogus", func() { 161 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 162 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 163 Expect(err).ToNot(HaveOccurred()) 164 165 inspect := podmanTest.Podman([]string{"secret", "inspect", "bogus"}) 166 inspect.WaitWithDefaultTimeout() 167 Expect(inspect).To(ExitWithError()) 168 }) 169 170 It("podman secret ls", func() { 171 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 172 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 173 Expect(err).ToNot(HaveOccurred()) 174 175 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 176 session.WaitWithDefaultTimeout() 177 Expect(session).Should(ExitCleanly()) 178 179 list := podmanTest.Podman([]string{"secret", "ls"}) 180 list.WaitWithDefaultTimeout() 181 Expect(list).Should(ExitCleanly()) 182 Expect(list.OutputToStringArray()).To(HaveLen(2)) 183 184 }) 185 186 It("podman secret ls --quiet", func() { 187 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 188 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 189 Expect(err).ToNot(HaveOccurred()) 190 191 secretName := "a" 192 193 session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath}) 194 session.WaitWithDefaultTimeout() 195 Expect(session).Should(ExitCleanly()) 196 secretID := session.OutputToString() 197 198 list := podmanTest.Podman([]string{"secret", "ls", "-q"}) 199 list.WaitWithDefaultTimeout() 200 Expect(list).Should(ExitCleanly()) 201 Expect(list.OutputToString()).To(Equal(secretID)) 202 203 list = podmanTest.Podman([]string{"secret", "ls", "--quiet"}) 204 list.WaitWithDefaultTimeout() 205 Expect(list).Should(ExitCleanly()) 206 Expect(list.OutputToString()).To(Equal(secretID)) 207 208 // Prefer format over quiet 209 list = podmanTest.Podman([]string{"secret", "ls", "-q", "--format", "{{.Name}}"}) 210 list.WaitWithDefaultTimeout() 211 Expect(list).Should(ExitCleanly()) 212 Expect(list.OutputToString()).To(Equal(secretName)) 213 214 }) 215 216 It("podman secret ls with filters", func() { 217 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 218 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 219 Expect(err).ToNot(HaveOccurred()) 220 221 secret1 := "Secret1" 222 secret2 := "Secret2" 223 224 session := podmanTest.Podman([]string{"secret", "ls", "-n"}) 225 session.WaitWithDefaultTimeout() 226 Expect(session).Should(ExitCleanly()) 227 Expect(session.OutputToString()).To(Equal("")) 228 229 session = podmanTest.Podman([]string{"secret", "ls", "--noheading"}) 230 session.WaitWithDefaultTimeout() 231 Expect(session).Should(ExitCleanly()) 232 Expect(session.OutputToString()).To(Equal("")) 233 234 session = podmanTest.Podman([]string{"secret", "create", secret1, secretFilePath}) 235 session.WaitWithDefaultTimeout() 236 secrID1 := session.OutputToString() 237 Expect(session).Should(ExitCleanly()) 238 239 session = podmanTest.Podman([]string{"secret", "create", secret2, secretFilePath}) 240 session.WaitWithDefaultTimeout() 241 secrID2 := session.OutputToString() 242 Expect(session).Should(ExitCleanly()) 243 244 session = podmanTest.Podman([]string{"secret", "create", "Secret3", secretFilePath}) 245 session.WaitWithDefaultTimeout() 246 Expect(session).Should(ExitCleanly()) 247 248 list := podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1)}) 249 list.WaitWithDefaultTimeout() 250 Expect(list).Should(ExitCleanly()) 251 Expect(list.OutputToStringArray()).To(HaveLen(2)) 252 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret1)) 253 254 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret2)}) 255 list.WaitWithDefaultTimeout() 256 Expect(list).Should(ExitCleanly()) 257 Expect(list.OutputToStringArray()).To(HaveLen(2)) 258 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret2)) 259 260 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID1)}) 261 list.WaitWithDefaultTimeout() 262 Expect(list).Should(ExitCleanly()) 263 Expect(list.OutputToStringArray()).To(HaveLen(2)) 264 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID1)) 265 266 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID2)}) 267 list.WaitWithDefaultTimeout() 268 Expect(list).Should(ExitCleanly()) 269 Expect(list.OutputToStringArray()).To(HaveLen(2)) 270 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID2)) 271 272 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1), "--filter", fmt.Sprintf("name=%s", secret2)}) 273 list.WaitWithDefaultTimeout() 274 Expect(list).Should(ExitCleanly()) 275 Expect(list.OutputToStringArray()).To(HaveLen(3)) 276 Expect(list.OutputToString()).To(ContainSubstring(secret1)) 277 Expect(list.OutputToString()).To(ContainSubstring(secret2)) 278 }) 279 280 It("podman secret ls with Go template", func() { 281 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 282 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 283 Expect(err).ToNot(HaveOccurred()) 284 285 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 286 session.WaitWithDefaultTimeout() 287 Expect(session).Should(ExitCleanly()) 288 289 list := podmanTest.Podman([]string{"secret", "ls", "--format", "table {{.Name}}"}) 290 list.WaitWithDefaultTimeout() 291 292 Expect(list).Should(ExitCleanly()) 293 Expect(list.OutputToStringArray()).To(HaveLen(2), list.OutputToString()) 294 }) 295 296 It("podman secret rm", func() { 297 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 298 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 299 Expect(err).ToNot(HaveOccurred()) 300 301 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 302 session.WaitWithDefaultTimeout() 303 secrID := session.OutputToString() 304 Expect(session).Should(ExitCleanly()) 305 306 removed := podmanTest.Podman([]string{"secret", "rm", "a"}) 307 removed.WaitWithDefaultTimeout() 308 Expect(removed).Should(ExitCleanly()) 309 Expect(removed.OutputToString()).To(Equal(secrID)) 310 311 session = podmanTest.Podman([]string{"secret", "ls"}) 312 session.WaitWithDefaultTimeout() 313 Expect(session).Should(ExitCleanly()) 314 Expect(session.OutputToStringArray()).To(HaveLen(1)) 315 }) 316 317 It("podman secret rm --all", func() { 318 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 319 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 320 Expect(err).ToNot(HaveOccurred()) 321 322 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 323 session.WaitWithDefaultTimeout() 324 Expect(session).Should(ExitCleanly()) 325 session = podmanTest.Podman([]string{"secret", "create", "b", secretFilePath}) 326 session.WaitWithDefaultTimeout() 327 Expect(session).Should(ExitCleanly()) 328 329 removed := podmanTest.Podman([]string{"secret", "rm", "-a"}) 330 removed.WaitWithDefaultTimeout() 331 Expect(removed).Should(ExitCleanly()) 332 333 session = podmanTest.Podman([]string{"secret", "ls"}) 334 session.WaitWithDefaultTimeout() 335 Expect(session).Should(ExitCleanly()) 336 Expect(session.OutputToStringArray()).To(HaveLen(1)) 337 }) 338 339 It("podman secret rm --ignore", func() { 340 remove := podmanTest.Podman([]string{"secret", "rm", "non-existent-secret"}) 341 remove.WaitWithDefaultTimeout() 342 Expect(remove).Should(Not(ExitCleanly())) 343 Expect(remove.ErrorToString()).To(Equal("Error: no secret with name or id \"non-existent-secret\": no such secret")) 344 345 ignoreRm := podmanTest.Podman([]string{"secret", "rm", "--ignore", "non-existent-secret"}) 346 ignoreRm.WaitWithDefaultTimeout() 347 Expect(ignoreRm).Should(ExitCleanly()) 348 Expect(ignoreRm.ErrorToString()).To(BeEmpty()) 349 }) 350 351 It("podman secret creates from environment variable", func() { 352 // no env variable set, should fail 353 session := podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) 354 session.WaitWithDefaultTimeout() 355 Expect(session).To(ExitWithError()) 356 357 os.Setenv("MYENVVAR", "somedata") 358 if IsRemote() { 359 podmanTest.RestartRemoteService() 360 } 361 362 session = podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) 363 session.WaitWithDefaultTimeout() 364 secrID := session.OutputToString() 365 Expect(session).Should(ExitCleanly()) 366 367 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 368 inspect.WaitWithDefaultTimeout() 369 Expect(inspect).Should(ExitCleanly()) 370 Expect(inspect.OutputToString()).To(Equal(secrID)) 371 }) 372 373 It("podman secret with labels", func() { 374 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 375 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 376 Expect(err).ToNot(HaveOccurred()) 377 378 session := podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "a", secretFilePath}) 379 session.WaitWithDefaultTimeout() 380 secrID := session.OutputToString() 381 Expect(session).Should(ExitCleanly()) 382 383 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 384 inspect.WaitWithDefaultTimeout() 385 Expect(inspect).Should(ExitCleanly()) 386 Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar")) 387 388 session = podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "--label", "a:b", "b", secretFilePath}) 389 session.WaitWithDefaultTimeout() 390 secrID = session.OutputToString() 391 Expect(session).Should(ExitCleanly()) 392 393 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 394 inspect.WaitWithDefaultTimeout() 395 Expect(inspect).Should(ExitCleanly()) 396 Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar")) 397 Expect(inspect.OutputToString()).To(ContainSubstring("a:b")) 398 399 session = podmanTest.Podman([]string{"secret", "create", "c", secretFilePath}) 400 session.WaitWithDefaultTimeout() 401 secrID = session.OutputToString() 402 Expect(session).Should(ExitCleanly()) 403 404 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 405 inspect.WaitWithDefaultTimeout() 406 Expect(inspect).Should(ExitCleanly()) 407 Expect(inspect.OutputToString()).To(Equal("map[]")) 408 409 }) 410 411 It("podman secret exists should return true if secret exists", func() { 412 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 413 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 414 Expect(err).ToNot(HaveOccurred()) 415 416 secretName := "does_exist" 417 418 session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath}) 419 session.WaitWithDefaultTimeout() 420 secretID := session.OutputToString() 421 Expect(session).Should(ExitCleanly()) 422 423 exists := podmanTest.Podman([]string{"secret", "exists", secretName}) 424 exists.WaitWithDefaultTimeout() 425 Expect(exists).Should(ExitCleanly()) 426 427 exists = podmanTest.Podman([]string{"secret", "exists", secretID}) 428 exists.WaitWithDefaultTimeout() 429 Expect(exists).Should(ExitCleanly()) 430 }) 431 432 It("podman secret exists should return false if secret does not exist", func() { 433 secretName := "does_not_exist" 434 435 exists := podmanTest.Podman([]string{"secret", "exists", secretName}) 436 exists.WaitWithDefaultTimeout() 437 Expect(exists).Should(Exit(1)) 438 }) 439 })