github.com/containers/podman/v5@v5.1.0-rc1/test/e2e/secret_test.go (about) 1 package integration 2 3 import ( 4 "fmt" 5 "os" 6 "path/filepath" 7 8 . "github.com/containers/podman/v5/test/utils" 9 "github.com/containers/storage/pkg/stringid" 10 . "github.com/onsi/ginkgo/v2" 11 . "github.com/onsi/gomega" 12 . "github.com/onsi/gomega/gexec" 13 ) 14 15 var _ = Describe("Podman secret", func() { 16 17 AfterEach(func() { 18 podmanTest.CleanupSecrets() 19 }) 20 21 It("podman secret create", func() { 22 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 23 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 24 Expect(err).ToNot(HaveOccurred()) 25 26 session := podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val", "a", secretFilePath}) 27 session.WaitWithDefaultTimeout() 28 secrID := session.OutputToString() 29 Expect(session).Should(ExitCleanly()) 30 31 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 32 inspect.WaitWithDefaultTimeout() 33 Expect(inspect).Should(ExitCleanly()) 34 Expect(inspect.OutputToString()).To(Equal(secrID)) 35 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID}) 36 inspect.WaitWithDefaultTimeout() 37 Expect(inspect).Should(ExitCleanly()) 38 Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val")) 39 40 session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "a", secretFilePath}) 41 session.WaitWithDefaultTimeout() 42 Expect(session).Should(ExitWithError(125, "Error: a: secret name in use")) 43 44 session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "--replace", "a", secretFilePath}) 45 session.WaitWithDefaultTimeout() 46 Expect(session).Should(ExitCleanly()) 47 Expect(session.OutputToString()).To(Not(Equal(secrID))) 48 49 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID}) 50 inspect.WaitWithDefaultTimeout() 51 Expect(inspect).To(ExitWithError(125, fmt.Sprintf("Error: inspecting secret: no secret with name or id %q: no such secret", secrID))) 52 53 inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", "a"}) 54 inspect.WaitWithDefaultTimeout() 55 Expect(inspect).Should(ExitCleanly()) 56 Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val1")) 57 }) 58 59 It("podman secret create bad name should fail", func() { 60 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 61 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 62 Expect(err).ToNot(HaveOccurred()) 63 64 badName := "foo/bar" 65 session := podmanTest.Podman([]string{"secret", "create", badName, secretFilePath}) 66 session.WaitWithDefaultTimeout() 67 Expect(session).To(ExitWithError(125, fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName))) 68 69 badName = "foo=bar" 70 session = podmanTest.Podman([]string{"secret", "create", badName, secretFilePath}) 71 session.WaitWithDefaultTimeout() 72 Expect(session).To(ExitWithError(125, fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName))) 73 }) 74 75 It("podman secret inspect", func() { 76 random := stringid.GenerateRandomID() 77 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 78 err := os.WriteFile(secretFilePath, []byte(random), 0755) 79 Expect(err).ToNot(HaveOccurred()) 80 81 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 82 session.WaitWithDefaultTimeout() 83 secrID := session.OutputToString() 84 Expect(session).Should(ExitCleanly()) 85 86 inspect := podmanTest.Podman([]string{"secret", "inspect", secrID}) 87 inspect.WaitWithDefaultTimeout() 88 Expect(inspect).Should(ExitCleanly()) 89 Expect(inspect.OutputToString()).To(BeValidJSON()) 90 91 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{ .SecretData }}", secrID}) 92 inspect.WaitWithDefaultTimeout() 93 Expect(inspect).Should(ExitCleanly()) 94 Expect(inspect.OutputToString()).To(Equal("")) 95 96 inspect = podmanTest.Podman([]string{"secret", "inspect", "--showsecret", "--format", "{{ .SecretData }}", secrID}) 97 inspect.WaitWithDefaultTimeout() 98 Expect(inspect).Should(ExitCleanly()) 99 Expect(inspect.OutputToString()).To(Equal(random)) 100 }) 101 102 It("podman secret inspect with --format", func() { 103 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 104 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 105 Expect(err).ToNot(HaveOccurred()) 106 107 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 108 session.WaitWithDefaultTimeout() 109 secrID := session.OutputToString() 110 Expect(session).Should(ExitCleanly()) 111 112 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 113 inspect.WaitWithDefaultTimeout() 114 Expect(inspect).Should(ExitCleanly()) 115 Expect(inspect.OutputToString()).To(Equal(secrID)) 116 }) 117 118 It("podman secret inspect with --pretty", func() { 119 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 120 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 121 Expect(err).ToNot(HaveOccurred()) 122 123 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 124 session.WaitWithDefaultTimeout() 125 secrID := session.OutputToString() 126 Expect(session).Should(ExitCleanly()) 127 128 inspect := podmanTest.Podman([]string{"secret", "inspect", "--pretty", secrID}) 129 inspect.WaitWithDefaultTimeout() 130 Expect(inspect).Should(ExitCleanly()) 131 Expect(inspect.OutputToString()).To(ContainSubstring("Name:")) 132 Expect(inspect.OutputToString()).To(ContainSubstring(secrID)) 133 }) 134 135 It("podman secret inspect multiple secrets", func() { 136 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 137 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 138 Expect(err).ToNot(HaveOccurred()) 139 140 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 141 session.WaitWithDefaultTimeout() 142 secrID := session.OutputToString() 143 Expect(session).Should(ExitCleanly()) 144 145 session2 := podmanTest.Podman([]string{"secret", "create", "b", secretFilePath}) 146 session2.WaitWithDefaultTimeout() 147 secrID2 := session2.OutputToString() 148 Expect(session2).Should(ExitCleanly()) 149 150 inspect := podmanTest.Podman([]string{"secret", "inspect", secrID, secrID2}) 151 inspect.WaitWithDefaultTimeout() 152 Expect(inspect).Should(ExitCleanly()) 153 Expect(inspect.OutputToString()).To(BeValidJSON()) 154 }) 155 156 It("podman secret inspect bogus", func() { 157 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 158 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 159 Expect(err).ToNot(HaveOccurred()) 160 161 inspect := podmanTest.Podman([]string{"secret", "inspect", "bogus"}) 162 inspect.WaitWithDefaultTimeout() 163 Expect(inspect).To(ExitWithError(125, `inspecting secret: no secret with name or id "bogus": no such secret`)) 164 }) 165 166 It("podman secret ls", func() { 167 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 168 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 169 Expect(err).ToNot(HaveOccurred()) 170 171 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 172 session.WaitWithDefaultTimeout() 173 Expect(session).Should(ExitCleanly()) 174 175 list := podmanTest.Podman([]string{"secret", "ls"}) 176 list.WaitWithDefaultTimeout() 177 Expect(list).Should(ExitCleanly()) 178 Expect(list.OutputToStringArray()).To(HaveLen(2)) 179 180 }) 181 182 It("podman secret ls --quiet", func() { 183 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 184 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 185 Expect(err).ToNot(HaveOccurred()) 186 187 secretName := "a" 188 189 session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath}) 190 session.WaitWithDefaultTimeout() 191 Expect(session).Should(ExitCleanly()) 192 secretID := session.OutputToString() 193 194 list := podmanTest.Podman([]string{"secret", "ls", "-q"}) 195 list.WaitWithDefaultTimeout() 196 Expect(list).Should(ExitCleanly()) 197 Expect(list.OutputToString()).To(Equal(secretID)) 198 199 list = podmanTest.Podman([]string{"secret", "ls", "--quiet"}) 200 list.WaitWithDefaultTimeout() 201 Expect(list).Should(ExitCleanly()) 202 Expect(list.OutputToString()).To(Equal(secretID)) 203 204 // Prefer format over quiet 205 list = podmanTest.Podman([]string{"secret", "ls", "-q", "--format", "{{.Name}}"}) 206 list.WaitWithDefaultTimeout() 207 Expect(list).Should(ExitCleanly()) 208 Expect(list.OutputToString()).To(Equal(secretName)) 209 210 }) 211 212 It("podman secret ls with filters", func() { 213 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 214 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 215 Expect(err).ToNot(HaveOccurred()) 216 217 secret1 := "Secret1" 218 secret2 := "Secret2" 219 220 session := podmanTest.Podman([]string{"secret", "ls", "-n"}) 221 session.WaitWithDefaultTimeout() 222 Expect(session).Should(ExitCleanly()) 223 Expect(session.OutputToString()).To(Equal("")) 224 225 session = podmanTest.Podman([]string{"secret", "ls", "--noheading"}) 226 session.WaitWithDefaultTimeout() 227 Expect(session).Should(ExitCleanly()) 228 Expect(session.OutputToString()).To(Equal("")) 229 230 session = podmanTest.Podman([]string{"secret", "create", secret1, secretFilePath}) 231 session.WaitWithDefaultTimeout() 232 secrID1 := session.OutputToString() 233 Expect(session).Should(ExitCleanly()) 234 235 session = podmanTest.Podman([]string{"secret", "create", secret2, secretFilePath}) 236 session.WaitWithDefaultTimeout() 237 secrID2 := session.OutputToString() 238 Expect(session).Should(ExitCleanly()) 239 240 session = podmanTest.Podman([]string{"secret", "create", "Secret3", secretFilePath}) 241 session.WaitWithDefaultTimeout() 242 Expect(session).Should(ExitCleanly()) 243 244 list := podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1)}) 245 list.WaitWithDefaultTimeout() 246 Expect(list).Should(ExitCleanly()) 247 Expect(list.OutputToStringArray()).To(HaveLen(2)) 248 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret1)) 249 250 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret2)}) 251 list.WaitWithDefaultTimeout() 252 Expect(list).Should(ExitCleanly()) 253 Expect(list.OutputToStringArray()).To(HaveLen(2)) 254 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret2)) 255 256 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID1)}) 257 list.WaitWithDefaultTimeout() 258 Expect(list).Should(ExitCleanly()) 259 Expect(list.OutputToStringArray()).To(HaveLen(2)) 260 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID1)) 261 262 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID2)}) 263 list.WaitWithDefaultTimeout() 264 Expect(list).Should(ExitCleanly()) 265 Expect(list.OutputToStringArray()).To(HaveLen(2)) 266 Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID2)) 267 268 list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1), "--filter", fmt.Sprintf("name=%s", secret2)}) 269 list.WaitWithDefaultTimeout() 270 Expect(list).Should(ExitCleanly()) 271 Expect(list.OutputToStringArray()).To(HaveLen(3)) 272 Expect(list.OutputToString()).To(ContainSubstring(secret1)) 273 Expect(list.OutputToString()).To(ContainSubstring(secret2)) 274 }) 275 276 It("podman secret ls with Go template", func() { 277 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 278 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 279 Expect(err).ToNot(HaveOccurred()) 280 281 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 282 session.WaitWithDefaultTimeout() 283 Expect(session).Should(ExitCleanly()) 284 285 list := podmanTest.Podman([]string{"secret", "ls", "--format", "table {{.Name}}"}) 286 list.WaitWithDefaultTimeout() 287 288 Expect(list).Should(ExitCleanly()) 289 Expect(list.OutputToStringArray()).To(HaveLen(2), list.OutputToString()) 290 }) 291 292 It("podman secret rm", func() { 293 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 294 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 295 Expect(err).ToNot(HaveOccurred()) 296 297 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 298 session.WaitWithDefaultTimeout() 299 secrID := session.OutputToString() 300 Expect(session).Should(ExitCleanly()) 301 302 removed := podmanTest.Podman([]string{"secret", "rm", "a"}) 303 removed.WaitWithDefaultTimeout() 304 Expect(removed).Should(ExitCleanly()) 305 Expect(removed.OutputToString()).To(Equal(secrID)) 306 307 session = podmanTest.Podman([]string{"secret", "ls"}) 308 session.WaitWithDefaultTimeout() 309 Expect(session).Should(ExitCleanly()) 310 Expect(session.OutputToStringArray()).To(HaveLen(1)) 311 }) 312 313 It("podman secret rm --all", func() { 314 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 315 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 316 Expect(err).ToNot(HaveOccurred()) 317 318 session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath}) 319 session.WaitWithDefaultTimeout() 320 Expect(session).Should(ExitCleanly()) 321 session = podmanTest.Podman([]string{"secret", "create", "b", secretFilePath}) 322 session.WaitWithDefaultTimeout() 323 Expect(session).Should(ExitCleanly()) 324 325 removed := podmanTest.Podman([]string{"secret", "rm", "-a"}) 326 removed.WaitWithDefaultTimeout() 327 Expect(removed).Should(ExitCleanly()) 328 329 session = podmanTest.Podman([]string{"secret", "ls"}) 330 session.WaitWithDefaultTimeout() 331 Expect(session).Should(ExitCleanly()) 332 Expect(session.OutputToStringArray()).To(HaveLen(1)) 333 }) 334 335 It("podman secret rm --ignore", func() { 336 remove := podmanTest.Podman([]string{"secret", "rm", "non-existent-secret"}) 337 remove.WaitWithDefaultTimeout() 338 Expect(remove).Should(Not(ExitCleanly())) 339 Expect(remove.ErrorToString()).To(Equal("Error: no secret with name or id \"non-existent-secret\": no such secret")) 340 341 ignoreRm := podmanTest.Podman([]string{"secret", "rm", "--ignore", "non-existent-secret"}) 342 ignoreRm.WaitWithDefaultTimeout() 343 Expect(ignoreRm).Should(ExitCleanly()) 344 Expect(ignoreRm.ErrorToString()).To(BeEmpty()) 345 }) 346 347 It("podman secret creates from environment variable", func() { 348 // no env variable set, should fail 349 session := podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) 350 session.WaitWithDefaultTimeout() 351 Expect(session).To(ExitWithError(125, "cannot create store secret data: environment variable MYENVVAR is not set")) 352 353 os.Setenv("MYENVVAR", "somedata") 354 if IsRemote() { 355 podmanTest.RestartRemoteService() 356 } 357 358 session = podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"}) 359 session.WaitWithDefaultTimeout() 360 secrID := session.OutputToString() 361 Expect(session).Should(ExitCleanly()) 362 363 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID}) 364 inspect.WaitWithDefaultTimeout() 365 Expect(inspect).Should(ExitCleanly()) 366 Expect(inspect.OutputToString()).To(Equal(secrID)) 367 }) 368 369 It("podman secret with labels", func() { 370 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 371 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 372 Expect(err).ToNot(HaveOccurred()) 373 374 session := podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "a", secretFilePath}) 375 session.WaitWithDefaultTimeout() 376 secrID := session.OutputToString() 377 Expect(session).Should(ExitCleanly()) 378 379 inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 380 inspect.WaitWithDefaultTimeout() 381 Expect(inspect).Should(ExitCleanly()) 382 Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar")) 383 384 session = podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "--label", "a:b", "b", secretFilePath}) 385 session.WaitWithDefaultTimeout() 386 secrID = session.OutputToString() 387 Expect(session).Should(ExitCleanly()) 388 389 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 390 inspect.WaitWithDefaultTimeout() 391 Expect(inspect).Should(ExitCleanly()) 392 Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar")) 393 Expect(inspect.OutputToString()).To(ContainSubstring("a:b")) 394 395 session = podmanTest.Podman([]string{"secret", "create", "c", secretFilePath}) 396 session.WaitWithDefaultTimeout() 397 secrID = session.OutputToString() 398 Expect(session).Should(ExitCleanly()) 399 400 inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID}) 401 inspect.WaitWithDefaultTimeout() 402 Expect(inspect).Should(ExitCleanly()) 403 Expect(inspect.OutputToString()).To(Equal("map[]")) 404 405 }) 406 407 It("podman secret exists should return true if secret exists", func() { 408 secretFilePath := filepath.Join(podmanTest.TempDir, "secret") 409 err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755) 410 Expect(err).ToNot(HaveOccurred()) 411 412 secretName := "does_exist" 413 414 session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath}) 415 session.WaitWithDefaultTimeout() 416 secretID := session.OutputToString() 417 Expect(session).Should(ExitCleanly()) 418 419 exists := podmanTest.Podman([]string{"secret", "exists", secretName}) 420 exists.WaitWithDefaultTimeout() 421 Expect(exists).Should(ExitCleanly()) 422 423 exists = podmanTest.Podman([]string{"secret", "exists", secretID}) 424 exists.WaitWithDefaultTimeout() 425 Expect(exists).Should(ExitCleanly()) 426 }) 427 428 It("podman secret exists should return false if secret does not exist", func() { 429 secretName := "does_not_exist" 430 431 exists := podmanTest.Podman([]string{"secret", "exists", secretName}) 432 exists.WaitWithDefaultTimeout() 433 Expect(exists).Should(Exit(1)) 434 }) 435 })