github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/kubernetes/k8s-credentials-secrets.bats

github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/kubernetes/k8s-credentials-secrets.bats (about)

     1  #!/usr/bin/env bats
     2  #
     3  # Copyright (c) 2018 Intel Corporation
     4  #
     5  # SPDX-License-Identifier: Apache-2.0
     6  #
     7  
     8  load "${BATS_TEST_DIRNAME}/../../.ci/lib.sh"
     9  load "${BATS_TEST_DIRNAME}/tests_common.sh"
    10  fc_limitations="https://github.com/kata-containers/documentation/issues/351"
    11  
    12  setup() {
    13  	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
    14  
    15  	export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/config}"
    16  	get_pod_config_dir
    17  }
    18  
    19  @test "Credentials using secrets" {
    20  	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
    21  
    22  	secret_name="test-secret"
    23  	pod_name="secret-test-pod"
    24  	second_pod_name="secret-envars-test-pod"
    25  
    26  	# Create the secret
    27  	kubectl create -f "${pod_config_dir}/inject_secret.yaml"
    28  
    29  	# View information about the secret
    30  	kubectl get secret "${secret_name}" -o yaml | grep "type: Opaque"
    31  
    32  	# Create a pod that has access to the secret through a volume
    33  	kubectl create -f "${pod_config_dir}/pod-secret.yaml"
    34  
    35  	# Check pod creation
    36  	kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name"
    37  
    38  	# List the files
    39  	cmd="ls /tmp/secret-volume"
    40  	kubectl exec $pod_name -- sh -c "$cmd" | grep -w "password"
    41  	kubectl exec $pod_name -- sh -c "$cmd" | grep -w "username"
    42  
    43  	# Create a pod that has access to the secret data through environment variables
    44  	kubectl create -f "${pod_config_dir}/pod-secret-env.yaml"
    45  
    46  	# Check pod creation
    47  	kubectl wait --for=condition=Ready --timeout=$timeout pod "$second_pod_name"
    48  
    49  	# Display environment variables
    50  	second_cmd="printenv"
    51  	kubectl exec $second_pod_name -- sh -c "$second_cmd" | grep -w "SECRET_USERNAME"
    52  	kubectl exec $second_pod_name -- sh -c "$second_cmd" | grep -w "SECRET_PASSWORD"
    53  }
    54  
    55  teardown() {
    56  	[ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}"
    57  
    58  	# Debugging information
    59  	kubectl describe "pod/$pod_name"
    60  	kubectl describe "pod/$second_pod_name"
    61  
    62  	kubectl delete pod "$pod_name" "$second_pod_name"
    63  	kubectl delete secret "$secret_name"
    64  }