github.com/dmaizel/tests@v0.0.0-20210728163746-cae6a2d9cee8/integration/kubernetes/k8s-credentials-secrets.bats (about) 1 #!/usr/bin/env bats 2 # 3 # Copyright (c) 2018 Intel Corporation 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 8 load "${BATS_TEST_DIRNAME}/../../.ci/lib.sh" 9 load "${BATS_TEST_DIRNAME}/tests_common.sh" 10 fc_limitations="https://github.com/kata-containers/documentation/issues/351" 11 12 setup() { 13 [ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}" 14 15 export KUBECONFIG="${KUBECONFIG:-$HOME/.kube/config}" 16 get_pod_config_dir 17 } 18 19 @test "Credentials using secrets" { 20 [ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}" 21 22 secret_name="test-secret" 23 pod_name="secret-test-pod" 24 second_pod_name="secret-envars-test-pod" 25 26 # Create the secret 27 kubectl create -f "${pod_config_dir}/inject_secret.yaml" 28 29 # View information about the secret 30 kubectl get secret "${secret_name}" -o yaml | grep "type: Opaque" 31 32 # Create a pod that has access to the secret through a volume 33 kubectl create -f "${pod_config_dir}/pod-secret.yaml" 34 35 # Check pod creation 36 kubectl wait --for=condition=Ready --timeout=$timeout pod "$pod_name" 37 38 # List the files 39 cmd="ls /tmp/secret-volume" 40 kubectl exec $pod_name -- sh -c "$cmd" | grep -w "password" 41 kubectl exec $pod_name -- sh -c "$cmd" | grep -w "username" 42 43 # Create a pod that has access to the secret data through environment variables 44 kubectl create -f "${pod_config_dir}/pod-secret-env.yaml" 45 46 # Check pod creation 47 kubectl wait --for=condition=Ready --timeout=$timeout pod "$second_pod_name" 48 49 # Display environment variables 50 second_cmd="printenv" 51 kubectl exec $second_pod_name -- sh -c "$second_cmd" | grep -w "SECRET_USERNAME" 52 kubectl exec $second_pod_name -- sh -c "$second_cmd" | grep -w "SECRET_PASSWORD" 53 } 54 55 teardown() { 56 [ "${KATA_HYPERVISOR}" == "firecracker" ] && skip "test not working see: ${fc_limitations}" 57 58 # Debugging information 59 kubectl describe "pod/$pod_name" 60 kubectl describe "pod/$second_pod_name" 61 62 kubectl delete pod "$pod_name" "$second_pod_name" 63 kubectl delete secret "$secret_name" 64 }