opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-11-30 18:18:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23959 from auyer/hide-secrets-from-container-inspect

Browse Source 
Hide secrets from container inspect command
This commit is contained in:
openshift-merge-bot[bot]
2024-09-17 13:00:18 +00:00
committed by GitHub
parent 9781a268a2 a5e9b4d126
commit f4a08f46b7
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
test/e2e/container_inspect_test.go
View File

@@ -3,6 +3,7 @@
package integration
import (
"fmt"
"os"
"path/filepath"
@@ -82,4 +83,25 @@ var _ = Describe("Podman container inspect", func() {
Expect(data[0].HostConfig.VolumesFrom).To(Equal([]string{volsctr}))
Expect(data[0].Config.Annotations[define.VolumesFromAnnotation]).To(Equal(volsctr))
})
It("podman inspect hides secrets mounted to env", func() {
secretName := "mysecret"
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
err := os.WriteFile(secretFilePath, []byte("mySecretValue"), 0755)
Expect(err).ToNot(HaveOccurred())
session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
name := "testcon"
session = podmanTest.Podman([]string{"run", "--secret", fmt.Sprintf("%s,type=env", secretName), "--name", name, CITEST_IMAGE})
session.WaitWithDefaultTimeout()
Expect(session).Should(ExitCleanly())
data := podmanTest.InspectContainer(name)
Expect(data).To(HaveLen(1))
Expect(data[0].Config.Env).To(ContainElement(Equal(secretName + "=*******")))
})
})