mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	 832a69b0be
			
		
	
	832a69b0be
	
	
	
		
			
			Implement podman secret create, inspect, ls, rm Implement podman run/create --secret Secrets are blobs of data that are sensitive. Currently, the only secret driver supported is filedriver, which means creating a secret stores it in base64 unencrypted in a file. After creating a secret, a user can use the --secret flag to expose the secret inside the container at /run/secrets/[secretname] This secret will not be commited to an image on a podman commit Signed-off-by: Ashley Cui <acui@redhat.com>
		
			
				
	
	
		
			308 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			308 lines
		
	
	
		
			11 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package integration
 | |
| 
 | |
| import (
 | |
| 	"io/ioutil"
 | |
| 	"os"
 | |
| 	"path/filepath"
 | |
| 
 | |
| 	. "github.com/containers/podman/v2/test/utils"
 | |
| 	. "github.com/onsi/ginkgo"
 | |
| 	. "github.com/onsi/gomega"
 | |
| )
 | |
| 
 | |
| var _ = Describe("Podman commit", func() {
 | |
| 	var (
 | |
| 		tempdir    string
 | |
| 		err        error
 | |
| 		podmanTest *PodmanTestIntegration
 | |
| 	)
 | |
| 
 | |
| 	BeforeEach(func() {
 | |
| 		tempdir, err = CreateTempDirInTempDir()
 | |
| 		if err != nil {
 | |
| 			os.Exit(1)
 | |
| 		}
 | |
| 		podmanTest = PodmanTestCreate(tempdir)
 | |
| 		podmanTest.Setup()
 | |
| 		podmanTest.SeedImages()
 | |
| 	})
 | |
| 
 | |
| 	AfterEach(func() {
 | |
| 		podmanTest.Cleanup()
 | |
| 		f := CurrentGinkgoTestDescription()
 | |
| 		processTestResult(f)
 | |
| 
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(StringInSlice("foobar.com/test1-image:latest", data[0].RepoTags)).To(BeTrue())
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit single letter container", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "test1", "a"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "localhost/a:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(StringInSlice("localhost/a:latest", data[0].RepoTags)).To(BeTrue())
 | |
| 	})
 | |
| 
 | |
| 	It("podman container commit container", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"container", "commit", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"image", "inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(StringInSlice("foobar.com/test1-image:latest", data[0].RepoTags)).To(BeTrue())
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with message", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "-f", "docker", "--message", "testing-commit", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(data[0].Comment).To(Equal("testing-commit"))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with author", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "--author", "snoopy", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(data[0].Author).To(Equal("snoopy"))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with change flag", func() {
 | |
| 		test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", ALPINE, "ls"})
 | |
| 		test.WaitWithDefaultTimeout()
 | |
| 		Expect(test.ExitCode()).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "--change", "LABEL=image=blue", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		foundBlue := false
 | |
| 		for _, i := range data[0].Labels {
 | |
| 			if i == "blue" {
 | |
| 				foundBlue = true
 | |
| 				break
 | |
| 			}
 | |
| 		}
 | |
| 		Expect(foundBlue).To(Equal(true))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with change flag and JSON entrypoint with =", func() {
 | |
| 		test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", ALPINE, "ls"})
 | |
| 		test.WaitWithDefaultTimeout()
 | |
| 		Expect(test.ExitCode()).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "--change", `ENTRYPOINT ["foo", "bar=baz"]`, "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(len(data)).To(Equal(1))
 | |
| 		Expect(len(data[0].Config.Entrypoint)).To(Equal(2))
 | |
| 		Expect(data[0].Config.Entrypoint[0]).To(Equal("foo"))
 | |
| 		Expect(data[0].Config.Entrypoint[1]).To(Equal("bar=baz"))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with change CMD flag", func() {
 | |
| 		test := podmanTest.Podman([]string{"run", "--name", "test1", "-d", ALPINE, "ls"})
 | |
| 		test.WaitWithDefaultTimeout()
 | |
| 		Expect(test.ExitCode()).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "--change", "CMD a b c", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"inspect", "--format", "{{.Config.Cmd}}", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 		Expect(session.OutputToString()).To(ContainSubstring("sh -c a b c"))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"commit", "--change", "CMD=[\"a\",\"b\",\"c\"]", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"inspect", "--format", "{{.Config.Cmd}}", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 		Expect(session.OutputToString()).To(Not(ContainSubstring("sh -c")))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container with pause flag", func() {
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "--pause=false", "test1", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		Expect(check.ExitCode()).To(Equal(0))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit with volumes mounts and no include-volumes", func() {
 | |
| 		s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"})
 | |
| 		s.WaitWithDefaultTimeout()
 | |
| 		Expect(s.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		c := podmanTest.Podman([]string{"commit", "test1", "newimage"})
 | |
| 		c.WaitWithDefaultTimeout()
 | |
| 		Expect(c.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		inspect := podmanTest.Podman([]string{"inspect", "newimage"})
 | |
| 		inspect.WaitWithDefaultTimeout()
 | |
| 		Expect(inspect.ExitCode()).To(Equal(0))
 | |
| 		image := inspect.InspectImageJSON()
 | |
| 		_, ok := image[0].Config.Volumes["/foo"]
 | |
| 		Expect(ok).To(BeFalse())
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit with volume mounts and --include-volumes", func() {
 | |
| 		// We need to figure out how volumes are going to work correctly with the remote
 | |
| 		// client.  This does not currently work.
 | |
| 		SkipIfRemote("--testing Remote Volumes")
 | |
| 		s := podmanTest.Podman([]string{"run", "--name", "test1", "-v", "/tmp:/foo", "alpine", "date"})
 | |
| 		s.WaitWithDefaultTimeout()
 | |
| 		Expect(s.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		c := podmanTest.Podman([]string{"commit", "--include-volumes", "test1", "newimage"})
 | |
| 		c.WaitWithDefaultTimeout()
 | |
| 		Expect(c.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		inspect := podmanTest.Podman([]string{"inspect", "newimage"})
 | |
| 		inspect.WaitWithDefaultTimeout()
 | |
| 		Expect(inspect.ExitCode()).To(Equal(0))
 | |
| 		image := inspect.InspectImageJSON()
 | |
| 		_, ok := image[0].Config.Volumes["/foo"]
 | |
| 		Expect(ok).To(BeTrue())
 | |
| 
 | |
| 		r := podmanTest.Podman([]string{"run", "newimage"})
 | |
| 		r.WaitWithDefaultTimeout()
 | |
| 		Expect(r.ExitCode()).To(Equal(0))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container check env variables", func() {
 | |
| 		s := podmanTest.Podman([]string{"run", "--name", "test1", "-e", "TEST=1=1-01=9.01", "-it", "alpine", "true"})
 | |
| 		s.WaitWithDefaultTimeout()
 | |
| 		Expect(s.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		c := podmanTest.Podman([]string{"commit", "test1", "newimage"})
 | |
| 		c.WaitWithDefaultTimeout()
 | |
| 		Expect(c.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		inspect := podmanTest.Podman([]string{"inspect", "newimage"})
 | |
| 		inspect.WaitWithDefaultTimeout()
 | |
| 		Expect(inspect.ExitCode()).To(Equal(0))
 | |
| 		image := inspect.InspectImageJSON()
 | |
| 
 | |
| 		envMap := make(map[string]bool)
 | |
| 		for _, v := range image[0].Config.Env {
 | |
| 			envMap[v] = true
 | |
| 		}
 | |
| 		Expect(envMap["TEST=1=1-01=9.01"]).To(BeTrue())
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit container and print id to external file", func() {
 | |
| 		// Switch to temp dir and restore it afterwards
 | |
| 		cwd, err := os.Getwd()
 | |
| 		Expect(err).To(BeNil())
 | |
| 		Expect(os.Chdir(os.TempDir())).To(BeNil())
 | |
| 		targetPath, err := CreateTempDirInTempDir()
 | |
| 		if err != nil {
 | |
| 			os.Exit(1)
 | |
| 		}
 | |
| 		targetFile := filepath.Join(targetPath, "idFile")
 | |
| 		defer Expect(os.RemoveAll(targetFile)).To(BeNil())
 | |
| 		defer Expect(os.Chdir(cwd)).To(BeNil())
 | |
| 
 | |
| 		_, ec, _ := podmanTest.RunLsContainer("test1")
 | |
| 		Expect(ec).To(Equal(0))
 | |
| 		Expect(podmanTest.NumberOfContainers()).To(Equal(1))
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"commit", "test1", "foobar.com/test1-image:latest", "--iidfile", targetFile})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		id, _ := ioutil.ReadFile(targetFile)
 | |
| 		check := podmanTest.Podman([]string{"inspect", "foobar.com/test1-image:latest"})
 | |
| 		check.WaitWithDefaultTimeout()
 | |
| 		data := check.InspectImageJSON()
 | |
| 		Expect(data[0].ID).To(Equal(string(id)))
 | |
| 	})
 | |
| 
 | |
| 	It("podman commit should not commit secret", func() {
 | |
| 		secretsString := "somesecretdata"
 | |
| 		secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
 | |
| 		err := ioutil.WriteFile(secretFilePath, []byte(secretsString), 0755)
 | |
| 		Expect(err).To(BeNil())
 | |
| 
 | |
| 		session := podmanTest.Podman([]string{"secret", "create", "mysecret", secretFilePath})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"run", "--secret", "mysecret", "--name", "secr", ALPINE, "cat", "/run/secrets/mysecret"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 		Expect(session.OutputToString()).To(Equal(secretsString))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"commit", "secr", "foobar.com/test1-image:latest"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Equal(0))
 | |
| 
 | |
| 		session = podmanTest.Podman([]string{"run", "foobar.com/test1-image:latest", "cat", "/run/secrets/mysecret"})
 | |
| 		session.WaitWithDefaultTimeout()
 | |
| 		Expect(session.ExitCode()).To(Not(Equal(0)))
 | |
| 
 | |
| 	})
 | |
| })
 |