8
. "github.com/containers/podman/v5/test/utils"
9
"github.com/containers/storage/pkg/stringid"
10
. "github.com/onsi/ginkgo/v2"
11
. "github.com/onsi/gomega"
12
. "github.com/onsi/gomega/gexec"
15
var _ = Describe("Podman secret", func() {
18
podmanTest.CleanupSecrets()
21
It("podman secret create", func() {
22
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
23
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
24
Expect(err).ToNot(HaveOccurred())
26
session := podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val", "a", secretFilePath})
27
session.WaitWithDefaultTimeout()
28
secrID := session.OutputToString()
29
Expect(session).Should(ExitCleanly())
31
inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID})
32
inspect.WaitWithDefaultTimeout()
33
Expect(inspect).Should(ExitCleanly())
34
Expect(inspect.OutputToString()).To(Equal(secrID))
35
inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID})
36
inspect.WaitWithDefaultTimeout()
37
Expect(inspect).Should(ExitCleanly())
38
Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val"))
40
session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "a", secretFilePath})
41
session.WaitWithDefaultTimeout()
42
Expect(session).Should(Exit(125))
43
Expect(session.ErrorToString()).To(Equal("Error: a: secret name in use"))
45
session = podmanTest.Podman([]string{"secret", "create", "-d", "file", "--driver-opts", "opt1=val1", "--replace", "a", secretFilePath})
46
session.WaitWithDefaultTimeout()
47
Expect(session).Should(ExitCleanly())
48
Expect(session.OutputToString()).To(Not(Equal(secrID)))
50
inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", secrID})
51
inspect.WaitWithDefaultTimeout()
52
Expect(inspect).To(ExitWithError())
53
Expect(inspect.ErrorToString()).To(ContainSubstring(fmt.Sprintf("Error: inspecting secret: no secret with name or id %q: no such secret", secrID)))
55
inspect = podmanTest.Podman([]string{"secret", "inspect", "-f", "{{.Spec.Driver.Options}}", "a"})
56
inspect.WaitWithDefaultTimeout()
57
Expect(inspect).Should(ExitCleanly())
58
Expect(inspect.OutputToString()).To(ContainSubstring("opt1:val1"))
61
It("podman secret create bad name should fail", func() {
62
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
63
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
64
Expect(err).ToNot(HaveOccurred())
67
session := podmanTest.Podman([]string{"secret", "create", badName, secretFilePath})
68
session.WaitWithDefaultTimeout()
69
Expect(session).To(ExitWithError())
70
Expect(session.ErrorToString()).To(Equal(fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName)))
73
session = podmanTest.Podman([]string{"secret", "create", badName, secretFilePath})
74
session.WaitWithDefaultTimeout()
75
Expect(session).To(ExitWithError())
76
Expect(session.ErrorToString()).To(Equal(fmt.Sprintf("Error: secret name %q can not include '=', '/', ',', or the '\\0' (NULL) and be between 1 and 253 characters: invalid secret name", badName)))
79
It("podman secret inspect", func() {
80
random := stringid.GenerateRandomID()
81
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
82
err := os.WriteFile(secretFilePath, []byte(random), 0755)
83
Expect(err).ToNot(HaveOccurred())
85
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
86
session.WaitWithDefaultTimeout()
87
secrID := session.OutputToString()
88
Expect(session).Should(ExitCleanly())
90
inspect := podmanTest.Podman([]string{"secret", "inspect", secrID})
91
inspect.WaitWithDefaultTimeout()
92
Expect(inspect).Should(ExitCleanly())
93
Expect(inspect.OutputToString()).To(BeValidJSON())
95
inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{ .SecretData }}", secrID})
96
inspect.WaitWithDefaultTimeout()
97
Expect(inspect).Should(ExitCleanly())
98
Expect(inspect.OutputToString()).To(Equal(""))
100
inspect = podmanTest.Podman([]string{"secret", "inspect", "--showsecret", "--format", "{{ .SecretData }}", secrID})
101
inspect.WaitWithDefaultTimeout()
102
Expect(inspect).Should(ExitCleanly())
103
Expect(inspect.OutputToString()).To(Equal(random))
106
It("podman secret inspect with --format", func() {
107
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
108
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
109
Expect(err).ToNot(HaveOccurred())
111
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
112
session.WaitWithDefaultTimeout()
113
secrID := session.OutputToString()
114
Expect(session).Should(ExitCleanly())
116
inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID})
117
inspect.WaitWithDefaultTimeout()
118
Expect(inspect).Should(ExitCleanly())
119
Expect(inspect.OutputToString()).To(Equal(secrID))
122
It("podman secret inspect with --pretty", func() {
123
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
124
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
125
Expect(err).ToNot(HaveOccurred())
127
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
128
session.WaitWithDefaultTimeout()
129
secrID := session.OutputToString()
130
Expect(session).Should(ExitCleanly())
132
inspect := podmanTest.Podman([]string{"secret", "inspect", "--pretty", secrID})
133
inspect.WaitWithDefaultTimeout()
134
Expect(inspect).Should(ExitCleanly())
135
Expect(inspect.OutputToString()).To(ContainSubstring("Name:"))
136
Expect(inspect.OutputToString()).To(ContainSubstring(secrID))
139
It("podman secret inspect multiple secrets", func() {
140
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
141
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
142
Expect(err).ToNot(HaveOccurred())
144
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
145
session.WaitWithDefaultTimeout()
146
secrID := session.OutputToString()
147
Expect(session).Should(ExitCleanly())
149
session2 := podmanTest.Podman([]string{"secret", "create", "b", secretFilePath})
150
session2.WaitWithDefaultTimeout()
151
secrID2 := session2.OutputToString()
152
Expect(session2).Should(ExitCleanly())
154
inspect := podmanTest.Podman([]string{"secret", "inspect", secrID, secrID2})
155
inspect.WaitWithDefaultTimeout()
156
Expect(inspect).Should(ExitCleanly())
157
Expect(inspect.OutputToString()).To(BeValidJSON())
160
It("podman secret inspect bogus", func() {
161
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
162
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
163
Expect(err).ToNot(HaveOccurred())
165
inspect := podmanTest.Podman([]string{"secret", "inspect", "bogus"})
166
inspect.WaitWithDefaultTimeout()
167
Expect(inspect).To(ExitWithError())
170
It("podman secret ls", func() {
171
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
172
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
173
Expect(err).ToNot(HaveOccurred())
175
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
176
session.WaitWithDefaultTimeout()
177
Expect(session).Should(ExitCleanly())
179
list := podmanTest.Podman([]string{"secret", "ls"})
180
list.WaitWithDefaultTimeout()
181
Expect(list).Should(ExitCleanly())
182
Expect(list.OutputToStringArray()).To(HaveLen(2))
186
It("podman secret ls --quiet", func() {
187
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
188
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
189
Expect(err).ToNot(HaveOccurred())
193
session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath})
194
session.WaitWithDefaultTimeout()
195
Expect(session).Should(ExitCleanly())
196
secretID := session.OutputToString()
198
list := podmanTest.Podman([]string{"secret", "ls", "-q"})
199
list.WaitWithDefaultTimeout()
200
Expect(list).Should(ExitCleanly())
201
Expect(list.OutputToString()).To(Equal(secretID))
203
list = podmanTest.Podman([]string{"secret", "ls", "--quiet"})
204
list.WaitWithDefaultTimeout()
205
Expect(list).Should(ExitCleanly())
206
Expect(list.OutputToString()).To(Equal(secretID))
209
list = podmanTest.Podman([]string{"secret", "ls", "-q", "--format", "{{.Name}}"})
210
list.WaitWithDefaultTimeout()
211
Expect(list).Should(ExitCleanly())
212
Expect(list.OutputToString()).To(Equal(secretName))
216
It("podman secret ls with filters", func() {
217
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
218
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
219
Expect(err).ToNot(HaveOccurred())
224
session := podmanTest.Podman([]string{"secret", "ls", "-n"})
225
session.WaitWithDefaultTimeout()
226
Expect(session).Should(ExitCleanly())
227
Expect(session.OutputToString()).To(Equal(""))
229
session = podmanTest.Podman([]string{"secret", "ls", "--noheading"})
230
session.WaitWithDefaultTimeout()
231
Expect(session).Should(ExitCleanly())
232
Expect(session.OutputToString()).To(Equal(""))
234
session = podmanTest.Podman([]string{"secret", "create", secret1, secretFilePath})
235
session.WaitWithDefaultTimeout()
236
secrID1 := session.OutputToString()
237
Expect(session).Should(ExitCleanly())
239
session = podmanTest.Podman([]string{"secret", "create", secret2, secretFilePath})
240
session.WaitWithDefaultTimeout()
241
secrID2 := session.OutputToString()
242
Expect(session).Should(ExitCleanly())
244
session = podmanTest.Podman([]string{"secret", "create", "Secret3", secretFilePath})
245
session.WaitWithDefaultTimeout()
246
Expect(session).Should(ExitCleanly())
248
list := podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1)})
249
list.WaitWithDefaultTimeout()
250
Expect(list).Should(ExitCleanly())
251
Expect(list.OutputToStringArray()).To(HaveLen(2))
252
Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret1))
254
list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret2)})
255
list.WaitWithDefaultTimeout()
256
Expect(list).Should(ExitCleanly())
257
Expect(list.OutputToStringArray()).To(HaveLen(2))
258
Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secret2))
260
list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID1)})
261
list.WaitWithDefaultTimeout()
262
Expect(list).Should(ExitCleanly())
263
Expect(list.OutputToStringArray()).To(HaveLen(2))
264
Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID1))
266
list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("id=%s", secrID2)})
267
list.WaitWithDefaultTimeout()
268
Expect(list).Should(ExitCleanly())
269
Expect(list.OutputToStringArray()).To(HaveLen(2))
270
Expect(list.OutputToStringArray()[1]).To(ContainSubstring(secrID2))
272
list = podmanTest.Podman([]string{"secret", "ls", "--filter", fmt.Sprintf("name=%s", secret1), "--filter", fmt.Sprintf("name=%s", secret2)})
273
list.WaitWithDefaultTimeout()
274
Expect(list).Should(ExitCleanly())
275
Expect(list.OutputToStringArray()).To(HaveLen(3))
276
Expect(list.OutputToString()).To(ContainSubstring(secret1))
277
Expect(list.OutputToString()).To(ContainSubstring(secret2))
280
It("podman secret ls with Go template", func() {
281
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
282
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
283
Expect(err).ToNot(HaveOccurred())
285
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
286
session.WaitWithDefaultTimeout()
287
Expect(session).Should(ExitCleanly())
289
list := podmanTest.Podman([]string{"secret", "ls", "--format", "table {{.Name}}"})
290
list.WaitWithDefaultTimeout()
292
Expect(list).Should(ExitCleanly())
293
Expect(list.OutputToStringArray()).To(HaveLen(2), list.OutputToString())
296
It("podman secret rm", func() {
297
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
298
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
299
Expect(err).ToNot(HaveOccurred())
301
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
302
session.WaitWithDefaultTimeout()
303
secrID := session.OutputToString()
304
Expect(session).Should(ExitCleanly())
306
removed := podmanTest.Podman([]string{"secret", "rm", "a"})
307
removed.WaitWithDefaultTimeout()
308
Expect(removed).Should(ExitCleanly())
309
Expect(removed.OutputToString()).To(Equal(secrID))
311
session = podmanTest.Podman([]string{"secret", "ls"})
312
session.WaitWithDefaultTimeout()
313
Expect(session).Should(ExitCleanly())
314
Expect(session.OutputToStringArray()).To(HaveLen(1))
317
It("podman secret rm --all", func() {
318
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
319
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
320
Expect(err).ToNot(HaveOccurred())
322
session := podmanTest.Podman([]string{"secret", "create", "a", secretFilePath})
323
session.WaitWithDefaultTimeout()
324
Expect(session).Should(ExitCleanly())
325
session = podmanTest.Podman([]string{"secret", "create", "b", secretFilePath})
326
session.WaitWithDefaultTimeout()
327
Expect(session).Should(ExitCleanly())
329
removed := podmanTest.Podman([]string{"secret", "rm", "-a"})
330
removed.WaitWithDefaultTimeout()
331
Expect(removed).Should(ExitCleanly())
333
session = podmanTest.Podman([]string{"secret", "ls"})
334
session.WaitWithDefaultTimeout()
335
Expect(session).Should(ExitCleanly())
336
Expect(session.OutputToStringArray()).To(HaveLen(1))
339
It("podman secret rm --ignore", func() {
340
remove := podmanTest.Podman([]string{"secret", "rm", "non-existent-secret"})
341
remove.WaitWithDefaultTimeout()
342
Expect(remove).Should(Not(ExitCleanly()))
343
Expect(remove.ErrorToString()).To(Equal("Error: no secret with name or id \"non-existent-secret\": no such secret"))
345
ignoreRm := podmanTest.Podman([]string{"secret", "rm", "--ignore", "non-existent-secret"})
346
ignoreRm.WaitWithDefaultTimeout()
347
Expect(ignoreRm).Should(ExitCleanly())
348
Expect(ignoreRm.ErrorToString()).To(BeEmpty())
351
It("podman secret creates from environment variable", func() {
353
session := podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"})
354
session.WaitWithDefaultTimeout()
355
Expect(session).To(ExitWithError())
357
os.Setenv("MYENVVAR", "somedata")
359
podmanTest.RestartRemoteService()
362
session = podmanTest.Podman([]string{"secret", "create", "--env", "a", "MYENVVAR"})
363
session.WaitWithDefaultTimeout()
364
secrID := session.OutputToString()
365
Expect(session).Should(ExitCleanly())
367
inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.ID}}", secrID})
368
inspect.WaitWithDefaultTimeout()
369
Expect(inspect).Should(ExitCleanly())
370
Expect(inspect.OutputToString()).To(Equal(secrID))
373
It("podman secret with labels", func() {
374
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
375
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
376
Expect(err).ToNot(HaveOccurred())
378
session := podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "a", secretFilePath})
379
session.WaitWithDefaultTimeout()
380
secrID := session.OutputToString()
381
Expect(session).Should(ExitCleanly())
383
inspect := podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID})
384
inspect.WaitWithDefaultTimeout()
385
Expect(inspect).Should(ExitCleanly())
386
Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar"))
388
session = podmanTest.Podman([]string{"secret", "create", "--label", "foo=bar", "--label", "a:b", "b", secretFilePath})
389
session.WaitWithDefaultTimeout()
390
secrID = session.OutputToString()
391
Expect(session).Should(ExitCleanly())
393
inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID})
394
inspect.WaitWithDefaultTimeout()
395
Expect(inspect).Should(ExitCleanly())
396
Expect(inspect.OutputToString()).To(ContainSubstring("foo:bar"))
397
Expect(inspect.OutputToString()).To(ContainSubstring("a:b"))
399
session = podmanTest.Podman([]string{"secret", "create", "c", secretFilePath})
400
session.WaitWithDefaultTimeout()
401
secrID = session.OutputToString()
402
Expect(session).Should(ExitCleanly())
404
inspect = podmanTest.Podman([]string{"secret", "inspect", "--format", "{{.Spec.Labels}}", secrID})
405
inspect.WaitWithDefaultTimeout()
406
Expect(inspect).Should(ExitCleanly())
407
Expect(inspect.OutputToString()).To(Equal("map[]"))
411
It("podman secret exists should return true if secret exists", func() {
412
secretFilePath := filepath.Join(podmanTest.TempDir, "secret")
413
err := os.WriteFile(secretFilePath, []byte("mysecret"), 0755)
414
Expect(err).ToNot(HaveOccurred())
416
secretName := "does_exist"
418
session := podmanTest.Podman([]string{"secret", "create", secretName, secretFilePath})
419
session.WaitWithDefaultTimeout()
420
secretID := session.OutputToString()
421
Expect(session).Should(ExitCleanly())
423
exists := podmanTest.Podman([]string{"secret", "exists", secretName})
424
exists.WaitWithDefaultTimeout()
425
Expect(exists).Should(ExitCleanly())
427
exists = podmanTest.Podman([]string{"secret", "exists", secretID})
428
exists.WaitWithDefaultTimeout()
429
Expect(exists).Should(ExitCleanly())
432
It("podman secret exists should return false if secret does not exist", func() {
433
secretName := "does_not_exist"
435
exists := podmanTest.Podman([]string{"secret", "exists", secretName})
436
exists.WaitWithDefaultTimeout()
437
Expect(exists).Should(Exit(1))