diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go index f8a808f8aa..d979df8bf1 100644 --- a/test/e2e/common/secrets.go +++ b/test/e2e/common/secrets.go @@ -31,72 +31,21 @@ var _ = framework.KubeDescribe("Secrets", func() { f := framework.NewDefaultFramework("secrets") It("should be consumable from pods in volume [Conformance]", func() { - doSecretE2E(f, nil) + doSecretE2EWithoutMapping(f, nil) }) It("should be consumable from pods in volume with defaultMode set [Conformance]", func() { defaultMode := int32(0400) - doSecretE2E(f, &defaultMode) + doSecretE2EWithoutMapping(f, &defaultMode) }) - It("should be consumable from pods in volume with Mode set in the item [Conformance]", func() { - name := "secret-test-itemmode-" + string(uuid.NewUUID()) - volumeName := "secret-volume" - volumeMountPath := "/etc/secret-volume" - secret := secretForTest(f.Namespace.Name, name) - - By(fmt.Sprintf("Creating secret with name %s", secret.Name)) - var err error - if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { - framework.Failf("unable to create test secret %s: %v", secret.Name, err) - } + It("should be consumable from pods in volume with mappings [Conformance]", func() { + doSecretE2EWithMapping(f, nil) + }) + It("should be consumable from pods in volume with mappings and Item Mode set [Conformance]", func() { mode := int32(0400) - pod := &api.Pod{ - ObjectMeta: api.ObjectMeta{ - Name: "pod-secrets-" + string(uuid.NewUUID()), - }, - Spec: api.PodSpec{ - Volumes: []api.Volume{ - { - Name: volumeName, - VolumeSource: api.VolumeSource{ - Secret: &api.SecretVolumeSource{ - SecretName: name, - Items: []api.KeyToPath{ - { - Key: "data-1", - Path: "data-1", - Mode: &mode, - }, - }, - }, - }, - }, - }, - Containers: []api.Container{ - { - Name: "secret-volume-test", - Image: "gcr.io/google_containers/mounttest:0.7", - Args: []string{ - "--file_content=/etc/secret-volume/data-1", - "--file_mode=/etc/secret-volume/data-1"}, - VolumeMounts: []api.VolumeMount{ - { - Name: volumeName, - MountPath: volumeMountPath, - }, - }, - }, - }, - RestartPolicy: api.RestartPolicyNever, - }, - } - - f.TestContainerOutput("consume secrets", pod, 0, []string{ - "content of file \"/etc/secret-volume/data-1\": value-1", - "mode of file \"/etc/secret-volume/data-1\": -r--------", - }) + doSecretE2EWithMapping(f, &mode) }) It("should be consumable in multiple volumes in a pod [Conformance]", func() { @@ -231,7 +180,7 @@ func secretForTest(namespace, name string) *api.Secret { } } -func doSecretE2E(f *framework.Framework, defaultMode *int32) { +func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { var ( name = "secret-test-" + string(uuid.NewUUID()) volumeName = "secret-volume" @@ -240,12 +189,6 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) { ) By(fmt.Sprintf("Creating secret with name %s", secret.Name)) - defer func() { - By("Cleaning up the secret") - if err := f.Client.Secrets(f.Namespace.Name).Delete(secret.Name); err != nil { - framework.Failf("unable to delete secret %v: %v", secret.Name, err) - } - }() var err error if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { framework.Failf("unable to create test secret %s: %v", secret.Name, err) @@ -300,3 +243,73 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) { f.TestContainerOutput("consume secrets", pod, 0, expectedOutput) } + +func doSecretE2EWithMapping(f *framework.Framework, mode *int32) { + var ( + name = "secret-test-map-" + string(uuid.NewUUID()) + volumeName = "secret-volume" + volumeMountPath = "/etc/secret-volume" + secret = secretForTest(f.Namespace.Name, name) + ) + + By(fmt.Sprintf("Creating secret with name %s", secret.Name)) + var err error + if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { + framework.Failf("unable to create test secret %s: %v", secret.Name, err) + } + + pod := &api.Pod{ + ObjectMeta: api.ObjectMeta{ + Name: "pod-secrets-" + string(uuid.NewUUID()), + }, + Spec: api.PodSpec{ + Volumes: []api.Volume{ + { + Name: volumeName, + VolumeSource: api.VolumeSource{ + Secret: &api.SecretVolumeSource{ + SecretName: name, + Items: []api.KeyToPath{ + { + Key: "data-1", + Path: "new-path-data-1", + }, + }, + }, + }, + }, + }, + Containers: []api.Container{ + { + Name: "secret-volume-test", + Image: "gcr.io/google_containers/mounttest:0.7", + Args: []string{ + "--file_content=/etc/secret-volume/new-path-data-1", + "--file_mode=/etc/secret-volume/new-path-data-1"}, + VolumeMounts: []api.VolumeMount{ + { + Name: volumeName, + MountPath: volumeMountPath, + }, + }, + }, + }, + RestartPolicy: api.RestartPolicyNever, + }, + } + + if mode != nil { + pod.Spec.Volumes[0].VolumeSource.Secret.Items[0].Mode = mode + } else { + defaultItemMode := int32(0644) + mode = &defaultItemMode + } + + modeString := fmt.Sprintf("%v", os.FileMode(*mode)) + expectedOutput := []string{ + "content of file \"/etc/secret-volume/new-path-data-1\": value-1", + "mode of file \"/etc/secret-volume/new-path-data-1\": " + modeString, + } + + f.TestContainerOutput("consume secrets", pod, 0, expectedOutput) +}