github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #34653 from rata/simplify-e2e-secret 

Automatic merge from submit-queue

Add secret e2e test for keys mapping

**What this PR does / why we need it**: Adds a basic e2e test missing in secrets

**Which issue this PR fixes** *(optional, in `fixes #<issue number>(, #<issue_number>, ...)` format, will close that issue when PR gets merged)*:

**Special notes for your reviewer**:

**Release note**:
```NONE
```
This patch adds a secret e2e test. While configmap e2e tests are far
more complete, this patch makes secret e2e tests one step closer.

Also, now is more easy to add more tests without code duplication (as I
did in earlier patches :-/), because of the functions created, and is
more easy to make it similar to confimap e2e in the future, that is
really complete.
pull/6/head
Kubernetes Submit Queue 2016-10-19 21:58:31 -07:00 committed by GitHub
parent 41c9bbcc02 64479aa9a5
commit 3e22b38f70
1 changed files with 78 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
test/e2e/common/secrets.go
View File

@ -31,72 +31,21 @@ var _ = framework.KubeDescribe("Secrets", func() {
f := framework.NewDefaultFramework("secrets")
It("should be consumable from pods in volume [Conformance]", func() {
doSecretE2E(f, nil)
doSecretE2EWithoutMapping(f, nil)
})
It("should be consumable from pods in volume with defaultMode set [Conformance]", func() {
defaultMode := int32(0400)
doSecretE2E(f, &defaultMode)
doSecretE2EWithoutMapping(f, &defaultMode)
})
It("should be consumable from pods in volume with Mode set in the item [Conformance]", func() {
name := "secret-test-itemmode-" + string(uuid.NewUUID())
volumeName := "secret-volume"
volumeMountPath := "/etc/secret-volume"
secret := secretForTest(f.Namespace.Name, name)
By(fmt.Sprintf("Creating secret with name %s", secret.Name))
var err error
if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil {
framework.Failf("unable to create test secret %s: %v", secret.Name, err)
}
It("should be consumable from pods in volume with mappings [Conformance]", func() {
doSecretE2EWithMapping(f, nil)
})
It("should be consumable from pods in volume with mappings and Item Mode set [Conformance]", func() {
mode := int32(0400)
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "pod-secrets-" + string(uuid.NewUUID()),
},
Spec: api.PodSpec{
Volumes: []api.Volume{
{
Name: volumeName,
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: name,
Items: []api.KeyToPath{
{
Key: "data-1",
Path: "data-1",
Mode: &mode,
},
},
},
},
},
},
Containers: []api.Container{
{
Name: "secret-volume-test",
Image: "gcr.io/google_containers/mounttest:0.7",
Args: []string{
"--file_content=/etc/secret-volume/data-1",
"--file_mode=/etc/secret-volume/data-1"},
VolumeMounts: []api.VolumeMount{
{
Name: volumeName,
MountPath: volumeMountPath,
},
},
},
},
RestartPolicy: api.RestartPolicyNever,
},
}
f.TestContainerOutput("consume secrets", pod, 0, []string{
"content of file \"/etc/secret-volume/data-1\": value-1",
"mode of file \"/etc/secret-volume/data-1\": -r--------",
})
doSecretE2EWithMapping(f, &mode)
})
It("should be consumable in multiple volumes in a pod [Conformance]", func() {
@ -231,7 +180,7 @@ func secretForTest(namespace, name string) *api.Secret {
}
}
func doSecretE2E(f *framework.Framework, defaultMode *int32) {
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
var (
name = "secret-test-" + string(uuid.NewUUID())
volumeName = "secret-volume"
@ -240,12 +189,6 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) {
)
By(fmt.Sprintf("Creating secret with name %s", secret.Name))
defer func() {
By("Cleaning up the secret")
if err := f.Client.Secrets(f.Namespace.Name).Delete(secret.Name); err != nil {
framework.Failf("unable to delete secret %v: %v", secret.Name, err)
}
}()
var err error
if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil {
framework.Failf("unable to create test secret %s: %v", secret.Name, err)
@ -300,3 +243,73 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) {
f.TestContainerOutput("consume secrets", pod, 0, expectedOutput)
}
func doSecretE2EWithMapping(f *framework.Framework, mode *int32) {
var (
name = "secret-test-map-" + string(uuid.NewUUID())
volumeName = "secret-volume"
volumeMountPath = "/etc/secret-volume"
secret = secretForTest(f.Namespace.Name, name)
)
By(fmt.Sprintf("Creating secret with name %s", secret.Name))
var err error
if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil {
framework.Failf("unable to create test secret %s: %v", secret.Name, err)
}
pod := &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "pod-secrets-" + string(uuid.NewUUID()),
},
Spec: api.PodSpec{
Volumes: []api.Volume{
{
Name: volumeName,
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: name,
Items: []api.KeyToPath{
{
Key: "data-1",
Path: "new-path-data-1",
},
},
},
},
},
},
Containers: []api.Container{
{
Name: "secret-volume-test",
Image: "gcr.io/google_containers/mounttest:0.7",
Args: []string{
"--file_content=/etc/secret-volume/new-path-data-1",
"--file_mode=/etc/secret-volume/new-path-data-1"},
VolumeMounts: []api.VolumeMount{
{
Name: volumeName,
MountPath: volumeMountPath,
},
},
},
},
RestartPolicy: api.RestartPolicyNever,
},
}
if mode != nil {
pod.Spec.Volumes[0].VolumeSource.Secret.Items[0].Mode = mode
} else {
defaultItemMode := int32(0644)
mode = &defaultItemMode
}
modeString := fmt.Sprintf("%v", os.FileMode(*mode))
expectedOutput := []string{
"content of file \"/etc/secret-volume/new-path-data-1\": value-1",
"mode of file \"/etc/secret-volume/new-path-data-1\": " + modeString,
}
f.TestContainerOutput("consume secrets", pod, 0, expectedOutput)
}