From ad03a43dbed78d915416e7b768ede4d8933803a5 Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 12 Oct 2016 19:11:14 -0300 Subject: [PATCH 1/2] Add secret e2e test for keys mapping This patch adds a secret e2e test. While configmap e2e tests are far more complete, this patch makes secret e2e tests one step closer. Also, now is more easy to add more tests without code duplication (as I did in earlier patches :-/), because of the functions created, and is more easy to make it similar to confimap e2e in the future, that is really complete. --- test/e2e/common/secrets.go | 137 +++++++++++++++++++++---------------- 1 file changed, 78 insertions(+), 59 deletions(-) diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go index f8a808f8aac..ee9f9581547 100644 --- a/test/e2e/common/secrets.go +++ b/test/e2e/common/secrets.go @@ -31,72 +31,21 @@ var _ = framework.KubeDescribe("Secrets", func() { f := framework.NewDefaultFramework("secrets") It("should be consumable from pods in volume [Conformance]", func() { - doSecretE2E(f, nil) + doSecretE2EWithoutMapping(f, nil) }) It("should be consumable from pods in volume with defaultMode set [Conformance]", func() { defaultMode := int32(0400) - doSecretE2E(f, &defaultMode) + doSecretE2EWithoutMapping(f, &defaultMode) }) - It("should be consumable from pods in volume with Mode set in the item [Conformance]", func() { - name := "secret-test-itemmode-" + string(uuid.NewUUID()) - volumeName := "secret-volume" - volumeMountPath := "/etc/secret-volume" - secret := secretForTest(f.Namespace.Name, name) - - By(fmt.Sprintf("Creating secret with name %s", secret.Name)) - var err error - if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { - framework.Failf("unable to create test secret %s: %v", secret.Name, err) - } + It("should be consumable from pods in volume with mappings [Conformance]", func() { + doSecretE2EWithMapping(f, nil) + }) + It("should be consumable from pods in volume with mappings and Item Mode set [Conformance]", func() { mode := int32(0400) - pod := &api.Pod{ - ObjectMeta: api.ObjectMeta{ - Name: "pod-secrets-" + string(uuid.NewUUID()), - }, - Spec: api.PodSpec{ - Volumes: []api.Volume{ - { - Name: volumeName, - VolumeSource: api.VolumeSource{ - Secret: &api.SecretVolumeSource{ - SecretName: name, - Items: []api.KeyToPath{ - { - Key: "data-1", - Path: "data-1", - Mode: &mode, - }, - }, - }, - }, - }, - }, - Containers: []api.Container{ - { - Name: "secret-volume-test", - Image: "gcr.io/google_containers/mounttest:0.7", - Args: []string{ - "--file_content=/etc/secret-volume/data-1", - "--file_mode=/etc/secret-volume/data-1"}, - VolumeMounts: []api.VolumeMount{ - { - Name: volumeName, - MountPath: volumeMountPath, - }, - }, - }, - }, - RestartPolicy: api.RestartPolicyNever, - }, - } - - f.TestContainerOutput("consume secrets", pod, 0, []string{ - "content of file \"/etc/secret-volume/data-1\": value-1", - "mode of file \"/etc/secret-volume/data-1\": -r--------", - }) + doSecretE2EWithMapping(f, &mode) }) It("should be consumable in multiple volumes in a pod [Conformance]", func() { @@ -231,7 +180,7 @@ func secretForTest(namespace, name string) *api.Secret { } } -func doSecretE2E(f *framework.Framework, defaultMode *int32) { +func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { var ( name = "secret-test-" + string(uuid.NewUUID()) volumeName = "secret-volume" @@ -300,3 +249,73 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) { f.TestContainerOutput("consume secrets", pod, 0, expectedOutput) } + +func doSecretE2EWithMapping(f *framework.Framework, mode *int32) { + var ( + name = "secret-test-map-" + string(uuid.NewUUID()) + volumeName = "secret-volume" + volumeMountPath = "/etc/secret-volume" + secret = secretForTest(f.Namespace.Name, name) + ) + + By(fmt.Sprintf("Creating secret with name %s", secret.Name)) + var err error + if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { + framework.Failf("unable to create test secret %s: %v", secret.Name, err) + } + + pod := &api.Pod{ + ObjectMeta: api.ObjectMeta{ + Name: "pod-secrets-" + string(uuid.NewUUID()), + }, + Spec: api.PodSpec{ + Volumes: []api.Volume{ + { + Name: volumeName, + VolumeSource: api.VolumeSource{ + Secret: &api.SecretVolumeSource{ + SecretName: name, + Items: []api.KeyToPath{ + { + Key: "data-1", + Path: "new-path-data-1", + }, + }, + }, + }, + }, + }, + Containers: []api.Container{ + { + Name: "secret-volume-test", + Image: "gcr.io/google_containers/mounttest:0.7", + Args: []string{ + "--file_content=/etc/secret-volume/new-path-data-1", + "--file_mode=/etc/secret-volume/new-path-data-1"}, + VolumeMounts: []api.VolumeMount{ + { + Name: volumeName, + MountPath: volumeMountPath, + }, + }, + }, + }, + RestartPolicy: api.RestartPolicyNever, + }, + } + + if mode != nil { + pod.Spec.Volumes[0].VolumeSource.Secret.Items[0].Mode = mode + } else { + defaultItemMode := int32(0644) + mode = &defaultItemMode + } + + modeString := fmt.Sprintf("%v", os.FileMode(*mode)) + expectedOutput := []string{ + "content of file \"/etc/secret-volume/new-path-data-1\": value-1", + "mode of file \"/etc/secret-volume/new-path-data-1\": " + modeString, + } + + f.TestContainerOutput("consume secrets", pod, 0, expectedOutput) +} From 64479aa9a5f02c41e36ec48d2f5d58274161d7af Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Wed, 19 Oct 2016 00:53:25 -0300 Subject: [PATCH 2/2] Remove deferred deletion call missed by 53ec6e6 Commit 53ec6e6 missed to remove this deferred call (probably due to a rebase). I noticied it while working with the code. I'm not sure why the original commits removes them, but it seems the right thing to do. --- test/e2e/common/secrets.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/test/e2e/common/secrets.go b/test/e2e/common/secrets.go index ee9f9581547..d979df8bf18 100644 --- a/test/e2e/common/secrets.go +++ b/test/e2e/common/secrets.go @@ -189,12 +189,6 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { ) By(fmt.Sprintf("Creating secret with name %s", secret.Name)) - defer func() { - By("Cleaning up the secret") - if err := f.Client.Secrets(f.Namespace.Name).Delete(secret.Name); err != nil { - framework.Failf("unable to delete secret %v: %v", secret.Name, err) - } - }() var err error if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil { framework.Failf("unable to create test secret %s: %v", secret.Name, err)