Add secret e2e test for keys mapping

This patch adds a secret e2e test. While configmap e2e tests are far
more complete, this patch makes secret e2e tests one step closer.

Also, now is more easy to add more tests without code duplication (as I
did in earlier patches :-/), because of the functions created, and is
more easy to make it similar to confimap e2e in the future, that is
really complete.

test/e2e/common/secrets.go

@@ -31,72 +31,21 @@ var _ = framework.KubeDescribe("Secrets", func() {
 	f := framework.NewDefaultFramework("secrets")
 
 	It("should be consumable from pods in volume [Conformance]", func() {
-		doSecretE2E(f, nil)
+		doSecretE2EWithoutMapping(f, nil)
 	})
 
 	It("should be consumable from pods in volume with defaultMode set [Conformance]", func() {
 		defaultMode := int32(0400)
-		doSecretE2E(f, &defaultMode)
+		doSecretE2EWithoutMapping(f, &defaultMode)
 	})
 
-	It("should be consumable from pods in volume with Mode set in the item [Conformance]", func() {
-		name := "secret-test-itemmode-" + string(uuid.NewUUID())
-		volumeName := "secret-volume"
-		volumeMountPath := "/etc/secret-volume"
-		secret := secretForTest(f.Namespace.Name, name)
-
-		By(fmt.Sprintf("Creating secret with name %s", secret.Name))
-		var err error
-		if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil {
-			framework.Failf("unable to create test secret %s: %v", secret.Name, err)
-		}
+	It("should be consumable from pods in volume with mappings [Conformance]", func() {
+		doSecretE2EWithMapping(f, nil)
+	})
 
+	It("should be consumable from pods in volume with mappings and Item Mode set [Conformance]", func() {
 		mode := int32(0400)
-		pod := &api.Pod{
-			ObjectMeta: api.ObjectMeta{
-				Name: "pod-secrets-" + string(uuid.NewUUID()),
-			},
-			Spec: api.PodSpec{
-				Volumes: []api.Volume{
-					{
-						Name: volumeName,
-						VolumeSource: api.VolumeSource{
-							Secret: &api.SecretVolumeSource{
-								SecretName: name,
-								Items: []api.KeyToPath{
-									{
-										Key:  "data-1",
-										Path: "data-1",
-										Mode: &mode,
-									},
-								},
-							},
-						},
-					},
-				},
-				Containers: []api.Container{
-					{
-						Name:  "secret-volume-test",
-						Image: "gcr.io/google_containers/mounttest:0.7",
-						Args: []string{
-							"--file_content=/etc/secret-volume/data-1",
-							"--file_mode=/etc/secret-volume/data-1"},
-						VolumeMounts: []api.VolumeMount{
-							{
-								Name:      volumeName,
-								MountPath: volumeMountPath,
-							},
-						},
-					},
-				},
-				RestartPolicy: api.RestartPolicyNever,
-			},
-		}
-
-		f.TestContainerOutput("consume secrets", pod, 0, []string{
-			"content of file \"/etc/secret-volume/data-1\": value-1",
-			"mode of file \"/etc/secret-volume/data-1\": -r--------",
-		})
+		doSecretE2EWithMapping(f, &mode)
 	})
 
 	It("should be consumable in multiple volumes in a pod [Conformance]", func() {
@@ -231,7 +180,7 @@ func secretForTest(namespace, name string) *api.Secret {
 	}
 }
 
-func doSecretE2E(f *framework.Framework, defaultMode *int32) {
+func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
 	var (
 		name            = "secret-test-" + string(uuid.NewUUID())
 		volumeName      = "secret-volume"
@@ -300,3 +249,73 @@ func doSecretE2E(f *framework.Framework, defaultMode *int32) {
 
 	f.TestContainerOutput("consume secrets", pod, 0, expectedOutput)
 }
+
+func doSecretE2EWithMapping(f *framework.Framework, mode *int32) {
+	var (
+		name            = "secret-test-map-" + string(uuid.NewUUID())
+		volumeName      = "secret-volume"
+		volumeMountPath = "/etc/secret-volume"
+		secret          = secretForTest(f.Namespace.Name, name)
+	)
+
+	By(fmt.Sprintf("Creating secret with name %s", secret.Name))
+	var err error
+	if secret, err = f.Client.Secrets(f.Namespace.Name).Create(secret); err != nil {
+		framework.Failf("unable to create test secret %s: %v", secret.Name, err)
+	}
+
+	pod := &api.Pod{
+		ObjectMeta: api.ObjectMeta{
+			Name: "pod-secrets-" + string(uuid.NewUUID()),
+		},
+		Spec: api.PodSpec{
+			Volumes: []api.Volume{
+				{
+					Name: volumeName,
+					VolumeSource: api.VolumeSource{
+						Secret: &api.SecretVolumeSource{
+							SecretName: name,
+							Items: []api.KeyToPath{
+								{
+									Key:  "data-1",
+									Path: "new-path-data-1",
+								},
+							},
+						},
+					},
+				},
+			},
+			Containers: []api.Container{
+				{
+					Name:  "secret-volume-test",
+					Image: "gcr.io/google_containers/mounttest:0.7",
+					Args: []string{
+						"--file_content=/etc/secret-volume/new-path-data-1",
+						"--file_mode=/etc/secret-volume/new-path-data-1"},
+					VolumeMounts: []api.VolumeMount{
+						{
+							Name:      volumeName,
+							MountPath: volumeMountPath,
+						},
+					},
+				},
+			},
+			RestartPolicy: api.RestartPolicyNever,
+		},
+	}
+
+	if mode != nil {
+		pod.Spec.Volumes[0].VolumeSource.Secret.Items[0].Mode = mode
+	} else {
+		defaultItemMode := int32(0644)
+		mode = &defaultItemMode
+	}
+
+	modeString := fmt.Sprintf("%v", os.FileMode(*mode))
+	expectedOutput := []string{
+		"content of file \"/etc/secret-volume/new-path-data-1\": value-1",
+		"mode of file \"/etc/secret-volume/new-path-data-1\": " + modeString,
+	}
+
+	f.TestContainerOutput("consume secrets", pod, 0, expectedOutput)
+}