2019-01-03 00:16:30 +00:00
|
|
|
package dockerfile
|
|
|
|
|
|
|
|
import (
|
|
|
|
"os"
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
"github.com/containerd/continuity/fs/fstest"
|
|
|
|
"github.com/moby/buildkit/client"
|
|
|
|
"github.com/moby/buildkit/frontend/dockerfile/builder"
|
|
|
|
"github.com/moby/buildkit/session"
|
|
|
|
"github.com/moby/buildkit/session/secrets/secretsprovider"
|
|
|
|
"github.com/moby/buildkit/util/testutil/integration"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
)
|
|
|
|
|
2021-11-17 20:00:17 +00:00
|
|
|
var secretsTests = integration.TestFuncs(
|
2019-01-03 00:16:30 +00:00
|
|
|
testSecretFileParams,
|
2021-08-12 16:46:47 +00:00
|
|
|
testSecretRequiredWithoutValue,
|
2021-11-17 20:00:17 +00:00
|
|
|
)
|
2019-01-03 00:16:30 +00:00
|
|
|
|
|
|
|
func init() {
|
|
|
|
allTests = append(allTests, secretsTests...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testSecretFileParams(t *testing.T, sb integration.Sandbox) {
|
|
|
|
f := getFrontend(t, sb)
|
|
|
|
|
|
|
|
dockerfile := []byte(`
|
|
|
|
FROM busybox
|
2019-07-26 23:53:51 +00:00
|
|
|
RUN --mount=type=secret,required=false,mode=741,uid=100,gid=102,target=/mysecret [ "$(stat -c "%u %g %f" /mysecret)" = "100 102 81e1" ]
|
2020-10-19 00:57:56 +00:00
|
|
|
RUN [ ! -f /mysecret ] # check no stub left behind
|
2019-01-03 00:16:30 +00:00
|
|
|
`)
|
|
|
|
|
|
|
|
dir, err := tmpdir(
|
|
|
|
fstest.CreateFile("Dockerfile", dockerfile, 0600),
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
|
|
|
defer os.RemoveAll(dir)
|
|
|
|
|
2021-06-19 03:41:16 +00:00
|
|
|
c, err := client.New(sb.Context(), sb.Address())
|
2019-01-03 00:16:30 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
defer c.Close()
|
|
|
|
|
2021-06-19 03:41:16 +00:00
|
|
|
_, err = f.Solve(sb.Context(), c, client.SolveOpt{
|
2019-01-03 00:16:30 +00:00
|
|
|
LocalDirs: map[string]string{
|
2019-02-23 05:02:49 +00:00
|
|
|
builder.DefaultLocalNameDockerfile: dir,
|
|
|
|
builder.DefaultLocalNameContext: dir,
|
2019-01-03 00:16:30 +00:00
|
|
|
},
|
|
|
|
Session: []session.Attachable{secretsprovider.FromMap(map[string][]byte{
|
|
|
|
"mysecret": []byte("pw"),
|
|
|
|
})},
|
|
|
|
}, nil)
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
2021-08-12 16:46:47 +00:00
|
|
|
|
|
|
|
func testSecretRequiredWithoutValue(t *testing.T, sb integration.Sandbox) {
|
|
|
|
f := getFrontend(t, sb)
|
|
|
|
|
|
|
|
dockerfile := []byte(`
|
|
|
|
FROM busybox
|
|
|
|
RUN --mount=type=secret,required,id=mysecret foo
|
|
|
|
`)
|
|
|
|
|
|
|
|
dir, err := tmpdir(
|
|
|
|
fstest.CreateFile("Dockerfile", dockerfile, 0600),
|
|
|
|
)
|
|
|
|
require.NoError(t, err)
|
|
|
|
defer os.RemoveAll(dir)
|
|
|
|
|
|
|
|
c, err := client.New(sb.Context(), sb.Address())
|
|
|
|
require.NoError(t, err)
|
|
|
|
defer c.Close()
|
|
|
|
|
|
|
|
_, err = f.Solve(sb.Context(), c, client.SolveOpt{
|
|
|
|
LocalDirs: map[string]string{
|
|
|
|
builder.DefaultLocalNameDockerfile: dir,
|
|
|
|
builder.DefaultLocalNameContext: dir,
|
|
|
|
},
|
|
|
|
}, nil)
|
|
|
|
require.Error(t, err)
|
|
|
|
require.Contains(t, err.Error(), "secret mysecret: not found")
|
|
|
|
}
|