JohnHammond
/
buildkit
mirror of https://github.com/JohnHammond/buildkit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

client: add secret mounts test 

Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
docker-18.09
Tonis Tiigi 2018-07-19 17:14:28 -07:00
parent 378df8cbaa
commit 53f657a5db
1 changed files with 64 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
client/client_test.go
View File

@ -25,6 +25,8 @@ import (
"github.com/containerd/continuity/fs/fstest"
"github.com/moby/buildkit/client/llb"
"github.com/moby/buildkit/identity"
"github.com/moby/buildkit/session"
"github.com/moby/buildkit/session/secrets/secretsprovider"
"github.com/moby/buildkit/util/testutil/httpserver"
"github.com/moby/buildkit/util/testutil/integration"
ocispec "github.com/opencontainers/image-spec/specs-go/v1"
@ -58,9 +60,71 @@ func TestClientIntegration(t *testing.T) {
testLockedCacheMounts,
testDuplicateCacheMount,
testParallelLocalBuilds,
testSecretMounts,
})
}
func testSecretMounts(t *testing.T, sb integration.Sandbox) {
t.Parallel()
c, err := New(context.TODO(), sb.Address())
require.NoError(t, err)
defer c.Close()
st := llb.Image("busybox:latest").
Run(llb.Shlex(`sh -c 'mount | grep mysecret | grep "type tmpfs" && [ "$(cat /run/secrets/mysecret)" = 'foo-secret' ]'`), llb.AddSecret("/run/secrets/mysecret"))
def, err := st.Marshal()
require.NoError(t, err)
_, err = c.Solve(context.TODO(), def, SolveOpt{
Session: []session.Attachable{secretsprovider.FromMap(map[string][]byte{
"/run/secrets/mysecret": []byte("foo-secret"),
})},
}, nil)
require.NoError(t, err)
// test optional
st = llb.Image("busybox:latest").
Run(llb.Shlex(`echo secret2`), llb.AddSecret("/run/secrets/mysecret2", llb.SecretOptional))
def, err = st.Marshal()
require.NoError(t, err)
_, err = c.Solve(context.TODO(), def, SolveOpt{
Session: []session.Attachable{secretsprovider.FromMap(map[string][]byte{})},
}, nil)
require.NoError(t, err)
_, err = c.Solve(context.TODO(), def, SolveOpt{}, nil)
require.NoError(t, err)
st = llb.Image("busybox:latest").
Run(llb.Shlex(`echo secret3`), llb.AddSecret("/run/secrets/mysecret3"))
def, err = st.Marshal()
require.NoError(t, err)
_, err = c.Solve(context.TODO(), def, SolveOpt{
Session: []session.Attachable{secretsprovider.FromMap(map[string][]byte{})},
}, nil)
require.Error(t, err)
// test id,perm,uid
st = llb.Image("busybox:latest").
Run(llb.Shlex(`sh -c '[ "$(stat -c "%%u %%g %%f" /run/secrets/mysecret4)" = "1 1 81ff" ]' `), llb.AddSecret("/run/secrets/mysecret4", llb.SecretID("mysecret"), llb.SecretFileOpt(1, 1, 0777)))
def, err = st.Marshal()
require.NoError(t, err)
_, err = c.Solve(context.TODO(), def, SolveOpt{
Session: []session.Attachable{secretsprovider.FromMap(map[string][]byte{
"mysecret": []byte("pw"),
})},
}, nil)
require.NoError(t, err)
}
func testTmpfsMounts(t *testing.T, sb integration.Sandbox) {
t.Parallel()
requiresLinux(t)