Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add test for: mount a secret with another secret having same name in different namespace #35587

Merged
merged 1 commit into from
Nov 15, 2016
Merged

Add test for: mount a secret with another secret having same name in different namespace #35587

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
35 changes: 28 additions & 7 deletions test/e2e/common/secrets.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,12 @@ var _ = framework.KubeDescribe("Secrets", func() {
f := framework.NewDefaultFramework("secrets")

It("should be consumable from pods in volume [Conformance]", func() {
doSecretE2EWithoutMapping(f, nil)
doSecretE2EWithoutMapping(f, nil /* default mode */, "secret-test-"+string(uuid.NewUUID()))
})

It("should be consumable from pods in volume with defaultMode set [Conformance]", func() {
defaultMode := int32(0400)
doSecretE2EWithoutMapping(f, &defaultMode)
doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID()))
})

It("should be consumable from pods in volume with mappings [Conformance]", func() {
Expand All @@ -48,6 +48,27 @@ var _ = framework.KubeDescribe("Secrets", func() {
doSecretE2EWithMapping(f, &mode)
})

It("should be able to mount in a volume regardless of a different secret existing with same name in different namespace", func() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a test about two secrets. Not doSecretE2EWithoutMapping(..) that is being called

var (
namespace2 *api.Namespace
err error
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no need for these if you use := on the next if?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That would limit the scope.
I need namespace2 and err in the following lines.

https://groups.google.com/forum/#!topic/golang-nuts/v6Xm9C7ENgc

secret2Name = "secret-test-" + string(uuid.NewUUID())
)

if namespace2, err = f.CreateNamespace("secret-namespace", nil); err != nil {
framework.Failf("unable to create new namespace %s: %v", namespace2.Name, err)
}

secret2 := secretForTest(namespace2.Name, secret2Name)
secret2.Data = map[string][]byte{
"this_should_not_match_content_of_other_secret": []byte("similarly_this_should_not_match_content_of_other_secret\n"),
}
if secret2, err = f.ClientSet.Core().Secrets(namespace2.Name).Create(secret2); err != nil {
framework.Failf("unable to create test secret %s: %v", secret2.Name, err)
}
doSecretE2EWithoutMapping(f, nil /* default mode */, secret2.Name)
})

It("should be consumable in multiple volumes in a pod [Conformance]", func() {
// This test ensures that the same secret can be mounted in multiple
// volumes in the same pod. This test case exists to prevent
Expand Down Expand Up @@ -180,12 +201,11 @@ func secretForTest(namespace, name string) *api.Secret {
}
}

func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string) {
var (
name = "secret-test-" + string(uuid.NewUUID())
volumeName = "secret-volume"
volumeMountPath = "/etc/secret-volume"
secret = secretForTest(f.Namespace.Name, name)
secret = secretForTest(f.Namespace.Name, secretName)
)

By(fmt.Sprintf("Creating secret with name %s", secret.Name))
Expand All @@ -196,15 +216,16 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) {

pod := &api.Pod{
ObjectMeta: api.ObjectMeta{
Name: "pod-secrets-" + string(uuid.NewUUID()),
Name: "pod-secrets-" + string(uuid.NewUUID()),
Namespace: f.Namespace.Name,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, not sure I follow. Why add a namespace here? Why leaving it empty is not enough?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To make it explicit

},
Spec: api.PodSpec{
Volumes: []api.Volume{
{
Name: volumeName,
VolumeSource: api.VolumeSource{
Secret: &api.SecretVolumeSource{
SecretName: name,
SecretName: secretName,
},
},
},
Expand Down
16 changes: 11 additions & 5 deletions test/test_owners.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,14 +38,14 @@ Container Lifecycle Hook when create a pod with lifecycle hook when it is http h
Container Runtime Conformance Test container runtime conformance blackbox test when running a container with a new image *,Random-Liu,0
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits it should run with the expected status,luxas,1
Container Runtime Conformance Test container runtime conformance blackbox test when starting a container that exits should report termination message if TerminationMessagePath is set,timothysc,1
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
CronJob should not emit unexpected warnings,soltysh,1
CronJob should not schedule jobs when suspended,soltysh,1
CronJob should not schedule new jobs when ForbidConcurrent,soltysh,1
CronJob should replace jobs when ReplaceConcurrent,soltysh,1
CronJob should schedule multiple jobs concurrently,soltysh,1
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods in both nonfaulty and faulty scenarios,MrHohn,0
DNS horizontal autoscaling kube-dns-autoscaler should scale kube-dns pods when cluster size changed,MrHohn,0
ContainerLogPath Pod with a container printed log to stdout should print log to correct log path,resouer,0
DNS should provide DNS for ExternalName services,rmmh,1
DNS should provide DNS for pods for Hostname and Subdomain Annotation,mtaufen,1
DNS should provide DNS for services,roberthbailey,1
Expand Down Expand Up @@ -77,6 +77,9 @@ Deployment overlapping deployment should not fight with each other,kargakis,1
Deployment paused deployment should be able to scale,kargakis,1
Deployment paused deployment should be ignored by the controller,kargakis,0
Deployment scaled rollout deployment should not block on annotation check,kargakis,1
DisruptionController evictions: * => *,rkouj,0
DisruptionController should create a PodDisruptionBudget,rkouj,0
DisruptionController should update PodDisruptionBudget status,rkouj,0
Docker Containers should be able to override the image's default arguments (docker cmd),maisem,0
Docker Containers should be able to override the image's default command and arguments,maisem,0
Docker Containers should be able to override the image's default commmand (docker entrypoint),maisem,0
Expand Down Expand Up @@ -145,10 +148,9 @@ Federation API server authentication should not accept cluster resources when th
Federation API server authentication should not accept cluster resources when the client has no authentication credentials,nikhiljindal,1
Federation apiserver Admission control should not be able to create resources if namespace does not exist,alex-mohr,1
Federation apiserver Cluster objects should be created and deleted successfully,ghodss,1
Federation daemonsets DaemonSet objects should be created and deleted successfully,soltysh,1
Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
Federation deployments Deployment objects should be created and deleted successfully,soltysh,1
Federation deployments Federated Deployment should create and update matching deployments in underling clusters,soltysh,1
Federation daemonsets DaemonSet objects should be created and deleted successfully,nikhiljindal,0
Federation events Event objects should be created and deleted successfully,karlkfi,1
Federation namespace Namespace objects all resources in the namespace should be deleted when namespace is deleted,nikhiljindal,0
Federation namespace Namespace objects should be created and deleted successfully,xiang90,1
Expand All @@ -159,14 +161,17 @@ Federation replicasets ReplicaSet objects should be created and deleted successf
Federation secrets Secret objects should be created and deleted successfully,pmorie,1
Federation secrets Secret objects should be deleted from underlying clusters when OrphanDependents is false,nikhiljindal,0
Federation secrets Secret objects should not be deleted from underlying clusters when OrphanDependents is true,nikhiljindal,0
GCP Volumes GlusterFS should be mountable,rkouj,0
GCP Volumes NFSv4 should be mountable for NFSv4,rkouj,0
GKE local SSD should write and read from node local SSD,fabioy,0
GKE node pools should create a cluster with multiple node pools,fabioy,1
Garbage collector should delete pods created by rc when not orphaning,justinsb,1
Garbage collector should orphan pods created by rc if delete options say so,fabioy,1
Garbage collector should orphan pods created by rc if deleteOptions.OrphanDependents is nil,zmerlynn,1
"Generated release_1_5 clientset should create pods, delete pods, watch pods",ghodss,1
"Generated release_1_5 clientset should create v2alpha1 cronJobs, delete cronJobs, watch cronJobs",soltysh,1
HA-master pods survive addition/removal,roberthbailey,1
HA-master pods survive addition/removal different zones,rkouj,0
HA-master pods survive addition/removal same zone,rkouj,0
Hazelcast should create and scale hazelcast,mikedanese,1
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 1 pod to 3 pods and from 3 to 5,jszczepkowski,0
Horizontal pod autoscaling (scale resource: CPU) Deployment Should scale from 5 pods to 3 pods and from 3 to 1,jszczepkowski,0
Expand Down Expand Up @@ -398,6 +403,7 @@ SchedulerPredicates validates that required NodeAffinity setting is respected if
SchedulerPredicates validates that taints-tolerations is respected if matching,jlowdermilk,1
SchedulerPredicates validates that taints-tolerations is respected if not matching,derekwaynecarr,1
Secret should create a pod that reads a secret,luxas,1
Secrets should be able to mount in a volume regardless of a different secret existing with same name in different namespace,rkouj,0
Secrets should be consumable from pods in env vars,mml,1
Secrets should be consumable from pods in volume,ghodss,1
Secrets should be consumable from pods in volume with defaultMode set,derekwaynecarr,1
Expand Down Expand Up @@ -658,7 +664,7 @@ k8s.io/kubernetes/pkg/kubelet/qos,vishh,0
k8s.io/kubernetes/pkg/kubelet/rkt,apelisse,1
k8s.io/kubernetes/pkg/kubelet/rktshim,mml,1
k8s.io/kubernetes/pkg/kubelet/server,timstclair,0
k8s.io/kubernetes/pkg/kubelet/server/portforward,caesarxuchao,1
k8s.io/kubernetes/pkg/kubelet/server/portforward,rkouj,0
k8s.io/kubernetes/pkg/kubelet/server/stats,timstclair,0
k8s.io/kubernetes/pkg/kubelet/server/streaming,caesarxuchao,1
k8s.io/kubernetes/pkg/kubelet/status,mwielgus,1
Expand Down