-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add test for: mount a secret with another secret having same name in different namespace #35587
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -31,12 +31,12 @@ var _ = framework.KubeDescribe("Secrets", func() { | |
f := framework.NewDefaultFramework("secrets") | ||
|
||
It("should be consumable from pods in volume [Conformance]", func() { | ||
doSecretE2EWithoutMapping(f, nil) | ||
doSecretE2EWithoutMapping(f, nil /* default mode */, "secret-test-"+string(uuid.NewUUID())) | ||
}) | ||
|
||
It("should be consumable from pods in volume with defaultMode set [Conformance]", func() { | ||
defaultMode := int32(0400) | ||
doSecretE2EWithoutMapping(f, &defaultMode) | ||
doSecretE2EWithoutMapping(f, &defaultMode, "secret-test-"+string(uuid.NewUUID())) | ||
}) | ||
|
||
It("should be consumable from pods in volume with mappings [Conformance]", func() { | ||
|
@@ -48,6 +48,27 @@ var _ = framework.KubeDescribe("Secrets", func() { | |
doSecretE2EWithMapping(f, &mode) | ||
}) | ||
|
||
It("should be able to mount in a volume regardless of a different secret existing with same name in different namespace", func() { | ||
var ( | ||
namespace2 *api.Namespace | ||
err error | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. no need for these if you use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. That would limit the scope. https://groups.google.com/forum/#!topic/golang-nuts/v6Xm9C7ENgc |
||
secret2Name = "secret-test-" + string(uuid.NewUUID()) | ||
) | ||
|
||
if namespace2, err = f.CreateNamespace("secret-namespace", nil); err != nil { | ||
framework.Failf("unable to create new namespace %s: %v", namespace2.Name, err) | ||
} | ||
|
||
secret2 := secretForTest(namespace2.Name, secret2Name) | ||
secret2.Data = map[string][]byte{ | ||
"this_should_not_match_content_of_other_secret": []byte("similarly_this_should_not_match_content_of_other_secret\n"), | ||
} | ||
if secret2, err = f.ClientSet.Core().Secrets(namespace2.Name).Create(secret2); err != nil { | ||
framework.Failf("unable to create test secret %s: %v", secret2.Name, err) | ||
} | ||
doSecretE2EWithoutMapping(f, nil /* default mode */, secret2.Name) | ||
}) | ||
|
||
It("should be consumable in multiple volumes in a pod [Conformance]", func() { | ||
// This test ensures that the same secret can be mounted in multiple | ||
// volumes in the same pod. This test case exists to prevent | ||
|
@@ -180,12 +201,11 @@ func secretForTest(namespace, name string) *api.Secret { | |
} | ||
} | ||
|
||
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { | ||
func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32, secretName string) { | ||
var ( | ||
name = "secret-test-" + string(uuid.NewUUID()) | ||
volumeName = "secret-volume" | ||
volumeMountPath = "/etc/secret-volume" | ||
secret = secretForTest(f.Namespace.Name, name) | ||
secret = secretForTest(f.Namespace.Name, secretName) | ||
) | ||
|
||
By(fmt.Sprintf("Creating secret with name %s", secret.Name)) | ||
|
@@ -196,15 +216,16 @@ func doSecretE2EWithoutMapping(f *framework.Framework, defaultMode *int32) { | |
|
||
pod := &api.Pod{ | ||
ObjectMeta: api.ObjectMeta{ | ||
Name: "pod-secrets-" + string(uuid.NewUUID()), | ||
Name: "pod-secrets-" + string(uuid.NewUUID()), | ||
Namespace: f.Namespace.Name, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, not sure I follow. Why add a namespace here? Why leaving it empty is not enough? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To make it explicit |
||
}, | ||
Spec: api.PodSpec{ | ||
Volumes: []api.Volume{ | ||
{ | ||
Name: volumeName, | ||
VolumeSource: api.VolumeSource{ | ||
Secret: &api.SecretVolumeSource{ | ||
SecretName: name, | ||
SecretName: secretName, | ||
}, | ||
}, | ||
}, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a test about two secrets. Not
doSecretE2EWithoutMapping(..)
that is being called