mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
3638ca4d14
This fix tries to address the issue in 28884 where it is possible to mask the secret ID by name. The reason was that searching a secret is based on name. However, searching a secret should be done based on: - Full ID - Full Name - Partial ID (prefix) This fix addresses the issue by changing related implementation in `getCliRequestedSecretIDs()` An integration test has been added to cover the changes. This fix fixes 28884 Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
106 lines
2.9 KiB
Go
106 lines
2.9 KiB
Go
// +build !windows
|
|
|
|
package main
|
|
|
|
import (
|
|
"github.com/docker/docker/api/types/swarm"
|
|
"github.com/docker/docker/pkg/integration/checker"
|
|
"github.com/go-check/check"
|
|
)
|
|
|
|
func (s *DockerSwarmSuite) TestSecretCreate(c *check.C) {
|
|
d := s.AddDaemon(c, true, true)
|
|
|
|
testName := "test_secret"
|
|
id := d.createSecret(c, swarm.SecretSpec{
|
|
swarm.Annotations{
|
|
Name: testName,
|
|
},
|
|
[]byte("TESTINGDATA"),
|
|
})
|
|
c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
|
|
|
|
secret := d.getSecret(c, id)
|
|
c.Assert(secret.Spec.Name, checker.Equals, testName)
|
|
}
|
|
|
|
func (s *DockerSwarmSuite) TestSecretCreateWithLabels(c *check.C) {
|
|
d := s.AddDaemon(c, true, true)
|
|
|
|
testName := "test_secret"
|
|
id := d.createSecret(c, swarm.SecretSpec{
|
|
swarm.Annotations{
|
|
Name: testName,
|
|
Labels: map[string]string{
|
|
"key1": "value1",
|
|
"key2": "value2",
|
|
},
|
|
},
|
|
[]byte("TESTINGDATA"),
|
|
})
|
|
c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
|
|
|
|
secret := d.getSecret(c, id)
|
|
c.Assert(secret.Spec.Name, checker.Equals, testName)
|
|
c.Assert(len(secret.Spec.Labels), checker.Equals, 2)
|
|
c.Assert(secret.Spec.Labels["key1"], checker.Equals, "value1")
|
|
c.Assert(secret.Spec.Labels["key2"], checker.Equals, "value2")
|
|
}
|
|
|
|
// Test case for 28884
|
|
func (s *DockerSwarmSuite) TestSecretCreateResolve(c *check.C) {
|
|
d := s.AddDaemon(c, true, true)
|
|
|
|
name := "foo"
|
|
id := d.createSecret(c, swarm.SecretSpec{
|
|
swarm.Annotations{
|
|
Name: name,
|
|
},
|
|
[]byte("foo"),
|
|
})
|
|
c.Assert(id, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", id))
|
|
|
|
fake := d.createSecret(c, swarm.SecretSpec{
|
|
swarm.Annotations{
|
|
Name: id,
|
|
},
|
|
[]byte("fake foo"),
|
|
})
|
|
c.Assert(fake, checker.Not(checker.Equals), "", check.Commentf("secrets: %s", fake))
|
|
|
|
out, err := d.Cmd("secret", "ls")
|
|
c.Assert(err, checker.IsNil)
|
|
c.Assert(out, checker.Contains, name)
|
|
c.Assert(out, checker.Contains, fake)
|
|
|
|
out, err = d.Cmd("secret", "rm", id)
|
|
c.Assert(out, checker.Contains, id)
|
|
|
|
// Fake one will remain
|
|
out, err = d.Cmd("secret", "ls")
|
|
c.Assert(err, checker.IsNil)
|
|
c.Assert(out, checker.Not(checker.Contains), name)
|
|
c.Assert(out, checker.Contains, fake)
|
|
|
|
// Remove based on name prefix of the fake one
|
|
// (which is the same as the ID of foo one) should not work
|
|
// as search is only done based on:
|
|
// - Full ID
|
|
// - Full Name
|
|
// - Partial ID (prefix)
|
|
out, err = d.Cmd("secret", "rm", id[:5])
|
|
c.Assert(out, checker.Not(checker.Contains), id)
|
|
out, err = d.Cmd("secret", "ls")
|
|
c.Assert(err, checker.IsNil)
|
|
c.Assert(out, checker.Not(checker.Contains), name)
|
|
c.Assert(out, checker.Contains, fake)
|
|
|
|
// Remove based on ID prefix of the fake one should succeed
|
|
out, err = d.Cmd("secret", "rm", fake[:5])
|
|
c.Assert(out, checker.Contains, fake)
|
|
out, err = d.Cmd("secret", "ls")
|
|
c.Assert(err, checker.IsNil)
|
|
c.Assert(out, checker.Not(checker.Contains), name)
|
|
c.Assert(out, checker.Not(checker.Contains), id)
|
|
c.Assert(out, checker.Not(checker.Contains), fake)
|
|
}
|