mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-26 08:10:20 +00:00
e2e: deleted secrets from Vault are available, but empty
Once the Vault API removed a secret, the contents will have been wiped. The key is still available, until it gets destroyed. This causes the e2e test to detect an empty secret, and assume that it has not been deleted yet. By requesting the `data` field from the secret, an error is thrown in case the secret has been wiped. This makes it possible for the e2e test to detect that the secret has been removed and scheduled for destroying. Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
parent
5fba89f783
commit
eb63e796a8
@ -244,7 +244,7 @@ func getMountType(appName, appNamespace, mountPath string, f *framework.Framewor
|
|||||||
// or stdErr (second entry in tuple) - error getting the key.
|
// or stdErr (second entry in tuple) - error getting the key.
|
||||||
func readVaultSecret(key string, f *framework.Framework) (string, string) {
|
func readVaultSecret(key string, f *framework.Framework) (string, string) {
|
||||||
loginCmd := fmt.Sprintf("vault login -address=%s sample_root_token_id > /dev/null", vaultAddr)
|
loginCmd := fmt.Sprintf("vault login -address=%s sample_root_token_id > /dev/null", vaultAddr)
|
||||||
readSecret := fmt.Sprintf("vault kv get -address=%s %s%s", vaultAddr, vaultSecretNs, key)
|
readSecret := fmt.Sprintf("vault kv get -address=%s -field=data %s%s", vaultAddr, vaultSecretNs, key)
|
||||||
cmd := fmt.Sprintf("%s && %s", loginCmd, readSecret)
|
cmd := fmt.Sprintf("%s && %s", loginCmd, readSecret)
|
||||||
opt := metav1.ListOptions{
|
opt := metav1.ListOptions{
|
||||||
LabelSelector: "app=vault",
|
LabelSelector: "app=vault",
|
||||||
|
Loading…
Reference in New Issue
Block a user