From 5630d788a29c1ee0dd6c3ea338dd469333960043 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Tue, 19 Aug 2025 11:52:28 -0500 Subject: [PATCH] Create `kube` package that abstracts interactions with kubernetes cluster --- test/e2e/e2e_test.go | 30 +++++++------------ test/kube/deploy.go | 69 ++++++++++++++++++++++++++++++++++++++++++++ test/kube/kube.go | 21 ++++++++++++++ 3 files changed, 101 insertions(+), 19 deletions(-) create mode 100644 test/kube/deploy.go create mode 100644 test/kube/kube.go diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go index 9eb87ef..c0c734e 100644 --- a/test/e2e/e2e_test.go +++ b/test/e2e/e2e_test.go @@ -10,11 +10,13 @@ import ( "github.com/1Password/onepassword-operator/test/cmd" "github.com/1Password/onepassword-operator/test/kind" + "github.com/1Password/onepassword-operator/test/kube" ) const ( - operatorImage = "1password/onepassword-operator:latest" - e2eInterval = 500 * time.Millisecond + operatorImage = "1password/onepassword-operator:latest" + defaultInterval = 1 * time.Second + defaultTimeout = 30 * time.Second ) var _ = Describe("Onepassword Operator e2e", Ordered, func() { @@ -27,24 +29,14 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() { err = kind.LoadImageToKind(operatorImage) ExpectWithOffset(1, err).NotTo(HaveOccurred()) + By("create onepassword-token secret") + kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token") + By("create onepassword-service-account-token secret") - serviceAccountTokenToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN") - Expect(serviceAccountTokenToken).NotTo(BeEmpty()) - _, err = cmd.Run("kubectl", "create", "secret", "generic", "onepassword-service-account-token", "--from-literal=token="+serviceAccountTokenToken) - ExpectWithOffset(1, err).NotTo(HaveOccurred()) + kube.CreateSecretFromEnvVar("OP_SERVICE_ACCOUNT_TOKEN", "onepassword-service-account-token") - By("deploying the operator") - _, err = cmd.Run("make", "deploy") - ExpectWithOffset(1, err).NotTo(HaveOccurred()) - - By("waiting for the operator pod to be 'Running'") - Eventually(func(g Gomega) { - output, err := cmd.Run("kubectl", "get", "pods", - "-l", "name=onepassword-connect-operator", - "-o", "jsonpath={.items[0].status.phase}") - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(output).To(ContainSubstring("Running")) - }, 30*time.Second, 1*time.Second).Should(Succeed()) + kube.DeployOperator() + kube.PathOperatorToUseServiceAccount() }) Describe("Deployment annotations", func() { @@ -61,7 +53,7 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() { output, err := cmd.Run("kubectl", "get", "secret", "login", "-o", "jsonpath={.metadata.name}") g.Expect(err).NotTo(HaveOccurred()) g.Expect(output).To(Equal("login")) - }, 5*time.Second, e2eInterval).Should(Succeed()) + }, defaultTimeout, defaultInterval).Should(Succeed()) }) }) }) diff --git a/test/kube/deploy.go b/test/kube/deploy.go new file mode 100644 index 0000000..ed8e308 --- /dev/null +++ b/test/kube/deploy.go @@ -0,0 +1,69 @@ +package kube + +import ( + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + + "github.com/1Password/onepassword-operator/test/cmd" +) + +// DeployOperator deploys the Onepassword Operator in the default namespace. +// It waits for the operator pod to be in 'Running' state. +// All the resources created using manifests in `config/` dir. +// To make the operator use Connect or Service Accounts, patch `config/manager/manager.yaml` +func DeployOperator() { + By("deploying the operator") + _, err := cmd.Run("make", "deploy") + Expect(err).NotTo(HaveOccurred()) + + By("waiting for the operator pod to be 'Running'") + Eventually(func(g Gomega) { + output, err := cmd.Run("kubectl", "get", "pods", + "-l", "name=onepassword-connect-operator", + "-o", "jsonpath={.items[0].status.phase}") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(output).To(ContainSubstring("Running")) + }, 30*time.Second, 1*time.Second).Should(Succeed()) +} + +func UndeployOperator() { + Delete("secret", "onepassword-connect-token") + Delete("secret", "onepassword-service-account-token") + + By("undeploying the operator") + _, err := cmd.Run("make", "undeploy", "ignore-not-found") + Expect(err).NotTo(HaveOccurred()) +} + +func PathOperatorToUseServiceAccount() { + By("patching the operator deployment with service account token") + _, err := cmd.Run( + "kubectl", "patch", "deployment", "onepassword-connect-operator", + "--type=json", + `-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[ + {"name":"OPERATOR_NAME","value":"onepassword-connect-operator"}, + {"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}, + {"name":"WATCH_NAMESPACE","value":"default"}, + {"name":"POLLING_INTERVAL","value":"10"}, + {"name":"AUTO_RESTART","value":"false"}, + {"name":"OP_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"name":"onepassword-service-account-token","key":"token"}}}, + {"name":"MANAGE_CONNECT","value":"false"} + ]}]`, + ) + Expect(err).NotTo(HaveOccurred()) + + _, err = cmd.Run("kubectl", "rollout", "status", + "deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s") + Expect(err).NotTo(HaveOccurred()) + + By("waiting for the operator pod to be 'Running'") + Eventually(func(g Gomega) { + output, err := cmd.Run("kubectl", "get", "pods", + "-l", "name=onepassword-connect-operator", + "-o", "jsonpath={.items[0].status.phase}") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(output).To(ContainSubstring("Running")) + }, 120*time.Second, 1*time.Second).Should(Succeed()) +} diff --git a/test/kube/kube.go b/test/kube/kube.go new file mode 100644 index 0000000..fa26c4b --- /dev/null +++ b/test/kube/kube.go @@ -0,0 +1,21 @@ +package kube + +import ( + "os" + + . "github.com/onsi/gomega" + + "github.com/1Password/onepassword-operator/test/cmd" +) + +func CreateSecretFromEnvVar(envVar, secretName string) { + serviceAccountTokenToken, _ := os.LookupEnv(envVar) + Expect(serviceAccountTokenToken).NotTo(BeEmpty()) + _, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+serviceAccountTokenToken) + Expect(err).NotTo(HaveOccurred()) +} + +func Delete(kind, name string) { + _, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true") + Expect(err).NotTo(HaveOccurred()) +}