mirror of
https://github.com/1Password/onepassword-operator.git
synced 2025-10-22 15:38:06 +00:00
Create kube
package that abstracts interactions with kubernetes cluster
This commit is contained in:
@@ -10,11 +10,13 @@ import (
|
||||
|
||||
"github.com/1Password/onepassword-operator/test/cmd"
|
||||
"github.com/1Password/onepassword-operator/test/kind"
|
||||
"github.com/1Password/onepassword-operator/test/kube"
|
||||
)
|
||||
|
||||
const (
|
||||
operatorImage = "1password/onepassword-operator:latest"
|
||||
e2eInterval = 500 * time.Millisecond
|
||||
defaultInterval = 1 * time.Second
|
||||
defaultTimeout = 30 * time.Second
|
||||
)
|
||||
|
||||
var _ = Describe("Onepassword Operator e2e", Ordered, func() {
|
||||
@@ -27,24 +29,14 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
|
||||
err = kind.LoadImageToKind(operatorImage)
|
||||
ExpectWithOffset(1, err).NotTo(HaveOccurred())
|
||||
|
||||
By("create onepassword-token secret")
|
||||
kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token")
|
||||
|
||||
By("create onepassword-service-account-token secret")
|
||||
serviceAccountTokenToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN")
|
||||
Expect(serviceAccountTokenToken).NotTo(BeEmpty())
|
||||
_, err = cmd.Run("kubectl", "create", "secret", "generic", "onepassword-service-account-token", "--from-literal=token="+serviceAccountTokenToken)
|
||||
ExpectWithOffset(1, err).NotTo(HaveOccurred())
|
||||
kube.CreateSecretFromEnvVar("OP_SERVICE_ACCOUNT_TOKEN", "onepassword-service-account-token")
|
||||
|
||||
By("deploying the operator")
|
||||
_, err = cmd.Run("make", "deploy")
|
||||
ExpectWithOffset(1, err).NotTo(HaveOccurred())
|
||||
|
||||
By("waiting for the operator pod to be 'Running'")
|
||||
Eventually(func(g Gomega) {
|
||||
output, err := cmd.Run("kubectl", "get", "pods",
|
||||
"-l", "name=onepassword-connect-operator",
|
||||
"-o", "jsonpath={.items[0].status.phase}")
|
||||
g.Expect(err).NotTo(HaveOccurred())
|
||||
g.Expect(output).To(ContainSubstring("Running"))
|
||||
}, 30*time.Second, 1*time.Second).Should(Succeed())
|
||||
kube.DeployOperator()
|
||||
kube.PathOperatorToUseServiceAccount()
|
||||
})
|
||||
|
||||
Describe("Deployment annotations", func() {
|
||||
@@ -61,7 +53,7 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
|
||||
output, err := cmd.Run("kubectl", "get", "secret", "login", "-o", "jsonpath={.metadata.name}")
|
||||
g.Expect(err).NotTo(HaveOccurred())
|
||||
g.Expect(output).To(Equal("login"))
|
||||
}, 5*time.Second, e2eInterval).Should(Succeed())
|
||||
}, defaultTimeout, defaultInterval).Should(Succeed())
|
||||
})
|
||||
})
|
||||
})
|
||||
|
69
test/kube/deploy.go
Normal file
69
test/kube/deploy.go
Normal file
@@ -0,0 +1,69 @@
|
||||
package kube
|
||||
|
||||
import (
|
||||
"time"
|
||||
|
||||
. "github.com/onsi/ginkgo/v2"
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"github.com/1Password/onepassword-operator/test/cmd"
|
||||
)
|
||||
|
||||
// DeployOperator deploys the Onepassword Operator in the default namespace.
|
||||
// It waits for the operator pod to be in 'Running' state.
|
||||
// All the resources created using manifests in `config/` dir.
|
||||
// To make the operator use Connect or Service Accounts, patch `config/manager/manager.yaml`
|
||||
func DeployOperator() {
|
||||
By("deploying the operator")
|
||||
_, err := cmd.Run("make", "deploy")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
By("waiting for the operator pod to be 'Running'")
|
||||
Eventually(func(g Gomega) {
|
||||
output, err := cmd.Run("kubectl", "get", "pods",
|
||||
"-l", "name=onepassword-connect-operator",
|
||||
"-o", "jsonpath={.items[0].status.phase}")
|
||||
g.Expect(err).NotTo(HaveOccurred())
|
||||
g.Expect(output).To(ContainSubstring("Running"))
|
||||
}, 30*time.Second, 1*time.Second).Should(Succeed())
|
||||
}
|
||||
|
||||
func UndeployOperator() {
|
||||
Delete("secret", "onepassword-connect-token")
|
||||
Delete("secret", "onepassword-service-account-token")
|
||||
|
||||
By("undeploying the operator")
|
||||
_, err := cmd.Run("make", "undeploy", "ignore-not-found")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}
|
||||
|
||||
func PathOperatorToUseServiceAccount() {
|
||||
By("patching the operator deployment with service account token")
|
||||
_, err := cmd.Run(
|
||||
"kubectl", "patch", "deployment", "onepassword-connect-operator",
|
||||
"--type=json",
|
||||
`-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[
|
||||
{"name":"OPERATOR_NAME","value":"onepassword-connect-operator"},
|
||||
{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},
|
||||
{"name":"WATCH_NAMESPACE","value":"default"},
|
||||
{"name":"POLLING_INTERVAL","value":"10"},
|
||||
{"name":"AUTO_RESTART","value":"false"},
|
||||
{"name":"OP_SERVICE_ACCOUNT_TOKEN","valueFrom":{"secretKeyRef":{"name":"onepassword-service-account-token","key":"token"}}},
|
||||
{"name":"MANAGE_CONNECT","value":"false"}
|
||||
]}]`,
|
||||
)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
_, err = cmd.Run("kubectl", "rollout", "status",
|
||||
"deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
|
||||
By("waiting for the operator pod to be 'Running'")
|
||||
Eventually(func(g Gomega) {
|
||||
output, err := cmd.Run("kubectl", "get", "pods",
|
||||
"-l", "name=onepassword-connect-operator",
|
||||
"-o", "jsonpath={.items[0].status.phase}")
|
||||
g.Expect(err).NotTo(HaveOccurred())
|
||||
g.Expect(output).To(ContainSubstring("Running"))
|
||||
}, 120*time.Second, 1*time.Second).Should(Succeed())
|
||||
}
|
21
test/kube/kube.go
Normal file
21
test/kube/kube.go
Normal file
@@ -0,0 +1,21 @@
|
||||
package kube
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
. "github.com/onsi/gomega"
|
||||
|
||||
"github.com/1Password/onepassword-operator/test/cmd"
|
||||
)
|
||||
|
||||
func CreateSecretFromEnvVar(envVar, secretName string) {
|
||||
serviceAccountTokenToken, _ := os.LookupEnv(envVar)
|
||||
Expect(serviceAccountTokenToken).NotTo(BeEmpty())
|
||||
_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+serviceAccountTokenToken)
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}
|
||||
|
||||
func Delete(kind, name string) {
|
||||
_, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true")
|
||||
Expect(err).NotTo(HaveOccurred())
|
||||
}
|
Reference in New Issue
Block a user