From 91a9bb6d63571d26e207cc4d2651ab085ad37935 Mon Sep 17 00:00:00 2001 From: Volodymyr Zotov Date: Wed, 20 Aug 2025 10:24:16 -0500 Subject: [PATCH] Create op-credentials secret to use operator with Connect --- test/e2e/e2e_test.go | 13 ++++-- test/testhelper/kube/kube.go | 78 +++++++++++++++++++++++++++++------- 2 files changed, 74 insertions(+), 17 deletions(-) diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go index 326b65f..668bd76 100644 --- a/test/e2e/e2e_test.go +++ b/test/e2e/e2e_test.go @@ -25,6 +25,9 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() { operator.BuildOperatorImage() kind.LoadImageToKind(operatorImageName) + By("create Connect credentials secret") + kube.CreateOpCredentialsSecret() + By("create onepassword-token secret") kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token") @@ -34,9 +37,13 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() { operator.DeployOperator() }) - //Context("Use the operator with Connect", func() { - // runCommonTestCases() - //}) + Context("Use the operator with Connect", func() { + BeforeAll(func() { + kube.PatchOperatorManageConnect() + }) + + runCommonTestCases() + }) Context("Use the operator with Service Account", func() { BeforeAll(func() { diff --git a/test/testhelper/kube/kube.go b/test/testhelper/kube/kube.go index 0c9688f..e4d000f 100644 --- a/test/testhelper/kube/kube.go +++ b/test/testhelper/kube/kube.go @@ -1,7 +1,9 @@ package kube import ( + "encoding/base64" "os" + "path/filepath" "time" . "github.com/onsi/ginkgo/v2" @@ -11,18 +13,40 @@ import ( ) func CreateSecretFromEnvVar(envVar, secretName string) { - serviceAccountTokenToken, _ := os.LookupEnv(envVar) - Expect(serviceAccountTokenToken).NotTo(BeEmpty()) - _, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+serviceAccountTokenToken) + value, _ := os.LookupEnv(envVar) + Expect(value).NotTo(BeEmpty()) + _, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+value) Expect(err).NotTo(HaveOccurred()) } +func CreateSecretFromFile(fileName, secretName string) { + _, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-file="+fileName) + Expect(err).NotTo(HaveOccurred()) +} + +func CreateOpCredentialsSecret() { + rootDir, err := cmd.GetProjectRoot() + credentialsFilePath := filepath.Join(rootDir, "1password-credentials.json") + data, err := os.ReadFile(credentialsFilePath) + Expect(err).NotTo(HaveOccurred()) + + encoded := base64.RawURLEncoding.EncodeToString(data) + + // create op-session file in project root + sessionFilePath := filepath.Join(rootDir, "op-session") + err = os.WriteFile(sessionFilePath, []byte(encoded), 0o600) + Expect(err).NotTo(HaveOccurred()) + + CreateSecretFromFile("op-session", "op-credentials") +} + func Delete(kind, name string) { _, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true") Expect(err).NotTo(HaveOccurred()) } -func PatchOperatorToUseServiceAccount() { +// PatchOperatorToUseServiceAccount sets `OP_SERVICE_ACCOUNT_TOKEN` env variable +var PatchOperatorToUseServiceAccount = WithOperatorRestart(func() { By("patching the operator deployment with service account token") _, err := cmd.Run( "kubectl", "patch", "deployment", "onepassword-connect-operator", @@ -38,17 +62,43 @@ func PatchOperatorToUseServiceAccount() { ]}]`, ) Expect(err).NotTo(HaveOccurred()) +}) - _, err = cmd.Run("kubectl", "rollout", "status", - "deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s") +// PatchOperatorManageConnect sets env variable `MANAGE_CONNECT: true` and restarts the operator. +var PatchOperatorManageConnect = WithOperatorRestart(func() { + By("patching the operator deployment with to manage Connect") + _, err := cmd.Run( + "kubectl", "patch", "deployment", "onepassword-connect-operator", + "--type=json", + `-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[ + {"name":"OPERATOR_NAME","value":"onepassword-connect-operator"}, + {"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}}, + {"name":"WATCH_NAMESPACE","value":"default"}, + {"name":"POLLING_INTERVAL","value":"10"}, + {"name":"AUTO_RESTART","value":"false"}, + {"name":"OP_CONNECT_HOST","value":"http://onepassword-connect:8080"}, + {"name":"OP_CONNECT_TOKEN","valueFrom":{"secretKeyRef":{"name":"onepassword-token","key":"token"}}}, + {"name":"MANAGE_CONNECT","value":"true"}, + ]}]`, + ) Expect(err).NotTo(HaveOccurred()) +}) - By("waiting for the operator pod to be 'Running'") - Eventually(func(g Gomega) { - output, err := cmd.Run("kubectl", "get", "pods", - "-l", "name=onepassword-connect-operator", - "-o", "jsonpath={.items[0].status.phase}") - g.Expect(err).NotTo(HaveOccurred()) - g.Expect(output).To(ContainSubstring("Running")) - }, 120*time.Second, 1*time.Second).Should(Succeed()) +func WithOperatorRestart(operation func()) func() { + return func() { + operation() + + _, err := cmd.Run("kubectl", "rollout", "status", + "deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s") + Expect(err).NotTo(HaveOccurred()) + + By("waiting for the operator pod to be 'Running'") + Eventually(func(g Gomega) { + output, err := cmd.Run("kubectl", "get", "pods", + "-l", "name=onepassword-connect-operator", + "-o", "jsonpath={.items[0].status.phase}") + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(output).To(ContainSubstring("Running")) + }, 120*time.Second, 1*time.Second).Should(Succeed()) + } }