1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-22 07:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Create op-credentials secret to use operator with Connect

Browse Source
This commit is contained in:
Volodymyr Zotov
2025-08-20 10:24:16 -05:00
parent 116c8c92a7
commit 91a9bb6d63
2 changed files with 74 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
test/e2e/e2e_test.go
View File

@@ -25,6 +25,9 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
operator.BuildOperatorImage() operator.BuildOperatorImage()
kind.LoadImageToKind(operatorImageName) kind.LoadImageToKind(operatorImageName)
By("create Connect credentials secret")
kube.CreateOpCredentialsSecret()
By("create onepassword-token secret") By("create onepassword-token secret")
kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token") kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token")
@@ -34,9 +37,13 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
operator.DeployOperator() operator.DeployOperator()
}) })
//Context("Use the operator with Connect", func() { Context("Use the operator with Connect", func() {
// runCommonTestCases() BeforeAll(func() {
//}) kube.PatchOperatorManageConnect()
})
runCommonTestCases()
})
Context("Use the operator with Service Account", func() { Context("Use the operator with Service Account", func() {
BeforeAll(func() { BeforeAll(func() {

78
test/testhelper/kube/kube.go
View File

@@ -1,7 +1,9 @@
package kube package kube
import ( import (
"encoding/base64"
"os" "os"
"path/filepath"
"time" "time"
. "github.com/onsi/ginkgo/v2" . "github.com/onsi/ginkgo/v2"
@@ -11,18 +13,40 @@ import (
) )
func CreateSecretFromEnvVar(envVar, secretName string) { func CreateSecretFromEnvVar(envVar, secretName string) {
serviceAccountTokenToken, _ := os.LookupEnv(envVar) value, _ := os.LookupEnv(envVar)
Expect(serviceAccountTokenToken).NotTo(BeEmpty()) Expect(value).NotTo(BeEmpty())
_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+serviceAccountTokenToken) _, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+value)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
} }
func CreateSecretFromFile(fileName, secretName string) {
_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-file="+fileName)
Expect(err).NotTo(HaveOccurred())
}
func CreateOpCredentialsSecret() {
rootDir, err := cmd.GetProjectRoot()
credentialsFilePath := filepath.Join(rootDir, "1password-credentials.json")
data, err := os.ReadFile(credentialsFilePath)
Expect(err).NotTo(HaveOccurred())
encoded := base64.RawURLEncoding.EncodeToString(data)
// create op-session file in project root
sessionFilePath := filepath.Join(rootDir, "op-session")
err = os.WriteFile(sessionFilePath, []byte(encoded), 0o600)
Expect(err).NotTo(HaveOccurred())
CreateSecretFromFile("op-session", "op-credentials")
}
func Delete(kind, name string) { func Delete(kind, name string) {
_, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true") _, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true")
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
} }
func PatchOperatorToUseServiceAccount() { // PatchOperatorToUseServiceAccount sets `OP_SERVICE_ACCOUNT_TOKEN` env variable
var PatchOperatorToUseServiceAccount = WithOperatorRestart(func() {
By("patching the operator deployment with service account token") By("patching the operator deployment with service account token")
_, err := cmd.Run( _, err := cmd.Run(
"kubectl", "patch", "deployment", "onepassword-connect-operator", "kubectl", "patch", "deployment", "onepassword-connect-operator",
@@ -38,17 +62,43 @@ func PatchOperatorToUseServiceAccount() {
]}]`, ]}]`,
) )
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
})
_, err = cmd.Run("kubectl", "rollout", "status", // PatchOperatorManageConnect sets env variable `MANAGE_CONNECT: true` and restarts the operator.
"deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s") var PatchOperatorManageConnect = WithOperatorRestart(func() {
By("patching the operator deployment with to manage Connect")
_, err := cmd.Run(
"kubectl", "patch", "deployment", "onepassword-connect-operator",
"--type=json",
`-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[
{"name":"OPERATOR_NAME","value":"onepassword-connect-operator"},
{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},
{"name":"WATCH_NAMESPACE","value":"default"},
{"name":"POLLING_INTERVAL","value":"10"},
{"name":"AUTO_RESTART","value":"false"},
{"name":"OP_CONNECT_HOST","value":"http://onepassword-connect:8080"},
{"name":"OP_CONNECT_TOKEN","valueFrom":{"secretKeyRef":{"name":"onepassword-token","key":"token"}}},
{"name":"MANAGE_CONNECT","value":"true"},
]}]`,
)
Expect(err).NotTo(HaveOccurred()) Expect(err).NotTo(HaveOccurred())
})
By("waiting for the operator pod to be 'Running'") func WithOperatorRestart(operation func()) func() {
Eventually(func(g Gomega) { return func() {
output, err := cmd.Run("kubectl", "get", "pods", operation()
"-l", "name=onepassword-connect-operator",
"-o", "jsonpath={.items[0].status.phase}") _, err := cmd.Run("kubectl", "rollout", "status",
g.Expect(err).NotTo(HaveOccurred()) "deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s")
g.Expect(output).To(ContainSubstring("Running")) Expect(err).NotTo(HaveOccurred())
}, 120*time.Second, 1*time.Second).Should(Succeed())
By("waiting for the operator pod to be 'Running'")
Eventually(func(g Gomega) {
output, err := cmd.Run("kubectl", "get", "pods",
"-l", "name=onepassword-connect-operator",
"-o", "jsonpath={.items[0].status.phase}")
g.Expect(err).NotTo(HaveOccurred())
g.Expect(output).To(ContainSubstring("Running"))
}, 120*time.Second, 1*time.Second).Should(Succeed())
}
} }