Create op-credentials secret to use operator with Connect

2025-10-22 07:28:06 +00:00 · 2025-08-20 10:24:16 -05:00
parent 116c8c92a7
commit 91a9bb6d63
2 changed files with 74 additions and 17 deletions
--- a/test/e2e/e2e_test.go
+++ b/test/e2e/e2e_test.go
@@ -25,6 +25,9 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
 		operator.BuildOperatorImage()
 		kind.LoadImageToKind(operatorImageName)

+		By("create Connect credentials secret")
+		kube.CreateOpCredentialsSecret()
+
 		By("create onepassword-token secret")
 		kube.CreateSecretFromEnvVar("OP_CONNECT_TOKEN", "onepassword-token")

@@ -34,9 +37,13 @@ var _ = Describe("Onepassword Operator e2e", Ordered, func() {
 		operator.DeployOperator()
 	})

-	//Context("Use the operator with Connect", func() {
-	//	runCommonTestCases()
-	//})
+	Context("Use the operator with Connect", func() {
+		BeforeAll(func() {
+			kube.PatchOperatorManageConnect()
+		})
+
+		runCommonTestCases()
+	})

 	Context("Use the operator with Service Account", func() {
 		BeforeAll(func() {
--- a/test/testhelper/kube/kube.go
+++ b/test/testhelper/kube/kube.go
@@ -1,7 +1,9 @@
 package kube

 import (
+	"encoding/base64"
 	"os"
+	"path/filepath"
 	"time"

 	. "github.com/onsi/ginkgo/v2"
@@ -11,18 +13,40 @@ import (
 )

 func CreateSecretFromEnvVar(envVar, secretName string) {
-	serviceAccountTokenToken, _ := os.LookupEnv(envVar)
-	Expect(serviceAccountTokenToken).NotTo(BeEmpty())
-	_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+serviceAccountTokenToken)
+	value, _ := os.LookupEnv(envVar)
+	Expect(value).NotTo(BeEmpty())
+	_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+value)
 	Expect(err).NotTo(HaveOccurred())
 }

+func CreateSecretFromFile(fileName, secretName string) {
+	_, err := cmd.Run("kubectl", "create", "secret", "generic", secretName, "--from-file="+fileName)
+	Expect(err).NotTo(HaveOccurred())
+}
+
+func CreateOpCredentialsSecret() {
+	rootDir, err := cmd.GetProjectRoot()
+	credentialsFilePath := filepath.Join(rootDir, "1password-credentials.json")
+	data, err := os.ReadFile(credentialsFilePath)
+	Expect(err).NotTo(HaveOccurred())
+
+	encoded := base64.RawURLEncoding.EncodeToString(data)
+
+	// create op-session file in project root
+	sessionFilePath := filepath.Join(rootDir, "op-session")
+	err = os.WriteFile(sessionFilePath, []byte(encoded), 0o600)
+	Expect(err).NotTo(HaveOccurred())
+
+	CreateSecretFromFile("op-session", "op-credentials")
+}
+
 func Delete(kind, name string) {
 	_, err := cmd.Run("kubectl", "delete", kind, name, "--ignore-not-found=true")
 	Expect(err).NotTo(HaveOccurred())
 }

-func PatchOperatorToUseServiceAccount() {
+// PatchOperatorToUseServiceAccount sets `OP_SERVICE_ACCOUNT_TOKEN` env variable
+var PatchOperatorToUseServiceAccount = WithOperatorRestart(func() {
 	By("patching the operator deployment with service account token")
 	_, err := cmd.Run(
 		"kubectl", "patch", "deployment", "onepassword-connect-operator",
@@ -38,8 +62,33 @@ func PatchOperatorToUseServiceAccount() {
  ]}]`,
 	)
 	Expect(err).NotTo(HaveOccurred())
+})

-	_, err = cmd.Run("kubectl", "rollout", "status",
+// PatchOperatorManageConnect sets env variable `MANAGE_CONNECT: true` and restarts the operator.
+var PatchOperatorManageConnect = WithOperatorRestart(func() {
+	By("patching the operator deployment with to manage Connect")
+	_, err := cmd.Run(
+		"kubectl", "patch", "deployment", "onepassword-connect-operator",
+		"--type=json",
+		`-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[
+    {"name":"OPERATOR_NAME","value":"onepassword-connect-operator"},
+    {"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},
+    {"name":"WATCH_NAMESPACE","value":"default"},
+    {"name":"POLLING_INTERVAL","value":"10"},
+    {"name":"AUTO_RESTART","value":"false"},
+    {"name":"OP_CONNECT_HOST","value":"http://onepassword-connect:8080"},
+    {"name":"OP_CONNECT_TOKEN","valueFrom":{"secretKeyRef":{"name":"onepassword-token","key":"token"}}},
+    {"name":"MANAGE_CONNECT","value":"true"},
+  ]}]`,
+	)
+	Expect(err).NotTo(HaveOccurred())
+})
+
+func WithOperatorRestart(operation func()) func() {
+	return func() {
+		operation()
+
+		_, err := cmd.Run("kubectl", "rollout", "status",
 			"deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s")
 		Expect(err).NotTo(HaveOccurred())

@@ -51,4 +100,5 @@ func PatchOperatorToUseServiceAccount() {
 			g.Expect(err).NotTo(HaveOccurred())
 			g.Expect(output).To(ContainSubstring("Running"))
 		}, 120*time.Second, 1*time.Second).Should(Succeed())
+	}
 }