From d504e5ef354e9d08f8694bb97a4b4ee6fd73390a Mon Sep 17 00:00:00 2001
From: Volodymyr Zotov <volodymyr.zotov@agilebits.com>
Date: Tue, 19 Aug 2025 09:51:19 -0500
Subject: [PATCH] Add e2e tests using Service Accounts

---
 test/cmd/cmd.go                | 29 +++++++++++++++
 test/e2e/e2e_test.go           | 66 ++++++++++++++++++++++++++++++++++
 test/e2e/manifests/secret.yaml |  6 ++++
 test/kind/kind.go              | 16 +++++++++
 4 files changed, 117 insertions(+)
 create mode 100644 test/cmd/cmd.go
 create mode 100644 test/e2e/manifests/secret.yaml
 create mode 100644 test/kind/kind.go

diff --git a/test/cmd/cmd.go b/test/cmd/cmd.go
new file mode 100644
index 0000000..8303934
--- /dev/null
+++ b/test/cmd/cmd.go
@@ -0,0 +1,29 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
+)
+
+// Run executes the provided command within this context
+func Run(name string, args ...string) (string, error) {
+	cmd := exec.Command(name, args...)
+
+	wd, err := os.Getwd()
+	if err != nil {
+		return wd, err
+	}
+	wd = strings.Replace(wd, "/test/e2e", "", -1)
+	// Command will run from project root
+	cmd.Dir = wd
+
+	command := strings.Join(cmd.Args, " ")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		return string(output), fmt.Errorf("%s failed with error: (%v) %s", command, err, string(output))
+	}
+
+	return string(output), nil
+}
diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go
index df8caf7..9eb87ef 100644
--- a/test/e2e/e2e_test.go
+++ b/test/e2e/e2e_test.go
@@ -1 +1,67 @@
 package e2e
+
+import (
+	"os"
+	"path/filepath"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"github.com/1Password/onepassword-operator/test/cmd"
+	"github.com/1Password/onepassword-operator/test/kind"
+)
+
+const (
+	operatorImage = "1password/onepassword-operator:latest"
+	e2eInterval   = 500 * time.Millisecond
+)
+
+var _ = Describe("Onepassword Operator e2e", Ordered, func() {
+	BeforeAll(func() {
+		By("building the operator image")
+		_, err := cmd.Run("make", "docker-build")
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+		By("loading the operator image on Kind")
+		err = kind.LoadImageToKind(operatorImage)
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+		By("create onepassword-service-account-token secret")
+		serviceAccountTokenToken, _ := os.LookupEnv("OP_SERVICE_ACCOUNT_TOKEN")
+		Expect(serviceAccountTokenToken).NotTo(BeEmpty())
+		_, err = cmd.Run("kubectl", "create", "secret", "generic", "onepassword-service-account-token", "--from-literal=token="+serviceAccountTokenToken)
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+		By("deploying the operator")
+		_, err = cmd.Run("make", "deploy")
+		ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+		By("waiting for the operator pod to be 'Running'")
+		Eventually(func(g Gomega) {
+			output, err := cmd.Run("kubectl", "get", "pods",
+				"-l", "name=onepassword-connect-operator",
+				"-o", "jsonpath={.items[0].status.phase}")
+			g.Expect(err).NotTo(HaveOccurred())
+			g.Expect(output).To(ContainSubstring("Running"))
+		}, 30*time.Second, 1*time.Second).Should(Succeed())
+	})
+
+	Describe("Deployment annotations", func() {
+		It("Should create secret from manifest file", func() {
+			By("creating secret")
+			wd, err := os.Getwd()
+			Expect(err).NotTo(HaveOccurred())
+			yamlPath := filepath.Join(wd, "manifests", "secret.yaml")
+			_, err = cmd.Run("kubectl", "apply", "-f", yamlPath)
+			Expect(err).NotTo(HaveOccurred())
+
+			By("waiting for secret to be created")
+			Eventually(func(g Gomega) {
+				output, err := cmd.Run("kubectl", "get", "secret", "login", "-o", "jsonpath={.metadata.name}")
+				g.Expect(err).NotTo(HaveOccurred())
+				g.Expect(output).To(Equal("login"))
+			}, 5*time.Second, e2eInterval).Should(Succeed())
+		})
+	})
+})
diff --git a/test/e2e/manifests/secret.yaml b/test/e2e/manifests/secret.yaml
new file mode 100644
index 0000000..c2b89df
--- /dev/null
+++ b/test/e2e/manifests/secret.yaml
@@ -0,0 +1,6 @@
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: login
+spec:
+  itemPath: "vaults/h4l46uopmjps2cgmpeysnvscum/items/sg2gfcren47mzbx2bcgumc7ekm"
diff --git a/test/kind/kind.go b/test/kind/kind.go
new file mode 100644
index 0000000..55f382b
--- /dev/null
+++ b/test/kind/kind.go
@@ -0,0 +1,16 @@
+package kind
+
+import (
+	"github.com/1Password/onepassword-operator/test/cmd"
+	"os"
+)
+
+// LoadImageToKind loads a local docker image to the Kind cluster
+func LoadImageToKind(imageName string) error {
+	clusterName := "kind"
+	if value, ok := os.LookupEnv("KIND_CLUSTER"); ok {
+		clusterName = value
+	}
+	_, err := cmd.Run("kind", "load", "docker-image", imageName, "--name", clusterName)
+	return err
+}