mirror of
				https://github.com/1Password/onepassword-operator.git
				synced 2025-10-24 16:30:47 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			132 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			132 lines
		
	
	
		
			4.4 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| package kube
 | |
| 
 | |
| import (
 | |
| 	"encoding/base64"
 | |
| 	"os"
 | |
| 	"path/filepath"
 | |
| 	"time"
 | |
| 
 | |
| 	//nolint:staticcheck // ST1001
 | |
| 	. "github.com/onsi/ginkgo/v2"
 | |
| 	//nolint:staticcheck // ST1001
 | |
| 	. "github.com/onsi/gomega"
 | |
| 
 | |
| 	"github.com/1Password/onepassword-operator/pkg/testhelper/defaults"
 | |
| 	"github.com/1Password/onepassword-operator/pkg/testhelper/system"
 | |
| )
 | |
| 
 | |
| // CreateSecretFromEnvVar creates a kubernetes secret from an environment variable
 | |
| func CreateSecretFromEnvVar(envVar, secretName string) {
 | |
| 	By("Creating '" + secretName + "' secret")
 | |
| 
 | |
| 	value, _ := os.LookupEnv(envVar)
 | |
| 	Expect(value).NotTo(BeEmpty())
 | |
| 
 | |
| 	_, err := system.Run("kubectl", "create", "secret", "generic", secretName, "--from-literal=token="+value)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| }
 | |
| 
 | |
| // CreateSecretFromFile creates a kubernetes secret from a file
 | |
| func CreateSecretFromFile(fileName, secretName string) {
 | |
| 	By("Creating '" + secretName + "' secret from file")
 | |
| 	_, err := system.Run("kubectl", "create", "secret", "generic", secretName, "--from-file="+fileName)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| }
 | |
| 
 | |
| // CreateOpCredentialsSecret creates a kubernetes secret from 1password-credentials.json file
 | |
| // encodes it in base64 and saves it to op-session file
 | |
| func CreateOpCredentialsSecret() {
 | |
| 	rootDir, err := system.GetProjectRoot()
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| 
 | |
| 	credentialsFilePath := filepath.Join(rootDir, "1password-credentials.json")
 | |
| 	data, err := os.ReadFile(credentialsFilePath)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| 
 | |
| 	encoded := base64.RawURLEncoding.EncodeToString(data)
 | |
| 
 | |
| 	// create op-session file in project root
 | |
| 	sessionFilePath := filepath.Join(rootDir, "op-session")
 | |
| 	err = os.WriteFile(sessionFilePath, []byte(encoded), 0o600)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| 
 | |
| 	CreateSecretFromFile("op-session", "op-credentials")
 | |
| }
 | |
| 
 | |
| // DeleteSecret deletes a kubernetes secret
 | |
| func DeleteSecret(name string) {
 | |
| 	By("Deleting '" + name + "' secret")
 | |
| 	_, err := system.Run("kubectl", "delete", "secret", name, "--ignore-not-found=true")
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| }
 | |
| 
 | |
| // CheckSecretExists checks if a kubernetes secret exists
 | |
| func CheckSecretExists(name string) {
 | |
| 	By("Checking '" + name + "' secret exists")
 | |
| 	Eventually(func(g Gomega) {
 | |
| 		output, err := system.Run("kubectl", "get", "secret", name, "-o", "jsonpath={.metadata.name}")
 | |
| 		g.Expect(err).NotTo(HaveOccurred())
 | |
| 		g.Expect(output).To(Equal(name))
 | |
| 	}, defaults.E2ETimeout, defaults.E2EInterval).Should(Succeed())
 | |
| }
 | |
| 
 | |
| // Apply applies a kubernetes manifest file
 | |
| func Apply(yamlPath string) {
 | |
| 	_, err := system.Run("kubectl", "apply", "-f", yamlPath)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| }
 | |
| 
 | |
| // SetContextNamespace sets the current kubernetes context namespace
 | |
| func SetContextNamespace(namespace string) {
 | |
| 	By("Set namespace to " + namespace)
 | |
| 	_, err := system.Run("kubectl", "config", "set-context", "--current", "--namespace="+namespace)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| }
 | |
| 
 | |
| // PatchOperatorToUseServiceAccount sets `OP_SERVICE_ACCOUNT_TOKEN` env variable
 | |
| var PatchOperatorToUseServiceAccount = withOperatorRestart(func() {
 | |
| 	By("patching the operator deployment with service account token")
 | |
| 	_, err := system.Run(
 | |
| 		"kubectl", "patch", "deployment", "onepassword-connect-operator",
 | |
| 		"--type=json",
 | |
| 		`-p=[{"op":"replace","path":"/spec/template/spec/containers/0/env","value":[
 | |
| 	{"name":"OPERATOR_NAME","value":"onepassword-connect-operator"},
 | |
| 	{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},
 | |
| 	{"name":"WATCH_NAMESPACE","value":"default"},
 | |
| 	{"name":"POLLING_INTERVAL","value":"10"},
 | |
| 	{"name":"AUTO_RESTART","value":"false"},
 | |
| 	{
 | |
| 		"name":"OP_SERVICE_ACCOUNT_TOKEN",
 | |
| 		"valueFrom":{
 | |
| 			"secretKeyRef":{
 | |
| 				"name":"onepassword-service-account-token",
 | |
| 				"key":"token",
 | |
| 			},
 | |
| 		},
 | |
| 	},
 | |
| 	{"name":"MANAGE_CONNECT","value":"false"}
 | |
| 	]}]`,
 | |
| 	)
 | |
| 	Expect(err).NotTo(HaveOccurred())
 | |
| })
 | |
| 
 | |
| // withOperatorRestart is a helper function that restarts the operator deployment
 | |
| func withOperatorRestart(operation func()) func() {
 | |
| 	return func() {
 | |
| 		operation()
 | |
| 
 | |
| 		_, err := system.Run("kubectl", "rollout", "status",
 | |
| 			"deployment/onepassword-connect-operator", "-n", "default", "--timeout=120s")
 | |
| 		Expect(err).NotTo(HaveOccurred())
 | |
| 
 | |
| 		By("Waiting for the operator pod to be 'Running'")
 | |
| 		Eventually(func(g Gomega) {
 | |
| 			output, err := system.Run("kubectl", "get", "pods",
 | |
| 				"-l", "name=onepassword-connect-operator",
 | |
| 				"-o", "jsonpath={.items[0].status.phase}")
 | |
| 			g.Expect(err).NotTo(HaveOccurred())
 | |
| 			g.Expect(output).To(ContainSubstring("Running"))
 | |
| 		}, 120*time.Second, 1*time.Second).Should(Succeed())
 | |
| 	}
 | |
| }
 | 
