Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions go.work.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I=
github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y=
github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks=
k8s.io/klog v0.2.0 h1:0ElL0OHzF3N+OhoJTL0uca20SxtYt4X4+bzHeqrB83c=
656 changes: 655 additions & 1 deletion test/e2e/e2e_test.go

Large diffs are not rendered by default.

17 changes: 17 additions & 0 deletions test/e2e/testdata/vault/external_secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-example
namespace: vault-test
spec:
refreshInterval: "15s"
secretStoreRef:
name: vault-backend
kind: SecretStore
target:
name: k8s-secret-to-create
data:
- secretKey: password
remoteRef:
key: foo
property: my-value
27 changes: 27 additions & 0 deletions test/e2e/testdata/vault/externalsecretsconfig.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
apiVersion: operator.openshift.io/v1alpha1
kind: ExternalSecretsConfig
metadata:
name: cluster
spec:
controllerConfig:
networkPolicies:
- componentName: ExternalSecretsCoreController
name: allow-vault-egress
egress:
- ports:
- protocol: TCP
port: 6443
- protocol: TCP
port: 443
- protocol: TCP
port: 5353
- protocol: UDP
port: 5353

Comment thread
coderabbitai[bot] marked this conversation as resolved.
- to:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: vault-test
ports:
- protocol: TCP
port: 8200
16 changes: 16 additions & 0 deletions test/e2e/testdata/vault/secret_store.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: external-secrets.io/v1
kind: SecretStore
Comment thread
raja-0940 marked this conversation as resolved.
metadata:
name: vault-backend
namespace: {{VAULT_NAMESPACE}}
spec:
provider:
vault:
server: "{{VAULT_ADDR}}"
path: "secret"
version: "v2"
auth:
tokenSecretRef:
name: "vault-token"
key: "token"
namespace: "{{VAULT_NAMESPACE}}"
133 changes: 133 additions & 0 deletions test/e2e/testdata/vault/vault.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: vault-test

---
apiVersion: v1
kind: ServiceAccount
metadata:
name: vault
namespace: vault-test

---
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-config
namespace: vault-test
data:
vault.hcl: |
ui = true

listener "tcp" {
address = "0.0.0.0:8200"
tls_disable = 1
}

storage "file" {
path = "/vault/data"
}

disable_mlock = true

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
namespace: vault-test
spec:
replicas: 1
selector:
matchLabels:
app: vault
template:
metadata:
labels:
app: vault
annotations:
openshift.io/scc: restricted-v2
spec:

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for discussion

serviceAccountName: vault
# No pod-level securityContext: restricted-v2 assigns the UID from the
# namespace range and applies its own seccomp profile automatically.
# Explicit runAsUser/seccompProfile fields are rejected by this cluster.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- {{VAULT_ARCH}}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks OK.

containers:
- name: vault
image: icr.io/ppc64le-oss/vault-ppc64le:v1.14.8
command:
- vault
args:
- server
- -config=/vault/config/vault.hcl
env:
- name: VAULT_API_ADDR
value: {{VAULT_ADDR}}
- name: VAULT_ADDR
value: http://127.0.0.1:8200
ports:
- containerPort: 8200
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
volumeMounts:
- name: config
mountPath: /vault/config
- name: data
mountPath: /vault/data
startupProbe:
httpGet:
path: /v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
port: 8200
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 24
readinessProbe:
httpGet:
path: /v1/sys/health?standbyok=true&sealedcode=204&uninitcode=204
port: 8200
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 3
volumes:
- name: config
configMap:
name: vault-config
- name: data
emptyDir: {}

---
apiVersion: v1
kind: Service
metadata:
name: vault
namespace: vault-test
spec:
selector:
app: vault
ports:
- name: http
port: 8200
targetPort: 8200
3 changes: 3 additions & 0 deletions test/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -52,14 +52,17 @@ require (
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect
github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/krishicks/yaml-patch v0.0.10 // indirect
github.com/mailru/easyjson v0.9.0 // indirect
github.com/moby/spdystream v0.5.1 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
github.com/onsi/ginkgo v1.16.5 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
Expand Down
8 changes: 8 additions & 0 deletions test/go.sum
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0=
github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
github.com/aws/aws-sdk-go v1.55.8 h1:JRmEUbU52aJQZ2AjX4q4Wu7t4uZjOu71uyNmaWlUkJQ=
github.com/aws/aws-sdk-go v1.55.8/go.mod h1:ZkViS9AqA6otK+JBBNH2++sx1sgxrPKcSzPPvQkUtXk=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
Expand Down Expand Up @@ -96,6 +98,8 @@ github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83 h1:z2ogiKUYzX5Is6zr/v
github.com/google/pprof v0.0.0-20260115054156-294ebfa9ad83/go.mod h1:MxpfABSjhmINe3F1It9d+8exIHFvUqtLIRCdOGNXqiI=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo=
github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674/go.mod h1:r4w70xmWCQKmi1ONH4KIaBptdivuRPyosB9RmPlGEwA=
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=
github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
Expand Down Expand Up @@ -123,6 +127,8 @@ github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo=
github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg=
github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE=
github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A=
github.com/moby/spdystream v0.5.1 h1:9sNYeYZUcci9R6/w7KDaFWEWeV4LStVG78Mpyq/Zm/Y=
github.com/moby/spdystream v0.5.1/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
Expand All @@ -131,6 +137,8 @@ github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee h1:W5t00kpgFd
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus=
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
Expand Down
4 changes: 3 additions & 1 deletion test/utils/conditions.go
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,9 @@ type AssetFunc func(string) ([]byte, error)

// VerifyPodsReadyByPrefix checks if all pods matching the given prefixes are Ready and ContainersReady.
func VerifyPodsReadyByPrefix(ctx context.Context, clientset kubernetes.Interface, namespace string, prefixes []string) error {
return wait.PollUntilContextTimeout(ctx, 5*time.Second, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
// 5 minutes: allows for image-pull latency in CI (can be 60-90s from Docker Hub)
// plus initialDelaySeconds:20 + up to failureThreshold:10 x periodSeconds:5 = 70s probe window.
return wait.PollUntilContextTimeout(ctx, 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) {
podList, err := clientset.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{})
if err != nil {
return false, err
Expand Down
21 changes: 20 additions & 1 deletion test/utils/dynamic_resources.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ package utils
import (
"bytes"
"context"
"strings"
"testing"

k8serrors "k8s.io/apimachinery/pkg/api/errors"
Expand Down Expand Up @@ -69,13 +70,18 @@ func (d DynamicResourceLoader) DeleteFromFile(assetFunc func(name string) ([]byt
}

func (d DynamicResourceLoader) CreateFromFile(assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string) {
d.CreateFromFileWithReplacements(assetFunc, filename, overrideNamespace, nil)
}

// CreateFromFileWithReplacements creates a resource from a file with template variable replacements
func (d DynamicResourceLoader) CreateFromFileWithReplacements(assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string, replacements map[string]string) {
d.t.Logf("Creating resource %v\n", filename)
createFunc := func(t *testing.T, unstructured *unstructured.Unstructured, dynamicResourceInterface dynamic.ResourceInterface) {
_, err := dynamicResourceInterface.Create(d.context, unstructured, metav1.CreateOptions{})
d.noErrorSkipExists(err)
}

d.do(createFunc, assetFunc, filename, overrideNamespace)
d.doWithReplacements(createFunc, assetFunc, filename, overrideNamespace, replacements)
d.t.Logf("Resource %v created\n", filename)
}

Expand Down Expand Up @@ -139,9 +145,22 @@ func (d DynamicResourceLoader) noErrorSkipNotExisting(err error) {
}

func (d DynamicResourceLoader) do(do doFunc, assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string) {
d.doWithReplacements(do, assetFunc, filename, overrideNamespace, nil)
}

func (d DynamicResourceLoader) doWithReplacements(do doFunc, assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string, replacements map[string]string) {
b, err := assetFunc(filename)
require.NoError(d.t, err)

// Apply string replacements if provided
if len(replacements) > 0 {
content := string(b)
for placeholder, value := range replacements {
content = strings.ReplaceAll(content, placeholder, value)
}
b = []byte(content)
}

decoder := yamlutil.NewYAMLOrJSONDecoder(bytes.NewReader(b), 1024)
var rawObj runtime.RawExtension
err = decoder.Decode(&rawObj)
Expand Down
Loading