adds creds for deleting the aws secret

Author: siddhibhor-56

test/e2e/e2e_suite_test.go

@@ -36,7 +36,7 @@ var _ = BeforeSuite(func() {
 
 	By("Initializing Kubernetes config")
 
-	cfg, err = config.GetConfig() // This works both in-cluster and out-of-cluster
+	cfg, err = config.GetConfig()
 	Expect(err).NotTo(HaveOccurred(), "failed to get kubeconfig")
 })
 

test/e2e/e2e_test.go

@@ -46,6 +46,7 @@ const (
 	externalSecrets         = "testdata/external_secret.yaml"
 	expectedSecretValueFile = "testdata/expected_value.yaml"
 	awsSecretToPushFile     = "testdata/aws_k8s_push_secret.yaml"
+	awsSecretRegionName     = "ap-south-1"
 )
 
 var _ = Describe("External Secrets Operator End-to-End test scenarios", Ordered, func() {
@@ -82,7 +83,7 @@ var _ = Describe("External Secrets Operator End-to-End test scenarios", Ordered,
 		By("Deleting the externalsecrets.openshift.operator.io/cluster CR")
 		loader.DeleteFromFile(testassets.ReadFile, externalSecrets, operatorNamespace)
 
-		err := utils.DeleteAWSSecret(awsSecretName, "ap-south-1")
+		err := utils.DeleteAWSSecret(ctx, clientset, awsSecretName, awsSecretRegionName)
 		Expect(err).NotTo(HaveOccurred(), "failed to delete AWS secret test/e2e")
 	})
 

test/utils/conditions.go

@@ -17,10 +17,18 @@ import (
 	"k8s.io/client-go/kubernetes"
 
 	"github.com/aws/aws-sdk-go/aws"
+	awscred "github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/secretsmanager"
 )
 
+const (
+	awsCredSecretName             = "aws-creds"
+	awsCredNamespace              = "kube-system"
+	awsCredAccessKeySecretKeyName = "aws_secret_access_key"
+	awsCredKeyIdSecretKeyName     = "aws_access_key_id"
+)
+
 type AssetFunc func(string) ([]byte, error)
 
 // VerifyPodsReadyByPrefix checks if all pods matching the given prefixes are Ready and ContainersReady.
@@ -110,8 +118,27 @@ func WaitForESOResourceReady(
 	})
 }
 
-func DeleteAWSSecret(secretName, region string) error {
+func fetchAWSCreds(ctx context.Context, k8sClient *kubernetes.Clientset) (string, string, error) {
+	cred, err := k8sClient.CoreV1().Secrets(awsCredNamespace).Get(ctx, awsCredSecretName, metav1.GetOptions{})
+	if err != nil {
+		return "", "", err
+	}
+	id := string(cred.Data[awsCredKeyIdSecretKeyName])
+	key := string(cred.Data[awsCredAccessKeySecretKeyName])
+	return id, key, nil
+}
+
+func DeleteAWSSecret(ctx context.Context, k8sClient *kubernetes.Clientset, secretName, region string) error {
+	id, key, err := fetchAWSCreds(ctx, k8sClient)
+	if err != nil {
+		return err
+	}
+
 	sess, err := session.NewSession(&aws.Config{
+		Credentials: awscred.NewCredentials(&awscred.StaticProvider{Value: awscred.Value{
+			AccessKeyID:     id,
+			SecretAccessKey: key,
+		}}),
 		Region: aws.String(region),
 	})
 	if err != nil {