modified code

Author: siddhibhor-56

go.mod

@@ -3,6 +3,7 @@ module github.com/openshift/external-secrets-operator
 go 1.23.6
 
 require (
+	github.com/aws/aws-sdk-go v1.55.7
 	github.com/cert-manager/cert-manager v1.16.4
 	github.com/elastic/crd-ref-docs v0.1.0
 	github.com/go-bindata/go-bindata v3.1.2+incompatible
@@ -11,15 +12,16 @@ require (
 	github.com/maxbrunsfeld/counterfeiter/v6 v6.11.2
 	github.com/onsi/ginkgo/v2 v2.22.0
 	github.com/onsi/gomega v1.36.1
-	github.com/openshift/build-machinery-go v0.0.0-20250414185254-3ce8e800ceda
+	github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee
+	github.com/stretchr/testify v1.10.0
 	go.uber.org/zap v1.27.0
-	k8s.io/api v0.32.1
+	k8s.io/api v0.32.3
 	k8s.io/apiextensions-apiserver v0.32.1
-	k8s.io/apimachinery v0.32.1
+	k8s.io/apimachinery v0.32.3
 	k8s.io/client-go v0.32.1
 	k8s.io/klog/v2 v2.130.1
 	k8s.io/kubernetes v1.32.1
-	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
+	k8s.io/utils v0.0.0-20241210054802-24370beab758
 	sigs.k8s.io/controller-runtime v0.20.1
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20250308055145-5fe7bb3edc86
 	sigs.k8s.io/controller-tools v0.16.1
@@ -142,6 +144,7 @@ require (
 	github.com/jingyugao/rowserrcheck v1.1.1 // indirect
 	github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
 	github.com/jjti/go-spancheck v0.6.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/julz/importas v0.1.0 // indirect
@@ -221,7 +224,6 @@ require (
 	github.com/stbenjam/no-sprintf-host-port v0.1.1 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/stretchr/objx v0.5.2 // indirect
-	github.com/stretchr/testify v1.10.0 // indirect
 	github.com/subosito/gotenv v1.4.1 // indirect
 	github.com/t-yuki/gocover-cobertura v0.0.0-20180217150009-aaee18c8195c // indirect
 	github.com/tdakkota/asciicheck v0.2.0 // indirect

go.sum

@@ -54,6 +54,8 @@ github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8ger
 github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU=
 github.com/ashanbrown/makezero v1.1.1 h1:iCQ87C0V0vSyO+M9E/FZYbu65auqH0lnsOkf5FcB28s=
 github.com/ashanbrown/makezero v1.1.1/go.mod h1:i1bJLCRSCHOcOa9Y6MyF2FTfMZMFdHvxKHxgO5Z1axI=
+github.com/aws/aws-sdk-go v1.55.7 h1:UJrkFq7es5CShfBwlWAC8DA077vp8PyVbQd3lqLiztE=
+github.com/aws/aws-sdk-go v1.55.7/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bkielbasa/cyclop v1.2.1 h1:AeF71HZDob1P2/pRm1so9cd1alZnrpyc4q2uP2l0gJY=
@@ -284,6 +286,10 @@ github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9B
 github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
 github.com/jjti/go-spancheck v0.6.1 h1:ZK/wE5Kyi1VX3PJpUO2oEgeoI4FWOUm7Shb2Gbv5obI=
 github.com/jjti/go-spancheck v0.6.1/go.mod h1:vF1QkOO159prdo6mHRxak2CpzDpHAfKiPUDP/NeRnX8=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY=
+github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jonboulle/clockwork v0.4.0 h1:p4Cf1aMWXnXAUh8lVfewRBx1zaTSYKrKMF2g3ST4RZ4=
 github.com/jonboulle/clockwork v0.4.0/go.mod h1:xgRqUGwRcjKCO1vbZUEtSLrqKoPSsUpK7fnezOII0kc=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -393,12 +399,8 @@ github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
 github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/openshift/api v0.0.0-20250517062239-9cbdb71c92bb h1:zsjZtFnPzE7l2VD5cDCs7PcpaRjaECByEw+JIjM0yW4=
-github.com/openshift/api v0.0.0-20250517062239-9cbdb71c92bb/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
 github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
 github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
-github.com/openshift/client-go v0.0.0-20250603093317-900624865677 h1:OE7ZwLdTM4FmkzfHJMN+CwkyIHCNevv5jAnfkYhw4+U=
-github.com/openshift/client-go v0.0.0-20250603093317-900624865677/go.mod h1:If4PFiis4Sp3vf5z7PYkZJy3gA9DP1kYZR9SdTjjKoY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
@@ -770,6 +772,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

test/e2e/e2e_suite_test.go

@@ -18,12 +18,37 @@ package e2e
 
 import (
 	"fmt"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
 	"testing"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"sigs.k8s.io/controller-runtime/pkg/client/config"
 )
 
+var (
+	cfg           *rest.Config
+	k8sClientSet  *kubernetes.Clientset
+	dynamicClient dynamic.Interface
+)
+
+var _ = BeforeSuite(func() {
+	var err error
+
+	By("Initializing Kubernetes config")
+
+	cfg, err = config.GetConfig() // This works both in-cluster and out-of-cluster
+	Expect(err).NotTo(HaveOccurred(), "failed to get kubeconfig")
+
+	k8sClientSet, err = kubernetes.NewForConfig(cfg)
+	Expect(err).NotTo(HaveOccurred(), "failed to create kube client")
+
+	dynamicClient, err = dynamic.NewForConfig(cfg)
+	Expect(err).NotTo(HaveOccurred(), "failed to create dynamic client")
+})
+
 // Run e2e tests using the Ginkgo runner.
 func TestE2E(t *testing.T) {
 	RegisterFailHandler(Fail)

test/e2e/e2e_test.go

@@ -2,118 +2,128 @@ package e2e
 
 import (
 	"context"
-	"fmt"
+	"embed"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	utils "github.com/openshift/external-secrets-operator/test/utils"
-	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"os"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
 	"testing"
 	"time"
 )
 
+//go:embed testdata/*
+var testassets embed.FS
+
 const (
-	namespace          = "external-secrets-operator"
+	operatorNamespace  = "external-secrets-operator"
+	operandNamespace   = "external-secrets"
 	secretStoreFile    = "testdata/aws_secret_store.yaml"
 	externalSecretFile = "testdata/aws_external_secret.yaml"
+	pushSecretFile     = "testdata/push_secret.yaml"
+	externalSecrets    = "testdata/external_secret.yaml"
 )
 
-var _ = Describe("External Secrets Operator", Ordered, func() {
-
+var _ = Describe("External Secrets Operator End-to-End", Ordered, func() {
+	ctx := context.TODO()
 	var (
-		ctx    = context.TODO()
-		loader utils.DynamicResourceLoader
+		clientset     *kubernetes.Clientset
+		dynamicClient *dynamic.DynamicClient
+		loader        utils.DynamicResourceLoader
 	)
 
 	BeforeAll(func() {
+		var err error
 		loader = utils.NewDynamicResourceLoader(ctx, &testing.T{})
 
-		// Create ExternalSecret resource
-		loader.CreateFromFile(loadFromFile, "testdata/external_secret.yaml", namespace)
+		clientset, err = kubernetes.NewForConfig(cfg)
+		Expect(err).Should(BeNil())
+
+		dynamicClient, err = dynamic.NewForConfig(cfg)
+		Expect(err).Should(BeNil())
+
+		By("Waiting for external-secrets-operator controller-manager pod to be ready")
+		Expect(utils.VerifyPodsReadyByPrefix(ctx, clientset, operatorNamespace, []string{
+			"external-secrets-operator-controller-manager-",
+		})).To(Succeed())
+
+		By("Creating the ExternalSecrets Operator CR")
+		loader.CreateFromFile(testassets.ReadFile, externalSecrets, operatorNamespace)
 	})
 
 	AfterAll(func() {
-		loader.DeleteFromFile(loadFromFile, "testdata/external_secret.yaml", namespace)
+		By("Deleting the ExternalSecrets Operator CR")
+		loader.DeleteFromFile(testassets.ReadFile, externalSecrets, operatorNamespace)
+
+		err := utils.DeleteAWSSecret("test/e2e", "eu-north-1")
+		Expect(err).NotTo(HaveOccurred(), "failed to delete AWS secret test/e2e")
 	})
 
-	Context("Operator", func() {
-		It("should have controller pod running", func() {
-			verifyControllerPod := func() error {
-				pods, err := loader.KubeClient.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{
-					LabelSelector: "control-plane=controller-manager",
-				})
-				ExpectWithOffset(2, err).NotTo(HaveOccurred())
-
-				var runningPods []corev1.Pod
-				for _, pod := range pods.Items {
-					if pod.DeletionTimestamp == nil && pod.Status.Phase == corev1.PodRunning {
-						runningPods = append(runningPods, pod)
-					}
-				}
-
-				if len(runningPods) != 1 {
-					return fmt.Errorf("expected 1 running controller pod, got %d", len(runningPods))
-				}
-
-				ExpectWithOffset(2, runningPods[0].Name).To(ContainSubstring("controller-manager"))
-				fmt.Println(runningPods[0].Name)
-				return nil
-			}
-
-			EventuallyWithOffset(1, verifyControllerPod, time.Minute, time.Second).Should(Succeed())
-		})
+	BeforeEach(func() {
+		By("Verifying ESO pods are running and ready")
+		Expect(utils.VerifyPodsReadyByPrefix(ctx, clientset, operandNamespace, []string{
+			"external-secrets-",
+			"external-secrets-cert-controller-",
+			"external-secrets-webhook-",
+		})).To(Succeed())
 	})
 
-	Context("AWS SecretStore", func() {
-		BeforeEach(func() {
-			loader.CreateFromFile(loadFromFile, secretStoreFile, namespace)
-			loader.CreateFromFile(loadFromFile, externalSecretFile, namespace)
-
-		})
-
-		AfterEach(func() {
-			// Clean up SecretStore
-			loader.DeleteFromFile(loadFromFile, secretStoreFile, namespace)
-			// Clean up ExternalStore
-			loader.DeleteFromFile(loadFromFile, externalSecretFile, namespace)
-
-		})
-
-		It("should synchronize secrets from AWS Secrets Manager", func() {
-			By("verifying the synchronization of the secret")
-			Eventually(func() error {
-				k8sSecret, err := loader.KubeClient.CoreV1().Secrets(namespace).Get(ctx, "aws-secret", metav1.GetOptions{})
-
-				secretsList, err := loader.KubeClient.CoreV1().Secrets("kube-system").List(ctx, metav1.ListOptions{})
-				Expect(err).NotTo(HaveOccurred())
-
-				fmt.Println("Secrets in kube-system:")
-				for _, s := range secretsList.Items {
-					fmt.Println("-", s.Name)
-				}
-				if err != nil {
-					return fmt.Errorf("failed to get secret: %v", err)
-				}
-
-				if string(k8sSecret.Data["aws_secret_access_key"]) == "" {
-					return fmt.Errorf("secret data is empty")
-				}
-
-				decodedValue, err := os.ReadFile("testdata/expected_value.yaml")
-				if err != nil {
-					return fmt.Errorf("failed to read expected secret value: %v", err)
-				}
-
-				if string(k8sSecret.Data["aws_secret_access_key"]) != string(decodedValue) {
-					return fmt.Errorf("secret value does not match expected")
-				}
-				return nil
-			}, time.Minute, time.Second).Should(Succeed())
-		})
+	It("should create secrets from SecretStore and ExternalSecret", func() {
+		By("Creating SecretStore")
+		loader.CreateFromFile(testassets.ReadFile, secretStoreFile, operandNamespace)
+		defer loader.DeleteFromFile(testassets.ReadFile, secretStoreFile, operandNamespace)
+
+		By("Waiting for SecretStore to become Ready")
+		Expect(utils.WaitForESOResourceReady(ctx, dynamicClient,
+			schema.GroupVersionResource{
+				Group:    "external-secrets.io",
+				Version:  "v1beta1",
+				Resource: "clustersecretstores",
+			},
+			"", "aws-secret-store", time.Minute,
+		)).To(Succeed())
+
+		By("Creating PushSecret")
+		loader.CreateFromFile(testassets.ReadFile, pushSecretFile, operandNamespace)
+		defer loader.DeleteFromFile(testassets.ReadFile, pushSecretFile, operandNamespace)
+
+		By("Waiting for PushSecret to become Ready")
+		Expect(utils.WaitForESOResourceReady(ctx, dynamicClient,
+			schema.GroupVersionResource{
+				Group:    "external-secrets.io",
+				Version:  "v1alpha1",
+				Resource: "pushsecrets",
+			},
+			operandNamespace, "aws-push-secret", time.Minute,
+		)).To(Succeed())
+
+		By("Creating ExternalSecret")
+		loader.CreateFromFile(testassets.ReadFile, externalSecretFile, operandNamespace)
+		defer loader.DeleteFromFile(testassets.ReadFile, externalSecretFile, operandNamespace)
+
+		By("Waiting for ExternalSecret to become Ready")
+		Expect(utils.WaitForESOResourceReady(ctx, dynamicClient,
+			schema.GroupVersionResource{
+				Group:    "external-secrets.io",
+				Version:  "v1beta1",
+				Resource: "externalsecrets",
+			},
+			operandNamespace, "aws-external-secret", time.Minute,
+		)).To(Succeed())
+
+		By("Waiting for target secret to be created with expected data")
+		Eventually(func(g Gomega) {
+			secret, err := loader.KubeClient.CoreV1().Secrets(operandNamespace).Get(ctx, "aws-secret", metav1.GetOptions{})
+			g.Expect(err).NotTo(HaveOccurred(), "should get aws-secret from namespace %s", operandNamespace)
+
+			val, ok := secret.Data["aws_secret_access_key"]
+			g.Expect(ok).To(BeTrue(), "aws_secret_access_key should be present in secret %s", secret.Name)
+
+			expectedValue := []byte("hqTTSYkFYgkw3OfQ9lFvQgtsReb1g1a+Po5Y/HNU")
+			g.Expect(val).To(Equal(expectedValue), "aws_secret_access_key does not match expected value")
+		}, time.Minute, 5*time.Second).Should(Succeed())
+
 	})
 })
-
-func loadFromFile(name string) ([]byte, error) {
-	return os.ReadFile(name)
-}

test/e2e/testdata/aws_creds_secret.yaml

@@ -1,18 +1,18 @@
 apiVersion: external-secrets.io/v1beta1
 kind: ExternalSecret
 metadata:
-  name: aws-secret
-  namespace: external-secrets-operator
+  name: aws-external-secret
+  namespace: external-secrets
 spec:
   refreshInterval: 1h
   secretStoreRef:
     name: aws-secret-store
-    kind: SecretStore
+    kind: ClusterSecretStore
   target:
     name: aws-secret
     creationPolicy: Owner
   data:
-    - secretKey: aws_secret_access_key
+    - secretKey: aws_secret_access_key  # This is the key in the Kubernetes Secret
       remoteRef:
-        key: aws_secret_access_key #TODO
-        property: aws_secret_access_key
+        key: test/e2e  # This is the name of the secret in AWS Secrets Manager
+        property: aws_secret_access_key  # This is the key inside the AWS secret JSON

test/e2e/testdata/aws_external_secret.yaml

@@ -1,13 +1,12 @@
 apiVersion: external-secrets.io/v1beta1
-kind: SecretStore
+kind: ClusterSecretStore
 metadata:
   name: aws-secret-store
-  namespace: external-secrets-operator
 spec:
   provider:
     aws:
       service: SecretsManager
-      region: us-east-1
+      region: eu-north-1
       auth:
         secretRef:
           accessKeyIDSecretRef:
@@ -18,3 +17,4 @@ spec:
             name: aws-creds
             key: aws_secret_access_key
             namespace: kube-system
+