Adds e2e test case for the operator

adds vendor

Adds e2e test case for the operator

# Conflicts:
#	go.mod

Author: siddhibhor-56

go.sum

@@ -393,8 +393,12 @@ github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw=
 github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/openshift/build-machinery-go v0.0.0-20250414185254-3ce8e800ceda h1:Yjnmq1n4zf1pTwao3EAgkG5o++6iOuxfxGVDwj2Kfrs=
-github.com/openshift/build-machinery-go v0.0.0-20250414185254-3ce8e800ceda/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
+github.com/openshift/api v0.0.0-20250517062239-9cbdb71c92bb h1:zsjZtFnPzE7l2VD5cDCs7PcpaRjaECByEw+JIjM0yW4=
+github.com/openshift/api v0.0.0-20250517062239-9cbdb71c92bb/go.mod h1:yk60tHAmHhtVpJQo3TwVYq2zpuP70iJIFDCmeKMIzPw=
+github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
+github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
+github.com/openshift/client-go v0.0.0-20250603093317-900624865677 h1:OE7ZwLdTM4FmkzfHJMN+CwkyIHCNevv5jAnfkYhw4+U=
+github.com/openshift/client-go v0.0.0-20250603093317-900624865677/go.mod h1:If4PFiis4Sp3vf5z7PYkZJy3gA9DP1kYZR9SdTjjKoY=
 github.com/otiai10/copy v1.2.0/go.mod h1:rrF5dJ5F0t/EWSYODDu4j9/vEeYHMkc8jt0zJChqQWw=
 github.com/otiai10/copy v1.14.0 h1:dCI/t1iTdYGtkvCuBG2BgR6KZa83PTclw4U5n2wAllU=
 github.com/otiai10/copy v1.14.0/go.mod h1:ECfuL02W+/FkTWZWgQqXPWZgW9oeKCSQ5qVfSc4qc4w=
@@ -773,12 +777,12 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.4.7 h1:9MDAWxMoSnB6QoSqiVr7P5mtkT9pOc1kSxchzPCnqJs=
 honnef.co/go/tools v0.4.7/go.mod h1:+rnGS1THNh8zMwnd2oVOTL9QF6vmfyG6ZXBULae2uc0=
-k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc=
-k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k=
+k8s.io/api v0.32.3 h1:Hw7KqxRusq+6QSplE3NYG4MBxZw1BZnq4aP4cJVINls=
+k8s.io/api v0.32.3/go.mod h1:2wEDTXADtm/HA7CCMD8D8bK4yuBUptzaRhYcYEEYA3k=
 k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw=
 k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
-k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
-k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/apimachinery v0.32.3 h1:JmDuDarhDmA/Li7j3aPrwhpNBA94Nvk5zLeOge9HH1U=
+k8s.io/apimachinery v0.32.3/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/apiserver v0.32.1 h1:oo0OozRos66WFq87Zc5tclUX2r0mymoVHRq8JmR7Aak=
 k8s.io/apiserver v0.32.1/go.mod h1:UcB9tWjBY7aryeI5zAgzVJB/6k7E97bkr1RgqDz0jPw=
 k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
@@ -801,8 +805,8 @@ k8s.io/kubelet v0.32.1 h1:bB91GvMsZb+LfzBxnjPEr1Fal/sdxZtYphlfwAaRJGw=
 k8s.io/kubelet v0.32.1/go.mod h1:4sAEZ6PlewD0GroV3zscY7llym6kmNNTVmUI/Qshm6w=
 k8s.io/kubernetes v1.32.1 h1:46YPpIBCT9dkmeglstZ2Gg4LGaAdro1/3IQ+1AfbF1s=
 k8s.io/kubernetes v1.32.1/go.mod h1:tiIKO63GcdPRBHW2WiUFm3C0eoLczl3f7qi56Dm1W8I=
-k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
-k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0=
+k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 mvdan.cc/gofumpt v0.6.0 h1:G3QvahNDmpD+Aek/bNOLrFR2XC6ZAdo62dZu65gmwGo=
 mvdan.cc/gofumpt v0.6.0/go.mod h1:4L0wf+kgIPZtcCWXynNS2e6bhmj73umwnuXSZarixzA=
 mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f h1:lMpcwN6GxNbWtbpI1+xzFLSW8XzX0u72NttUGVFjO3U=

test/e2e/e2e_test.go

@@ -1,82 +1,119 @@
-/*
-Copyright 2025.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-    http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
 package e2e
 
 import (
+	"context"
 	"fmt"
-	"os/exec"
-	"time"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	utils "github.com/openshift/external-secrets-operator/test/utils"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"testing"
+	"time"
+)
 
-	"github.com/openshift/external-secrets-operator/test/utils"
+const (
+	namespace          = "external-secrets-operator"
+	secretStoreFile    = "testdata/aws_secret_store.yaml"
+	externalSecretFile = "testdata/aws_external_secret.yaml"
 )
 
-const namespace = "external-secrets-operator"
+var _ = Describe("External Secrets Operator", Ordered, func() {
+
+	var (
+		ctx    = context.TODO()
+		loader utils.DynamicResourceLoader
+	)
 
-var _ = Describe("controller", Ordered, func() {
 	BeforeAll(func() {
-		//TODO: add any pre-reqs for the tests.
+		loader = utils.NewDynamicResourceLoader(ctx, &testing.T{})
+
+		// Create ExternalSecret resource
+		loader.CreateFromFile(loadFromFile, "testdata/external_secret.yaml", namespace)
 	})
 
 	AfterAll(func() {
-		//TODO: add any clean up required after the tests.
+		loader.DeleteFromFile(loadFromFile, "testdata/external_secret.yaml", namespace)
 	})
 
 	Context("Operator", func() {
-		It("should run successfully", func() {
-			var controllerPodName string
-
-			By("validating that the controller-manager pod is running as expected")
-			verifyControllerUp := func() error {
-				// Get pod name
-
-				cmd := exec.Command("oc", "get",
-					"pods", "-l", "control-plane=controller-manager",
-					"-o", "go-template={{ range .items }}"+
-						"{{ if not .metadata.deletionTimestamp }}"+
-						"{{ .metadata.name }}"+
-						"{{ \"\\n\" }}{{ end }}{{ end }}",
-					"-n", namespace,
-				)
-
-				podOutput, err := utils.Run(cmd)
+		It("should have controller pod running", func() {
+			verifyControllerPod := func() error {
+				pods, err := loader.KubeClient.CoreV1().Pods(namespace).List(ctx, metav1.ListOptions{
+					LabelSelector: "control-plane=controller-manager",
+				})
 				ExpectWithOffset(2, err).NotTo(HaveOccurred())
-				podNames := utils.GetNonEmptyLines(string(podOutput))
-				if len(podNames) != 1 {
-					return fmt.Errorf("expect 1 controller pods running, but got %d", len(podNames))
+
+				var runningPods []corev1.Pod
+				for _, pod := range pods.Items {
+					if pod.DeletionTimestamp == nil && pod.Status.Phase == corev1.PodRunning {
+						runningPods = append(runningPods, pod)
+					}
 				}
-				controllerPodName = podNames[0]
-				ExpectWithOffset(2, controllerPodName).Should(ContainSubstring("controller-manager"))
-
-				// Validate pod status
-				cmd = exec.Command("oc", "get",
-					"pods", controllerPodName, "-o", "jsonpath={.status.phase}",
-					"-n", namespace,
-				)
-				status, err := utils.Run(cmd)
-				ExpectWithOffset(2, err).NotTo(HaveOccurred())
-				if string(status) != "Running" {
-					return fmt.Errorf("controller pod in %s status", status)
+
+				if len(runningPods) != 1 {
+					return fmt.Errorf("expected 1 running controller pod, got %d", len(runningPods))
 				}
+
+				ExpectWithOffset(2, runningPods[0].Name).To(ContainSubstring("controller-manager"))
+				fmt.Println(runningPods[0].Name)
 				return nil
 			}
-			EventuallyWithOffset(1, verifyControllerUp, time.Minute, time.Second).Should(Succeed())
+
+			EventuallyWithOffset(1, verifyControllerPod, time.Minute, time.Second).Should(Succeed())
+		})
+	})
+
+	Context("AWS SecretStore", func() {
+		BeforeEach(func() {
+			loader.CreateFromFile(loadFromFile, secretStoreFile, namespace)
+			loader.CreateFromFile(loadFromFile, externalSecretFile, namespace)
+
+		})
+
+		AfterEach(func() {
+			// Clean up SecretStore
+			loader.DeleteFromFile(loadFromFile, secretStoreFile, namespace)
+			// Clean up ExternalStore
+			loader.DeleteFromFile(loadFromFile, externalSecretFile, namespace)
+
+		})
+
+		It("should synchronize secrets from AWS Secrets Manager", func() {
+			By("verifying the synchronization of the secret")
+			Eventually(func() error {
+				k8sSecret, err := loader.KubeClient.CoreV1().Secrets(namespace).Get(ctx, "aws-secret", metav1.GetOptions{})
+
+				secretsList, err := loader.KubeClient.CoreV1().Secrets("kube-system").List(ctx, metav1.ListOptions{})
+				Expect(err).NotTo(HaveOccurred())
+
+				fmt.Println("Secrets in kube-system:")
+				for _, s := range secretsList.Items {
+					fmt.Println("-", s.Name)
+				}
+				if err != nil {
+					return fmt.Errorf("failed to get secret: %v", err)
+				}
+
+				if string(k8sSecret.Data["aws_secret_access_key"]) == "" {
+					return fmt.Errorf("secret data is empty")
+				}
+
+				decodedValue, err := os.ReadFile("testdata/expected_value.yaml")
+				if err != nil {
+					return fmt.Errorf("failed to read expected secret value: %v", err)
+				}
+
+				if string(k8sSecret.Data["aws_secret_access_key"]) != string(decodedValue) {
+					return fmt.Errorf("secret value does not match expected")
+				}
+				return nil
+			}, time.Minute, time.Second).Should(Succeed())
 		})
 	})
 })
+
+func loadFromFile(name string) ([]byte, error) {
+	return os.ReadFile(name)
+}

test/e2e/testdata/aws_creds_secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws-creds
+  namespace: kube-system
+type: Opaque
+data:
+  aws_access_key_id: ""
+  aws_secret_access_key: ""

test/e2e/testdata/aws_external_secret.yaml

@@ -0,0 +1,18 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: aws-secret
+  namespace: external-secrets-operator
+spec:
+  refreshInterval: 1h
+  secretStoreRef:
+    name: aws-secret-store
+    kind: SecretStore
+  target:
+    name: aws-secret
+    creationPolicy: Owner
+  data:
+    - secretKey: aws_secret_access_key
+      remoteRef:
+        key: aws_secret_access_key #TODO
+        property: aws_secret_access_key

test/e2e/testdata/aws_secret_store.yaml

@@ -0,0 +1,20 @@
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: aws-secret-store
+  namespace: external-secrets-operator
+spec:
+  provider:
+    aws:
+      service: SecretsManager
+      region: us-east-1
+      auth:
+        secretRef:
+          accessKeyIDSecretRef:
+            name: aws-creds
+            key: aws_access_key_id
+            namespace: kube-system
+          secretAccessKeySecretRef:
+            name: aws-creds
+            key: aws_secret_access_key
+            namespace: kube-system

test/e2e/testdata/expected_value.yaml

@@ -0,0 +1 @@
+hqTTSYkFYgkw3OfQ9lFvQgtsReb1g1a+Po5Y/HNU

test/e2e/testdata/external_secret.yaml

@@ -0,0 +1,8 @@
+apiVersion: operator.openshift.io/v1alpha1
+kind: ExternalSecretsManager
+metadata:
+  labels:
+    app.kubernetes.io/name: external-secrets-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: cluster
+spec: {}

test/utils/dynamic_resources.go

@@ -0,0 +1,110 @@
+package utils
+
+import (
+	"bytes"
+	"context"
+	"github.com/stretchr/testify/require"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer/yaml"
+	yamlutil "k8s.io/apimachinery/pkg/util/yaml"
+	"k8s.io/client-go/dynamic"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/restmapper"
+	"testing"
+)
+
+type DynamicResourceLoader struct {
+	KubeClient    kubernetes.Interface
+	DynamicClient dynamic.Interface
+
+	context context.Context
+	t       *testing.T
+}
+
+type doFunc func(t *testing.T, unstructured *unstructured.Unstructured, dynamicResourceInterface dynamic.ResourceInterface)
+
+func NewDynamicResourceLoader(context context.Context, t *testing.T) DynamicResourceLoader {
+	k, d := NewClientsConfigForTest(t)
+	return DynamicResourceLoader{
+		KubeClient:    k,
+		DynamicClient: d,
+		context:       context,
+		t:             t,
+	}
+}
+
+func (d DynamicResourceLoader) noErrorSkipExists(err error) {
+	if !k8serrors.IsAlreadyExists(err) {
+		require.NoError(d.t, err)
+	}
+}
+
+func (d DynamicResourceLoader) noErrorSkipNotExisting(err error) {
+	if !k8serrors.IsNotFound(err) {
+		require.NoError(d.t, err)
+	}
+}
+
+func (d DynamicResourceLoader) do(do doFunc, assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string) {
+	b, err := assetFunc(filename)
+	require.NoError(d.t, err)
+
+	decoder := yamlutil.NewYAMLOrJSONDecoder(bytes.NewReader(b), 1024)
+	var rawObj runtime.RawExtension
+	err = decoder.Decode(&rawObj)
+	require.NoError(d.t, err)
+
+	obj, gvk, err := yaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme).Decode(rawObj.Raw, nil, nil)
+	require.NoError(d.t, err)
+
+	unstructuredMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
+	require.NoError(d.t, err)
+
+	unstructuredObj := &unstructured.Unstructured{Object: unstructuredMap}
+
+	gr, err := restmapper.GetAPIGroupResources(d.KubeClient.Discovery())
+	require.NoError(d.t, err)
+
+	mapper := restmapper.NewDiscoveryRESTMapper(gr)
+	mapping, err := mapper.RESTMapping(gvk.GroupKind(), gvk.Version)
+	require.NoError(d.t, err)
+
+	var dri dynamic.ResourceInterface
+	if mapping.Scope.Name() == meta.RESTScopeNameNamespace {
+		if overrideNamespace != "" {
+			unstructuredObj.SetNamespace(overrideNamespace)
+		}
+		require.NotEmpty(d.t, unstructuredObj.GetNamespace(), "Namespace can not be empty!")
+		dri = d.DynamicClient.Resource(mapping.Resource).Namespace(unstructuredObj.GetNamespace())
+	} else {
+		dri = d.DynamicClient.Resource(mapping.Resource)
+	}
+
+	do(d.t, unstructuredObj, dri)
+}
+
+func (d DynamicResourceLoader) DeleteFromFile(assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string) {
+	d.t.Logf("Deleting resource %v\n", filename)
+	deleteFunc := func(t *testing.T, unstructured *unstructured.Unstructured, dynamicResourceInterface dynamic.ResourceInterface) {
+		err := dynamicResourceInterface.Delete(context.TODO(), unstructured.GetName(), metav1.DeleteOptions{})
+		d.noErrorSkipNotExisting(err)
+	}
+
+	d.do(deleteFunc, assetFunc, filename, overrideNamespace)
+	d.t.Logf("Resource %v deleted\n", filename)
+}
+
+func (d DynamicResourceLoader) CreateFromFile(assetFunc func(name string) ([]byte, error), filename string, overrideNamespace string) {
+	d.t.Logf("Creating resource %v\n", filename)
+	createFunc := func(t *testing.T, unstructured *unstructured.Unstructured, dynamicResourceInterface dynamic.ResourceInterface) {
+		_, err := dynamicResourceInterface.Create(context.TODO(), unstructured, metav1.CreateOptions{})
+		d.noErrorSkipExists(err)
+	}
+
+	d.do(createFunc, assetFunc, filename, overrideNamespace)
+	d.t.Logf("Resource %v created\n", filename)
+}