WIP: add test infra for aws sm

.gitignore

@@ -26,3 +26,8 @@ bin
 cover.out
 
 deploy/charts/external-secrets/templates/crds/*.yaml
+.credentials
+terraform.tfstate
+terraform.tfstate.backup
+.terraform.lock.hcl
+.terraform

test-infra/README.md

@@ -0,0 +1,22 @@
+# Test Infra
+
+
+## Setup cloud provider
+``` bash
+# prepare your AWS credentials
+export AWS_PROFILE=xyz
+
+terraform init
+terraform plan
+terraform apply
+```
+
+
+## External-Secrets Operator | Cloud Integration
+
+AWS: Place a file with the following content in `./testfiles/aws/.credentials`
+
+```
+AWS_ACCESS_KEY_ID=XXXXXX
+AWS_SECRET_ACCESS_KEY=YYYYYYY
+```

test-infra/aws.tf

@@ -0,0 +1,39 @@
+// simple secret as StringValue
+resource "aws_secretsmanager_secret" "simple_string" {
+  name = "simple-string"
+}
+
+resource "aws_secretsmanager_secret_version" "simple_string" {
+  secret_id     = aws_secretsmanager_secret.simple_string.id
+  secret_string = file("${path.module}/data/simple")
+}
+
+// simple secret
+resource "aws_secretsmanager_secret" "simple_binary" {
+  name = "simple-binary"
+}
+
+resource "aws_secretsmanager_secret_version" "simple_binary" {
+  secret_id     = aws_secretsmanager_secret.simple_binary.id
+  secret_binary = filebase64("${path.module}/data/simple")
+}
+
+// json string
+resource "aws_secretsmanager_secret" "json_string" {
+  name = "json-string"
+}
+
+resource "aws_secretsmanager_secret_version" "json_string" {
+  secret_id     = aws_secretsmanager_secret.json_string.id
+  secret_string = file("${path.module}/data/secretjson")
+}
+
+// json binary
+resource "aws_secretsmanager_secret" "json_bin" {
+  name = "json-binary"
+}
+
+resource "aws_secretsmanager_secret_version" "json_bin" {
+  secret_id     = aws_secretsmanager_secret.json_bin.id
+  secret_binary = filebase64("${path.module}/data/secretjson")
+}

test-infra/data/secretjson

@@ -0,0 +1 @@
+{"mykey":"vall","object_key":{"nested_key":"nested_val"}}

test-infra/data/simple

@@ -0,0 +1 @@
+fooao

test-infra/main.tf

@@ -0,0 +1,12 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 3.0"
+    }
+  }
+}
+
+provider "aws" {
+  region = "eu-central-1"
+}

test-infra/testfiles/aws/deploy-credentials.yaml

@@ -0,0 +1,14 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-secrets-controller-manager
+  namespace: external-secrets-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: manager
+        imagePullPolicy: IfNotPresent
+        envFrom:
+        - secretRef:
+            name: aws-credentials

test-infra/testfiles/aws/kustomization.yaml

@@ -0,0 +1,17 @@
+bases:
+- ../../../config/default
+
+resources:
+- ./test.yaml
+
+secretGenerator:
+- name: aws-credentials
+  namespace: external-secrets-system
+  envs:
+  - .credentials
+
+generatorOptions:
+ disableNameSuffixHash: true
+
+patchesStrategicMerge:
+- deploy-credentials.yaml

test-infra/testfiles/aws/test.yaml

@@ -0,0 +1,41 @@
+apiVersion: external-secrets.io/v1alpha1
+kind: SecretStore
+metadata:
+  name: aws-example
+spec:
+  provider:
+    awssm:
+      region: eu-central-1
+---
+apiVersion: external-secrets.io/v1alpha1
+kind: ExternalSecret
+metadata:
+  name: aws-simple-string
+spec:
+  secretStoreRef:
+    name: aws-example
+    kind: SecretStore
+  target:
+    name: aws-simple-string
+  refreshInterval: 1h
+  data:
+  - secretKey: simple-string-value
+    remoteRef:
+      key: simple-string
+  - secretKey: simple-binary-value
+    remoteRef:
+      key: simple-binary
+  - secretKey: json-string-value
+    remoteRef:
+      key: json-string
+  - secretKey: json-string-value-mykey
+    remoteRef:
+      key: json-string
+      property: mykey
+  - secretKey: json-binary-value
+    remoteRef:
+      key: json-binary
+  - secretKey: json-binary-value-mykey
+    remoteRef:
+      key: json-binary
+      property: mykey