test(e2e): add aws v2 generator coverage

e2e/Makefile

@@ -12,7 +12,7 @@ export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e
 export GINKGO_LABELS ?= !managed && !v2
 export V2_GINKGO_LABELS ?= !managed && v2
 export TEST_SUITES ?= provider generator flux argocd
-export V2_TEST_SUITES ?= provider
+export V2_TEST_SUITES ?= provider generator
 export GOCACHE ?= $(CURDIR)/.cache/go-build
 export GOMODCACHE ?= $(CURDIR)/.cache/go-mod
 

e2e/makefile_test.go

@@ -110,8 +110,8 @@ func TestV2MakeTargetCanSkipKubernetesProviderBuild(t *testing.T) {
 	if !strings.Contains(defaultDryRun, helmDependencyEnsureCmd) {
 		t.Fatalf("expected default test.v2 dry-run to ensure helm dependencies before copying the chart, output:\n%s", defaultDryRun)
 	}
-	if !strings.Contains(defaultDryRun, `TEST_SUITES="provider"`) {
-		t.Fatalf("expected default test.v2 dry-run to run the provider suite, output:\n%s", defaultDryRun)
+	if !strings.Contains(defaultDryRun, `TEST_SUITES="provider generator"`) {
+		t.Fatalf("expected default test.v2 dry-run to run the provider and generator suites, output:\n%s", defaultDryRun)
 	}
 	if strings.Contains(defaultDryRun, dockerCleanupCmd) {
 		t.Fatalf("expected default test.v2 dry-run to avoid CI-only docker cleanup, output:\n%s", defaultDryRun)
@@ -151,8 +151,8 @@ func TestV2MakeTargetCanSkipKubernetesProviderBuild(t *testing.T) {
 	if !strings.Contains(skippedDryRun, helmDependencyEnsureCmd) {
 		t.Fatalf("expected skipped test.v2 dry-run to ensure helm dependencies before copying the chart, output:\n%s", skippedDryRun)
 	}
-	if !strings.Contains(skippedDryRun, `TEST_SUITES="provider"`) {
-		t.Fatalf("expected skipped test.v2 dry-run to still run the provider suite, output:\n%s", skippedDryRun)
+	if !strings.Contains(skippedDryRun, `TEST_SUITES="provider generator"`) {
+		t.Fatalf("expected skipped test.v2 dry-run to still run the provider and generator suites, output:\n%s", skippedDryRun)
 	}
 }
 

e2e/suites/generator/aws.go

@@ -0,0 +1,75 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
+	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
+)
+
+const awsCredsSecretName = "aws-creds"
+
+func skipIfAWSGeneratorCredentialsMissing() {
+	if os.Getenv("AWS_REGION") == "" || os.Getenv("AWS_ACCESS_KEY_ID") == "" || os.Getenv("AWS_SECRET_ACCESS_KEY") == "" {
+		Skip("AWS static generator credentials are required")
+	}
+}
+
+func createAWSGeneratorCredentialsSecret(f *framework.Framework) {
+	err := f.CRClient.Create(GinkgoT().Context(), &v1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      awsCredsSecretName,
+			Namespace: f.Namespace.Name,
+		},
+		Data: map[string][]byte{
+			"akid": []byte(os.Getenv("AWS_ACCESS_KEY_ID")),
+			"sak":  []byte(os.Getenv("AWS_SECRET_ACCESS_KEY")),
+			"st":   []byte(os.Getenv("AWS_SESSION_TOKEN")),
+		},
+	})
+	Expect(err).ToNot(HaveOccurred())
+}
+
+func awsGeneratorAuth() genv1alpha1.AWSAuth {
+	auth := genv1alpha1.AWSAuth{
+		SecretRef: &genv1alpha1.AWSAuthSecretRef{
+			AccessKeyID: esmeta.SecretKeySelector{
+				Name: awsCredsSecretName,
+				Key:  "akid",
+			},
+			SecretAccessKey: esmeta.SecretKeySelector{
+				Name: awsCredsSecretName,
+				Key:  "sak",
+			},
+		},
+	}
+	if os.Getenv("AWS_SESSION_TOKEN") != "" {
+		auth.SecretRef.SessionToken = &esmeta.SecretKeySelector{
+			Name: awsCredsSecretName,
+			Key:  "st",
+		}
+	}
+	return auth
+}

e2e/suites/generator/ecr_v2.go

@@ -0,0 +1,80 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
+	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
+)
+
+var _ = Describe("ecr generator v2", Label("aws", "ecr", "v2"), func() {
+	f := framework.New("ecr-v2")
+
+	BeforeEach(func() {
+		if !framework.IsV2ProviderMode() {
+			Skip("v2 mode only")
+		}
+		skipIfAWSGeneratorCredentialsMissing()
+	})
+
+	injectGenerator := func(tc *testCase) {
+		createAWSGeneratorCredentialsSecret(f)
+		tc.Generator = &genv1alpha1.ECRAuthorizationToken{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: genv1alpha1.Group + "/" + genv1alpha1.Version,
+				Kind:       genv1alpha1.ECRAuthorizationTokenKind,
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      generatorName,
+				Namespace: f.Namespace.Name,
+			},
+			Spec: genv1alpha1.ECRAuthorizationTokenSpec{
+				Region: os.Getenv("AWS_REGION"),
+				Auth:   awsGeneratorAuth(),
+			},
+		}
+	}
+
+	customResourceGenerator := func(tc *testCase) {
+		tc.ExternalSecret.Spec.DataFrom = []esv1.ExternalSecretDataFromRemoteRef{{
+			SourceRef: &esv1.StoreGeneratorSourceRef{
+				GeneratorRef: &esv1.GeneratorRef{
+					Kind: "ECRAuthorizationToken",
+					Name: generatorName,
+				},
+			},
+		}}
+		tc.AfterSync = func(secret *v1.Secret) {
+			Expect(string(secret.Data["username"])).To(Equal("AWS"))
+			Expect(string(secret.Data["password"])).ToNot(BeEmpty())
+			Expect(string(secret.Data["proxy_endpoint"])).ToNot(BeEmpty())
+			Expect(string(secret.Data["expires_at"])).ToNot(BeEmpty())
+		}
+	}
+
+	DescribeTable("generate ecr auth tokens through the v2 aws provider", generatorTableFunc,
+		Entry("using custom resource generator", f, injectGenerator, customResourceGenerator),
+	)
+})

e2e/suites/generator/sts_v2.go

@@ -0,0 +1,80 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+	"os"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	esv1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1"
+	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
+)
+
+var _ = Describe("sts generator v2", Label("aws", "sts", "v2"), func() {
+	f := framework.New("sts-v2")
+
+	BeforeEach(func() {
+		if !framework.IsV2ProviderMode() {
+			Skip("v2 mode only")
+		}
+		skipIfAWSGeneratorCredentialsMissing()
+	})
+
+	injectGenerator := func(tc *testCase) {
+		createAWSGeneratorCredentialsSecret(f)
+		tc.Generator = &genv1alpha1.STSSessionToken{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: genv1alpha1.Group + "/" + genv1alpha1.Version,
+				Kind:       genv1alpha1.STSSessionTokenKind,
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      generatorName,
+				Namespace: f.Namespace.Name,
+			},
+			Spec: genv1alpha1.STSSessionTokenSpec{
+				Region: os.Getenv("AWS_REGION"),
+				Auth:   awsGeneratorAuth(),
+			},
+		}
+	}
+
+	customResourceGenerator := func(tc *testCase) {
+		tc.ExternalSecret.Spec.DataFrom = []esv1.ExternalSecretDataFromRemoteRef{{
+			SourceRef: &esv1.StoreGeneratorSourceRef{
+				GeneratorRef: &esv1.GeneratorRef{
+					Kind: "STSSessionToken",
+					Name: generatorName,
+				},
+			},
+		}}
+		tc.AfterSync = func(secret *v1.Secret) {
+			Expect(string(secret.Data["access_key_id"])).ToNot(BeEmpty())
+			Expect(string(secret.Data["secret_access_key"])).ToNot(BeEmpty())
+			Expect(string(secret.Data["session_token"])).ToNot(BeEmpty())
+			Expect(string(secret.Data["expiration"])).ToNot(BeEmpty())
+		}
+	}
+
+	DescribeTable("generate sts session tokens through the v2 aws provider", generatorTableFunc,
+		Entry("using custom resource generator", f, injectGenerator, customResourceGenerator),
+	)
+})

e2e/suites/generator/suite_test.go

@@ -24,12 +24,26 @@ import (
 	// nolint
 	. "github.com/onsi/gomega"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	"github.com/external-secrets/external-secrets-e2e/framework/addon"
 	"github.com/external-secrets/external-secrets-e2e/framework/util"
 	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
 )
 
 var _ = SynchronizedBeforeSuite(func() []byte {
+	if framework.IsV2ProviderMode() {
+		By("installing eso in generator v2 mode")
+		addon.InstallGlobalAddon(addon.NewESO(
+			addon.WithCRDs(),
+			addon.WithAllowGenericTargets(),
+			addon.WithV2Namespace(),
+			addon.WithV2KubernetesProvider(),
+			addon.WithV2FakeProvider(),
+			addon.WithV2AWSProvider(),
+		))
+		return nil
+	}
+
 	cfg := &addon.Config{}
 	cfg.KubeConfig, cfg.KubeClientSet, cfg.CRClient = util.NewConfig()