mock gcp log

dev/tasks/run-e2e

@@ -26,7 +26,7 @@ if [[ -z "${KUBEBUILDER_ASSETS:-}" ]]; then
 fi
 
 if [[ -z "${KCC_USE_DIRECT_RECONCILERS:-}" ]]; then
-  KCC_USE_DIRECT_RECONCILERS=ComputeForwardingRule,GKEHubFeatureMembership,SecretManagerSecret,SecretManagerSecretVersion
+  KCC_USE_DIRECT_RECONCILERS=ComputeForwardingRule,GKEHubFeatureMembership
 fi
 echo "Using direct controllers: $KCC_USE_DIRECT_RECONCILERS"
 export KCC_USE_DIRECT_RECONCILERS

mockgcp/mocksecretmanager/secrets.go

@@ -84,6 +84,13 @@ func (s *SecretsV1) populateDefaultsForSecret(ctx context.Context, obj *pb.Secre
 			return fmt.Errorf("Aliases cannot be assigned to versions that don't exist")
 		}
 	}
+	// TTL and ExpireTime are OneOf, but the GCP service converts TTL to expireTime before storing the object.
+	if obj.GetTtl() != nil {
+		expirateTime := timestamppb.Now().AsTime().Add(obj.GetTtl().AsDuration())
+		obj.Expiration = &pb.Secret_ExpireTime{
+			ExpireTime: timestamppb.New(expirateTime),
+		}
+	}
 	return nil
 }
 
@@ -154,6 +161,10 @@ func (s *SecretsV1) UpdateSecret(ctx context.Context, req *pb.UpdateSecretReques
 			updated.Expiration = &pb.Secret_ExpireTime{
 				ExpireTime: req.Secret.GetExpireTime(),
 			}
+		case "ttl":
+			updated.Expiration = &pb.Secret_Ttl{
+				Ttl: req.Secret.GetTtl(),
+			}
 		case "expiration":
 			updated.Expiration = req.Secret.GetExpiration()
 		case "rotation.nextRotationTime":

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml

@@ -2,6 +2,7 @@ apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
 kind: SecretManagerSecret
 metadata:
   annotations:
+    alpha.cnrm.cloud.google.com/reconciler: direct
     cnrm.cloud.google.com/management-conflict-prevention-policy: none
     cnrm.cloud.google.com/project-id: ${projectId}
   finalizers:

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-direct/_http.log

@@ -349,6 +349,7 @@ Content-Type: application/json
 User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager
 
 200 OK
+Cache-Control: private
 Content-Type: application/json; charset=UTF-8
 Server: ESF
 Vary: Origin
@@ -362,7 +363,7 @@ X-Xss-Protection: 0
   "done": true,
   "name": "operations/${operationID}",
   "response": {
-    "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity",
+    "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity",
     "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com",
     "uniqueId": "12345678"
   }

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_export_fullsecretmanagersecret-auto-legacy.golden

@@ -0,0 +1,23 @@
+apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
+kind: SecretManagerSecret
+metadata:
+  annotations:
+    cnrm.cloud.google.com/project-id: ${projectId}
+  labels:
+    cnrm-test: "true"
+    label-one: value-one
+    label-two: value-two
+    managed-by-cnrm: "true"
+  name: secretmanagersecret-${uniqueId}
+spec:
+  annotations:
+    bar: secretmanagersecret-bar
+    foo: secretmanagersecret
+  expireTime: "2025-10-03T15:01:23Z"
+  resourceID: secretmanagersecret-${uniqueId}
+  rotation:
+    nextRotationTime: "2025-10-03T15:01:23Z"
+    rotationPeriod: 3600s
+  topics:
+  - topicRef:
+      external: projects/${projectId}/topics/topic-2-${uniqueId}

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_object_fullsecretmanagersecret-auto-legacy.golden.yaml

@@ -0,0 +1,40 @@
+apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1
+kind: SecretManagerSecret
+metadata:
+  annotations:
+    cnrm.cloud.google.com/management-conflict-prevention-policy: none
+    cnrm.cloud.google.com/project-id: ${projectId}
+    cnrm.cloud.google.com/state-into-spec: absent
+  finalizers:
+  - cnrm.cloud.google.com/finalizer
+  - cnrm.cloud.google.com/deletion-defender
+  generation: 3
+  labels:
+    cnrm-test: "true"
+    label-one: value-one
+    label-two: value-two
+  name: secretmanagersecret-${uniqueId}
+  namespace: ${uniqueId}
+spec:
+  annotations:
+    bar: secretmanagersecret-bar
+    foo: secretmanagersecret
+  expireTime: "2025-10-03T15:01:23Z"
+  replication:
+    automatic: true
+  resourceID: secretmanagersecret-${uniqueId}
+  rotation:
+    nextRotationTime: "2025-10-03T15:01:23Z"
+    rotationPeriod: 3600s
+  topics:
+  - topicRef:
+      name: topic-2-${uniqueId}
+status:
+  conditions:
+  - lastTransitionTime: "1970-01-01T00:00:00Z"
+    message: The resource is up to date
+    reason: UpToDate
+    status: "True"
+    type: Ready
+  name: projects/${projectNumber}/secrets/secretmanagersecret-${uniqueId}
+  observedGeneration: 3

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_http.log

@@ -167,6 +167,7 @@ Content-Type: application/json
 User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager
 
 200 OK
+Cache-Control: private
 Content-Type: application/json; charset=UTF-8
 Server: ESF
 Vary: Origin
@@ -180,7 +181,7 @@ X-Xss-Protection: 0
   "done": true,
   "name": "operations/${operationID}",
   "response": {
-    "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity",
+    "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity",
     "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com",
     "uniqueId": "12345678"
   }

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_generated_export_fullsecretmanagersecret-manual-direct.golden

@@ -13,7 +13,7 @@ spec:
   annotations:
     bar: secretmanagersecret-bar
     foo: secretmanagersecret
-  expireTime: "2024-12-12T05:00:40.845270931Z"
+  expireTime: "2024-12-12T06:13:12.609912172Z"
   replication:
     userManaged:
       replicas:

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_http.log

@@ -349,6 +349,7 @@ Content-Type: application/json
 User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager
 
 200 OK
+Cache-Control: private
 Content-Type: application/json; charset=UTF-8
 Server: ESF
 Vary: Origin
@@ -362,7 +363,7 @@ X-Xss-Protection: 0
   "done": true,
   "name": "operations/${operationID}",
   "response": {
-    "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity",
+    "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity",
     "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com",
     "uniqueId": "12345678"
   }
@@ -737,7 +738,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T05:00:28.938552436Z",
+  "expireTime": "2024-12-12T06:13:01.604094950Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -791,7 +792,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T05:00:28.938552436Z",
+  "expireTime": "2024-12-12T06:13:01.604094950Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -883,7 +884,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T05:00:40.845270931Z",
+  "expireTime": "2024-12-12T06:13:12.609912172Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -938,7 +939,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T05:00:40.845270931Z",
+  "expireTime": "2024-12-12T06:13:12.609912172Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -994,7 +995,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T05:00:40.845270931Z",
+  "expireTime": "2024-12-12T06:13:12.609912172Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_generated_export_fullsecretmanagersecret-manual-legacy.golden

@@ -13,7 +13,7 @@ spec:
   annotations:
     bar: secretmanagersecret-bar
     foo: secretmanagersecret
-  expireTime: "2024-12-12T04:55:16.450080998Z"
+  expireTime: "2024-12-12T06:14:18.462315694Z"
   replication:
     userManaged:
       replicas:

pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_http.log

@@ -349,6 +349,7 @@ Content-Type: application/json
 User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager
 
 200 OK
+Cache-Control: private
 Content-Type: application/json; charset=UTF-8
 Server: ESF
 Vary: Origin
@@ -362,7 +363,7 @@ X-Xss-Protection: 0
   "done": true,
   "name": "operations/${operationID}",
   "response": {
-    "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity",
+    "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity",
     "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com",
     "uniqueId": "12345678"
   }
@@ -735,7 +736,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T04:55:16.450080998Z",
+  "expireTime": "2024-12-12T06:14:18.462315694Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -788,7 +789,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T04:55:16.450080998Z",
+  "expireTime": "2024-12-12T06:14:18.462315694Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -829,7 +830,7 @@ User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 t
     "bar": "secretmanagersecret-bar",
     "foo": "secretmanagersecret"
   },
-  "expireTime": "2024-12-12T04:55:16.450080998Z",
+  "expireTime": "2024-12-12T06:14:18.462315694Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -877,7 +878,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T04:55:16.450080998Z",
+  "expireTime": "2024-12-12T06:14:18.462315694Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",
@@ -932,7 +933,7 @@ X-Xss-Protection: 0
   },
   "createTime": "2024-04-01T12:34:56.123456Z",
   "etag": "abcdef0123A=",
-  "expireTime": "2024-12-12T04:55:16.450080998Z",
+  "expireTime": "2024-12-12T06:14:18.462315694Z",
   "labels": {
     "cnrm-test": "true",
     "label-one": "value-one",

tests/e2e/httplog.go

@@ -165,6 +165,8 @@ func (x *Normalizer) Render(events test.LogEntries) string {
 	addReplacement("lastModifiedAt", "2024-04-01T12:34:56.123456Z")
 	addReplacement("createdAt", "2024-04-01T12:34:56.123456Z")
 
+	// Specific to SecretManager
+	addReplacement("expireTime", "2024-04-01T12:34:56.123456Z")
 	// Specific to Sql
 	addSetStringReplacement(".ipAddresses[].ipAddress", "10.1.2.3")
 	addReplacement("serverCaCert.cert", "-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n")

tests/e2e/normalize.go

@@ -175,6 +175,9 @@ func normalizeKRMObject(t *testing.T, u *unstructured.Unstructured, project test
 	// Specific to DataFlow
 	visitor.replacePaths[".status.jobId"] = "${jobID}"
 
+	// Specific to SecretManager
+	visitor.replacePaths[".status.jobId"] = "${jobID}"
+
 	// Specific to BigQueryConnectionConnection.
 	visitor.replacePaths[".status.observedState.aws.accessRole.identity"] = "048077221682493034546"
 	visitor.replacePaths[".status.observedState.azure.identity"] = "117243083562690747295"