diff --git a/dev/tasks/run-e2e b/dev/tasks/run-e2e index 2f8286b3fa..8c526afcbc 100755 --- a/dev/tasks/run-e2e +++ b/dev/tasks/run-e2e @@ -26,7 +26,7 @@ if [[ -z "${KUBEBUILDER_ASSETS:-}" ]]; then fi if [[ -z "${KCC_USE_DIRECT_RECONCILERS:-}" ]]; then - KCC_USE_DIRECT_RECONCILERS=ComputeForwardingRule,GKEHubFeatureMembership,SecretManagerSecret,SecretManagerSecretVersion + KCC_USE_DIRECT_RECONCILERS=ComputeForwardingRule,GKEHubFeatureMembership fi echo "Using direct controllers: $KCC_USE_DIRECT_RECONCILERS" export KCC_USE_DIRECT_RECONCILERS diff --git a/mockgcp/mocksecretmanager/secrets.go b/mockgcp/mocksecretmanager/secrets.go index 273f865767..74210c135c 100644 --- a/mockgcp/mocksecretmanager/secrets.go +++ b/mockgcp/mocksecretmanager/secrets.go @@ -84,6 +84,13 @@ func (s *SecretsV1) populateDefaultsForSecret(ctx context.Context, obj *pb.Secre return fmt.Errorf("Aliases cannot be assigned to versions that don't exist") } } + // TTL and ExpireTime are OneOf, but the GCP service converts TTL to expireTime before storing the object. + if obj.GetTtl() != nil { + expirateTime := timestamppb.Now().AsTime().Add(obj.GetTtl().AsDuration()) + obj.Expiration = &pb.Secret_ExpireTime{ + ExpireTime: timestamppb.New(expirateTime), + } + } return nil } @@ -154,6 +161,10 @@ func (s *SecretsV1) UpdateSecret(ctx context.Context, req *pb.UpdateSecretReques updated.Expiration = &pb.Secret_ExpireTime{ ExpireTime: req.Secret.GetExpireTime(), } + case "ttl": + updated.Expiration = &pb.Secret_Ttl{ + Ttl: req.Secret.GetTtl(), + } case "expiration": updated.Expiration = req.Secret.GetExpiration() case "rotation.nextRotationTime": diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml index 5c7711f63b..3d459530e1 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/basicsecretmanagersecret/_generated_object_basicsecretmanagersecret.golden.yaml @@ -2,6 +2,7 @@ apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1 kind: SecretManagerSecret metadata: annotations: + alpha.cnrm.cloud.google.com/reconciler: direct cnrm.cloud.google.com/management-conflict-prevention-policy: none cnrm.cloud.google.com/project-id: ${projectId} finalizers: diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-direct/_http.log index 0b2954bc15..a1d0b8bdba 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-direct/_http.log @@ -349,6 +349,7 @@ Content-Type: application/json User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -362,7 +363,7 @@ X-Xss-Protection: 0 "done": true, "name": "operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity", + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com", "uniqueId": "12345678" } diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_export_fullsecretmanagersecret-auto-legacy.golden b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_export_fullsecretmanagersecret-auto-legacy.golden new file mode 100644 index 0000000000..5568aa2b97 --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_export_fullsecretmanagersecret-auto-legacy.golden @@ -0,0 +1,23 @@ +apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1 +kind: SecretManagerSecret +metadata: + annotations: + cnrm.cloud.google.com/project-id: ${projectId} + labels: + cnrm-test: "true" + label-one: value-one + label-two: value-two + managed-by-cnrm: "true" + name: secretmanagersecret-${uniqueId} +spec: + annotations: + bar: secretmanagersecret-bar + foo: secretmanagersecret + expireTime: "2025-10-03T15:01:23Z" + resourceID: secretmanagersecret-${uniqueId} + rotation: + nextRotationTime: "2025-10-03T15:01:23Z" + rotationPeriod: 3600s + topics: + - topicRef: + external: projects/${projectId}/topics/topic-2-${uniqueId} \ No newline at end of file diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_object_fullsecretmanagersecret-auto-legacy.golden.yaml b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_object_fullsecretmanagersecret-auto-legacy.golden.yaml new file mode 100644 index 0000000000..4771fc4bbf --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_generated_object_fullsecretmanagersecret-auto-legacy.golden.yaml @@ -0,0 +1,40 @@ +apiVersion: secretmanager.cnrm.cloud.google.com/v1beta1 +kind: SecretManagerSecret +metadata: + annotations: + cnrm.cloud.google.com/management-conflict-prevention-policy: none + cnrm.cloud.google.com/project-id: ${projectId} + cnrm.cloud.google.com/state-into-spec: absent + finalizers: + - cnrm.cloud.google.com/finalizer + - cnrm.cloud.google.com/deletion-defender + generation: 3 + labels: + cnrm-test: "true" + label-one: value-one + label-two: value-two + name: secretmanagersecret-${uniqueId} + namespace: ${uniqueId} +spec: + annotations: + bar: secretmanagersecret-bar + foo: secretmanagersecret + expireTime: "2025-10-03T15:01:23Z" + replication: + automatic: true + resourceID: secretmanagersecret-${uniqueId} + rotation: + nextRotationTime: "2025-10-03T15:01:23Z" + rotationPeriod: 3600s + topics: + - topicRef: + name: topic-2-${uniqueId} +status: + conditions: + - lastTransitionTime: "1970-01-01T00:00:00Z" + message: The resource is up to date + reason: UpToDate + status: "True" + type: Ready + name: projects/${projectNumber}/secrets/secretmanagersecret-${uniqueId} + observedGeneration: 3 diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_http.log b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_http.log index eb374fd98f..a4a6f993b3 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-auto-legacy/_http.log @@ -167,6 +167,7 @@ Content-Type: application/json User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -180,7 +181,7 @@ X-Xss-Protection: 0 "done": true, "name": "operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity", + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com", "uniqueId": "12345678" } diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_generated_export_fullsecretmanagersecret-manual-direct.golden b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_generated_export_fullsecretmanagersecret-manual-direct.golden index 9125a2c257..bce8a34c9f 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_generated_export_fullsecretmanagersecret-manual-direct.golden +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_generated_export_fullsecretmanagersecret-manual-direct.golden @@ -13,7 +13,7 @@ spec: annotations: bar: secretmanagersecret-bar foo: secretmanagersecret - expireTime: "2024-12-12T05:00:40.845270931Z" + expireTime: "2024-12-12T06:13:12.609912172Z" replication: userManaged: replicas: diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_http.log b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_http.log index 6b224e06db..26913e803a 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-direct/_http.log @@ -349,6 +349,7 @@ Content-Type: application/json User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -362,7 +363,7 @@ X-Xss-Protection: 0 "done": true, "name": "operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity", + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com", "uniqueId": "12345678" } @@ -737,7 +738,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T05:00:28.938552436Z", + "expireTime": "2024-12-12T06:13:01.604094950Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -791,7 +792,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T05:00:28.938552436Z", + "expireTime": "2024-12-12T06:13:01.604094950Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -883,7 +884,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T05:00:40.845270931Z", + "expireTime": "2024-12-12T06:13:12.609912172Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -938,7 +939,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T05:00:40.845270931Z", + "expireTime": "2024-12-12T06:13:12.609912172Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -994,7 +995,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T05:00:40.845270931Z", + "expireTime": "2024-12-12T06:13:12.609912172Z", "labels": { "cnrm-test": "true", "label-one": "value-one", diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_generated_export_fullsecretmanagersecret-manual-legacy.golden b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_generated_export_fullsecretmanagersecret-manual-legacy.golden index 17ec875efe..301927d5d6 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_generated_export_fullsecretmanagersecret-manual-legacy.golden +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_generated_export_fullsecretmanagersecret-manual-legacy.golden @@ -13,7 +13,7 @@ spec: annotations: bar: secretmanagersecret-bar foo: secretmanagersecret - expireTime: "2024-12-12T04:55:16.450080998Z" + expireTime: "2024-12-12T06:14:18.462315694Z" replication: userManaged: replicas: diff --git a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_http.log b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_http.log index 03d9081d33..69e540615b 100644 --- a/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_http.log +++ b/pkg/test/resourcefixture/testdata/basic/secretmanager/v1beta1/fullsecretmanagersecret-manual-legacy/_http.log @@ -349,6 +349,7 @@ Content-Type: application/json User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 terraform-provider-google-beta/kcc/controller-manager 200 OK +Cache-Control: private Content-Type: application/json; charset=UTF-8 Server: ESF Vary: Origin @@ -362,7 +363,7 @@ X-Xss-Protection: 0 "done": true, "name": "operations/${operationID}", "response": { - "@type": "type.googleapis.com/google.api.serviceusage.v1beta1.ServiceIdentity", + "@type": "type.googleapis.com/mockgcp.api.serviceusage.v1beta1.ServiceIdentity", "email": "service-${projectNumber}@gcp-sa-secretmanager.iam.gserviceaccount.com", "uniqueId": "12345678" } @@ -735,7 +736,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T04:55:16.450080998Z", + "expireTime": "2024-12-12T06:14:18.462315694Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -788,7 +789,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T04:55:16.450080998Z", + "expireTime": "2024-12-12T06:14:18.462315694Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -829,7 +830,7 @@ User-Agent: Terraform/ (+https://www.terraform.io) Terraform-Plugin-SDK/2.10.1 t "bar": "secretmanagersecret-bar", "foo": "secretmanagersecret" }, - "expireTime": "2024-12-12T04:55:16.450080998Z", + "expireTime": "2024-12-12T06:14:18.462315694Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -877,7 +878,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T04:55:16.450080998Z", + "expireTime": "2024-12-12T06:14:18.462315694Z", "labels": { "cnrm-test": "true", "label-one": "value-one", @@ -932,7 +933,7 @@ X-Xss-Protection: 0 }, "createTime": "2024-04-01T12:34:56.123456Z", "etag": "abcdef0123A=", - "expireTime": "2024-12-12T04:55:16.450080998Z", + "expireTime": "2024-12-12T06:14:18.462315694Z", "labels": { "cnrm-test": "true", "label-one": "value-one", diff --git a/tests/e2e/httplog.go b/tests/e2e/httplog.go index 223a4cf9c7..f02459e573 100644 --- a/tests/e2e/httplog.go +++ b/tests/e2e/httplog.go @@ -165,6 +165,8 @@ func (x *Normalizer) Render(events test.LogEntries) string { addReplacement("lastModifiedAt", "2024-04-01T12:34:56.123456Z") addReplacement("createdAt", "2024-04-01T12:34:56.123456Z") + // Specific to SecretManager + addReplacement("expireTime", "2024-04-01T12:34:56.123456Z") // Specific to Sql addSetStringReplacement(".ipAddresses[].ipAddress", "10.1.2.3") addReplacement("serverCaCert.cert", "-----BEGIN CERTIFICATE-----\n-----END CERTIFICATE-----\n") diff --git a/tests/e2e/normalize.go b/tests/e2e/normalize.go index 5596caa923..2b25d5cc2a 100644 --- a/tests/e2e/normalize.go +++ b/tests/e2e/normalize.go @@ -175,6 +175,9 @@ func normalizeKRMObject(t *testing.T, u *unstructured.Unstructured, project test // Specific to DataFlow visitor.replacePaths[".status.jobId"] = "${jobID}" + // Specific to SecretManager + visitor.replacePaths[".status.jobId"] = "${jobID}" + // Specific to BigQueryConnectionConnection. visitor.replacePaths[".status.observedState.aws.accessRole.identity"] = "048077221682493034546" visitor.replacePaths[".status.observedState.azure.identity"] = "117243083562690747295"