replaces gcp credentials secret to manifest template

Signed-off-by: neelanjan00 <[email protected]>

config/crd/bases/keda.sh_clustertriggerauthentications.yaml

@@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
   name: clustertriggerauthentications.keda.sh
 spec:
   group: keda.sh

config/crd/bases/keda.sh_scaledobjects.yaml

@@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
   name: scaledobjects.keda.sh
 spec:
   group: keda.sh

config/crd/bases/keda.sh_triggerauthentications.yaml

@@ -3,7 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.13.0
+    controller-gen.kubebuilder.io/version: v0.9.0
+  creationTimestamp: null
   name: triggerauthentications.keda.sh
 spec:
   group: keda.sh

config/manager/kustomization.yaml

@@ -6,5 +6,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: ghcr.io/kedacore/keda
-  newName: ghcr.io/kedacore/keda
+  newName: docker.io/neelanjan00/keda
   newTag: main

config/metrics-server/kustomization.yaml

@@ -10,5 +10,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: ghcr.io/kedacore/keda-metrics-apiserver
-  newName: ghcr.io/kedacore/keda-metrics-apiserver
+  newName: docker.io/neelanjan00/keda-metrics-apiserver
   newTag: main

config/rbac/role.yaml

@@ -2,6 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
+  creationTimestamp: null
   name: keda-operator
 rules:
 - apiGroups:
@@ -122,6 +123,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
+  creationTimestamp: null
   name: keda-operator
   namespace: keda
 rules:

config/webhooks/kustomization.yaml

@@ -7,5 +7,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: ghcr.io/kedacore/keda-admission-webhooks
-  newName: ghcr.io/kedacore/keda-admission-webhooks
+  newName: docker.io/neelanjan00/keda-admission-webhooks
   newTag: main

pkg/scaling/resolver/gcp_secretmanager_handler.go

@@ -86,7 +86,7 @@ func (vh *GCPSecretManagerHandler) Initialize(client client.Client, logger logr.
 			return fmt.Errorf("failed to create secretmanager client: %w", err)
 		}
 	default:
-		return fmt.Errorf("key vault does not support pod identity provider - %s", podIdentity)
+		return fmt.Errorf("key vault does not support pod identity provider - %v", podIdentity)
 	}
 
 	return nil

tests/secret-providers/gcp_secret_manager/gcp_secret_manager_test.go

@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"strings"
 	"testing"
 
 	secretmanager "cloud.google.com/go/secretmanager/apiv1"
@@ -74,6 +75,7 @@ type templateData struct {
 	GCPCredentialsSecretName         string
 	GCPCredentialsSecretKey          string
 	SecretManagerSecretID            string
+	GCPKeyBase64                     string
 }
 
 const (
@@ -120,6 +122,15 @@ type: Opaque
 data:
   postgresql_conn_str: {{.PostgreSQLConnectionStringBase64}}
 `
+	gcpCredentialsSecretTemplate = `apiVersion: v1
+kind: Secret
+metadata:
+  name: {{.GCPCredentialsSecretName}}
+  namespace: {{.TestNamespace}}
+type: Opaque
+data:
+  {{.GCPCredentialsSecretKey}}: {{.GCPKeyBase64}}
+`
 
 	triggerAuthenticationTemplate = `apiVersion: keda.sh/v1alpha1
 kind: TriggerAuthentication
@@ -131,14 +142,14 @@ spec:
     gcpProjectID: {{.GCPProjectID}}
     secrets:
       - parameter: connection
-	    id: {{.SecretManagerSecretID}}
-	    version: "latest"
+        id: {{.SecretManagerSecretID}}
+        version: "1"
     gcpCredentials:
       clientSecret:
-	    valueFrom:
-	      secretKeyRef:
-		    name: {{.GCPCredentialsSecretName}}
-		    key: {{.GCPCredentialsSecretKey}}
+        valueFrom:
+          secretKeyRef:
+            name: {{.GCPCredentialsSecretName}}
+            key: {{.GCPCredentialsSecretKey}}
 `
 
 	scaledObjectTemplate = `apiVersion: keda.sh/v1alpha1
@@ -279,12 +290,12 @@ spec:
 `
 )
 
-func TestPostreSQLScaler(t *testing.T) {
+func TestPostgreSQLScaler(t *testing.T) {
 	require.NotEmpty(t, gcpKey, "TF_GCP_SA_CREDENTIALS env variable is required for GCP Secret Manager test")
 	require.NoErrorf(t, errGcpKey, "Failed to load credentials from gcpKey - %s", errGcpKey)
 
 	// Create the secret in GCP
-	err := createGCPSecret()
+	err := createGCPSecret(t)
 	assert.NoErrorf(t, err, "cannot create GCP Secret Manager secret - %s", err)
 
 	// Create kubernetes resources for PostgreSQL server
@@ -302,9 +313,6 @@ func TestPostreSQLScaler(t *testing.T) {
 	ok, out, errOut, err := WaitForSuccessfulExecCommandOnSpecificPod(t, postgresqlPodName, testNamespace, psqlCreateTableCmd, 60, 3)
 	assert.True(t, ok, "executing a command on PostreSQL Pod should work; Output: %s, ErrorOutput: %s, Error: %s", out, errOut, err)
 
-	_, err = ExecuteCommand(fmt.Sprintf("kubectl create secret generic %s --from-literal=%s=%s -n %s", gcpCredentialsSecretName, gcpCredentialsSecretKey, gcpKey, testNamespace))
-	assert.NoErrorf(t, err, "cannot create Kubernetes GCP Service Account key secret - %s", err)
-
 	// Create kubernetes resources for testing
 	data, templates := getTemplateData()
 
@@ -321,7 +329,7 @@ func TestPostreSQLScaler(t *testing.T) {
 	DeleteKubernetesResources(t, testNamespace, data, postgreSQLtemplates)
 
 	// Delete the secret in GCP
-	err = deleteGCPSecret()
+	err = deleteGCPSecret(t)
 	assert.NoErrorf(t, err, "cannot delete GCP Secret Manager secret - %s", err)
 }
 
@@ -340,6 +348,9 @@ var data = templateData{
 	PostgreSQLConnectionStringBase64: base64.StdEncoding.EncodeToString([]byte(postgreSQLConnectionString)),
 	GCPProjectID:                     projectID.(string),
 	SecretManagerSecretID:            secretManagerSecretID,
+	GCPKeyBase64:                     base64.StdEncoding.EncodeToString([]byte(strings.TrimSpace(gcpKey))),
+	GCPCredentialsSecretName:         gcpCredentialsSecretName,
+	GCPCredentialsSecretKey:          gcpCredentialsSecretKey,
 }
 
 func getPostgreSQLTemplateData() (templateData, []Template) {
@@ -355,6 +366,7 @@ func getTemplateData() (templateData, []Template) {
 		{Name: "deploymentTemplate", Config: deploymentTemplate},
 		{Name: "triggerAuthenticationTemplate", Config: triggerAuthenticationTemplate},
 		{Name: "scaledObjectTemplate", Config: scaledObjectTemplate},
+		{Name: "gcpCredentialsSecretTemplate", Config: gcpCredentialsSecretTemplate},
 	}
 }
 
@@ -380,7 +392,7 @@ func testScaleIn(t *testing.T, kc *kubernetes.Clientset) {
 		"replica count should be %d after 3 minutes", minReplicaCount)
 }
 
-func createGCPSecret() error {
+func createGCPSecret(t *testing.T) error {
 	ctx := context.Background()
 
 	gcpCreds, err := google.CredentialsFromJSON(ctx, []byte(gcpKey), secretmanager.DefaultAuthScopes()...)
@@ -421,17 +433,17 @@ func createGCPSecret() error {
 		},
 	}
 
-	version, err := client.AddSecretVersion(ctx, createVersionReq)
+	_, err = client.AddSecretVersion(ctx, createVersionReq)
 	if err != nil {
 		return fmt.Errorf("failed to create secret version: %v", err)
 	}
 
-	fmt.Printf("Created secret version: %s\n", version.Name)
+	t.Log("Created secret in GCP Secret Manager.")
 
 	return nil
 }
 
-func deleteGCPSecret() error {
+func deleteGCPSecret(t *testing.T) error {
 	ctx := context.Background()
 
 	gcpCreds, err := google.CredentialsFromJSON(ctx, []byte(gcpKey), secretmanager.DefaultAuthScopes()...)
@@ -458,7 +470,7 @@ func deleteGCPSecret() error {
 		return fmt.Errorf("failed to delete secret: %w", err)
 	}
 
-	fmt.Printf("Secret %s deleted.\n", secretName)
+	t.Log("Deleted secret from GCP Secret Manager.")
 
 	return nil
 }