Set Aws credentials in cert manager package pod for e2e test

Author: rajeshvenkata

test/e2e/certmanager.go

@@ -26,8 +26,7 @@ func runCertManagerRemoteClusterInstallSimpleFlow(test *framework.MulticlusterE2
 		test.ManagementCluster.SetPackageBundleActive()
 		packageName := "cert-manager"
 		packagePrefix := "test"
-		packageFile := e.BuildPackageConfigFile(packageName, packagePrefix, EksaPackagesNamespace)
-		test.ManagementCluster.InstallCuratedPackageFile(packageFile, kubeconfig.FromClusterName(test.ManagementCluster.ClusterName))
+		test.ManagementCluster.InstallCertManagerPackageWithAwsCredentials(packagePrefix, packageName, EksaPackagesNamespace)
 		e.VerifyCertManagerPackageInstalled(packagePrefix, EksaPackagesNamespace, cmPackageName, withCluster(test.ManagementCluster))
 		e.CleanupCerts(withCluster(test.ManagementCluster))
 		e.DeleteClusterWithKubectl()

test/framework/cluster.go

@@ -1808,25 +1808,11 @@ var certManagerSecret string
 func (e *ClusterE2ETest) verifyLetsEncryptCert() error {
 	ctx := context.Background()
 	letsEncryptCert := "test-cert"
-	accessKey, secretAccess, region, zoneID := GetRoute53Configs()
-	data := map[string]interface{}{
-		"route53SecretAccessKey": secretAccess,
-	}
-
-	certManagerSecretData, err := templater.Execute(certManagerSecret, data)
-	if err != nil {
-		return fmt.Errorf("failed creating cert manager secret: %v", err)
-	}
-
-	err = e.KubectlClient.ApplyKubeSpecFromBytes(ctx, e.Cluster(), certManagerSecretData)
-	if err != nil {
-		return fmt.Errorf("error creating cert manager secret: %v", err)
-	}
+	region, zoneID := GetRoute53Configs()
 
-	data = map[string]interface{}{
-		"route53AccessKeyId": accessKey,
-		"route53ZoneId":      zoneID,
-		"route53Region":      region,
+	data := map[string]interface{}{
+		"route53ZoneId": zoneID,
+		"route53Region": region,
 	}
 
 	certManagerIssuerData, err := templater.Execute(certManagerLetsEncryptIssuer, data)
@@ -2061,6 +2047,39 @@ func (e *ClusterE2ETest) InstallAutoScaler(workloadClusterName, targetNamespace
 	}
 }
 
+//go:embed testdata/certmanager/certmanager_package.yaml
+var certManagerPackageTemplate string
+
+// InstallCertManagerPackageWithAwsCredentials installs cert-manager package by setting aws credentials in the pod.
+func (e *ClusterE2ETest) InstallCertManagerPackageWithAwsCredentials(prefix, packageName, namespace string) {
+	generatedName := fmt.Sprintf("%s-%s", prefix, packageName)
+	targetNamespace := namespace
+	namespace = fmt.Sprintf("%s-%s", namespace, e.ClusterName)
+	ctx := context.Background()
+	accessKeyID := os.Getenv(route53AccessKey)
+	secretKey := os.Getenv(route53SecretKey)
+	sessionToken := os.Getenv(route53SessionToken)
+	data := map[string]interface{}{
+		"targetNamespace": targetNamespace,
+		"namespace":       namespace,
+		"name":            generatedName,
+		"accessKeyId":     accessKeyID,
+		"secretKey":       secretKey,
+		"sessionToken":    sessionToken,
+	}
+
+	certManagerPackageDeployment, err := templater.Execute(certManagerPackageTemplate, data)
+	if err != nil {
+		e.T.Fatalf("Failed creating cert-manager Package Deployment: %s", err)
+	}
+
+	err = e.KubectlClient.ApplyKubeSpecFromBytesWithNamespace(ctx, e.Cluster(), certManagerPackageDeployment,
+		namespace)
+	if err != nil {
+		e.T.Fatalf("Error installing cert-manager pacakge: %s", err)
+	}
+}
+
 // CombinedAutoScalerMetricServerTest verifies that new nodes are spun up after using a HPA to scale a deployment.
 func (e *ClusterE2ETest) CombinedAutoScalerMetricServerTest(autoscalerName, metricServerName, targetNamespace string, mgmtCluster *types.Cluster) {
 	e.VerifyMetricServerPackageInstalled(metricServerName, targetNamespace, mgmtCluster)

test/framework/curatedpackages.go

@@ -38,6 +38,7 @@ const (
 	eksaPackagesRegion          = "EKSA_AWS_REGION"
 	route53AccessKey            = "ROUTE53_ACCESS_KEY_ID"
 	route53SecretKey            = "ROUTE53_SECRET_ACCESS_KEY"
+	route53SessionToken         = "ROUTE53_SESSION_TOKEN"
 	route53Region               = "ROUTE53_REGION"
 	route53ZoneID               = "ROUTE53_ZONEID"
 )
@@ -87,7 +88,6 @@ func CheckCertManagerCredentials(t *testing.T) {
 }
 
 // GetRoute53Configs returns route53 configurations for cert-manager.
-func GetRoute53Configs() (string, string, string, string) {
-	return os.Getenv(route53AccessKey), os.Getenv(route53SecretKey),
-		os.Getenv(route53Region), os.Getenv(route53ZoneID)
+func GetRoute53Configs() (string, string) {
+	return os.Getenv(route53Region), os.Getenv(route53ZoneID)
 }

test/framework/testdata/certmanager/certmanager_letsencrypt_issuer.yaml

@@ -13,10 +13,6 @@ spec:
           route53:
             region: "{{.route53Region}}"
             hostedZoneID: "{{.route53ZoneId}}"
-            accessKeyID: "{{.route53AccessKeyId}}"
-            secretAccessKeySecretRef:
-              name: route53-credentials-secret
-              key: secret-access-key
         selector:
           dnsZones:
             - "cert-manager-e2e.model-rocket.aws.dev"

test/framework/testdata/certmanager/certmanager_package.yaml

@@ -0,0 +1,18 @@
+apiVersion: packages.eks.amazonaws.com/v1alpha1
+kind: Package
+metadata:
+  name: {{.name}}
+  namespace: {{.namespace}}
+spec:
+  packageName: cert-manager
+  targetNamespace: {{.targetNamespace}}
+  config: |-
+    extraEnv:
+      - name: AWS_ACCESS_KEY_ID
+        value: {{.accessKeyId}}
+      - name: AWS_SECRET_ACCESS_KEY
+        value: {{.secretKey}}
+{{- if .sessionToken }}
+      - name: AWS_SESSION_TOKEN
+        value: {{.sessionToken}}
+{{- end }}