test: Add e2e initial test for gcp

e2e/run.sh

@@ -52,5 +52,6 @@ kubectl run --rm \
   --attach \
   --restart=Never \
   --env="FOCUS=${FOCUS}" \
+  --env="GCP_SM_SA_JSON=${GCP_SM_SA_JSON}" \
   --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \
   e2e --image=local/external-secrets-e2e:test

e2e/suite/gcp/gcp.go

@@ -0,0 +1,114 @@
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+limitations under the License.
+*/
+package gcp
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	// nolint
+	. "github.com/onsi/ginkgo"
+	// nolint
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
+	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
+	"github.com/external-secrets/external-secrets/e2e/framework"
+)
+
+var _ = Describe("[gcp] ", func() {
+	f := framework.New("eso-gcp")
+	var secretStore *esv1alpha1.SecretStore
+	projectID := "external-secrets-operator"
+	credentials := os.Getenv("GCP_SM_SA_JSON")
+
+	BeforeEach(func() {
+		By("creating a secret in GCP SM")
+		gcpCred := &v1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      f.Namespace.Name,
+				Namespace: f.Namespace.Name,
+			},
+			StringData: map[string]string{
+				"secret-access-credentials": credentials,
+			},
+		}
+		err := f.CRClient.Create(context.Background(), gcpCred)
+		Expect(err).ToNot(HaveOccurred())
+		secretStore = &esv1alpha1.SecretStore{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      f.Namespace.Name,
+				Namespace: f.Namespace.Name,
+			},
+			Spec: esv1alpha1.SecretStoreSpec{
+				Provider: &esv1alpha1.SecretStoreProvider{
+					GCPSM: &esv1alpha1.GCPSMProvider{
+						ProjectID: projectID,
+						Auth: esv1alpha1.GCPSMAuth{
+							SecretRef: esv1alpha1.GCPSMAuthSecretRef{
+								SecretAccessKey: esmeta.SecretKeySelector{
+									Name: f.Namespace.Name,
+									Key:  "secret-access-credentials",
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+		err = f.CRClient.Create(context.Background(), secretStore)
+		Expect(err).ToNot(HaveOccurred())
+	})
+
+	It("should sync secrets", func() {
+		By("creating a AWS SM Secret")
+		secretKey1 := fmt.Sprintf("%s-%s", f.Namespace.Name, "one")
+		secretValue := "great-value-test"
+		targetSecret := "target-secret"
+		err := CreateGCPSecretsManagerSecret(
+			projectID,
+			secretKey1, secretValue, []byte(credentials))
+		Expect(err).ToNot(HaveOccurred())
+		err = f.CRClient.Create(context.Background(), &esv1alpha1.ExternalSecret{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "simple-sync",
+				Namespace: f.Namespace.Name,
+			},
+			Spec: esv1alpha1.ExternalSecretSpec{
+				SecretStoreRef: esv1alpha1.SecretStoreRef{
+					Name: f.Namespace.Name,
+				},
+				Target: esv1alpha1.ExternalSecretTarget{
+					Name: targetSecret,
+				},
+				Data: []esv1alpha1.ExternalSecretData{
+					{
+						SecretKey: secretKey1,
+						RemoteRef: esv1alpha1.ExternalSecretDataRemoteRef{
+							Key: secretKey1,
+						},
+					},
+				},
+			},
+		})
+		Expect(err).ToNot(HaveOccurred())
+
+		_, err = f.WaitForSecretValue(f.Namespace.Name, targetSecret, map[string][]byte{
+			secretKey1: []byte(secretValue),
+		})
+		Expect(err).ToNot(HaveOccurred())
+	})
+})

e2e/suite/gcp/util.go

@@ -0,0 +1,74 @@
+/*
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+limitations under the License.
+*/
+package gcp
+
+import (
+	"context"
+	"fmt"
+
+	gcpsm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager"
+	"golang.org/x/oauth2/google"
+	"google.golang.org/api/option"
+
+	secretmanager "cloud.google.com/go/secretmanager/apiv1"
+	secretmanagerpb "google.golang.org/genproto/googleapis/cloud/secretmanager/v1"
+)
+
+// CreateAWSSecretsManagerSecret creates a sm secret with the given value.
+func CreateGCPSecretsManagerSecret(projectID, secretName, secretValue string, credentials []byte) error {
+	ctx := context.Background()
+
+	config, err := google.JWTConfigFromJSON(credentials, gcpsm.CloudPlatformRole)
+	if err != nil {
+		return fmt.Errorf("Unable to procces JSON credentials: %w", err)
+	}
+	ts := config.TokenSource(ctx)
+
+	client, err := secretmanager.NewClient(ctx, option.WithTokenSource(ts))
+	if err != nil {
+		return fmt.Errorf("failed to setup client: %w", err)
+	}
+	defer client.Close()
+	// Create the request to create the secret.
+	createSecretReq := &secretmanagerpb.CreateSecretRequest{
+		Parent:   fmt.Sprintf("projects/%s", projectID),
+		SecretId: secretName,
+		Secret: &secretmanagerpb.Secret{
+			Replication: &secretmanagerpb.Replication{
+				Replication: &secretmanagerpb.Replication_Automatic_{
+					Automatic: &secretmanagerpb.Replication_Automatic{},
+				},
+			},
+		},
+	}
+	secret, err := client.CreateSecret(ctx, createSecretReq)
+	if err != nil {
+		return fmt.Errorf("failed to create secret: %w", err)
+	}
+	// Declare the payload to store.
+	payload := []byte(secretValue)
+	// Build the request.
+	addSecretVersionReq := &secretmanagerpb.AddSecretVersionRequest{
+		Parent: secret.Name,
+		Payload: &secretmanagerpb.SecretPayload{
+			Data: payload,
+		},
+	}
+	// Call the API.
+	_, err = client.AddSecretVersion(ctx, addSecretVersionReq)
+	if err != nil {
+		return fmt.Errorf("failed to add secret version: %v", err)
+	}
+
+	return err
+}

e2e/suite/import.go

@@ -17,5 +17,6 @@ import (
 
 	// import different e2e test suites.
 	_ "github.com/external-secrets/external-secrets/e2e/suite/aws"
+	_ "github.com/external-secrets/external-secrets/e2e/suite/gcp"
 	_ "github.com/external-secrets/external-secrets/e2e/suite/vault"
 )

pkg/provider/gcp/secretmanager/secretsmanager.go

@@ -33,7 +33,7 @@ import (
 )
 
 const (
-	cloudPlatformRole = "https://www.googleapis.com/auth/cloud-platform"
+	CloudPlatformRole = "https://www.googleapis.com/auth/cloud-platform"
 	defaultVersion    = "latest"
 
 	errGCPSMStore                             = "received invalid GCPSM SecretStore resource"
@@ -120,7 +120,7 @@ func (sm *ProviderGCP) NewClient(ctx context.Context, store esv1alpha1.GenericSt
 
 	sm.projectID = cliStore.store.ProjectID
 
-	config, err := google.JWTConfigFromJSON(cliStore.credentials, cloudPlatformRole)
+	config, err := google.JWTConfigFromJSON(cliStore.credentials, CloudPlatformRole)
 	if err != nil {
 		return nil, fmt.Errorf(errUnableProcessJSONCredentials, err)
 	}