How to add api key secret during testing

[patrick246]

I want to have my API credentials for my provider in a secret, as the comment above the structure suggests. However, the test will then fail, because the secret is not present.

Other examples use two config keys, one SecretKeySelector and one plain string, one is used during testing and one on an actual cluster. I don't like this solution as there is the possibility of a less than optimal configuration, and it also doesn't test the secret handling, as it will be executed in production.

Is there a place, where I can hook my own function in and submit my secret to the apiserver before testing?

[smueller18]

@patrick246 I had the same question. I found a way to inject secrets before the tests are executed.

The trick is to set the ManifestPath to a yaml file (a directory is not working!) that can contain Kubernetes objects. Usually, the test suite looks for a config.json file in the ManifestPath and uses it for initializing a config object. But if you provide a custom config object (see in the code below), this one is used instead and the file, given in the ManifestPath, will be applied while the test suite sets up the namespace.

So to use secrets (or any other objects) in tests

• set the ManifestPath to a yaml file
• create a config object by reading the config.json file manually

func TestRunSuiteWithSecret(t *testing.T) {

	d, err := ioutil.ReadFile("testdata/config.json")
	if err != nil {
		log.Fatal(err)
	}

	fixture := dns.NewFixture(&solver{},
		dns.SetResolvedZone(zone),
		dns.SetAllowAmbientCredentials(false),
		dns.SetManifestPath("testdata/secret-credentials.yaml"),
		dns.SetBinariesPath("kubebuilder/bin"),
		dns.SetConfig(&extapi.JSON{
			Raw: d,
		}),
	)

	fixture.RunConformance(t)
}

If you are interested how I solved it in my webhook project, have a look at https://gitlab.com/smueller18/cert-manager-webhook-inwx.