Fix test environment on GKE (#5207)

* Prevent private img test from being run if GKE Signed-off-by: Antonio Gamez Diaz <[email protected]> * Fix typo Signed-off-by: Antonio Gamez Diaz <[email protected]> * Use a clusterrolebinding for "edit" ci user Signed-off-by: Antonio Gamez Diaz <[email protected]> * Add todo and minor typo Signed-off-by: Antonio Gamez Diaz <[email protected]> Signed-off-by: Antonio Gamez Diaz <[email protected]>
vmware-tanzu · Aug 16, 2022 · 412f63b · 412f63b
1 parent 00346f1
commit 412f63b
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories.go b/cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories.go
@@ -251,8 +251,10 @@ func (s *Server) mapToPackageRepositoryDetail(source *apprepov1alpha1.AppReposit
 // Using owner references on the secret so that it can be
 // (1) cleaned up automatically and/or
 // (2) enable some control (ie. if I add a secret manually
-//   via kubectl before running kubeapps, it won't get deleted just
-//   because Kubeapps is deleting it)?
+//
+//	via kubectl before running kubeapps, it won't get deleted just
+//	because Kubeapps is deleting it)?
+//
 // See https://github.com/vmware-tanzu/kubeapps/pull/4630#discussion_r861446394 for details
 func (s *Server) setOwnerReferencesForRepoSecret(
 	ctx context.Context,
@@ -500,6 +502,7 @@ func (s *Server) GetPkgRepositories(ctx context.Context, cluster, namespace stri
 	if err != nil {
 		return nil, err
 	}
+	// TODO(agamez): handle permission denied scenario when listing w/o namespace, which would need a ClusterRole
 	unstructured, err := resource.List(ctx, metav1.ListOptions{})
 	if err != nil {
 		return nil, err

diff --git a/cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories_resources.go b/cmd/kubeapps-apis/plugins/helm/packages/v1alpha1/repositories_resources.go
@@ -84,7 +84,7 @@ func (s *Server) updatePkgRepository(ctx context.Context, cluster, namespace str
 	}
 
 	if err = client.Update(ctx, newPkgRepository); err != nil {
-		return statuserror.FromK8sError("get", AppRepositoryKind, newPkgRepository.Name, err)
+		return statuserror.FromK8sError("update", AppRepositoryKind, newPkgRepository.Name, err)
 	}
 	return nil
 }
diff --git a/...deploy-package-with-private-image.spec.js → ...deploy-package-with-private-image.spec.js b/...deploy-package-with-private-image.spec.js → ...deploy-package-with-private-image.spec.js
diff --git a/script/e2e-test.sh b/script/e2e-test.sh
@@ -309,9 +309,11 @@ installChartMuseum "${CHARTMUSEUM_VERSION}"
 pushChart apache 8.6.2 admin password
 pushChart apache 8.6.3 admin password
 
-# Setting up local Docker registry
-setupLocalDockerRegistry
-pushLocalChart
+# Setting up local Docker registry if not in GKE
+if [[ -z "${GKE_BRANCH-}" ]]; then
+  setupLocalDockerRegistry
+  pushLocalChart
+fi
 
 # Ensure that we are testing the correct image
 info ""
@@ -396,7 +398,7 @@ kubectl create serviceaccount kubeapps-edit -n kubeapps
 # default). See https://github.com/vmware-tanzu/kubeapps/issues/4435
 kubectl create rolebinding kubeapps-edit -n kubeapps --clusterrole=edit --serviceaccount kubeapps:kubeapps-edit
 kubectl create rolebinding kubeapps-edit -n default --clusterrole=edit --serviceaccount kubeapps:kubeapps-edit
-kubectl create rolebinding kubeapps-repositories-read -n kubeapps --clusterrole kubeapps:kubeapps:apprepositories-read --serviceaccount kubeapps:kubeapps-edit
+kubectl create clusterrolebinding kubeapps-repositories-read --clusterrole kubeapps:kubeapps:apprepositories-read --serviceaccount kubeapps:kubeapps-edit
 # TODO(minelson): Similar to the `global-repos-read` rolebinding that the chart
 # adds to the `kubeapps-repos-global` namespace for all authenticated users, we
 # should eventually consider adding a similar rolebinding for secrets in the