test: fix githubapp expectation in proxy e2e test (#1801)

sdowell · web-flow · commit c32f7195c44e · 2025-07-24T23:23:01.000Z
The fake githubapp Secret actually breaks the expectation for the
RootSyncStalledError, since it makes the RootSync spec valid. This
creates a race condition where the stalled error must be detected before
the reconciler-manager can reconcile the contrived Secret.

The fake secret is unnecessary for the assertion and is removed.
diff --git a/e2e/nomostest/config_sync.go b/e2e/nomostest/config_sync.go
@@ -1516,57 +1516,3 @@ func SetupFakeSSHCreds(nt *NT, rsKind string, rsRef types.NamespacedName, auth c
 	})
 	return nil
 }
-
-// SetupFakeGithubAppCreds sets up the RSync Secret when needed.
-func SetupFakeGithubAppCreds(nt *NT, rsKind string, rsRef types.NamespacedName, auth configsync.AuthType, secretName string) error {
-	if controllers.SkipForAuth(auth) {
-		nt.T.Logf("The auth type %s doesn't need a Secret", auth)
-		return nil
-	}
-
-	gitSecretGithubAppPrivateKey := "github-app-private-key"
-	gitSecretGithubAppInstallationID := "github-app-installation-id"
-	gitSecretGithubAppApplicationID := reconcilermanager.GitSecretGithubAppApplicationID
-
-	secret := k8sobjects.SecretObject(secretName, core.Namespace(rsRef.Namespace))
-	err := nt.KubeClient.Get(secret.Name, secret.Namespace, secret)
-	if err == nil {
-		// The Secret is already created by the test scaffolding.
-		// Add or update the GitHub App keys.
-		secret.Data[gitSecretGithubAppApplicationID] = []byte(gitSecretGithubAppApplicationID)
-		secret.Data[gitSecretGithubAppInstallationID] = []byte(gitSecretGithubAppInstallationID)
-		secret.Data[gitSecretGithubAppPrivateKey] = []byte(gitSecretGithubAppPrivateKey)
-		if err = nt.KubeClient.Update(secret); err != nil {
-			return err
-		}
-		return nil
-	}
-	if !apierrors.IsNotFound(err) {
-		return err
-	}
-
-	nt.T.Logf("The %s/%s Secret doesn't exist with auth %q, so creating a fake one", rsRef.Namespace, secretName, auth)
-	if rsKind == kinds.RootSyncV1Beta1().Kind {
-		if err := nt.Watcher.WatchForRootSyncStalledError(rsRef.Name, "Validation", validate.MissingSecret(secretName).Error()); err != nil {
-			return err
-		}
-	} else {
-		if err := nt.Watcher.WatchForRepoSyncStalledError(rsRef.Namespace, rsRef.Name, "Validation", validate.MissingSecret(secretName).Error()); err != nil {
-			return err
-		}
-	}
-
-	secret.Data[gitSecretGithubAppApplicationID] = []byte(gitSecretGithubAppApplicationID)
-	secret.Data[gitSecretGithubAppInstallationID] = []byte(gitSecretGithubAppInstallationID)
-	secret.Data[gitSecretGithubAppPrivateKey] = []byte(gitSecretGithubAppPrivateKey)
-
-	if err = nt.KubeClient.Create(secret); err != nil {
-		return err
-	}
-	nt.T.Cleanup(func() {
-		if err = nt.KubeClient.Delete(secret); err != nil {
-			nt.T.Error(err)
-		}
-	})
-	return nil
-}
diff --git a/e2e/testcases/proxy_test.go b/e2e/testcases/proxy_test.go
@@ -64,7 +64,6 @@ func TestSyncingThroughAProxy(t *testing.T) {
 	nt.T.Log("Set auth type to githubapp")
 	nt.MustMergePatch(rs, `{"spec": {"git": {"auth": "githubapp"}}}`)
 	nt.T.Log("Verify the secretRef error")
-	nt.Must(nomostest.SetupFakeGithubAppCreds(nt, rootSyncID.Kind, rootSyncID.ObjectKey, configsync.AuthGithubApp, controllers.GitCredentialVolume))
 	nt.Must(nt.Watcher.WatchForRootSyncStalledError(rs.Name, "Validation",
 		validate.MissingKeyInAuthSecret(configsync.AuthGithubApp, "github-app-private-key", "git-creds").Error()))
 	nt.T.Log("Set auth type to none")
