From b1121ca39fd780ad8ff15b33187e469c5a9d8091 Mon Sep 17 00:00:00 2001
From: gfichtenholt <gfichtenholt@vmware.com>
Date: Wed, 31 Aug 2022 01:39:25 -0700
Subject: [PATCH] narrow down the list of permissions for harbor robot account

---
 .../v1alpha1/chart_integration_test.go        | 157 ------------------
 .../testdata/harbor-create-account.json       |  91 ----------
 .../testdata/harbor-create-robot-account.json |  19 +++
 .../packages/v1alpha1/testdata/harbor-util.sh |   2 +-
 4 files changed, 20 insertions(+), 249 deletions(-)
 delete mode 100644 cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-account.json
 create mode 100644 cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-robot-account.json

diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go
index 334dd17e5a1..f120632722f 100644
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/chart_integration_test.go
@@ -774,160 +774,3 @@ func TestKindClusterAvailablePackageEndpointsForOCI(t *testing.T) {
 		})
 	}
 }
-
-func TestKindClusterAvailablePackageEndpointsForOCI2(t *testing.T) {
-	fluxPluginClient, fluxPluginReposClient, err := checkEnv(t)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	if err := setupHarborStefanProdanClone(t); err != nil {
-		t.Fatal(err)
-	}
-	harborRobotName, harborRobotSecret, err := setupHarborRobotAccount(t)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	testCases := []struct {
-		testName    string
-		registryUrl string
-		secret      *apiv1.Secret
-	}{
-		{
-			testName:    "Testing [" + harbor_stefanprodan_podinfo_oci_registry_url + "] with basic auth secret (robot)",
-			registryUrl: harbor_stefanprodan_podinfo_oci_registry_url,
-			secret: newBasicAuthSecret(types.NamespacedName{
-				Name:      "oci-repo-secret-" + randSeq(4),
-				Namespace: "default"},
-				harborRobotName,
-				harborRobotSecret,
-			),
-		},
-	}
-
-	adminName := types.NamespacedName{
-		Name:      "test-admin-" + randSeq(4),
-		Namespace: "default",
-	}
-	grpcContext, err := newGrpcAdminContext(t, adminName)
-	if err != nil {
-		t.Fatal(err)
-	}
-
-	for _, tc := range testCases {
-		t.Run(tc.testName, func(t *testing.T) {
-			repoName := types.NamespacedName{
-				Name:      "my-podinfo-" + randSeq(4),
-				Namespace: "default",
-			}
-
-			secretName := ""
-			if tc.secret != nil {
-				secretName = tc.secret.Name
-
-				if err := kubeCreateSecretAndCleanup(t, tc.secret); err != nil {
-					t.Fatal(err)
-				}
-			}
-
-			setUserManagedSecretsAndCleanup(t, fluxPluginReposClient, true)
-
-			if err := kubeAddHelmRepositoryAndCleanup(
-				t, repoName, "oci", tc.registryUrl, secretName, 0); err != nil {
-				t.Fatal(err)
-			}
-			// wait until this repo reaches 'Ready'
-			if err = kubeWaitUntilHelmRepositoryIsReady(t, repoName); err != nil {
-				t.Fatal(err)
-			}
-
-			grpcContext, cancel := context.WithTimeout(grpcContext, defaultContextTimeout)
-			defer cancel()
-
-			resp, err := fluxPluginClient.GetAvailablePackageSummaries(
-				grpcContext,
-				&corev1.GetAvailablePackageSummariesRequest{})
-			if err != nil {
-				t.Fatalf("%v", err)
-			}
-
-			opt1 := cmpopts.IgnoreUnexported(
-				corev1.GetAvailablePackageSummariesResponse{},
-				corev1.AvailablePackageSummary{},
-				corev1.AvailablePackageReference{},
-				corev1.Context{},
-				plugins.Plugin{},
-				corev1.PackageAppVersion{})
-			opt2 := cmpopts.SortSlices(lessAvailablePackageFunc)
-			if got, want := resp, expected_oci_stefanprodan_podinfo_available_summaries(repoName.Name); !cmp.Equal(got, want, opt1, opt2) {
-				t.Errorf("mismatch (-want +got):\n%s", cmp.Diff(want, got, opt1, opt2))
-			}
-
-			grpcContext, cancel = context.WithTimeout(grpcContext, defaultContextTimeout)
-			defer cancel()
-			resp2, err := fluxPluginClient.GetAvailablePackageVersions(
-				grpcContext, &corev1.GetAvailablePackageVersionsRequest{
-					AvailablePackageRef: &corev1.AvailablePackageReference{
-						Context: &corev1.Context{
-							Namespace: "default",
-						},
-						Identifier: repoName.Name + "/podinfo",
-					},
-				})
-			if err != nil {
-				t.Fatal(err)
-			}
-			opts := cmpopts.IgnoreUnexported(
-				corev1.GetAvailablePackageVersionsResponse{},
-				corev1.PackageAppVersion{})
-			if got, want := resp2, expected_versions_stefanprodan_podinfo; !cmp.Equal(want, got, opts) {
-				t.Errorf("mismatch (-want +got):\n%s", cmp.Diff(want, got, opts))
-			}
-
-			grpcContext, cancel = context.WithTimeout(grpcContext, defaultContextTimeout)
-			defer cancel()
-			resp3, err := fluxPluginClient.GetAvailablePackageDetail(
-				grpcContext,
-				&corev1.GetAvailablePackageDetailRequest{
-					AvailablePackageRef: &corev1.AvailablePackageReference{
-						Context: &corev1.Context{
-							Namespace: "default",
-						},
-						Identifier: repoName.Name + "/podinfo",
-					},
-				})
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			compareActualVsExpectedAvailablePackageDetail(
-				t,
-				resp3.AvailablePackageDetail,
-				expected_detail_oci_stefanprodan_podinfo(repoName.Name, tc.registryUrl).AvailablePackageDetail)
-
-			// try a few older versions
-			grpcContext, cancel = context.WithTimeout(grpcContext, defaultContextTimeout)
-			defer cancel()
-			resp4, err := fluxPluginClient.GetAvailablePackageDetail(
-				grpcContext,
-				&corev1.GetAvailablePackageDetailRequest{
-					AvailablePackageRef: &corev1.AvailablePackageReference{
-						Context: &corev1.Context{
-							Namespace: "default",
-						},
-						Identifier: repoName.Name + "/podinfo",
-					},
-					PkgVersion: "6.1.6",
-				})
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			compareActualVsExpectedAvailablePackageDetail(
-				t,
-				resp4.AvailablePackageDetail,
-				expected_detail_oci_stefanprodan_podinfo_2(repoName.Name, tc.registryUrl).AvailablePackageDetail)
-		})
-	}
-}
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-account.json b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-account.json
deleted file mode 100644
index 1fe4804bbe9..00000000000
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-account.json
+++ /dev/null
@@ -1,91 +0,0 @@
-{
-    "name": "$NAME",
-    "duration": 30,
-    "description": null,
-    "disable": false,
-    "level": "system",
-    "permissions": [
-      {
-        "kind": "project",
-        "namespace": "$PROJECT_NAME",
-        "access": [
-          {
-            "resource": "repository",
-            "action": "list"
-          },
-          {
-            "resource": "repository",
-            "action": "pull"
-          },
-          {
-            "resource": "repository",
-            "action": "push"
-          },
-          {
-            "resource": "repository",
-            "action": "delete"
-          },
-          {
-            "resource": "artifact",
-            "action": "read"
-          },
-          {
-            "resource": "artifact",
-            "action": "list"
-          },
-          {
-            "resource": "artifact",
-            "action": "delete"
-          },
-          {
-            "resource": "artifact-label",
-            "action": "create"
-          },
-          {
-            "resource": "artifact-label",
-            "action": "delete"
-          },
-          {
-            "resource": "tag",
-            "action": "create"
-          },
-          {
-            "resource": "tag",
-            "action": "delete"
-          },
-          {
-            "resource": "tag",
-            "action": "list"
-          },
-          {
-            "resource": "scan",
-            "action": "create"
-          },
-          {
-            "resource": "scan",
-            "action": "stop"
-          },
-          {
-            "resource": "helm-chart",
-            "action": "read"
-          },
-          {
-            "resource": "helm-chart-version",
-            "action": "create"
-          },
-          {
-            "resource": "helm-chart-version",
-            "action": "delete"
-          },
-          {
-            "resource": "helm-chart-version-label",
-            "action": "create"
-          },
-          {
-            "resource": "helm-chart-version-label",
-            "action": "delete"
-          }
-        ]
-      }
-    ]
-  }
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-robot-account.json b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-robot-account.json
new file mode 100644
index 00000000000..2ff4ed2fc66
--- /dev/null
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-create-robot-account.json
@@ -0,0 +1,19 @@
+{
+    "name": "$NAME",
+    "duration": 30,
+    "description": null,
+    "disable": false,
+    "level": "system",
+    "permissions": [
+      {
+        "kind": "project",
+        "namespace": "$PROJECT_NAME",
+        "access": [
+          {
+            "resource": "repository",
+            "action": "list"
+          }
+        ]
+      }
+    ]
+  }
diff --git a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-util.sh b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-util.sh
index 5b47170981a..45783cabc51 100644
--- a/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-util.sh
+++ b/cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/harbor-util.sh
@@ -179,7 +179,7 @@ function createHarborRobotAccount()
   local PROJECT_NAME=$2
 
   echo -e "Creating robot account [${L_YELLOW}$ACCOUNT_NAME${NC}] in harbor..."
-  local payload=$(sed "s/\$NAME/${ACCOUNT_NAME}/g" $SCRIPTPATH/harbor-create-account.json)
+  local payload=$(sed "s/\$NAME/${ACCOUNT_NAME}/g" $SCRIPTPATH/harbor-create-robot-account.json)
   payload=$(echo $payload | sed "s/\$PROJECT_NAME/${PROJECT_NAME}/g")
   local RESP=$(curl -L --silent --show-error \
                 -X POST \