Bugfixes: Enterprise-in-GKE test not deploying test apps

[john-odonnell]

Desired Outcome

In recent CI runs, the stage running end-to-end tests against Conjur Enterprise in GKE succeed without installing the Namespace Prep Helm chart or deploying the test apps.

From a passing Jenkins run:

++++++++++++++++++++++++++++++++++++++

Installing cluster prep chart

++++++++++++++++++++++++++++++++++++++
. . .
The Conjur/Authenticator Namespace preparation is complete.
 The following have been deployed:
- Golden ConfigMap
- Authenticator ClusterRole
++++++++++++++++++++++++++++++++++++++

Removing test environment

++++++++++++++++++++++++++++++++++++++

Updating this led to another bug:
Jenkins logs:

++++++++++++++++++++++++++++++++++++++

Installing namespace prep chart

++++++++++++++++++++++++++++++++++++++
Release "namespace-prep-7bc09deb-9" does not exist. Installing it now.
Error: unable to build kubernetes objects from release manifest: error validating "": error validating data: ValidationError(RoleBinding.subjects[0]): missing required field "name" in io.k8s.api.rbac.v1.Subject

The authnK8sServiceAccount field in the Golden ConfigMap template is wrapped in a conditional, and is only created if the Cluster Prep Helm chart was told to create a serviceAccount. The chart's values.yml file states:

# If 'authnK8s.serviceAccount.create` is set to `true`, then this defaults
# to "conjur-serviceaccount". If 'authnK8s.serviceAccount.create` is set
# to `false`, then this is a required value.
# name: conjur-serviceaccount
# name:

In cases where authnK8s.serviceAccount.create is set to false, the provided name was not being used for the authnK8sServiceAccount field in the Golden ConfigMap.

Implemented Changes

• End-to-end test stage for Enterprise-in-GKE now installs Namespace prep Helm chart and deploys test apps
• When authnK8s.serviceAccount.create is set to false, the Golden ConfigMap template uses authnK8s.serviceAccount.name to fill its authnK8sServiceAccount field.

Connected Issue/Story

Resolves #[relevant GitHub issue(s), e.g. 76]

CyberArk internal issue link: insert issue ID

Definition of Done

At least 1 todo must be completed in the sections below for the PR to be
merged.

Changelog

• The CHANGELOG has been updated, or
• This PR does not include user-facing changes and doesn't require a
  CHANGELOG update

Test coverage

• This PR includes new unit and integration tests to go with the code
  changes, or
• The changes in this PR do not require tests

Documentation

• Docs (e.g. READMEs) were updated in this PR
• A follow-up issue to update official docs has been filed here: insert issue ID
• This PR does not require updating any documentation

Behavior

• This PR changes product behavior and has been reviewed by a PO, or
• These changes are part of a larger initiative that will be reviewed later, or
• No behavior was changed with this PR

Security

• Security architect has reviewed the changes in this PR,
• These changes are part of a larger initiative with a separate security review, or
• There are no security aspects to these changes

[szh]

Thanks for fixing this!

[diverdane]

I think we want to remove the conditional for authnK8sClusterRole: field as well.

[diverdane]

D'oh!!!

[diverdane]

Nice catch!
I think we want to remove the conditional for authnK8sClusterRole field as well.

[diverdane]

LGTM!!!