chore: move to new GCP account, temporarily disable delinea (#5438)

* chore: move to new GCP account

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

* fix: disable delinea due to account issues

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

---------

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

.github/workflows/e2e.yml

@@ -19,11 +19,11 @@ env:
   # credentials have been provided before trying to run steps that need them.
   TARGET_SHA: ${{ github.event.client_payload.slash_command.args.named.sha }}
   GHCR_USERNAME: ${{ github.actor }}
-  GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}}
-  GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}}
+  GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY}}
+  GCP_FED_REGION: ${{ secrets.GCP_FED_REGION}}
   GCP_GSA_NAME: ${{ secrets.GCP_GSA_NAME}} # Google Service Account
   GCP_KSA_NAME: ${{ secrets.GCP_KSA_NAME}} # Kubernetes Service Account
-  GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID}}
+  GCP_FED_PROJECT_ID: ${{ secrets.GCP_FED_PROJECT_ID}}
 
   AWS_REGION: "eu-central-1"
   AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }}

e2e/Makefile

@@ -6,7 +6,7 @@ KIND_IMG       = "kindest/node:v1.33.4@sha256:25a6018e48dfcaee478f4a59af81157a43
 DOCKER_BUILD_ARGS     ?=
 
 export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e
-export GINKGO_LABELS ?= !managed
+export GINKGO_LABELS ?= !managed && !secretserver
 export TEST_SUITES ?= provider generator flux argocd
 
 export OCI_IMAGE_NAME = oci.external-secrets.io/external-secrets/external-secrets

e2e/run.sh

@@ -47,11 +47,10 @@ kubectl run --rm \
   --labels="app=eso-e2e,azure.workload.identity/use=true" \
   --env="ACK_GINKGO_DEPRECATIONS=2.9.5" \
   --env="GINKGO_LABELS=${GINKGO_LABELS:-.*}" \
-  --env="GCP_SM_SA_JSON=${GCP_SM_SA_JSON:-}" \
-  --env="GCP_PROJECT_ID=${GCP_PROJECT_ID:-}" \
-  --env="GCP_GSA_NAME=${GCP_GSA_NAME:-}" \
+  --env="GCP_SERVICE_ACCOUNT_KEY=${GCP_SERVICE_ACCOUNT_KEY:-}" \
+  --env="GCP_FED_PROJECT_ID=${GCP_FED_PROJECT_ID:-}" \
   --env="GCP_KSA_NAME=${GCP_KSA_NAME:-}" \
-  --env="GCP_GKE_ZONE=${GCP_GKE_ZONE:-}" \
+  --env="GCP_FED_REGION=${GCP_FED_REGION:-}" \
   --env="GCP_GKE_CLUSTER=${GCP_GKE_CLUSTER:-}" \
   --env="AWS_REGION=${AWS_REGION:-}" \
   --env="AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID:-}" \

e2e/suites/provider/cases/gcp/provider.go

@@ -83,11 +83,11 @@ func NewGCPProvider(f *framework.Framework, credentials, projectID string,
 }
 
 func NewFromEnv(f *framework.Framework, controllerClass string) *GcpProvider {
-	projectID := os.Getenv("GCP_PROJECT_ID")
-	credentials := os.Getenv("GCP_SM_SA_JSON")
+	projectID := os.Getenv("GCP_FED_PROJECT_ID")
+	credentials := os.Getenv("GCP_SERVICE_ACCOUNT_KEY")
 	serviceAccountName := os.Getenv("GCP_KSA_NAME")
 	serviceAccountNamespace := "default"
-	clusterLocation := os.Getenv("GCP_GKE_ZONE")
+	clusterLocation := os.Getenv("GCP_FED_REGION")
 	clusterName := os.Getenv("GCP_GKE_CLUSTER")
 	return NewGCPProvider(f, credentials, projectID, clusterLocation, clusterName, serviceAccountName, serviceAccountNamespace, controllerClass)
 }