fix e2e: use button role for storage classes sidebar selector

The storage classes sidebar entry is rendered as a button, not a link.
Fix the flaky E2E test by changing getByRole('link') to getByRole('button').

Fixes PRI-935

Co-Authored-By: Paperclip <noreply@paperclip.ing>

.github/workflows/e2e.yaml

@@ -16,9 +16,8 @@ concurrency:
 
 jobs:
   e2e:
-    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@main
+    uses: privilegedescalation/.github/.github/workflows/plugin-e2e.yaml@hugh/add-pnpm-support-plugin-e2e
     with:
-      node-version: "22"
+      node-version: '22'
       headlamp-version: v0.40.1
       e2e-namespace: headlamp-dev
-      plugin-name: rook

e2e/rook.spec.ts

@@ -24,14 +24,14 @@ test.describe('Rook plugin smoke tests', () => {
 
     await page.waitForLoadState('networkidle');
     await expect(page).toHaveURL(/rook-ceph/);
-    await expect(page.getByRole('heading', { name: /overview/i }).first()).toBeVisible();
+    await expect(page.getByRole('heading', { name: /overview/i })).toBeVisible();
   });
 
   test('overview page renders content', async ({ page }) => {
     await page.goto('/c/main/rook-ceph');
     await waitForSidebar(page);
 
-    await expect(page.getByRole('heading', { name: /overview/i }).first()).toBeVisible({
+    await expect(page.getByRole('heading', { name: /overview/i })).toBeVisible({
       timeout: 15_000,
     });
 
@@ -42,27 +42,22 @@ test.describe('Rook plugin smoke tests', () => {
 
   test('navigation to storage classes view works', async ({ page }) => {
     await page.goto('/c/main/rook-ceph');
+
     const sidebar = page.getByRole('navigation', { name: 'Navigation' });
-
-    const rookBtn = sidebar.getByRole('button', { name: /rook/i });
-    await rookBtn.click();
-    await page.waitForLoadState('networkidle');
-
-    const storageClassesLink = sidebar.getByRole('link', { name: /storage classes/i });
+    const storageClassesLink = sidebar.getByRole('button', { name: /storage classes/i });
     await expect(storageClassesLink).toBeVisible({ timeout: 10_000 });
     await storageClassesLink.click();
 
     await page.waitForLoadState('networkidle');
     await expect(page).toHaveURL(/rook-ceph\/storage-classes/);
-    await expect(page.getByRole('heading', { name: /storage class/i }).first()).toBeVisible({ timeout: 15_000 });
+    await expect(page.getByRole('heading', { name: /storage class/i })).toBeVisible({ timeout: 15_000 });
   });
 
   test('plugin settings page shows rook plugin entry', async ({ page }) => {
     await page.goto('/settings/plugins');
     await page.waitForLoadState('networkidle');
-    await page.waitForSelector('table, [class*="PluginList"], [class*="plugin"]', { timeout: 10_000 }).catch(() => {});
 
-    const pluginEntry = page.locator('text=/rook/i').first();
+    const pluginEntry = page.locator('text=rook').first();
     await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
   });
 });

scripts/deploy-e2e-headlamp.sh

@@ -35,17 +35,6 @@ if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/nul
   exit 1
 fi
 
-echo ""
-echo "=== Pre-deployment cluster diagnostics ==="
-echo "Nodes:"
-kubectl get nodes -o wide 2>&1 || true
-echo ""
-echo "headlamp-dev namespace state:"
-kubectl get ns headlamp-dev -o yaml 2>&1 || true
-echo ""
-echo "Existing E2E resources in namespace:"
-kubectl get all -n "$E2E_NAMESPACE" -l "app.kubernetes.io/instance=$E2E_RELEASE" 2>&1 || true
-
 echo "=== E2E Headlamp Deployment ==="
 echo "  Image:     ghcr.io/headlamp-k8s/headlamp:${HEADLAMP_VERSION}"
 echo "  Namespace: $E2E_NAMESPACE"
@@ -64,14 +53,62 @@ kubectl create configmap headlamp-rook-plugin \
 
 echo ""
 echo "Removing any existing E2E deployment (clean-start)..."
+kubectl delete clusterrolebinding headlamp-e2e-test-crb --ignore-not-found 2>/dev/null || true
 kubectl delete deployment "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
 kubectl delete service "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
 kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-found --wait
+kubectl delete serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --ignore-not-found 2>/dev/null || true
+
+echo ""
+echo "Creating E2E service account..."
+kubectl create serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE"
+
+echo ""
+echo "Creating RBAC for E2E service account..."
+kubectl apply -f - <<EOF
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: headlamp-e2e-test-reader
+rules:
+  - apiGroups: [""]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["ceph.rook.io"]
+    resources: ["cephclusters"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["ceph.rook.io"]
+    resources: ["cephclusters/status"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: headlamp-e2e-test-crb
+subjects:
+  - kind: ServiceAccount
+    name: headlamp-e2e-test
+    namespace: ${E2E_NAMESPACE}
+roleRef:
+  kind: ClusterRole
+  name: headlamp-e2e-test-reader
+  apiGroup: rbac.authorization.k8s.io
+EOF
 
 echo ""
 echo "Deploying Headlamp E2E instance..."
 
-if ! kubectl apply -f - <<EOF
+kubectl apply -f - <<EOF
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -124,7 +161,7 @@ spec:
               port: http
             initialDelaySeconds: 5
             periodSeconds: 5
-              failureThreshold: 6
+            failureThreshold: 6
           livenessProbe:
             httpGet:
               path: /
@@ -159,12 +196,6 @@ spec:
       targetPort: http
       protocol: TCP
 EOF
-then
-  echo "ERROR: kubectl apply failed. Dumping cluster state..." >&2
-  kubectl get all -n "$E2E_NAMESPACE" 2>&1 || true
-  kubectl get events -n "$E2E_NAMESPACE" --sort-by='.lastTimestamp' 2>&1 | tail -30 || true
-  exit 1
-fi
 
 echo "Waiting for rollout..."
 kubectl rollout status "deployment/${E2E_RELEASE}" \
@@ -189,17 +220,17 @@ echo ""
 echo "E2E Headlamp is ready at: ${SVC_URL}"
 
 echo ""
-echo "Creating service account token for E2E auth..."
-kubectl create serviceaccount headlamp-e2e-test \
-  -n "$E2E_NAMESPACE" --dry-run=client -o yaml | kubectl apply -f -
+echo "Writing E2E env file..."
+echo "HEADLAMP_URL=${SVC_URL}" > "$REPO_ROOT/.env.e2e"
 
+echo ""
+echo "Creating service account token for E2E auth..."
 TOKEN=$(kubectl create token headlamp-e2e-test -n "$E2E_NAMESPACE" --duration=1h 2>/dev/null || echo "")
 if [ -n "$TOKEN" ]; then
-  echo "HEADLAMP_URL=${SVC_URL}" > "$REPO_ROOT/.env.e2e"
   echo "HEADLAMP_TOKEN=${TOKEN}" >> "$REPO_ROOT/.env.e2e"
   echo "Wrote .env.e2e with HEADLAMP_URL and HEADLAMP_TOKEN"
 else
-  echo "  WARNING: Could not generate token."
+  echo "Wrote .env.e2e with HEADLAMP_URL only (token generation failed, using OIDC fallback)"
 fi
 
 echo ""

scripts/teardown-e2e-headlamp.sh

@@ -25,8 +25,10 @@ kubectl delete serviceaccount "${E2E_RELEASE}" -n "$E2E_NAMESPACE" --ignore-not-
 echo "Cleaning up ConfigMap..."
 kubectl delete configmap headlamp-rook-plugin -n "$E2E_NAMESPACE" --ignore-not-found
 
-echo "Cleaning up test service account..."
+echo "Cleaning up test service account and RBAC..."
 kubectl delete serviceaccount headlamp-e2e-test -n "$E2E_NAMESPACE" --ignore-not-found
+kubectl delete clusterrolebinding headlamp-e2e-test-crb --ignore-not-found 2>/dev/null || true
+kubectl delete clusterrole headlamp-e2e-test-reader --ignore-not-found 2>/dev/null || true
 
 if [ -f "$REPO_ROOT/.env.e2e" ]; then
   rm "$REPO_ROOT/.env.e2e"