fix(pri-1127): update default E2E namespace to headlamp-dev

Updates the default E2E_NAMESPACE from privilegedescalation-dev to headlamp-dev to match the actual namespace used by the reusable E2E workflow. Also updates comments and RBAC path references to reflect the new infra repo structure (apps/base/e2e-ci-runner-rbac.yaml). Fixes PRI-1127 Co-Authored-By: Paperclip <noreply@paperclip.ing>
docs: replace hardcoded namespace with <your-namespace> placeholder
2026-05-11 12:54:01 +00:00 · 2026-05-10 21:35:01 +00:00
4 changed files with 24 additions and 35 deletions
@@ -20,3 +20,4 @@ jobs:
    with:
      node-version: "22"
      headlamp-version: v0.40.1
+      e2e-namespace: headlamp-dev
@@ -121,7 +121,7 @@ For Headlamp running in Kubernetes:
   kubectl create configmap headlamp-sealed-secrets-plugin \
     --from-file=main.js=dist/main.js \
     --from-file=package.json=package.json \
-     -n headlamp
+     -n <your-namespace>
   ```

 2. **Update Headlamp deployment**:
@@ -130,7 +130,7 @@ For Headlamp running in Kubernetes:
   kind: Deployment
   metadata:
     name: headlamp
-     namespace: headlamp
+     namespace: <your-namespace>
   spec:
     template:
       spec:
@@ -149,7 +149,7 @@ For Headlamp running in Kubernetes:
 3. **Apply and restart**:
   ```bash
   kubectl apply -f headlamp-deployment.yaml
-   kubectl rollout restart deployment/headlamp -n headlamp
+   kubectl rollout restart deployment/headlamp -n <your-namespace>
   ```

 ## Verification
@@ -1,40 +1,34 @@
 import { test, expect } from '@playwright/test';

-async function waitForSidebar(page: import('@playwright/test').Page) {
-  const sidebar = page.getByRole('navigation', { name: 'Navigation' });
-  await expect(sidebar).toBeVisible({ timeout: 15_000 });
-  await page.waitForLoadState('networkidle');
-  return sidebar;
-}
-
 test.describe('Sealed Secrets plugin smoke tests', () => {
  test('sidebar contains sealed-secrets entry', async ({ page }) => {
    await page.goto('/');
-    const sidebar = await waitForSidebar(page);
+    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
+    await expect(sidebar).toBeVisible({ timeout: 15_000 });
    await expect(sidebar.getByRole('button', { name: /sealed.secrets/i })).toBeVisible();
  });

  test('sidebar sealed-secrets entry is clickable and navigates to list view', async ({ page }) => {
    await page.goto('/');
-    const sidebar = await waitForSidebar(page);
+    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
+    await expect(sidebar).toBeVisible({ timeout: 15_000 });

    const sealedSecretsEntry = sidebar.getByRole('button', { name: /sealed.secrets/i });
    await expect(sealedSecretsEntry).toBeVisible();
    await sealedSecretsEntry.click();

-    await page.waitForLoadState('networkidle');
    await expect(page).toHaveURL(/\/sealedsecrets/);
    await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
  });

  test('sealed secrets list page renders table or empty state', async ({ page }) => {
    await page.goto('/c/main/sealedsecrets');
-    await waitForSidebar(page);

    await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
      timeout: 15_000,
    });

+    // Either a populated table or an empty-state indicator must be visible
    const hasTable = await page.locator('table').first().isVisible().catch(() => false);
    const hasEmptyState = await page
      .locator('text=/no.*sealed|no.*secret|0 item|empty/i')
@@ -46,7 +40,6 @@ test.describe('Sealed Secrets plugin smoke tests', () => {

  test('sealing keys page renders table or empty state', async ({ page }) => {
    await page.goto('/c/main/sealedsecrets/keys');
-    await waitForSidebar(page);

    await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible({
      timeout: 15_000,
@@ -63,37 +56,33 @@ test.describe('Sealed Secrets plugin smoke tests', () => {

  test('navigation between sealed-secrets views works', async ({ page }) => {
    await page.goto('/c/main/sealedsecrets');
-    const sidebar = await waitForSidebar(page);
-
-    const sealedBtn = sidebar.getByRole('button', { name: /sealed.secrets/i }).first();
-    await sealedBtn.click();
-    await page.waitForLoadState('networkidle');
-
-    await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible({ timeout: 15_000 });
+    await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible({
+      timeout: 15_000,
+    });

+    // Navigate to Sealing Keys via sidebar
+    const sidebar = page.getByRole('navigation', { name: 'Navigation' });
    const keysLink = sidebar.getByRole('link', { name: /sealing.key/i });
    await expect(keysLink).toBeVisible();
    await keysLink.click();

-    await page.waitForLoadState('networkidle');
    await expect(page).toHaveURL(/\/sealedsecrets\/keys$/);
-    await expect(page.getByRole('heading', { name: /sealing.key/i }).first()).toBeVisible();
+    await expect(page.getByRole('heading', { name: /sealing.key/i })).toBeVisible();

+    // Navigate back to All Sealed Secrets
    const allSecretsLink = sidebar.getByRole('link', { name: /all sealed secrets/i });
    await expect(allSecretsLink).toBeVisible();
    await allSecretsLink.click();

-    await page.waitForLoadState('networkidle');
    await expect(page).toHaveURL(/\/sealedsecrets(?!\/keys)/);
-    await expect(page.getByRole('heading', { name: /sealed.secrets/i }).first()).toBeVisible();
+    await expect(page.getByRole('heading', { name: /sealed.secrets/i })).toBeVisible();
  });

  test('plugin settings page shows sealed-secrets plugin entry', async ({ page }) => {
    await page.goto('/settings/plugins');
-    await page.waitForLoadState('networkidle');
-    await page.waitForSelector('table', { timeout: 10_000 }).catch(() => {});

-    const pluginEntry = page.locator('text=/sealed.secrets/i').first();
+    // Wait for plugin list to load — plugin scripts load asynchronously
+    const pluginEntry = page.locator('text=sealed-secrets').first();
    await expect(pluginEntry).toBeVisible({ timeout: 30_000 });
  });
 });
@@ -5,18 +5,17 @@
 # a ConfigMap volume mount. No custom Docker images — the plugin is built
 # in CI and injected as a ConfigMap.
 #
-# E2E resources are deployed to the `privilegedescalation-dev` namespace. Nothing
+# E2E resources are deployed to the `headlamp-dev` namespace. Nothing
 # persists beyond the test run — teardown cleans up all created resources.
 #
 # Prerequisites:
 #   - Plugin built (dist/ exists with plugin-main.js + package.json)
 #   - kubectl configured with cluster access
-# RBAC is managed via Flux from privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml.
+# RBAC is managed via Flux from privilegedescalation/infra/apps/base/e2e-ci-runner-rbac.yaml.
 # The infra repo is the source of truth — do not apply this file directly.
-# Apply RBAC first: kubectl apply -f privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml
 #
 # Environment:
-#   E2E_NAMESPACE     — namespace for E2E Headlamp (default: privilegedescalation-dev)
+#   E2E_NAMESPACE     — namespace for E2E Headlamp (default: headlamp-dev)
 #   E2E_RELEASE       — release/resource name prefix (default: headlamp-e2e)
 #   HEADLAMP_VERSION  — Headlamp image tag (default: latest)
 set -euo pipefail
@@ -24,7 +23,7 @@ set -euo pipefail
 REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
 DIST_DIR="$REPO_ROOT/dist"

-E2E_NAMESPACE="${E2E_NAMESPACE:-privilegedescalation-dev}"
+E2E_NAMESPACE="${E2E_NAMESPACE:-headlamp-dev}"
 E2E_RELEASE="${E2E_RELEASE:-headlamp-e2e}"
 HEADLAMP_VERSION="${HEADLAMP_VERSION:-latest}"

@@ -37,7 +36,7 @@ fi
 echo "Checking RBAC permissions in namespace '${E2E_NAMESPACE}'..."
 if ! kubectl auth can-i delete configmaps -n "$E2E_NAMESPACE" --quiet 2>/dev/null; then
  echo "ERROR: Missing RBAC — cannot delete configmaps in namespace '${E2E_NAMESPACE}'." >&2
-  echo "  Apply RBAC first: kubectl apply -f privilegedescalation/infra/base/rbac/e2e-ci-runner-headlamp-rbac.yaml" >&2
+  echo "  RBAC is managed via Flux from privilegedescalation/infra/apps/base/e2e-ci-runner-rbac.yaml" >&2
  exit 1
 fi