Handle GKE Connect Gateway URL differences

.github/workflows/integration.yml

@@ -1,4 +1,4 @@
-name: 'integration'
+name: 'Integration'
 
 on:
   push:
@@ -7,18 +7,19 @@ on:
   pull_request:
     branches:
     - 'main'
+  workflow_dispatch:
 
 concurrency:
   group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
   cancel-in-progress: true
 
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
 jobs:
-  auth_workload_identity_federation:
+  public:
     if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-    name: 'auth_workload_identity_federation'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
     - uses: 'actions/checkout@v3'
@@ -42,27 +43,12 @@ jobs:
         cluster_name: '${{ secrets.GET_GKE_CRED_CLUSTER_NAME }}'
         location: '${{ secrets.GET_GKE_CRED_CLUSTER_LOCATION }}'
 
-    - name: 'npm e2e-tests'
-      run: 'npm run e2e-tests'
-
-    # Use kubectl with the generated kubeconfig to auth and list pods. There
-    # should be no pods in the default namespace.
     - name: 'kubectl'
       run: |-
-        set -eEuo pipefail
-
-        pods=$(kubectl get pods -o=jsonpath='{$.items[*]}')
-        if [ -n "$pods" ]; then
-          echo "Expected no pods. Got ${pods}"
-          exit 1
-        fi
+        kubectl get ns
 
-  connect_gw_wif:
+  private:
     if: ${{ github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name && github.actor != 'dependabot[bot]' }}
-    name: 'connect_gw_wif'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
     runs-on: 'ubuntu-latest'
     steps:
     - uses: 'actions/checkout@v3'
@@ -87,17 +73,6 @@ jobs:
         location: '${{ secrets.GET_GKE_PRIV_CLUSTER_LOCATION }}'
         use_connect_gateway: 'true'
 
-    - name: 'npm e2e-tests'
-      run: 'npm run e2e-tests'
-
-    # Use kubectl with the generated kubeconfig to auth and list pods. There
-    # should be no pods in the default namespace.
     - name: 'kubectl'
       run: |-
-        set -eEuo pipefail
-
-        pods=$(kubectl get pods -o=jsonpath='{$.items[*]}')
-        if [ -n "$pods" ]; then
-          echo "Expected no pods. Got ${pods}"
-          exit 1
-        fi
+        kubectl get ns

.github/workflows/unit.yml

@@ -1,4 +1,4 @@
-name: 'unit'
+name: 'Unit'
 
 on:
   push:
@@ -7,24 +7,27 @@ on:
   pull_request:
     branches:
     - 'main'
+  workflow_dispatch:
 
 concurrency:
   group: '${{ github.workflow }}-${{ github.head_ref || github.ref }}'
   cancel-in-progress: true
 
+permissions:
+  contents: 'read'
+  id-token: 'write'
+
 jobs:
   unit:
-    name: 'unit'
-    runs-on: '${{ matrix.os }}'
-    permissions:
-      contents: 'read'
-      id-token: 'write'
     strategy:
+      fail-fast: false
       matrix:
         os:
         - 'ubuntu-latest'
         - 'windows-latest'
         - 'macos-latest'
+    runs-on: '${{ matrix.os }}'
+
     steps:
     - uses: 'actions/checkout@v3'
 
@@ -38,7 +41,7 @@ jobs:
     - name: 'npm lint'
       # There's no need to run the linter for each operating system, since it
       # will find the same thing 3x and clog up the PR review.
-      if: ${{matrix.os == 'ubuntu-latest'}}
+      if: ${{ matrix.os == 'ubuntu-latest' }}
       run: 'npm run lint'
 
     - uses: 'google-github-actions/auth@main'

README.md

@@ -82,15 +82,14 @@ jobs:
     cluster endpoint. This is mostly used with private GKE clusters. The default
     value is false.
 
--   `use_connect_gateway` - (Optional) If true, uses the Connect Gateway endpoint to connect to cluster.
-      For more details https://cloud.google.com/anthos/multicluster-management/gateway.
-      The default value is false.
+-   `use_connect_gateway` - (Optional) If true, uses the [Connect Gateway
+    endpoint](https://cloud.google.com/anthos/multicluster-management/gateway)
+    to connect to the cluster. The default value is false.
 
 -   `fleet_membership_name` - (Optional) Fleet membership name of form
-      "projects/PROJECT_ID/locations/LOCATION/memberships/MEMBERSHIP_NAME"
-      to use for generating Connect Gateway endpoint.
-      This only applies if "use_connect_gateway" is true.
-      Defaults to auto discovery if empty.
+    "projects/PROJECT_ID/locations/LOCATION/memberships/MEMBERSHIP_NAME" to use
+    for generating the Connect Gateway endpoint. This only applies if
+    "use_connect_gateway" is true. Defaults to auto discovery if empty.
 
 ## Outputs
 
@@ -101,9 +100,12 @@ jobs:
 There are a few ways to authenticate this action. A service account will be needed
 with **at least** the following roles:
 
-- Kubernetes Engine Cluster Viewer (`roles/container.clusterViewer`):
-  - Get and list access to GKE Clusters.
-`
+- Kubernetes Engine Cluster Viewer (`roles/container.clusterViewer`)
+
+If you are using the Connect Gateway, you must also have:
+
+-   GKE Hub Viewer (`roles/gkehub.viewer`)
+
 
 ### Via google-github-actions/auth