From 744c865872627ea1e762aa1dfae3bd0a5bf35bbb Mon Sep 17 00:00:00 2001
From: Tiffany Pei <tiffanny29631@users.noreply.github.com>
Date: Tue, 29 Oct 2024 23:45:11 +0000
Subject: [PATCH] e2e: Only create registry ca-cert secret when using local
 registry provider (#1464)

---
 .../oci-image-verification-server.go          | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/e2e/nomostest/oci-image-verification-server.go b/e2e/nomostest/oci-image-verification-server.go
index 88941fa09f..51e31bb9b0 100644
--- a/e2e/nomostest/oci-image-verification-server.go
+++ b/e2e/nomostest/oci-image-verification-server.go
@@ -136,14 +136,17 @@ func auth(nt *NT) error {
 		return err
 	}
 
-	// Create secret for the public ca-cert in the oci-image-verification namespace
-	// for the oci-signature-verification webhook server to verify certificate.
-	sharedTmpDir := filepath.Join(os.TempDir(), NomosE2E, nt.ClusterName)
-	sharedTestRegistrySSLDir := filepath.Join(sharedTmpDir, string(RegistrySyncSource), sslDirName)
-	testRegistryCACertPath := filepath.Join(sharedTestRegistrySSLDir, caCertFile)
-	if err := createSecret(nt, OCISignatureVerificationNamespace, PublicCertSecretName(RegistrySyncSource),
-		fmt.Sprintf("cert=%s", testRegistryCACertPath)); err != nil {
-		return err
+	// When OCI provider is set to local, create secret for the public ca-cert in
+	// the oci-image-verification namespace for the oci-signature-verification
+	// webhook server to verify certificate.
+	if *e2e.OCIProvider == e2e.Local {
+		sharedTmpDir := filepath.Join(os.TempDir(), NomosE2E, nt.ClusterName)
+		sharedTestRegistrySSLDir := filepath.Join(sharedTmpDir, string(RegistrySyncSource), sslDirName)
+		testRegistryCACertPath := filepath.Join(sharedTestRegistrySSLDir, caCertFile)
+		if err := createSecret(nt, OCISignatureVerificationNamespace, PublicCertSecretName(RegistrySyncSource),
+			fmt.Sprintf("cert=%s", testRegistryCACertPath)); err != nil {
+			return err
+		}
 	}
 
 	return nil