tests/kola/ignition: test intra-cloud anonymous S3/GCS object fetching

Have ext.config.ignition.resource.remote use the new noInstanceCreds flag
to disable instance credentials in EC2 and GCE instances, so the test
fetches resources anonymously.  Move the checks for authenticated access
of public objects into the authenticated-* tests.

tests/kola/ignition/resource/authenticated-gs/config.bu

@@ -9,6 +9,10 @@ ignition:
       - source: "gs://ignition-test-fixtures/resources/authenticated-var.ign"
 storage:
   files:
+    # Check that anonymous access works with credentials
+    - path: /var/resource/gs-anon
+      contents:
+        source: "gs://ignition-test-fixtures/resources/anonymous"
     - path: /var/resource/gs-auth
       contents:
         source: "gs://ignition-test-fixtures/resources/authenticated"

tests/kola/ignition/resource/authenticated-gs/data/expected/gs-anon

@@ -0,0 +1 @@
+kola-anonymous

tests/kola/ignition/resource/authenticated-s3/config.bu

@@ -9,6 +9,10 @@ ignition:
       - source: "s3://ignition-test-fixtures/resources/authenticated-var-v3.ign"
 storage:
   files:
+    # Check that anonymous access works with credentials
+    - path: /var/resource/s3-anon
+      contents:
+        source: "s3://ignition-test-fixtures/resources/anonymous"
     - path: /var/resource/s3-auth
       contents:
         source: "s3://ignition-test-fixtures/resources/authenticated"

tests/kola/ignition/resource/authenticated-s3/data/expected/s3-anon

@@ -0,0 +1 @@
+kola-anonymous

tests/kola/ignition/resource/remote/test.sh

@@ -1,7 +1,11 @@
 #!/bin/bash
-# kola: { "tags": "needs-internet" }
+# kola: { "tags": "needs-internet", "noInstanceCreds": true }
 # - tags: needs-internet
 #   - We fetch resources from S3 and GCS.
+# - noInstanceCreds: don't pass AWS or GCP credentials to instance
+#   - This test verifies that Ignition can fetch anonymous resources within
+#     a cloud platform (S3 -> EC2, GCS -> GCE) when no credentials are
+#     supplied
 
 set -xeuo pipefail