Adds RBAC error during apply end-to-end test case

[seans3]

• Adds test case in end-to-end test when an RBAC error happens during apply.
• Validates the case is reported as failed and the object does not end up in the inventory.

[Liujingfang1]

/lgtm

[runewake2]

I'm not sure I understand what this wait is doing. Can you add a comment here to make it easier to understand?

[seans3]

We may not need the wait, but it helps insure there is sufficient time for the resources to actually be spun up on the cluster (e.g namespace/test) after they've been created in the API Server. The best way to do this is to do a kubectl wait for=<CONDITION>, but this is a shortcut. Checkout the bash code for assertPodExists and assertPodNotExists which uses kubectl wait ....

[runewake2]

I was going to suggest kubectl wait depending on the use case, but I think you may be intending to sleep 2 instead of wait 2 here. wait is going to delay until process id 2 exits. I'm not sure what pid 2 refers to in this case or if that's what was intended? Maybe I'm misunderstanding?

[seans3]

The wait is a bash function defined earlier in the script which calls sleep. The number is the number of seconds to sleep.

[runewake2]

I think you can drop > $OUTPUT_DIR/status from these lines. Each of these commands will overwrite the contents of that output anyways so if we're not reading the contents the output shouldn't need to be saved.

[seans3]

The main reason for the > $OUTPUT_DIR/status: it keeps the output from being polluted. We'd rather just have . or E than the entire command output, which is what would happen without the redirection. This could probably be changed with a verbose flag, but I haven't created it yet.

[seans3]

Output for this test case:

Testing RBAC error during apply
kpt live apply e2e/live/testdata/rbac-error-step-1
kpt live apply e2e/live/testdata/rbac-error-step-2
.........SUCCESS