refactor: lazy configuration of oci auth and signature verification secrets

[ahmad-ibra]

Description

Previously we were required to configure auth and signature verification secrets before we even add any oci rules. Now we can lazily create the auth and signature verification secrets as we create the rules. ie no need to prep all your pubkeys and creds before you even set up your rule.

This PR also does the following:

• Refactors readOciPluginRules to follow the same pattern as all the other plugins.
  • This change addresses an issue with --reconfigureing oci rules. Previously rule updates werent getting properly persisted
• Refactors integration tests
  • It ensures that we actually run the validator install --apply tests which should really bump our code coverage up by a lot
  • Covers the case of provisioning a new kind cluster or using a pre-provisioned cluster
• Fixes a bug where validator install --apply was no longer working due to the kind cluster not starting up

Context on the integration test refactor

The reason for the big changes in the integration tests were that i had noticed the oci plugin integration tests were passing without me updating any of the prompts when they clearly shouldnt pass. This got me down a rabbit hole of investigating why they were passing and eventually making the necessary changes. While doing this, it uncovered a few other issues. For the sake of not adding even more to this PR, i've marked some TODOs around things that need to be fixed. IMO we should fix them in follow ups shortly after this PR is eventually merged.

Out of scope follow up work

1. Add support for oci auth being configured with no secrets. This will allow us to run validator rules check on a private oci registry
2. Fix and re-enable maas integration tests
3. Fix the minor UX issues noted for the vsphere plugin values

[codecov]

Codecov Report

Attention: Patch coverage is 59.34959% with 50 lines in your changes missing coverage. Please review.

Files	Patch %	Lines
pkg/services/validator/oci.go	53.19%	28 Missing and 16 partials ⚠️
pkg/cmd/validator/validator.go	33.33%	2 Missing and 2 partials ⚠️
...integration/_validator/testcases/test_validator.go	91.30%	0 Missing and 2 partials ⚠️

@@            Coverage Diff             @@
##             main     #168      +/-   ##
==========================================
+ Coverage   53.70%   53.77%   +0.07%     
==========================================
  Files          43       43              
  Lines        6100     6086      -14     
==========================================
- Hits         3276     3273       -3     
+ Misses       2003     1994       -9     
+ Partials      821      819       -2     

Files	Coverage Δ
pkg/config/constants.go	100.00% <ø> (ø)
...integration/_validator/testcases/test_validator.go	93.59% <91.30%> (-0.05%)	⬇️
pkg/cmd/validator/validator.go	58.75% <33.33%> (-0.29%)	⬇️
pkg/services/validator/oci.go	50.79% <53.19%> (+2.85%)	⬆️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0912f6e...12a0e48. Read the comment docs.

[TylerGillson]

Regarding the three out of scope follow ups, I think this PR should address the first one:

• Add support for oci auth being configured with no secrets. This will allow us to run validator rules check on a private oci registry

And I think the second two are inapplicable once you export DISABLE_KIND_CLUSTER_CHECK=true.

[TylerGillson]

Regarding the integration test refactor and this comment:

It ensures that we actually run the validator install --apply tests which should really bump our code coverage up by a lot

I don't think that any refactor is called for. The testInstallSilentWait test already executes validator install -f config.yaml --apply --wait, so these changes actually won't impact coverage.