testing: Fix GCP-Auth addon test showing as success or skipped (#19803)

test/integration/addons_test.go

@@ -609,7 +609,7 @@ func validateGCPAuthAddon(ctx context.Context, t *testing.T, profile string) {
 		validateGCPAuthNamespaces(ctx, t, profile)
 	})
 
-	t.Run("PullSecret", func(t *testing.T) {
+	t.Run("FakeCredentials", func(t *testing.T) {
 		// schedule a pod to check environment variables
 		rr, err := Run(t, exec.CommandContext(ctx, "kubectl", "--context", profile, "create", "-f", filepath.Join(*testdataDir, "busybox.yaml")))
 		if err != nil {
@@ -691,9 +691,14 @@ func validateGCPAuthAddon(ctx context.Context, t *testing.T, profile string) {
 		if got != expected {
 			t.Errorf("'printenv GOOGLE_CLOUD_PROJECT' returned %s, expected %s", got, expected)
 		}
+	})
+
+	t.Run("RealCredentials", func(t *testing.T) {
+		if !detect.IsOnGCE() || detect.IsCloudShell() || VMDriver() {
+			t.Skip("This test requires a GCE instance (excluding Cloud Shell) with a container based driver")
+		}
 
 		// If we're on GCE, we have proper credentials and can test the registry secrets with an artifact registry image
-		if detect.IsOnGCE() && !detect.IsCloudShell() && !VMDriver() {
 		t.Skip("skipping GCPAuth addon test until 'Permission \"artifactregistry.repositories.downloadArtifacts\" denied on resource \"projects/k8s-minikube/locations/us/repositories/test-artifacts\" (or it may not exist)' issue is resolved")
 		// "Setting the environment variable MOCK_GOOGLE_TOKEN to true will prevent using the google application credentials to fetch the token used for the image pull secret. Instead the token will be mocked."
 		// ref: https://github.com/GoogleContainerTools/gcp-auth-webhook#gcp-auth-webhook
@@ -732,7 +737,6 @@ func validateGCPAuthAddon(ctx context.Context, t *testing.T, profile string) {
 		if err != nil {
 			t.Fatalf("wait for private image: %v", err)
 		}
-		}
 	})
 }