fix up bad merge #2

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/oci_repo.go

@@ -620,21 +620,6 @@ func (s *repoEventSink) newOCIChartRepositoryAndLoginWithOptions(registryURL str
 	registryCredentialFn := func(ctx context.Context, reg string) (orasregistryauthv2.Credential, error) {
 		log.Infof("+ORAS registryCredentialFn(%s)", reg)
 		if cred != nil {
-			// workaround for GCP, which, based on my testing, wants (token) Bearer Auth,
-			// not Basic Auth when ORAS modules are used to list repositories
-			// per https://cloud.google.com/artifact-registry/docs/helm/authentication:
-			//  "oauth2accesstoken" is the user name to use when authenticating with an access token
-			// Ideally, I would want to push this logic all the way down the stack as far as possible,
-			// e.g. into common.OCIChartRepositoryCredentialFromSecret
-			// but alas, helm libraries curently appear to expect username and password
-			// TODO: (gfichtenholt) Also support (long-lived) json keys
-			// ref: https://fluxcd.io/docs/guides/cron-job-image-auth/#using-a-json-key-long-lived
-			if cred.Username == "oauth2accesstoken" {
-				// cred.Password will contain service account access token
-				return orasregistryauthv2.Credential{
-					AccessToken: cred.Password,
-				}, nil
-			}
 			return *cred, nil
 		} else {
 			return orasregistryauthv2.EmptyCredential, nil

cmd/kubeapps-apis/plugins/fluxv2/packages/v1alpha1/testdata/gcloud-setup.md

@@ -17,7 +17,7 @@ Google Cloud Console
     - Viewer
 
   Make sure you see a message "Policy Updated" at the bottom of the screen when you grant these roles. If you see "Failed to add project roles" or some other error message,
-  create the service account with a different Name/ID
+  repeat the process w.r.t. a service account with a different Name/ID and remember to clean up unused service accounts afterwards.
 - The service account key file can be downloaded with Google Cloud Console
      Under IAM & Admin -> Service Accounts