From d63426bdf755a9e478a95b437acf4157d4dfaff2 Mon Sep 17 00:00:00 2001
From: Jacob Bohanon <jacob.bohanon@solo.io>
Date: Mon, 5 Aug 2024 09:51:25 -0400
Subject: [PATCH] Fix client tls tests (#9857)

* fix tests

* clean up invalid upstream

* replaces longform namespaces

* Adding changelog file to new location

* Deleting changelog file from old location

---------

Co-authored-by: soloio-bulldozer[bot] <48420018+soloio-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: changelog-bot <changelog-bot>
---
 changelog/v1.18.0-beta14/fix-clienttls.yaml   |  4 +++
 .../e2e/features/client_tls/suite.go          | 28 +++++++++++++------
 .../e2e/features/client_tls/types.go          | 24 ++++++++++++++++
 .../validation_allow_warnings/suite.go        |  3 ++
 4 files changed, 51 insertions(+), 8 deletions(-)
 create mode 100644 changelog/v1.18.0-beta14/fix-clienttls.yaml

diff --git a/changelog/v1.18.0-beta14/fix-clienttls.yaml b/changelog/v1.18.0-beta14/fix-clienttls.yaml
new file mode 100644
index 00000000000..52badf91045
--- /dev/null
+++ b/changelog/v1.18.0-beta14/fix-clienttls.yaml
@@ -0,0 +1,4 @@
+changelog:
+  - type: NON_USER_FACING
+    description: >-
+      Ensure resources are deleted before moving on to next test in client tls feature suites.
diff --git a/test/kubernetes/e2e/features/client_tls/suite.go b/test/kubernetes/e2e/features/client_tls/suite.go
index 04ccf3257a3..1ed019130ee 100644
--- a/test/kubernetes/e2e/features/client_tls/suite.go
+++ b/test/kubernetes/e2e/features/client_tls/suite.go
@@ -51,14 +51,17 @@ func (s *clientTlsTestingSuite) TearDownSuite() {
 }
 
 func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneWayTls() {
+	ns := s.testInstallation.Metadata.InstallNamespace
 	s.T().Cleanup(func() {
 		// ordering here matters if strict validation enabled
-		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
 		s.NoError(err, "can delete vs targeting upstream manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns))
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxUpstreamManifestFile)
 		s.NoError(err, "can delete nginx upstream manifest file")
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
 		s.NoError(err, "can delete tls secret manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
 	})
 
 	// ordering here matters if strict validation enabled
@@ -66,21 +69,24 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstreamFailsWithoutOneW
 	s.NoError(err, "can apply tls secret manifest file")
 	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxUpstreamManifestFile)
 	s.NoError(err, "can apply nginx upstream manifest file")
-	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
 	s.NoError(err, "can apply vs targeting upstream manifest file")
 
 	s.assertEventualResponse(expectedCertVerifyFailedResponse)
 }
 
 func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() {
+	ns := s.testInstallation.Metadata.InstallNamespace
 	s.T().Cleanup(func() {
 		// ordering here matters if strict validation enabled
-		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
 		s.NoError(err, "can delete vs targeting upstream manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingUpstream(ns))
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, nginxOneWayUpstreamManifestFile)
 		s.NoError(err, "can delete nginx upstream manifest file")
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
 		s.NoError(err, "can delete tls secret manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
 	})
 
 	// ordering here matters if strict validation enabled
@@ -88,22 +94,25 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToUpstream() {
 	s.NoError(err, "can apply tls secret manifest file")
 	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, nginxOneWayUpstreamManifestFile)
 	s.NoError(err, "can apply nginx upstream manifest file")
-	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingUpstreamManifestFile, "-n", ns)
 	s.NoError(err, "can apply vs targeting upstream manifest file")
 
 	s.assertEventualResponse(expectedHealthyResponse)
 }
 
 func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWithoutOneWayTls() {
+	ns := s.testInstallation.Metadata.InstallNamespace
 	s.T().Cleanup(func() {
 		// ordering here matters if strict validation enabled
-		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
 		s.NoError(err, "can delete vs targeting upstream manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns))
 		// this is deleted in test cleanup
 		// err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxSvcManifestFile)
 		// s.NoError(err, "can delete nginx upstream manifest file")
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
 		s.NoError(err, "can delete tls secret manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
 	})
 
 	// ordering here matters if strict validation enabled
@@ -111,22 +120,25 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedServiceFailsWit
 	s.NoError(err, "can apply tls secret manifest file")
 	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxSvcManifestFile)
 	s.NoError(err, "can apply nginx upstream manifest file")
-	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
 	s.NoError(err, "can apply vs targeting upstream manifest file")
 
 	s.assertEventualResponse(expectedCertVerifyFailedResponse)
 }
 
 func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedService() {
+	ns := s.testInstallation.Metadata.InstallNamespace
 	s.T().Cleanup(func() {
 		// ordering here matters if strict validation enabled
-		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+		err := s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
 		s.NoError(err, "can delete vs targeting upstream manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, vsTargetingKube(ns))
 		// this is deleted in test cleanup
 		// err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, annotatedNginxOneWaySvcManifestFile)
 		// s.NoError(err, "can delete nginx upstream manifest file")
 		err = s.testInstallation.Actions.Kubectl().DeleteFile(s.ctx, tlsSecretManifestFile)
 		s.NoError(err, "can delete tls secret manifest file")
+		s.testInstallation.Assertions.EventuallyObjectsNotExist(s.ctx, tlsSecret)
 	})
 
 	// ordering here matters if strict validation enabled
@@ -134,7 +146,7 @@ func (s *clientTlsTestingSuite) TestRouteSecureRequestToAnnotatedService() {
 	s.NoError(err, "can apply tls secret manifest file")
 	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, annotatedNginxOneWaySvcManifestFile)
 	s.NoError(err, "can apply nginx upstream manifest file")
-	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", s.testInstallation.Metadata.InstallNamespace)
+	err = s.testInstallation.Actions.Kubectl().ApplyFile(s.ctx, vsTargetingKubeManifestFile, "-n", ns)
 	s.NoError(err, "can apply vs targeting upstream manifest file")
 
 	s.assertEventualResponse(expectedHealthyResponse)
diff --git a/test/kubernetes/e2e/features/client_tls/types.go b/test/kubernetes/e2e/features/client_tls/types.go
index 9be9a3eae91..c36552ab41e 100644
--- a/test/kubernetes/e2e/features/client_tls/types.go
+++ b/test/kubernetes/e2e/features/client_tls/types.go
@@ -5,6 +5,7 @@ import (
 	"path/filepath"
 
 	"github.com/onsi/gomega"
+	kubev1 "github.com/solo-io/gloo/projects/gateway/pkg/api/v1/kube/apis/gateway.solo.io/v1"
 	"github.com/solo-io/gloo/test/gomega/matchers"
 	"github.com/solo-io/skv2/codegen/util"
 	appsv1 "k8s.io/api/apps/v1"
@@ -35,6 +36,29 @@ var (
 		return &corev1.Service{ObjectMeta: glooProxyObjectMeta(ns)}
 	}
 
+	vsTargetingKube = func(ns string) *kubev1.VirtualService {
+		return &kubev1.VirtualService{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "vs-targeting-kube",
+				Namespace: ns,
+			},
+		}
+	}
+	vsTargetingUpstream = func(ns string) *kubev1.VirtualService {
+		return &kubev1.VirtualService{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "vs-targeting-upstream",
+				Namespace: ns,
+			},
+		}
+	}
+	tlsSecret = &corev1.Secret{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "my-tls",
+			Namespace: "nginx",
+		},
+	}
+
 	expectedHealthyResponse = &matchers.HttpResponse{
 		StatusCode: http.StatusOK,
 		Body:       gomega.ContainSubstring("Welcome to nginx!"),
diff --git a/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go b/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go
index db101672803..65faed99b4e 100644
--- a/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go
+++ b/test/kubernetes/e2e/features/validation/validation_allow_warnings/suite.go
@@ -98,6 +98,9 @@ func (s *testingSuite) TestInvalidUpstreamMissingPort() {
 		err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.ExampleUpstream, "-n", s.testInstallation.Metadata.InstallNamespace)
 		s.Assert().NoError(err, "can delete "+validation.ExampleUpstream)
 
+		err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, validation.InvalidUpstreamNoPort, "-n", s.testInstallation.Metadata.InstallNamespace)
+		s.Assert().NoError(err, "can delete "+validation.InvalidUpstreamNoPort)
+
 		err = s.testInstallation.Actions.Kubectl().DeleteFileSafe(s.ctx, testdefaults.NginxPodManifest)
 		s.Assert().NoError(err, "can delete "+testdefaults.NginxPodManifest)
 	})