Skip to content

SREP-1215: E2E delete primary cert bundle secret if exist #372

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

SREP-1215: E2E delete primary cert bundle secret if exist #372

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ed7048a
SREP-1215: Initial commit for delete primary cert bundle if exists
karanjitsingh01 Aug 6, 2025
b468766
updated timestamp as 2 min as per test case
karanjitsingh01 Aug 6, 2025
cb8b529
Merge branch 'openshift:master' into SREP-1215_E2E_Delete_primary_cer…
karanjitsingh01 Aug 8, 2025
2baf287
Merge branch 'openshift:master' into SREP-1215_E2E_Delete_primary_cer…
karanjitsingh01 Aug 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 34 additions & 2 deletions test/e2e/certman_operator_tests.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ package osde2etests

import (
"context"
"fmt"
"time"

. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
configv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1"
"github.com/openshift/osde2e-common/pkg/clients/openshift"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"sigs.k8s.io/controller-runtime/pkg/log"
Expand All @@ -24,8 +26,9 @@ var _ = Describe("Certman Operator", Ordered, func() {
secretName string
)
const (
pollingDuration = 15 * time.Minute
namespace = "openshift-config"
pollingDuration = 15 * time.Minute
namespace = "openshift-config"
namespace_certman_operator = "certman-operator"
)

BeforeAll(func(ctx context.Context) {
Expand Down Expand Up @@ -62,4 +65,33 @@ var _ = Describe("Certman Operator", Ordered, func() {
return apiserver.Spec.ServingCerts.NamedCertificates[0].ServingCertificate.Name == secretName
}, pollingDuration, 30*time.Second).Should(BeTrue(), "Certificate secret should be applied to apiserver object")
})

It("delete secret, primary-cert-bundle-secret, if exists", func(ctx context.Context) {
Copy link
Contributor

@bmeng bmeng Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
It("delete secret, primary-cert-bundle-secret, if exists", func(ctx context.Context) {
It("delete secret primary-cert-bundle-secret if exists", func(ctx context.Context) {

secretNameToDelete := "primary-cert-bundle-secret"
pollingDuration := 2 * time.Minute
pollInterval := 30 * time.Second

originalSecret, err := clientset.CoreV1().Secrets(namespace_certman_operator).Get(ctx, secretNameToDelete, metav1.GetOptions{})
if errors.IsNotFound(err) {
log.Log.Info("Secret does not exist, skipping deletion test.")
return
}
Expect(err).ShouldNot(HaveOccurred(), "Error retrieving the original secret")

originalTimestamp := originalSecret.CreationTimestamp.Time
log.Log.Info(fmt.Sprintf("Original secret creation timestamp: %v", originalTimestamp))

err = clientset.CoreV1().Secrets(namespace_certman_operator).Delete(ctx, secretNameToDelete, metav1.DeleteOptions{})
Copy link
Contributor

@bmeng bmeng Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think we should call the client and delete the secret manually here.
We need to let the operator handle the deletion.

Expect(err).ShouldNot(HaveOccurred(), "Failed to delete the secret")

Eventually(func() bool {
newSecret, err := clientset.CoreV1().Secrets(namespace_certman_operator).Get(ctx, secretNameToDelete, metav1.GetOptions{})
if err != nil {
return false
}
return newSecret.CreationTimestamp.Time.After(originalTimestamp)
}, pollingDuration, pollInterval).Should(BeTrue(),
fmt.Sprintf("Secret %q was not re-created within %v or timestamp did not change", secretNameToDelete, pollingDuration))
})

})