Skip to content

Commit

Permalink
Merge pull request #247 from averevki/fix-tls-secret-deletion
Browse files Browse the repository at this point in the history
Fix tls secret deletion
  • Loading branch information
pehala authored Oct 19, 2023
2 parents d676180 + 700c43e commit dbff688
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
12 changes: 11 additions & 1 deletion testsuite/openshift/objects/gateway_api/gateway.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ def create_instance(

def get_tls_cert(self) -> Certificate:
"""Returns TLS certificate used by the gateway"""
tls_cert_secret_name = self.model.spec.listeners[0].tls.certificateRefs[0].name
tls_cert_secret_name = self.cert_secret_name
tls_cert_secret = self.openshift.get_secret(tls_cert_secret_name)
tls_cert = Certificate(
key=tls_cert_secret["tls.key"],
Expand All @@ -122,6 +122,11 @@ def get_tls_cert(self) -> Certificate:
)
return tls_cert

def delete_tls_secret(self):
"""Deletes secret with TLS certificate used by the gateway"""
tls_secret = self.openshift.get_secret(self.cert_secret_name)
tls_secret.delete(ignore_not_found=True)

def get_spoke_gateway(self, spokes: dict[str, OpenShiftClient]) -> "MGCGateway":
"""
Returns spoke gateway on an arbitrary, and sometimes, random spoke cluster.
Expand Down Expand Up @@ -156,6 +161,11 @@ def delete(self, ignore_not_found=True, cmd_args=None):
with timeout(90):
super().delete(ignore_not_found, cmd_args)

@property
def cert_secret_name(self):
"""Returns name of the secret with generated TLS certificate"""
return self.model.spec.listeners[0].tls.certificateRefs[0].name


class GatewayProxy(Proxy):
"""Wrapper for Gateway object to make it a Proxy implementation e.g. exposing hostnames outside of the cluster"""
Expand Down
1 change: 1 addition & 0 deletions testsuite/tests/mgc/conftest.py
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ def upstream_gateway(request, openshift, blame, hostname, module_label):
placement="http-gateway",
labels={"app": module_label},
)
request.addfinalizer(upstream_gateway.delete_tls_secret) # pylint: disable=no-member
request.addfinalizer(upstream_gateway.delete)
upstream_gateway.commit()
# we cannot wait here because of referencing not yet existent tls secret which would be provided later by tlspolicy
Expand Down

0 comments on commit dbff688

Please sign in to comment.