test(e2e): disable meshmtls test with delegated gateway (#12108)

I noticed a flake and began investigating. I discovered the TLS version
and cipher are not configured for the delegated gateway. Since the
`MeshTLS` policy is a `from` policy and the delegated gateway has no
inbound listener, the policy cannot be matched to any listener. The test
passed because the request was sent before the configuration was fully
delivered.

Excluded the test and added `MustPassRepeatedly(5)` to ensure better
validation once the issue is resolved.

<!-- Is there a MADR? An Issue? A related PR? -->

xref: #12107

<!--
> Changelog: skip
-->
<!--
Uncomment the above section to explicitly set a [`> Changelog:` entry
here](https://github.com/kumahq/kuma/blob/master/CONTRIBUTING.md#submitting-a-patch)?
-->

Signed-off-by: Lukasz Dziedziak <[email protected]>

test/e2e_env/kubernetes/gateway/delegated.go

@@ -73,7 +73,53 @@ spec:
 		kicIP, err := kic.From(kubernetes.Cluster).IP(config.namespace)
 		Expect(err).To(Succeed())
 
+<<<<<<< HEAD
 		config.kicIP = kicIP
+=======
+				config.KicIP = kicIP
+				Expect(DeleteMeshResources(
+					kubernetes.Cluster,
+					config.Mesh,
+					mcb_api.MeshCircuitBreakerResourceTypeDescriptor,
+					mt_api.MeshTimeoutResourceTypeDescriptor,
+					mr_api.MeshRetryResourceTypeDescriptor,
+				)).To(Succeed())
+			})
+
+			E2EAfterAll(func() {
+				Expect(kubernetes.Cluster.TriggerDeleteNamespace(config.Namespace)).
+					To(Succeed())
+				Expect(kubernetes.Cluster.TriggerDeleteNamespace(config.NamespaceOutsideMesh)).
+					To(Succeed())
+				Expect(kubernetes.Cluster.DeleteMesh(config.Mesh)).To(Succeed())
+				Expect(kubernetes.Cluster.DeleteDeployment(config.ObservabilityDeploymentName)).
+					To(Succeed())
+			})
+
+			// If you copy the test case from a non-gateway test or create a new test,
+			// remember the the name of policies needs to be unique.
+			// If they have the same name, one might override the other, causing a flake.
+			for policyName, test := range testMatrix {
+				Context(policyName, test)
+			}
+		})
+	}
+
+	contextFor("delegated with kuma.io/service", &config, map[string]func(){
+		"MeshCircuitBreaker":        delegated.CircuitBreaker(&config),
+		"MeshProxyPatch":            delegated.MeshProxyPatch(&config),
+		"MeshHealthCheck":           delegated.MeshHealthCheck(&config),
+		"MeshRetry":                 delegated.MeshRetry(&config),
+		"MeshHTTPRoute":             delegated.MeshHTTPRoute(&config),
+		"MeshTimeout":               delegated.MeshTimeout(&config),
+		"MeshMetric":                delegated.MeshMetric(&config),
+		"MeshTrace":                 delegated.MeshTrace(&config),
+		"MeshLoadBalancingStrategy": delegated.MeshLoadBalancingStrategy(&config),
+		"MeshAccessLog":             delegated.MeshAccessLog(&config),
+		"MeshPassthrough":           delegated.MeshPassthrough(&config),
+		// Matcher for from policy doesn't work for delegated gateway https://github.com/kumahq/kuma/issues/12107
+		// "MeshTLS":                   delegated.MeshTLS(&config),
+>>>>>>> c542d022d (test(e2e): disable meshmtls test with delegated gateway (#12108))
 	})
 
 	E2EAfterAll(func() {

test/e2e_env/kubernetes/gateway/delegated/meshtls.go

@@ -0,0 +1,77 @@
+package delegated
+
+import (
+	"fmt"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+
+	"github.com/kumahq/kuma/pkg/plugins/policies/meshtls/api/v1alpha1"
+	"github.com/kumahq/kuma/test/framework"
+	"github.com/kumahq/kuma/test/framework/client"
+	"github.com/kumahq/kuma/test/framework/envs/kubernetes"
+)
+
+func MeshTLS(config *Config) func() {
+	GinkgoHelper()
+
+	return func() {
+		meshTls := fmt.Sprintf(`
+apiVersion: kuma.io/v1alpha1
+kind: MeshTLS
+metadata:
+  name: meshtls-delegated
+  namespace: %s
+  labels:
+    kuma.io/mesh: %s
+spec:
+  targetRef:
+    kind: Mesh
+  from:
+    - targetRef:
+        kind: Mesh
+      default:
+        tlsVersion:
+          min: TLS13
+          max: TLS13`, config.CpNamespace, config.Mesh)
+
+		framework.AfterEachFailure(func() {
+			framework.DebugKube(kubernetes.Cluster, config.Mesh, config.Namespace, config.ObservabilityDeploymentName)
+		})
+
+		framework.E2EAfterEach(func() {
+			Expect(framework.DeleteMeshResources(
+				kubernetes.Cluster,
+				config.Mesh,
+				v1alpha1.MeshTLSResourceTypeDescriptor,
+			)).To(Succeed())
+		})
+
+		XIt("should not break communication once switched to TLS 1.3", func() {
+			// check that communication to test-server works
+			Eventually(func(g Gomega) {
+				_, err := client.CollectEchoResponse(
+					kubernetes.Cluster,
+					"demo-client",
+					fmt.Sprintf("http://%s/test-server", config.KicIP),
+					client.FromKubernetesPod(config.NamespaceOutsideMesh, "demo-client"),
+				)
+				g.Expect(err).ToNot(HaveOccurred())
+			}, "30s", "1s", MustPassRepeatedly(5)).Should(Succeed())
+
+			// change TLS version to 1.3
+			Expect(framework.YamlK8s(meshTls)(kubernetes.Cluster)).To(Succeed())
+
+			// check that communication to test-server works
+			Eventually(func(g Gomega) {
+				_, err := client.CollectEchoResponse(
+					kubernetes.Cluster,
+					"demo-client",
+					fmt.Sprintf("http://%s/test-server", config.KicIP),
+					client.FromKubernetesPod(config.NamespaceOutsideMesh, "demo-client"),
+				)
+				g.Expect(err).ToNot(HaveOccurred())
+			}, "30s", "1s", MustPassRepeatedly(5)).Should(Succeed())
+		})
+	}
+}