diff --git a/testsuite/openshift/objects/gateway_api/gateway.py b/testsuite/openshift/objects/gateway_api/gateway.py index 414b8559..e8f75e13 100644 --- a/testsuite/openshift/objects/gateway_api/gateway.py +++ b/testsuite/openshift/objects/gateway_api/gateway.py @@ -113,7 +113,7 @@ def create_instance( def get_tls_cert(self) -> Certificate: """Returns TLS certificate used by the gateway""" - tls_cert_secret_name = self.model.spec.listeners[0].tls.certificateRefs[0].name + tls_cert_secret_name = self.cert_secret_name tls_cert_secret = self.openshift.get_secret(tls_cert_secret_name) tls_cert = Certificate( key=tls_cert_secret["tls.key"], @@ -122,6 +122,11 @@ def get_tls_cert(self) -> Certificate: ) return tls_cert + def delete_tls_secret(self): + """Deletes secret with TLS certificate used by the gateway""" + tls_secret = self.openshift.get_secret(self.cert_secret_name) + tls_secret.delete(ignore_not_found=True) + def get_spoke_gateway(self, spokes: dict[str, OpenShiftClient]) -> "MGCGateway": """ Returns spoke gateway on an arbitrary, and sometimes, random spoke cluster. @@ -156,6 +161,11 @@ def delete(self, ignore_not_found=True, cmd_args=None): with timeout(90): super().delete(ignore_not_found, cmd_args) + @property + def cert_secret_name(self): + """Returns name of the secret with generated TLS certificate""" + return self.model.spec.listeners[0].tls.certificateRefs[0].name + class GatewayProxy(Proxy): """Wrapper for Gateway object to make it a Proxy implementation e.g. exposing hostnames outside of the cluster""" diff --git a/testsuite/tests/mgc/conftest.py b/testsuite/tests/mgc/conftest.py index bfc9044a..6a380b0f 100644 --- a/testsuite/tests/mgc/conftest.py +++ b/testsuite/tests/mgc/conftest.py @@ -41,6 +41,7 @@ def upstream_gateway(request, openshift, blame, hostname, module_label): placement="http-gateway", labels={"app": module_label}, ) + request.addfinalizer(upstream_gateway.delete_tls_secret) # pylint: disable=no-member request.addfinalizer(upstream_gateway.delete) upstream_gateway.commit() # we cannot wait here because of referencing not yet existent tls secret which would be provided later by tlspolicy