test(e2e): make cluster provider auth recovery optional

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

e2e/suites/provider/cases/common/clusterprovider.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"time"
 
+	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -48,6 +49,10 @@ type ClusterProviderExternalSecretRuntime struct {
 	RepairAuth          func()
 }
 
+func (r *ClusterProviderExternalSecretRuntime) SupportsAuthLifecycle() bool {
+	return r != nil && r.BreakAuth != nil && r.RepairAuth != nil
+}
+
 func ClusterProviderManifestNamespace(f *framework.Framework, harness ClusterProviderExternalSecretHarness) (string, func(*framework.TestCase)) {
 	return clusterProviderSyncCase(f, harness, "manifest", "manifest-value", esv1.AuthenticationScopeManifestNamespace)
 }
@@ -168,6 +173,13 @@ func clusterProviderRecoveryCase(f *framework.Framework, harness ClusterProvider
 				Name:      name,
 				AuthScope: authScope,
 			})
+			if !runtime.SupportsAuthLifecycle() {
+				providerName := ""
+				if runtime != nil {
+					providerName = runtime.ClusterProviderName
+				}
+				Skip(fmt.Sprintf("provider %q does not support auth lifecycle recovery hooks", providerName))
+			}
 			applyClusterProviderExternalSecret(tc, runtime)
 			runtime.BreakAuth()
 		}

e2e/suites/provider/cases/common/provider_namespace.go

@@ -0,0 +1,69 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/util/wait"
+
+	"github.com/external-secrets/external-secrets-e2e/framework"
+)
+
+func CreateProviderCaseNamespace(f *framework.Framework, prefix string, pollInterval time.Duration) string {
+	if pollInterval <= 0 {
+		pollInterval = 5 * time.Second
+	}
+
+	namespace := &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			GenerateName: fmt.Sprintf("e2e-tests-%s-", prefix),
+		},
+	}
+	Expect(f.CRClient.Create(context.Background(), namespace)).To(Succeed())
+
+	DeferCleanup(func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+		defer cancel()
+
+		err := f.CRClient.Delete(ctx, namespace)
+		if err != nil && !apierrors.IsNotFound(err) {
+			Expect(err).ToNot(HaveOccurred())
+		}
+
+		err = wait.PollUntilContextTimeout(ctx, pollInterval, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
+			_, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace.Name, metav1.GetOptions{})
+			if apierrors.IsNotFound(err) {
+				return true, nil
+			}
+			if err != nil {
+				return false, err
+			}
+			return false, nil
+		})
+		Expect(err).To(Succeed())
+	})
+
+	return namespace.Name
+}

e2e/suites/provider/cases/common/provider_runtime_test.go

@@ -0,0 +1,48 @@
+/*
+Copyright © The ESO Authors
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+import "testing"
+
+func TestClusterProviderExternalSecretRuntimeSupportsAuthLifecycle(t *testing.T) {
+	runtimeWithoutHooks := &ClusterProviderExternalSecretRuntime{}
+	if runtimeWithoutHooks.SupportsAuthLifecycle() {
+		t.Fatalf("expected SupportsAuthLifecycle to return false when both hooks are nil")
+	}
+
+	runtimeWithBreakOnly := &ClusterProviderExternalSecretRuntime{
+		BreakAuth: func() {},
+	}
+	if runtimeWithBreakOnly.SupportsAuthLifecycle() {
+		t.Fatalf("expected SupportsAuthLifecycle to return false when RepairAuth is nil")
+	}
+
+	runtimeWithRepairOnly := &ClusterProviderExternalSecretRuntime{
+		RepairAuth: func() {},
+	}
+	if runtimeWithRepairOnly.SupportsAuthLifecycle() {
+		t.Fatalf("expected SupportsAuthLifecycle to return false when BreakAuth is nil")
+	}
+
+	runtimeWithBothHooks := &ClusterProviderExternalSecretRuntime{
+		BreakAuth:  func() {},
+		RepairAuth: func() {},
+	}
+	if !runtimeWithBothHooks.SupportsAuthLifecycle() {
+		t.Fatalf("expected SupportsAuthLifecycle to return true when both hooks are present")
+	}
+}

e2e/suites/provider/cases/fake/provider_v2.go

@@ -27,7 +27,6 @@ import (
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/apimachinery/pkg/util/wait"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	"github.com/external-secrets/external-secrets-e2e/framework"
@@ -173,7 +172,7 @@ type fakeClusterProviderScenario struct {
 func newFakeClusterProviderScenario(f *framework.Framework, prefix string, authScope esv1.AuthenticationScope) *fakeClusterProviderScenario {
 	providerNamespace := f.Namespace.Name
 	if authScope == esv1.AuthenticationScopeProviderNamespace {
-		providerNamespace = createE2ENamespace(f, prefix+"-provider")
+		providerNamespace = common.CreateProviderCaseNamespace(f, prefix+"-provider", defaultV2PollInterval)
 	}
 
 	s := &fakeClusterProviderScenario{
@@ -229,8 +228,6 @@ func newFakeClusterProviderExternalSecretHarness(f *framework.Framework) common.
 			return &common.ClusterProviderExternalSecretRuntime{
 				ClusterProviderName: clusterProviderName,
 				Provider:            s,
-				BreakAuth:           func() {},
-				RepairAuth:          func() {},
 			}
 		},
 	}
@@ -254,8 +251,10 @@ func newFakeClusterProviderPushHarness(f *framework.Framework) common.ClusterPro
 						Kind: esv1.ClusterProviderKindStr,
 					}, name, expectedValue)
 				},
-				ExpectNoRemoteSecret:      func(string, string) {},
-				CreateWritableRemoteScope: func(prefix string) string { return createE2ENamespace(f, prefix) },
+				ExpectNoRemoteSecret: func(string, string) {},
+				CreateWritableRemoteScope: func(prefix string) string {
+					return common.CreateProviderCaseNamespace(f, prefix, defaultV2PollInterval)
+				},
 			}
 		},
 	}
@@ -396,36 +395,3 @@ func fakeConfigNamespaceForAuthScope(authScope esv1.AuthenticationScope, manifes
 	}
 	return manifestNamespace
 }
-
-func createE2ENamespace(f *framework.Framework, prefix string) string {
-	namespace := &corev1.Namespace{
-		ObjectMeta: metav1.ObjectMeta{
-			GenerateName: fmt.Sprintf("e2e-tests-%s-", prefix),
-		},
-	}
-	Expect(f.CRClient.Create(context.Background(), namespace)).To(Succeed())
-
-	DeferCleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
-		defer cancel()
-
-		err := f.CRClient.Delete(ctx, namespace)
-		if err != nil && !apierrors.IsNotFound(err) {
-			Expect(err).ToNot(HaveOccurred())
-		}
-
-		err = wait.PollUntilContextTimeout(ctx, defaultV2PollInterval, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
-			_, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace.Name, metav1.GetOptions{})
-			if apierrors.IsNotFound(err) {
-				return true, nil
-			}
-			if err != nil {
-				return false, err
-			}
-			return false, nil
-		})
-		Expect(err).To(Succeed())
-	})
-
-	return namespace.Name
-}

e2e/suites/provider/cases/kubernetes/clusterprovider_v2.go

@@ -227,34 +227,5 @@ func externalSecretConditionHasStatus(condition *esv1.ExternalSecretStatusCondit
 }
 
 func createE2ENamespace(f *framework.Framework, prefix string) string {
-	namespace := &corev1.Namespace{
-		ObjectMeta: metav1.ObjectMeta{
-			GenerateName: fmt.Sprintf("e2e-tests-%s-", prefix),
-		},
-	}
-	Expect(f.CRClient.Create(context.Background(), namespace)).To(Succeed())
-
-	DeferCleanup(func() {
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
-		defer cancel()
-
-		err := f.CRClient.Delete(ctx, namespace)
-		if err != nil && !apierrors.IsNotFound(err) {
-			Expect(err).ToNot(HaveOccurred())
-		}
-
-		err = wait.PollUntilContextTimeout(ctx, defaultV2PollInterval, 2*time.Minute, true, func(ctx context.Context) (bool, error) {
-			_, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace.Name, metav1.GetOptions{})
-			if apierrors.IsNotFound(err) {
-				return true, nil
-			}
-			if err != nil {
-				return false, err
-			}
-			return false, nil
-		})
-		Expect(err).To(Succeed())
-	})
-
-	return namespace.Name
+	return common.CreateProviderCaseNamespace(f, prefix, defaultV2PollInterval)
 }