test(e2e): clean up v2 parameterstore cluster providers

e2e/suites/provider/cases/aws/parameterstore/parameterstore_v2_managed_test.go

@@ -17,6 +17,7 @@ limitations under the License.
 package aws
 
 import (
+	"errors"
 	"testing"
 
 	"github.com/external-secrets/external-secrets-e2e/framework"
@@ -46,3 +47,67 @@ func TestConfigureV2ReferencedIRSAStoreRefUsesClusterProvider(t *testing.T) {
 		t.Fatalf("expected cluster provider ref %q, got %q", "aws-irsa-cluster-provider", got)
 	}
 }
+
+func TestWrapCleanupWithClusterProviderDeleteRunsPreviousCleanupFirst(t *testing.T) {
+	t.Parallel()
+
+	var calls []string
+	cleanup := wrapCleanupWithClusterProviderDelete(
+		func() { calls = append(calls, "previous") },
+		func() error {
+			calls = append(calls, "delete")
+			return nil
+		},
+	)
+
+	cleanup()
+
+	if len(calls) != 2 {
+		t.Fatalf("expected 2 cleanup calls, got %d", len(calls))
+	}
+	if calls[0] != "previous" || calls[1] != "delete" {
+		t.Fatalf("expected call order [previous delete], got %v", calls)
+	}
+}
+
+func TestWrapCleanupWithClusterProviderDeleteRunsDeleteWithoutPreviousCleanup(t *testing.T) {
+	t.Parallel()
+
+	var deleteCalled bool
+	cleanup := wrapCleanupWithClusterProviderDelete(nil, func() error {
+		deleteCalled = true
+		return nil
+	})
+
+	cleanup()
+
+	if !deleteCalled {
+		t.Fatal("expected delete callback to run")
+	}
+}
+
+func TestWrapCleanupWithClusterProviderDeleteIgnoresNotFoundDeleteError(t *testing.T) {
+	t.Parallel()
+
+	cleanup := wrapCleanupWithClusterProviderDelete(nil, func() error {
+		return errClusterProviderNotFoundForCleanup
+	})
+
+	cleanup()
+}
+
+func TestWrapCleanupWithClusterProviderDeletePanicsOnUnexpectedDeleteError(t *testing.T) {
+	t.Parallel()
+
+	cleanup := wrapCleanupWithClusterProviderDelete(nil, func() error {
+		return errors.New("boom")
+	})
+
+	defer func() {
+		if recover() == nil {
+			t.Fatal("expected panic for unexpected delete error")
+		}
+	}()
+
+	cleanup()
+}

e2e/suites/provider/cases/aws/parameterstore/provider_support_v2.go

@@ -37,6 +37,7 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
+	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/external-secrets/external-secrets-e2e/framework"
@@ -98,6 +99,8 @@ type assumeRoleV2ProbeResult struct {
 
 var assumeRoleV2ProbeCache sync.Map
 
+var errClusterProviderNotFoundForCleanup = errors.New("cluster provider not found")
+
 func loadAWSV2AccessConfigFromEnv() awsV2AccessConfig {
 	role := os.Getenv("AWS_ROLE_ARN")
 	if role == "" {
@@ -561,6 +564,13 @@ func useV2ReferencedIRSA(prov *ProviderV2) func(*framework.TestCase) {
 			)
 			frameworkv2.WaitForClusterProviderReady(prov.framework, clusterProviderName, defaultV2WaitTimeout)
 			configureV2ReferencedIRSAStoreRef(tc, clusterProviderName)
+
+			prevCleanup := tc.Cleanup
+			tc.Cleanup = wrapCleanupWithClusterProviderDelete(prevCleanup, func() error {
+				return prov.framework.CRClient.Delete(GinkgoT().Context(), &esv1.ClusterProvider{
+					ObjectMeta: metav1.ObjectMeta{Name: clusterProviderName},
+				})
+			})
 		}
 	}
 }
@@ -583,6 +593,24 @@ func configureV2ReferencedIRSAStoreRef(tc *framework.TestCase, clusterProviderNa
 	tc.ExternalSecret.Spec.SecretStoreRef.Name = clusterProviderName
 }
 
+func wrapCleanupWithClusterProviderDelete(prevCleanup func(), deleteClusterProvider func() error) func() {
+	return func() {
+		if prevCleanup != nil {
+			prevCleanup()
+		}
+
+		err := deleteClusterProvider()
+		if err == nil || isClusterProviderDeleteNotFound(err) {
+			return
+		}
+		Expect(err).NotTo(HaveOccurred())
+	}
+}
+
+func isClusterProviderDeleteNotFound(err error) bool {
+	return errors.Is(err, errClusterProviderNotFoundForCleanup) || k8serrors.IsNotFound(err)
+}
+
 func (p *ProviderV2) prepareNamespacedProvider(profile ...awsV2AuthProfile) func(*framework.TestCase, framework.SecretStoreProvider) {
 	authProfile := awsV2AuthProfileStatic
 	if len(profile) > 0 {