From 95670ed899688e04aaf56248f57892ed0dce7cc8 Mon Sep 17 00:00:00 2001 From: Yamunadevi Shanmugam Date: Mon, 29 Jun 2026 13:46:20 +0530 Subject: [PATCH] fix(flakiness): Improve the cleanup order Improve the cleanup order for fixing flakiness --- test/extended/util/client.go | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/test/extended/util/client.go b/test/extended/util/client.go index f268eee0158c..3d2d886a3d9e 100644 --- a/test/extended/util/client.go +++ b/test/extended/util/client.go @@ -1195,18 +1195,23 @@ func (c *CLI) GetClientConfigForUser(username string) *rest.Config { } privToken, pubToken := GenerateOAuthTokenPair() - token, err := oauthClient.OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{ + _, err = oauthClient.OauthV1().OAuthAccessTokens().Create(ctx, &oauthv1.OAuthAccessToken{ ObjectMeta: metav1.ObjectMeta{Name: pubToken}, ClientName: oauthClientName, UserName: username, UserUID: string(user.UID), Scopes: []string{"user:full"}, RedirectURI: "https://localhost:8443/oauth/token/implicit", + ExpiresIn: 21600, // 6 h TTL; auto-expires without explicit deletion }, metav1.CreateOptions{}) if err != nil { FatalErr(err) } - c.AddResourceToDelete(oauthv1.GroupVersion.WithResource("oauthaccesstokens"), token) + // The token is intentionally not added to resourcesToDelete. + // TeardownProject (AfterEach) runs before DeferCleanup. Deleting the token + // there causes cached clients to get 401 Unauthorized, fall back to + // system:anonymous, and fail with 403 Forbidden during DeferCleanup. + // ExpiresIn: 21600 provides TTL-based cleanup without breaking DeferCleanup. userClientConfig := rest.AnonymousClientConfig(turnOffRateLimiting(rest.CopyConfig(c.AdminConfig()))) userClientConfig.BearerToken = privToken