Fix test cleanup for TTL feature and regenerate API docs

stefanhipfel · stefanhipfel · commit 1bfb595b71a0 · 2026-05-11T15:15:26.000+02:00
This commit fixes two CI failures:

1. Test failures - TTL tests were not properly cleaning up BMCSecrets
   - BMCUsers create secrets with owner references
   - envtest has no garbage collector, so secrets persist after user deletion
   - Added proper cleanup using owner reference matching (like existing rotation test)
   - All 4 new TTL tests now pass cleanly

2. Code generation check failure - API docs were stale
   - Regenerated docs/api-reference/api.md to include TTL/ExpiresAt fields
   - Docs now include spec.ttl, spec.expiresAt, status.expiresAt, status.conditions

Test results:
- All 9 BMCUser tests pass (5 existing + 4 new TTL tests)
- AfterEach cleanup validates no leaked resources

Signed-off-by: Stefan Hipfel &lt;stefan.hipfel@sap.com&gt;
diff --git a/docs/api-reference/api.md b/docs/api-reference/api.md
@@ -714,6 +714,8 @@ _Appears in:_
 | `rotationPeriod` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#duration-v1-meta)_ | RotationPeriod defines how often the password should be rotated.<br />If not set, the password will not be rotated. |  |  |
 | `bmcSecretRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core)_ | BMCSecretRef references the BMCSecret containing the credentials for this user.<br />If not set, the operator will generate a secure password based on BMC manufacturer requirements. |  |  |
 | `bmcRef` _[LocalObjectReference](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#localobjectreference-v1-core)_ | BMCRef references the BMC this user should be created on. |  |  |
+| `ttl` _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#duration-v1-meta)_ | TTL specifies the time-to-live duration for this user.<br />When set, the user will be automatically deleted after this duration from creation.<br />This is useful for temporary debugging users.<br />If not set, the user is permanent (no automatic deletion).<br />Mutually exclusive with ExpiresAt - only one should be set. |  | Pattern: `^([0-9]+(\.[0-9]+)?(ns\|us\|µs\|ms\|s\|m\|h))+$` <br />Type: string <br /> |
+| `expiresAt` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#time-v1-meta)_ | ExpiresAt specifies an absolute timestamp when this user should be deleted.<br />This is useful for users that need to expire at a specific time.<br />If not set along with TTL, the user is permanent.<br />Mutually exclusive with TTL - only one should be set. |  |  |
 
 
 #### BMCUserStatus
@@ -733,6 +735,8 @@ _Appears in:_
 | `lastRotation` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#time-v1-meta)_ | LastRotation is the timestamp of the last password rotation. |  |  |
 | `passwordExpiration` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#time-v1-meta)_ | PasswordExpiration is the timestamp when the password will expire. |  |  |
 | `id` _string_ | ID is the identifier of the user in the BMC system. |  |  |
+| `expiresAt` _[Time](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#time-v1-meta)_ | ExpiresAt is the calculated absolute time when this user will be deleted.<br />Set by the controller based on TTL or spec.ExpiresAt.<br />Only set for temporary users (when spec.TTL or spec.ExpiresAt is set). |  |  |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.35/#condition-v1-meta) array_ | Conditions represents the latest available observations of the BMCUser's current state. |  |  |
 
 
 #### BMCVersion
diff --git a/internal/controller/bmcuser_controller_test.go b/internal/controller/bmcuser_controller_test.go
@@ -435,7 +435,18 @@ var _ = Describe("BMCUser Controller", func() {
 		expectedExpiry := user.CreationTimestamp.Add(1 * time.Hour)
 		Expect(user.Status.ExpiresAt.Time).To(BeTemporally("~", expectedExpiry, 5*time.Second))
 
+		By("Cleaning up resources")
 		Expect(k8sClient.Delete(ctx, user)).To(Succeed())
+		// Clean up all secrets owned by this user since envtest has no garbage collector
+		secretList := &metalv1alpha1.BMCSecretList{}
+		Expect(k8sClient.List(ctx, secretList)).To(Succeed())
+		for _, s := range secretList.Items {
+			for _, ref := range s.OwnerReferences {
+				if ref.UID == user.UID {
+					Expect(client.IgnoreNotFound(k8sClient.Delete(ctx, &s))).To(Succeed())
+				}
+			}
+		}
 	})
 
 	It("should use absolute expiration time from ExpiresAt", func(ctx SpecContext) {
@@ -459,7 +470,18 @@ var _ = Describe("BMCUser Controller", func() {
 			HaveField("Status.ExpiresAt.Time", BeTemporally("~", expiryTime.Time, 1*time.Second)),
 		)
 
+		By("Cleaning up resources")
 		Expect(k8sClient.Delete(ctx, user)).To(Succeed())
+		// Clean up all secrets owned by this user since envtest has no garbage collector
+		secretList := &metalv1alpha1.BMCSecretList{}
+		Expect(k8sClient.List(ctx, secretList)).To(Succeed())
+		for _, s := range secretList.Items {
+			for _, ref := range s.OwnerReferences {
+				if ref.UID == user.UID {
+					Expect(client.IgnoreNotFound(k8sClient.Delete(ctx, &s))).To(Succeed())
+				}
+			}
+		}
 	})
 
 	It("should ignore TTL changes after expiration is calculated", func(ctx SpecContext) {
@@ -491,7 +513,18 @@ var _ = Describe("BMCUser Controller", func() {
 			HaveField("Status.ExpiresAt.Time", BeTemporally("~", originalExpiry.Time, 1*time.Second)),
 		)
 
+		By("Cleaning up resources")
 		Expect(k8sClient.Delete(ctx, user)).To(Succeed())
+		// Clean up all secrets owned by this user since envtest has no garbage collector
+		secretList := &metalv1alpha1.BMCSecretList{}
+		Expect(k8sClient.List(ctx, secretList)).To(Succeed())
+		for _, s := range secretList.Items {
+			for _, ref := range s.OwnerReferences {
+				if ref.UID == user.UID {
+					Expect(client.IgnoreNotFound(k8sClient.Delete(ctx, &s))).To(Succeed())
+				}
+			}
+		}
 	})
 
 	It("should not set expiration for users without TTL or ExpiresAt", func(ctx SpecContext) {
@@ -514,7 +547,18 @@ var _ = Describe("BMCUser Controller", func() {
 			HaveField("Status.ExpiresAt", BeNil()),
 		)
 
+		By("Cleaning up resources")
 		Expect(k8sClient.Delete(ctx, user)).To(Succeed())
+		// Clean up all secrets owned by this user since envtest has no garbage collector
+		secretList := &metalv1alpha1.BMCSecretList{}
+		Expect(k8sClient.List(ctx, secretList)).To(Succeed())
+		for _, s := range secretList.Items {
+			for _, ref := range s.OwnerReferences {
+				if ref.UID == user.UID {
+					Expect(client.IgnoreNotFound(k8sClient.Delete(ctx, &s))).To(Succeed())
+				}
+			}
+		}
 	})
 
 })
