test: Ensure finalizers are re-reconciled

Makefile

@@ -314,7 +314,7 @@ generate-e2e-templates-main: $(KUSTOMIZE) ## Generate test templates for the mai
 	"$(KUSTOMIZE)" --load-restrictor LoadRestrictionsNone build "$(E2E_TEMPLATE_DIR)/main/pci" > "$(E2E_TEMPLATE_DIR)/main/cluster-template-pci.yaml"
 	# for DHCP overrides
 	"$(KUSTOMIZE)" --load-restrictor LoadRestrictionsNone build "$(E2E_TEMPLATE_DIR)/main/dhcp-overrides" > "$(E2E_TEMPLATE_DIR)/main/cluster-template-dhcp-overrides.yaml"
-	"$(KUSTOMIZE)" --load-restrictor LoadRestrictionsNone build "$(E2E_TEMPLATE_DIR)/main/ownerreferences" > "$(E2E_TEMPLATE_DIR)/main/cluster-template-ownerreferences.yaml"
+	"$(KUSTOMIZE)" --load-restrictor LoadRestrictionsNone build "$(E2E_TEMPLATE_DIR)/main/ownerrefs-finalizers" > "$(E2E_TEMPLATE_DIR)/main/cluster-template-ownerrefs-finalizers.yaml"
 
 .PHONY: generate-e2e-templates-v1.8
 generate-e2e-templates-v1.8: $(KUSTOMIZE)

test/e2e/config/vsphere-ci.yaml

@@ -148,7 +148,7 @@ providers:
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-kcp-remediation.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-md-remediation.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-node-drain.yaml"
-          - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-ownerreferences.yaml"
+          - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-ownerrefs-finalizers.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-pci.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-remote-management.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-storage-policy.yaml"

test/e2e/config/vsphere-dev.yaml

@@ -151,7 +151,7 @@ providers:
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-kcp-remediation.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-md-remediation.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-node-drain.yaml"
-          - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-ownerreferences.yaml"
+          - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-ownerrefs-finalizers.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-pci.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-remote-management.yaml"
           - sourcePath: "../../../test/e2e/data/infrastructure-vsphere/main/cluster-template-storage-policy.yaml"

test/e2e/data/infrastructure-vsphere/main/ownerreferences/cluster-identity.yaml → test/e2e/data/infrastructure-vsphere/main/ownerrefs-finalizers/cluster-identity.yaml

@@ -2,9 +2,9 @@
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: VSphereClusterIdentity
 metadata:
-  name: ownerreferences
+  name: ownerrefs-finalizers
 spec:
-  secretName: ownerreferences
+  secretName: ownerrefs-finalizers
   allowedNamespaces:
     selector:
       matchLabels:

test/e2e/data/infrastructure-vsphere/main/ownerreferences/failure-domains.yaml → test/e2e/data/infrastructure-vsphere/main/ownerrefs-finalizers/failure-domains.yaml

@@ -2,7 +2,7 @@
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: VSphereFailureDomain
 metadata:
-  name: "ownerreferences"
+  name: ownerrefs-finalizers
 spec:
   region:
     name: '${VSPHERE_DATACENTER}'
@@ -23,9 +23,9 @@ spec:
 apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
 kind: VSphereDeploymentZone
 metadata:
-  name: "ownerreferences"
+  name: ownerrefs-finalizers
 spec:
   server: '${VSPHERE_SERVER}'
-  failureDomain: "ownerreferences"
+  failureDomain: "ownerrefs-finalizers"
   placementConstraint:
     resourcePool: '${VSPHERE_RESOURCE_POOL}'

test/e2e/data/infrastructure-vsphere/main/ownerreferences/vsphereclusteridentity.yaml → test/e2e/data/infrastructure-vsphere/main/ownerrefs-finalizers/vsphereclusteridentity.yaml

@@ -7,5 +7,5 @@ metadata:
 spec:
   identityRef:
     kind: VSphereClusterIdentity
-    name: ownerreferences
+    name: ownerrefs-finalizers
 

test/e2e/ownerreference_test.go → test/e2e/ownerrefs_finalizers_test.go

@@ -41,7 +41,7 @@ import (
 	infrav1 "sigs.k8s.io/cluster-api-provider-vsphere/apis/v1beta1"
 )
 
-var _ = Describe("OwnerReference checks with FailureDomains and ClusterIdentity", func() {
+var _ = Describe("Ensure OwnerReferences and Finalizers are resilient with FailureDomains and ClusterIdentity", func() {
 	// Before running the test create the secret used by the VSphereClusterIdentity to connect to the vCenter.
 	BeforeEach(func() {
 		createVsphereIdentitySecret(ctx, bootstrapClusterProxy)
@@ -54,7 +54,7 @@ var _ = Describe("OwnerReference checks with FailureDomains and ClusterIdentity"
 			BootstrapClusterProxy: bootstrapClusterProxy,
 			ArtifactFolder:        artifactFolder,
 			SkipCleanup:           skipCleanup,
-			Flavor:                ptr.To("ownerreferences"),
+			Flavor:                ptr.To("ownerrefs-finalizers"),
 			PostMachinesProvisioned: func(proxy framework.ClusterProxy, namespace, clusterName string) {
 				// Inject a client to use for checkClusterIdentitySecretOwnerRef
 				checkClusterIdentitySecretOwnerRef(ctx, proxy.GetClient())
@@ -80,6 +80,13 @@ var _ = Describe("OwnerReference checks with FailureDomains and ClusterIdentity"
 					VSphereKubernetesReferenceAssertions,
 					VSphereReferenceAssertions,
 				)
+				// This check ensures that finalizers are resilient - i.e. correctly re-reconciled, when removed.
+				framework.ValidateFinalizersResilience(ctx, proxy, namespace, clusterName,
+					framework.CoreFinalizersAssertion,
+					framework.KubeadmControlPlaneFinalizersAssertion,
+					framework.ExpFinalizersAssertion,
+					VSphereFinalizers,
+				)
 			},
 		}
 	})
@@ -170,14 +177,25 @@ var (
 
 // The following names are hardcoded in templates to make cleanup easier.
 var (
-	clusterIdentityName            = "ownerreferences"
+	clusterIdentityName            = "ownerrefs-finalizers"
 	clusterIdentitySecretNamespace = "capv-system"
-	deploymentZoneName             = "ownerreferences"
+	deploymentZoneName             = "ownerrefs-finalizers"
 )
 
+// VSphereFinalizers maps VSphere infrastructure resource types to their expected finalizers.
+var VSphereFinalizers = map[string][]string{
+	"VSphereVM":              {infrav1.VMFinalizer},
+	"Secret":                 {infrav1.SecretIdentitySetFinalizer},
+	"VSphereClusterIdentity": {infrav1.VSphereClusterIdentityFinalizer},
+	"VSphereDeploymentZone":  {infrav1.DeploymentZoneFinalizer},
+	"VSphereMachine":         {infrav1.MachineFinalizer},
+	"IPAddressClaim":         {infrav1.IPAddressClaimFinalizer},
+	"VSphereCluster":         {infrav1.ClusterFinalizer},
+}
+
 // cleanupVSphereObjects deletes the Secret, VSphereClusterIdentity, and VSphereDeploymentZone created for this test.
 // The VSphereFailureDomain, and the Secret for the VSphereClusterIdentity should be deleted as a result of the above.
-func cleanupVSphereObjects(ctx context.Context, bootstrapClusterProxy framework.ClusterProxy) bool {
+func cleanupVSphereObjects(ctx context.Context, bootstrapClusterProxy framework.ClusterProxy) {
 	Eventually(func() error {
 		if err := bootstrapClusterProxy.GetClient().Delete(ctx,
 			&infrav1.VSphereClusterIdentity{
@@ -197,7 +215,6 @@ func cleanupVSphereObjects(ctx context.Context, bootstrapClusterProxy framework.
 		}
 		return nil
 	}).Should(Succeed())
-	return true
 }
 
 func createVsphereIdentitySecret(ctx context.Context, bootstrapClusterProxy framework.ClusterProxy) {