chore: TLS and DNS Policy API cleanup

* Remove unnescaery implementation of kuadrant.Referrer
* Mark implementation of kuadrant.Policy as Deprecated
* Avoid the use of Kind() method in DNS/TLS policy validator tasks
* Set type of missing resource to Gateway rather than the Policy. This
  isn't 100% correct since it could be a section name not found, but
it's closer than using the policy.

Signed-off-by: Michael Nairn <[email protected]>

api/v1alpha1/dnspolicy_types.go

@@ -17,17 +17,14 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"context"
 	"fmt"
 	"net"
 	"strings"
 
 	dnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/utils/ptr"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 
@@ -36,21 +33,9 @@ import (
 	"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
 )
 
-var (
-	DNSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
-		Group:   GroupVersion.Group,
-		Version: GroupVersion.Version,
-		Kind:    "DNSPolicy",
-	}
-)
-
 const (
-	DefaultWeight int     = 120
-	DefaultGeo    GeoCode = "default"
-	WildcardGeo   GeoCode = "*"
-
-	DNSPolicyBackReferenceAnnotationName   = "kuadrant.io/dnspolicies"
-	DNSPolicyDirectReferenceAnnotationName = "kuadrant.io/dnspolicy"
+	DefaultGeo  GeoCode = "default"
+	WildcardGeo GeoCode = "*"
 )
 
 // DNSPolicySpec defines the desired state of DNSPolicy
@@ -157,7 +142,6 @@ func (s *DNSPolicyStatus) GetConditions() []metav1.Condition {
 }
 
 var _ kuadrant.Policy = &DNSPolicy{}
-var _ kuadrant.Referrer = &DNSPolicy{}
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
@@ -181,10 +165,12 @@ func (p *DNSPolicy) Validate() error {
 	return p.Spec.ExcludeAddresses.Validate()
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *DNSPolicy) GetWrappedNamespace() gatewayapiv1.Namespace {
 	return gatewayapiv1.Namespace(p.Namespace)
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *DNSPolicy) GetRulesHostnames() []string {
 	return make([]string, 0)
 }
@@ -193,30 +179,21 @@ func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
 	return p.Spec.TargetRef.LocalPolicyTargetReference
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *DNSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus {
 	return &p.Status
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *DNSPolicy) Kind() string {
-	return NewDNSPolicyType().GetGVK().Kind
-}
-
-func (p *DNSPolicy) TargetProgrammedGatewaysOnly() bool {
-	return true
+	return DNSPolicyGroupKind.Kind
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *DNSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }
 
-func (p *DNSPolicy) BackReferenceAnnotationName() string {
-	return NewDNSPolicyType().BackReferenceAnnotationName()
-}
-
-func (p *DNSPolicy) DirectReferenceAnnotationName() string {
-	return NewDNSPolicyType().DirectReferenceAnnotationName()
-}
-
 //+kubebuilder:object:root=true
 
 // DNSPolicyList contains a list of DNSPolicy
@@ -226,6 +203,7 @@ type DNSPolicyList struct {
 	Items           []DNSPolicy `json:"items"`
 }
 
+// Deprecated: kuadrant.PolicyList.
 func (l *DNSPolicyList) GetItems() []kuadrant.Policy {
 	return utils.Map(l.Items, func(item DNSPolicy) kuadrant.Policy {
 		return &item
@@ -326,39 +304,3 @@ func (p *DNSPolicy) WithLoadBalancingFor(weight int, geo string, isDefaultGeo bo
 		DefaultGeo: isDefaultGeo,
 	})
 }
-
-type dnsPolicyType struct{}
-
-func NewDNSPolicyType() kuadrantgatewayapi.PolicyType {
-	return &dnsPolicyType{}
-}
-
-func (d dnsPolicyType) GetGVK() schema.GroupVersionKind {
-	return DNSPolicyGVK
-}
-
-func (d dnsPolicyType) GetInstance() client.Object {
-	return &DNSPolicy{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       DNSPolicyGVK.Kind,
-			APIVersion: GroupVersion.String(),
-		},
-	}
-}
-
-func (d dnsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
-	list := &DNSPolicyList{}
-	err := cl.List(ctx, list, listOpts...)
-	if err != nil {
-		return nil, err
-	}
-	return utils.Map(list.Items, func(p DNSPolicy) kuadrantgatewayapi.Policy { return &p }), nil
-}
-
-func (d dnsPolicyType) BackReferenceAnnotationName() string {
-	return DNSPolicyBackReferenceAnnotationName
-}
-
-func (d dnsPolicyType) DirectReferenceAnnotationName() string {
-	return DNSPolicyDirectReferenceAnnotationName
-}

api/v1alpha1/tlspolicy_types.go

@@ -17,13 +17,9 @@ limitations under the License.
 package v1alpha1
 
 import (
-	"context"
-
 	certmanv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
 	certmanmetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/runtime/schema"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1"
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 
@@ -32,19 +28,6 @@ import (
 	"github.com/kuadrant/kuadrant-operator/pkg/library/utils"
 )
 
-var (
-	TLSPolicyGVK schema.GroupVersionKind = schema.GroupVersionKind{
-		Group:   GroupVersion.Group,
-		Version: GroupVersion.Version,
-		Kind:    "TLSPolicy",
-	}
-)
-
-const (
-	TLSPolicyBackReferenceAnnotationName   = "kuadrant.io/tlspolicies"
-	TLSPolicyDirectReferenceAnnotationName = "kuadrant.io/tlspolicy"
-)
-
 // TLSPolicySpec defines the desired state of TLSPolicy
 type TLSPolicySpec struct {
 	// TargetRef identifies an API object to apply policy to.
@@ -134,7 +117,6 @@ func (s *TLSPolicyStatus) GetConditions() []metav1.Condition {
 }
 
 var _ kuadrant.Policy = &TLSPolicy{}
-var _ kuadrant.Referrer = &TLSPolicy{}
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
@@ -154,22 +136,22 @@ type TLSPolicy struct {
 	Status TLSPolicyStatus `json:"status,omitempty"`
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *TLSPolicy) Kind() string {
-	return NewTLSPolicyType().GetGVK().Kind
-}
-
-func (p *TLSPolicy) TargetProgrammedGatewaysOnly() bool {
-	return false
+	return TLSPolicyGroupKind.Kind
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *TLSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *TLSPolicy) GetWrappedNamespace() gatewayapiv1.Namespace {
 	return gatewayapiv1.Namespace(p.Namespace)
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *TLSPolicy) GetRulesHostnames() []string {
 	return make([]string, 0)
 }
@@ -178,18 +160,11 @@ func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference
 	return p.Spec.TargetRef
 }
 
+// Deprecated: kuadrant.Policy.
 func (p *TLSPolicy) GetStatus() kuadrantgatewayapi.PolicyStatus {
 	return &p.Status
 }
 
-func (p *TLSPolicy) BackReferenceAnnotationName() string {
-	return NewTLSPolicyType().BackReferenceAnnotationName()
-}
-
-func (p *TLSPolicy) DirectReferenceAnnotationName() string {
-	return NewTLSPolicyType().DirectReferenceAnnotationName()
-}
-
 //+kubebuilder:object:root=true
 
 // TLSPolicyList contains a list of TLSPolicy
@@ -199,6 +174,7 @@ type TLSPolicyList struct {
 	Items           []TLSPolicy `json:"items"`
 }
 
+// Deprecated: kuadrant.PolicyList.
 func (l *TLSPolicyList) GetItems() []kuadrant.Policy {
 	return utils.Map(l.Items, func(item TLSPolicy) kuadrant.Policy {
 		return &item
@@ -238,38 +214,3 @@ func (p *TLSPolicy) WithIssuerRef(issuerRef certmanmetav1.ObjectReference) *TLSP
 	p.Spec.IssuerRef = issuerRef
 	return p
 }
-
-type tlsPolicyType struct{}
-
-func NewTLSPolicyType() kuadrantgatewayapi.PolicyType {
-	return &tlsPolicyType{}
-}
-
-func (t tlsPolicyType) GetGVK() schema.GroupVersionKind {
-	return TLSPolicyGVK
-}
-func (t tlsPolicyType) GetInstance() client.Object {
-	return &TLSPolicy{
-		TypeMeta: metav1.TypeMeta{
-			Kind:       TLSPolicyGVK.Kind,
-			APIVersion: GroupVersion.String(),
-		},
-	}
-}
-
-func (t tlsPolicyType) GetList(ctx context.Context, cl client.Client, listOpts ...client.ListOption) ([]kuadrantgatewayapi.Policy, error) {
-	list := &TLSPolicyList{}
-	err := cl.List(ctx, list, listOpts...)
-	if err != nil {
-		return nil, err
-	}
-	return utils.Map(list.Items, func(p TLSPolicy) kuadrantgatewayapi.Policy { return &p }), nil
-}
-
-func (t tlsPolicyType) BackReferenceAnnotationName() string {
-	return TLSPolicyBackReferenceAnnotationName
-}
-
-func (t tlsPolicyType) DirectReferenceAnnotationName() string {
-	return TLSPolicyDirectReferenceAnnotationName
-}

controllers/dnspolicies_validator.go

@@ -40,8 +40,8 @@ func (r *DNSPoliciesValidator) validate(ctx context.Context, _ []controller.Reso
 
 	state.Store(StateDNSPolicyAcceptedKey, lo.SliceToMap(policies, func(policy *kuadrantv1alpha1.DNSPolicy) (string, error) {
 		if len(policy.GetTargetRefs()) == 0 || len(topology.Targetables().Children(policy)) == 0 {
-			return policy.GetLocator(), kuadrant.NewErrTargetNotFound(policy.Kind(), policy.GetTargetRef(),
-				apierrors.NewNotFound(kuadrantv1alpha1.DNSPoliciesResource.GroupResource(), policy.GetName()))
+			return policy.GetLocator(), kuadrant.NewErrTargetNotFound(kuadrantv1alpha1.DNSPolicyGroupKind.Kind, policy.GetTargetRef(),
+				apierrors.NewNotFound(controller.GatewaysResource.GroupResource(), policy.GetName()))
 		}
 		return policy.GetLocator(), policy.Validate()
 	}))

controllers/dnspolicy_status_updater.go

@@ -138,7 +138,7 @@ func enforcedCondition(records []*kuadrantdnsv1alpha1.DNSRecord, dnsPolicy *kuad
 
 	// if there are records and none of the records are ready
 	if len(records) > 0 && len(notReadyRecords) == len(records) {
-		return kuadrant.EnforcedCondition(dnsPolicy, kuadrant.NewErrUnknown(dnsPolicy.Kind(), errors.New("policy is not enforced on any DNSRecord: not a single DNSRecord is ready")), false)
+		return kuadrant.EnforcedCondition(dnsPolicy, kuadrant.NewErrUnknown(kuadrantv1alpha1.DNSPolicyGroupKind.Kind, errors.New("policy is not enforced on any DNSRecord: not a single DNSRecord is ready")), false)
 	}
 
 	// some of the records are not ready

controllers/tlspolicies_validator.go

@@ -93,7 +93,7 @@ func (t *TLSPoliciesValidator) Validate(ctx context.Context, _ []controller.Reso
 // TODO: What should happen if multiple target refs is supported in the future in terms of reporting in log and policy status?
 func (t *TLSPoliciesValidator) isTargetRefsFound(topology *machinery.Topology, p *kuadrantv1alpha1.TLSPolicy) error {
 	if len(p.GetTargetRefs()) != len(topology.Targetables().Children(p)) {
-		return kuadrant.NewErrTargetNotFound(p.Kind(), p.GetTargetRef(), apierrors.NewNotFound(kuadrantv1alpha1.TLSPoliciesResource.GroupResource(), p.GetName()))
+		return kuadrant.NewErrTargetNotFound(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, p.GetTargetRef(), apierrors.NewNotFound(controller.GatewaysResource.GroupResource(), p.GetName()))
 	}
 
 	return nil
@@ -102,7 +102,7 @@ func (t *TLSPoliciesValidator) isTargetRefsFound(topology *machinery.Topology, p
 // isValidIssuerKind Validates that the Issuer Ref kind is either empty, Issuer or ClusterIssuer
 func (t *TLSPoliciesValidator) isValidIssuerKind(p *kuadrantv1alpha1.TLSPolicy) error {
 	if !lo.Contains([]string{"", certmanv1.IssuerKind, certmanv1.ClusterIssuerKind}, p.Spec.IssuerRef.Kind) {
-		return kuadrant.NewErrInvalid(p.Kind(), fmt.Errorf(`invalid value %q for issuerRef.kind. Must be empty, %q or %q`,
+		return kuadrant.NewErrInvalid(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, fmt.Errorf(`invalid value %q for issuerRef.kind. Must be empty, %q or %q`,
 			p.Spec.IssuerRef.Kind, certmanv1.IssuerKind, certmanv1.ClusterIssuerKind))
 	}
 
@@ -132,7 +132,7 @@ func (t *TLSPoliciesValidator) isIssuerFound(topology *machinery.Topology, p *ku
 	})
 
 	if !ok {
-		return kuadrant.NewErrInvalid(p.Kind(), errors.New("unable to find issuer"))
+		return kuadrant.NewErrInvalid(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, errors.New("unable to find issuer"))
 	}
 
 	return nil

controllers/tlspolicy_status_updater.go

@@ -106,11 +106,11 @@ func (t *TLSPolicyStatusUpdater) UpdateStatus(ctx context.Context, _ []controlle
 
 func (t *TLSPolicyStatusUpdater) enforcedCondition(ctx context.Context, policy *kuadrantv1alpha1.TLSPolicy, topology *machinery.Topology) *metav1.Condition {
 	if err := t.isIssuerReady(ctx, policy, topology); err != nil {
-		return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(policy.Kind(), err), false)
+		return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, err), false)
 	}
 
 	if err := t.isCertificatesReady(policy, topology); err != nil {
-		return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(policy.Kind(), err), false)
+		return kuadrant.EnforcedCondition(policy, kuadrant.NewErrUnknown(kuadrantv1alpha1.TLSPolicyGroupKind.Kind, err), false)
 	}
 
 	return kuadrant.EnforcedCondition(policy, nil, true)