fix: get all gateways events for tlspolicy

Kuadrant · Jun 28, 2024 · 910eb98 · 910eb98
1 parent b716990
commit 910eb98
Show file tree

Hide file tree

Showing 14 changed files with 56 additions and 18 deletions.
diff --git a/api/v1alpha1/dnspolicy_types.go b/api/v1alpha1/dnspolicy_types.go
@@ -195,6 +195,10 @@ func (p *DNSPolicy) List(ctx context.Context, c client.Client, namespace string)
 	return policies
 }
 
+func (p *DNSPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (p *DNSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }

diff --git a/api/v1alpha1/tlspolicy_types.go b/api/v1alpha1/tlspolicy_types.go
@@ -163,6 +163,10 @@ func (p *TLSPolicy) List(ctx context.Context, c client.Client, namespace string)
 	return policies
 }
 
+func (p *TLSPolicy) TargetProgrammedGatewaysOnly() bool {
+	return false
+}
+
 func (p *TLSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }

diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go
@@ -355,6 +355,10 @@ func (ap *AuthPolicy) List(ctx context.Context, c client.Client, namespace strin
 	return policies
 }
 
+func (ap *AuthPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (ap *AuthPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.InheritedPolicy
 }

diff --git a/api/v1beta2/ratelimitpolicy_types.go b/api/v1beta2/ratelimitpolicy_types.go
@@ -288,6 +288,10 @@ func (r *RateLimitPolicy) List(ctx context.Context, c client.Client, namespace s
 	return policies
 }
 
+func (r *RateLimitPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 func (r *RateLimitPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.InheritedPolicy
 }

diff --git a/controllers/authpolicy_controller.go b/controllers/authpolicy_controller.go
@@ -65,7 +65,7 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ
 	markedForDeletion := ap.GetDeletionTimestamp() != nil
 
 	// fetch the target network object
-	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace, true)
+	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace, ap.TargetProgrammedGatewaysOnly())
 	if err != nil {
 		if !markedForDeletion {
 			if apierrors.IsNotFound(err) {
@@ -186,7 +186,7 @@ func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.A
 				return err
 			}
 
-			refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace, true)
+			refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace, ap.TargetProgrammedGatewaysOnly())
 			if err != nil {
 				return err
 			}

diff --git a/controllers/dnspolicy_controller.go b/controllers/dnspolicy_controller.go
@@ -75,7 +75,7 @@ func (r *DNSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	markedForDeletion := dnsPolicy.GetDeletionTimestamp() != nil
 
-	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace, true)
+	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace, dnsPolicy.TargetProgrammedGatewaysOnly())
 	if err != nil {
 		if !markedForDeletion {
 			if apierrors.IsNotFound(err) {

diff --git a/controllers/ratelimitpolicy_controller.go b/controllers/ratelimitpolicy_controller.go
@@ -87,7 +87,7 @@ func (r *RateLimitPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl
 	markedForDeletion := rlp.GetDeletionTimestamp() != nil
 
 	// fetch the target network object
-	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), rlp.GetTargetRef(), rlp.Namespace, true)
+	targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), rlp.GetTargetRef(), rlp.Namespace, rlp.TargetProgrammedGatewaysOnly())
 	if err != nil {
 		if !markedForDeletion {
 			if apierrors.IsNotFound(err) {

diff --git a/controllers/tlspolicy_controller.go b/controllers/tlspolicy_controller.go
@@ -75,7 +75,7 @@ func (r *TLSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 	markedForDeletion := tlsPolicy.GetDeletionTimestamp() != nil
 
-	targetReferenceObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), tlsPolicy.GetTargetRef(), tlsPolicy.Namespace, false)
+	targetReferenceObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), tlsPolicy.GetTargetRef(), tlsPolicy.Namespace, tlsPolicy.TargetProgrammedGatewaysOnly())
 	log.V(3).Info("TLSPolicyReconciler targetReferenceObject", "targetReferenceObject", targetReferenceObject)
 	if err != nil {
 		if !markedForDeletion {

diff --git a/pkg/library/gatewayapi/topology.go b/pkg/library/gatewayapi/topology.go
@@ -84,10 +84,11 @@ func (h httpRouteDAGNode) ID() string {
 }
 
 type topologyOptions struct {
-	gateways []*gatewayapiv1.Gateway
-	routes   []*gatewayapiv1.HTTPRoute
-	policies []Policy
-	logger   logr.Logger
+	gateways               []*gatewayapiv1.Gateway
+	routes                 []*gatewayapiv1.HTTPRoute
+	policies               []Policy
+	logger                 logr.Logger
+	programmedGatewaysOnly bool
 }
 
 // TopologyOpts allows to manipulate topologyOptions.
@@ -117,10 +118,17 @@ func WithPolicies(policies []Policy) TopologyOpts {
 	}
 }
 
+func WithProgrammedGatewaysOnly(programmedGatewaysOnly bool) TopologyOpts {
+	return func(o *topologyOptions) {
+		o.programmedGatewaysOnly = programmedGatewaysOnly
+	}
+}
+
 func NewTopology(opts ...TopologyOpts) (*Topology, error) {
 	// defaults
 	o := &topologyOptions{
-		logger: logr.Discard(),
+		logger:                 logr.Discard(),
+		programmedGatewaysOnly: true,
 	}
 
 	for _, opt := range opts {
@@ -140,7 +148,7 @@ func NewTopology(opts ...TopologyOpts) (*Topology, error) {
 
 	graph := dag.NewDAG(typeIndexer)
 
-	gatewayDAGNodes := buildGatewayDAGNodes(o.gateways, o.policies)
+	gatewayDAGNodes := buildGatewayDAGNodes(o.gateways, o.policies, o.programmedGatewaysOnly)
 
 	routeDAGNodes := buildHTTPRouteDAGNodes(o.routes, o.policies)
 
@@ -199,12 +207,15 @@ func buildDAGEdges(gateways []gatewayDAGNode, routes []httpRouteDAGNode) []edge
 	return edges
 }
 
-func buildGatewayDAGNodes(gateways []*gatewayapiv1.Gateway, policies []Policy) []gatewayDAGNode {
-	programmedGateways := utils.Filter(gateways, func(g *gatewayapiv1.Gateway) bool {
-		return meta.IsStatusConditionTrue(g.Status.Conditions, string(gatewayapiv1.GatewayConditionProgrammed))
-	})
+func buildGatewayDAGNodes(gateways []*gatewayapiv1.Gateway, policies []Policy, programmedGatewaysOnly bool) []gatewayDAGNode {
+	targetedGateways := gateways
+	if programmedGatewaysOnly {
+		targetedGateways = utils.Filter(gateways, func(g *gatewayapiv1.Gateway) bool {
+			return meta.IsStatusConditionTrue(g.Status.Conditions, string(gatewayapiv1.GatewayConditionProgrammed))
+		})
+	}
 
-	return utils.Map(programmedGateways, func(g *gatewayapiv1.Gateway) gatewayDAGNode {
+	return utils.Map(targetedGateways, func(g *gatewayapiv1.Gateway) gatewayDAGNode {
 		// Compute attached policies
 		attachedPolicies := utils.Filter(policies, func(p Policy) bool {
 			group := p.GetTargetRef().Group

diff --git a/pkg/library/gatewayapi/types.go b/pkg/library/gatewayapi/types.go
@@ -26,6 +26,7 @@ type Policy interface {
 	Kind() string
 	BackReferenceAnnotationName() string
 	DirectReferenceAnnotationName() string
+	TargetProgrammedGatewaysOnly() bool
 }
 
 type PolicyStatus interface {

diff --git a/pkg/library/gatewayapi/types_test.go b/pkg/library/gatewayapi/types_test.go
@@ -60,6 +60,9 @@ func (p *TestPolicy) GetStatus() PolicyStatus {
 	return &p.Status
 }
 
+func (p *TestPolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
 func (p *TestPolicy) DeepCopyObject() runtime.Object {
 	if c := p.DeepCopy(); c != nil {
 		return c

diff --git a/pkg/library/kuadrant/test_utils.go b/pkg/library/kuadrant/test_utils.go
@@ -75,6 +75,10 @@ func (_ *FakePolicy) PolicyClass() kuadrantgatewayapi.PolicyClass {
 	return kuadrantgatewayapi.DirectPolicy
 }
 
+func (p *FakePolicy) TargetProgrammedGatewaysOnly() bool {
+	return true
+}
+
 type FakePolicyStatus struct{}
 
 func (s *FakePolicyStatus) GetConditions() []metav1.Condition {

diff --git a/pkg/library/mappers/gateway.go b/pkg/library/mappers/gateway.go
@@ -49,6 +49,7 @@ func (m *gatewayEventMapper) MapToPolicy(ctx context.Context, obj client.Object,
 		kuadrantgatewayapi.WithRoutes(utils.Map(routeList.Items, ptr.To[gatewayapiv1.HTTPRoute])),
 		kuadrantgatewayapi.WithPolicies(policies),
 		kuadrantgatewayapi.WithLogger(logger),
+		kuadrantgatewayapi.WithProgrammedGatewaysOnly(policyKind.TargetProgrammedGatewaysOnly()),
 	)
 	if err != nil {
 		logger.V(1).Error(err, "unable to build topology for gateway")

diff --git a/tests/common/tlspolicy/tlspolicy_controller_test.go b/tests/common/tlspolicy/tlspolicy_controller_test.go
@@ -421,12 +421,14 @@ var _ = Describe("TLSPolicy controller", func() {
 			//confirm a certificate has been deleted
 			Eventually(func() error {
 				certificateList := &certmanv1.CertificateList{}
-				Expect(k8sClient.List(ctx, certificateList, &client.ListOptions{Namespace: testNamespace})).To(BeNil())
+				if err := k8sClient.List(ctx, certificateList, &client.ListOptions{Namespace: testNamespace}); err != nil {
+					return err
+				}
 				if len(certificateList.Items) != 2 {
 					return fmt.Errorf("expected 2 certificates, found: %v", len(certificateList.Items))
 				}
 				return nil
-			}, time.Second*120, time.Second).Should(BeNil())
+			}, tests.TimeoutMedium, time.Second).Should(BeNil())
 		})
 
 		It("should delete all tls certificates when tls policy is removed even if gateway is already removed", func() {