fix: policy satus observedGeneration

internal/gatewayapi/backendtlspolicy.go

@@ -151,7 +151,7 @@ func (t *Translator) processBackendTLSPolicy(
 		return nil, err
 	}
 
-	status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+	status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 	return tlsBundle, nil
 }
 

internal/gatewayapi/backendtrafficpolicy.go

@@ -226,7 +226,7 @@ func (t *Translator) ProcessBackendTrafficPolicies(resources *resource.Resources
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 			}
 		}
 	}
@@ -280,7 +280,7 @@ func (t *Translator) ProcessBackendTrafficPolicies(resources *resource.Resources
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 
 				// Check if this policy is overridden by other policies targeting at
 				// route level

internal/gatewayapi/clienttrafficpolicy.go

@@ -159,7 +159,7 @@ func (t *Translator) ProcessClientTrafficPolicies(
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 			}
 		}
 	}
@@ -277,7 +277,7 @@ func (t *Translator) ProcessClientTrafficPolicies(
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 			}
 		}
 	}

internal/gatewayapi/envoyextensionpolicy.go

@@ -143,7 +143,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 			}
 		}
 	}
@@ -197,7 +197,7 @@ func (t *Translator) ProcessEnvoyExtensionPolicies(envoyExtensionPolicies []*egv
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 
 				// Check if this policy is overridden by other policies targeting at
 				// route level

internal/gatewayapi/envoypatchpolicy.go

@@ -123,6 +123,6 @@ func (t *Translator) ProcessEnvoyPatchPolicies(envoyPatchPolicies []*egv1a1.Envo
 		}
 
 		// Set Accepted=True
-		status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName)
+		status.SetAcceptedForPolicyAncestors(&policy.Status, ancestorRefs, t.GatewayControllerName, policy.Generation)
 	}
 }

internal/gatewayapi/extensionserverpolicy.go

@@ -84,7 +84,7 @@ func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unst
 				ancestorRefs := []gwapiv1a2.ParentReference{
 					getAncestorRefForPolicy(gatewayNN, currTarget.SectionName),
 				}
-				status.SetAcceptedForPolicyAncestors(&policyStatus, ancestorRefs, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policyStatus, ancestorRefs, t.GatewayControllerName, policy.GetGeneration())
 				accepted = true
 			}
 		}

internal/gatewayapi/securitypolicy.go

@@ -184,7 +184,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security
 				}
 
 				// Set Accepted condition if it is unset
-				status.SetAcceptedForPolicyAncestors(&policy.Status, parentGateways, t.GatewayControllerName)
+				status.SetAcceptedForPolicyAncestors(&policy.Status, parentGateways, t.GatewayControllerName, policy.Generation)
 			}
 		}
 	}
@@ -279,7 +279,7 @@ func (t *Translator) processSecurityPolicyForGateway(
 	}
 
 	// Set Accepted condition if it is unset
-	status.SetAcceptedForPolicyAncestors(&policy.Status, parentGateways, t.GatewayControllerName)
+	status.SetAcceptedForPolicyAncestors(&policy.Status, parentGateways, t.GatewayControllerName, policy.Generation)
 
 	// Check if this policy is overridden by other policies targeting at route and listener levels
 	overriddenTargetsMessage := getOverriddenTargetsMessage(

internal/gatewayapi/status/policy.go

@@ -35,13 +35,13 @@ func SetTranslationErrorForPolicyAncestors(policyStatus *gwapiv1a2.PolicyStatus,
 }
 
 // SetAcceptedForPolicyAncestors sets accepted conditions for each ancestor reference if it is unset.
-func SetAcceptedForPolicyAncestors(policyStatus *gwapiv1a2.PolicyStatus, ancestorRefs []gwapiv1a2.ParentReference, controllerName string) {
+func SetAcceptedForPolicyAncestors(policyStatus *gwapiv1a2.PolicyStatus, ancestorRefs []gwapiv1a2.ParentReference, controllerName string, generation int64) {
 	for _, ancestorRef := range ancestorRefs {
-		setAcceptedForPolicyAncestor(policyStatus, ancestorRef, controllerName)
+		setAcceptedForPolicyAncestor(policyStatus, ancestorRef, controllerName, generation)
 	}
 }
 
-func setAcceptedForPolicyAncestor(policyStatus *gwapiv1a2.PolicyStatus, ancestorRef gwapiv1a2.ParentReference, controllerName string) {
+func setAcceptedForPolicyAncestor(policyStatus *gwapiv1a2.PolicyStatus, ancestorRef gwapiv1a2.ParentReference, controllerName string, generation int64) {
 	// Return early if Accepted condition is already set for specific ancestor.
 	for _, ancestor := range policyStatus.Ancestors {
 		if string(ancestor.ControllerName) == controllerName && cmp.Equal(ancestor.AncestorRef, ancestorRef) {
@@ -55,7 +55,7 @@ func setAcceptedForPolicyAncestor(policyStatus *gwapiv1a2.PolicyStatus, ancestor
 
 	message := "Policy has been accepted."
 	SetConditionForPolicyAncestor(policyStatus, ancestorRef, controllerName,
-		gwapiv1a2.PolicyConditionAccepted, metav1.ConditionTrue, gwapiv1a2.PolicyReasonAccepted, message, 0)
+		gwapiv1a2.PolicyConditionAccepted, metav1.ConditionTrue, gwapiv1a2.PolicyReasonAccepted, message, generation)
 }
 
 func SetConditionForPolicyAncestors(policyStatus *gwapiv1a2.PolicyStatus, ancestorRefs []gwapiv1a2.ParentReference, controllerName string,

internal/gatewayapi/testdata/backendtlspolicy-across-ns.in.yaml

@@ -118,6 +118,7 @@ backendTLSPolicies:
     metadata:
       name: policy-btls
       namespace: policies
+      generation: 10
     spec:
       targetRefs:
         - group: ""

internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml

@@ -3,6 +3,7 @@ backendTLSPolicies:
   kind: BackendTLSPolicy
   metadata:
     creationTimestamp: null
+    generation: 10
     name: policy-btls
     namespace: policies
   spec:

internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.in.yaml

@@ -68,6 +68,7 @@ backendTrafficPolicies:
     metadata:
       namespace: envoy-gateway
       name: policy-for-gateway
+      generation: 10
     spec:
       targetRef:
         group: gateway.networking.k8s.io
@@ -84,6 +85,7 @@ backendTrafficPolicies:
     metadata:
       namespace: default
       name: policy-for-route
+      generation: 20
     spec:
       targetRef:
         group: gateway.networking.k8s.io

internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml

@@ -3,6 +3,7 @@ backendTrafficPolicies:
   kind: BackendTrafficPolicy
   metadata:
     creationTimestamp: null
+    generation: 20
     name: policy-for-route
     namespace: default
   spec:
@@ -23,6 +24,7 @@ backendTrafficPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 20
         reason: Accepted
         status: "True"
         type: Accepted
@@ -31,6 +33,7 @@ backendTrafficPolicies:
   kind: BackendTrafficPolicy
   metadata:
     creationTimestamp: null
+    generation: 10
     name: policy-for-gateway
     namespace: envoy-gateway
   spec:
@@ -54,6 +57,7 @@ backendTrafficPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 10
         reason: Accepted
         status: "True"
         type: Accepted

internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.in.yaml

@@ -4,6 +4,7 @@ clientTrafficPolicies:
   metadata:
     namespace: envoy-gateway
     name: target-gateway-1
+    generation: 10
   spec:
     connection: {}
     targetRef:
@@ -15,6 +16,7 @@ clientTrafficPolicies:
   metadata:
     namespace: envoy-gateway
     name: target-gateway-1-section-http-1
+    generation: 20
   spec:
     connection:
       bufferLimit: 50M

internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml

@@ -3,6 +3,7 @@ clientTrafficPolicies:
   kind: ClientTrafficPolicy
   metadata:
     creationTimestamp: null
+    generation: 20
     name: target-gateway-1-section-http-1
     namespace: envoy-gateway
   spec:
@@ -24,6 +25,7 @@ clientTrafficPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 20
         reason: Accepted
         status: "True"
         type: Accepted
@@ -32,6 +34,7 @@ clientTrafficPolicies:
   kind: ClientTrafficPolicy
   metadata:
     creationTimestamp: null
+    generation: 10
     name: target-gateway-1
     namespace: envoy-gateway
   spec:
@@ -51,11 +54,13 @@ clientTrafficPolicies:
       - lastTransitionTime: null
         message: There are existing ClientTrafficPolicies that are overriding these
           sections [http-1]
+        observedGeneration: 10
         reason: Overridden
         status: "True"
         type: Overridden
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 10
         reason: Accepted
         status: "True"
         type: Accepted

internal/gatewayapi/testdata/envoyextensionpolicy-with-lua.in.yaml

@@ -58,6 +58,7 @@ envoyextensionpolicies:
   metadata:
     namespace: envoy-gateway
     name: policy-for-gateway  # This policy should attach httproute-2
+    generation: 10
   spec:
     targetRef:
       group: gateway.networking.k8s.io
@@ -73,6 +74,7 @@ envoyextensionpolicies:
   metadata:
     namespace: default
     name: policy-for-http-route   # This policy should attach httproute-1
+    generation: 20
   spec:
     targetRef:
       group: gateway.networking.k8s.io

internal/gatewayapi/testdata/envoyextensionpolicy-with-lua.out.yaml

@@ -3,6 +3,7 @@ envoyExtensionPolicies:
   kind: EnvoyExtensionPolicy
   metadata:
     creationTimestamp: null
+    generation: 20
     name: policy-for-http-route
     namespace: default
   spec:
@@ -25,6 +26,7 @@ envoyExtensionPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 20
         reason: Accepted
         status: "True"
         type: Accepted
@@ -33,6 +35,7 @@ envoyExtensionPolicies:
   kind: EnvoyExtensionPolicy
   metadata:
     creationTimestamp: null
+    generation: 10
     name: policy-for-gateway
     namespace: envoy-gateway
   spec:
@@ -54,12 +57,14 @@ envoyExtensionPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 10
         reason: Accepted
         status: "True"
         type: Accepted
       - lastTransitionTime: null
         message: 'This policy is being overridden by other envoyExtensionPolicies
           for these routes: [default/httproute-1]'
+        observedGeneration: 10
         reason: Overridden
         status: "True"
         type: Overridden

internal/gatewayapi/testdata/envoypatchpolicy-valid.in.yaml

@@ -4,6 +4,7 @@ envoyPatchPolicies:
   metadata:
     namespace: envoy-gateway
     name: edit-conn-buffer-bytes
+    generation: 10
   spec:
     type: "JSONPatch"
     targetRef:
@@ -22,6 +23,7 @@ envoyPatchPolicies:
   metadata:
     namespace: envoy-gateway
     name: edit-ignore-global-limit
+    generation: 10
   spec:
     type: "JSONPatch"
     targetRef:

internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml

@@ -84,6 +84,7 @@ xdsIR:
           conditions:
           - lastTransitionTime: null
             message: Policy has been accepted.
+            observedGeneration: 10
             reason: Accepted
             status: "True"
             type: Accepted
@@ -107,6 +108,7 @@ xdsIR:
           conditions:
           - lastTransitionTime: null
             message: Policy has been accepted.
+            observedGeneration: 10
             reason: Accepted
             status: "True"
             type: Accepted

internal/gatewayapi/testdata/securitypolicy-with-basic-auth.in.yaml

@@ -79,6 +79,7 @@ securityPolicies:
     metadata:
       namespace: default
       name: policy-for-http-route-1
+      generation: 10
     spec:
       targetRef:
         group: gateway.networking.k8s.io
@@ -92,6 +93,7 @@ securityPolicies:
     metadata:
       namespace: default
       name: policy-for-gateway-1               # This will only apply to the httproute-2
+      generation: 20
     spec:
       targetRef:
         group: gateway.networking.k8s.io

internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml

@@ -147,6 +147,7 @@ securityPolicies:
   kind: SecurityPolicy
   metadata:
     creationTimestamp: null
+    generation: 10
     name: policy-for-http-route-1
     namespace: default
   spec:
@@ -170,6 +171,7 @@ securityPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 10
         reason: Accepted
         status: "True"
         type: Accepted
@@ -178,6 +180,7 @@ securityPolicies:
   kind: SecurityPolicy
   metadata:
     creationTimestamp: null
+    generation: 20
     name: policy-for-gateway-1
     namespace: default
   spec:
@@ -200,12 +203,14 @@ securityPolicies:
       conditions:
       - lastTransitionTime: null
         message: Policy has been accepted.
+        observedGeneration: 20
         reason: Accepted
         status: "True"
         type: Accepted
       - lastTransitionTime: null
         message: 'This policy is being overridden by other securityPolicies for these
           routes: [default/httproute-1]'
+        observedGeneration: 20
         reason: Overridden
         status: "True"
         type: Overridden