feat(konnect): add indices for Konnect entitites

controller/konnect/index_kongcacertificate.go

@@ -0,0 +1,32 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldKongCACertificateOnKonnectGatewayControlPlane is the index field for KongCACertificate -> KonnectGatewayControlPlane.
+	IndexFieldKongCACertificateOnKonnectGatewayControlPlane = "kongCACertificateKonnectGatewayControlPlaneRef"
+)
+
+// IndexOptionsForKongCACertificate returns required Index options for KongCACertificate reconclier.
+func IndexOptionsForKongCACertificate() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongCACertificate{},
+			IndexField:   IndexFieldKongCACertificateOnKonnectGatewayControlPlane,
+			ExtractValue: konnectGatewayControlPlaneRefFromKongCACertificate,
+		},
+	}
+}
+
+// konnectGatewayControlPlaneRefFromKongCACertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCACertificate spec.
+func konnectGatewayControlPlaneRefFromKongCACertificate(obj client.Object) []string {
+	cert, ok := obj.(*configurationv1alpha1.KongCACertificate)
+	if !ok {
+		return nil
+	}
+	return controlPlaneKonnectNamespacedRefAsSlice(cert)
+}

controller/konnect/index_kongcertificate.go

@@ -0,0 +1,32 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldKongCertificateOnKonnectGatewayControlPlane is the index field for KongCertificate -> KonnectGatewayControlPlane.
+	IndexFieldKongCertificateOnKonnectGatewayControlPlane = "kongCertificateKonnectGatewayControlPlaneRef"
+)
+
+// IndexOptionsForKongCertificate returns required Index options for KongCertificate reconclier.
+func IndexOptionsForKongCertificate() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongCertificate{},
+			IndexField:   IndexFieldKongCertificateOnKonnectGatewayControlPlane,
+			ExtractValue: konnectGatewayControlPlaneRefFromKongCertificate,
+		},
+	}
+}
+
+// konnectGatewayControlPlaneRefFromKongCertificate returns namespace/name of referenced KonnectGatewayControlPlane in KongCertificate spec.
+func konnectGatewayControlPlaneRefFromKongCertificate(obj client.Object) []string {
+	cert, ok := obj.(*configurationv1alpha1.KongCertificate)
+	if !ok {
+		return nil
+	}
+	return controlPlaneKonnectNamespacedRefAsSlice(cert)
+}

controller/konnect/index_kongconsumergroup.go

@@ -11,6 +11,8 @@ import (
 const (
 	// IndexFieldKongConsumerGroupOnPlugin is the index field for KongConsumerGroup -> KongPlugin.
 	IndexFieldKongConsumerGroupOnPlugin = "consumerGroupPluginRef"
+	// IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane is the index field for KongConsumerGropu -> KonnectGatewayControlPlane.
+	IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane = "consumerGroupKonnectGatewayControlPlaneRef"
 )
 
 // IndexOptionsForKongConsumerGroup returns required Index options for KongConsumerGroup reconciler.
@@ -21,6 +23,11 @@ func IndexOptionsForKongConsumerGroup() []ReconciliationIndexOption {
 			IndexField:   IndexFieldKongConsumerGroupOnPlugin,
 			ExtractValue: kongConsumerGroupReferencesKongPluginsViaAnnotation,
 		},
+		{
+			IndexObject:  &configurationv1beta1.KongConsumerGroup{},
+			IndexField:   IndexFieldKongConsumerGroupOnKonnectGatewayControlPlane,
+			ExtractValue: kongConsumerGroupReferencesKonnectGatewayControlPlane,
+		},
 	}
 }
 
@@ -31,3 +38,12 @@ func kongConsumerGroupReferencesKongPluginsViaAnnotation(object client.Object) [
 	}
 	return annotations.ExtractPluginsWithNamespaces(consumerGroup)
 }
+
+func kongConsumerGroupReferencesKonnectGatewayControlPlane(object client.Object) []string {
+	group, ok := object.(*configurationv1beta1.KongConsumerGroup)
+	if !ok {
+		return nil
+	}
+
+	return controlPlaneKonnectNamespacedRefAsSlice(group)
+}

controller/konnect/index_kongkey.go

@@ -46,7 +46,7 @@ func kongKeySetRefFromKongKey(obj client.Object) []string {
 	return []string{key.GetNamespace() + "/" + key.Spec.KeySetRef.NamespacedRef.Name}
 }
 
-// kongPluginReferencesFromKongKey returns namespace/name of referenced KonnectGatewayControlPlane in KongKey spec.
+// konnectGatewayControlPlaneRefFromKongKey returns namespace/name of referenced KonnectGatewayControlPlane in KongKey spec.
 func konnectGatewayControlPlaneRefFromKongKey(obj client.Object) []string {
 	key, ok := obj.(*configurationv1alpha1.KongKey)
 	if !ok {

controller/konnect/index_kongkeyset.go

@@ -0,0 +1,32 @@
+package konnect
+
+import (
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+)
+
+const (
+	// IndexFieldKongKeySetOnKonnectGatewayControlPlane is the index field for KongKeySet -> KonnectGatewayControlPlane.
+	IndexFieldKongKeySetOnKonnectGatewayControlPlane = "kongKeySetKonnectGatewayControlPlaneRef"
+)
+
+// IndexOptionsForKongKeySet returns required Index options for KongKeySet reconclier.
+func IndexOptionsForKongKeySet() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongKeySet{},
+			IndexField:   IndexFieldKongKeySetOnKonnectGatewayControlPlane,
+			ExtractValue: konnectGatewayControlPlaneRefFromKongKeySet,
+		},
+	}
+}
+
+// konnectGatewayControlPlaneRefFromKongKeySet returns namespace/name of referenced KonnectGatewayControlPlane in KongKeySet spec.
+func konnectGatewayControlPlaneRefFromKongKeySet(obj client.Object) []string {
+	keySet, ok := obj.(*configurationv1alpha1.KongKeySet)
+	if !ok {
+		return nil
+	}
+	return controlPlaneKonnectNamespacedRefAsSlice(keySet)
+}

controller/konnect/index_kongvault.go

@@ -0,0 +1,31 @@
+package konnect
+
+import (
+	configurationv1alpha1 "github.com/kong/kubernetes-configuration/api/configuration/v1alpha1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const (
+	// IndexFieldKongVaultOnKonnectGatewayControlPlane is the index field for KongVault -> KonnectGatewayControlPlane.
+	IndexFieldKongVaultOnKonnectGatewayControlPlane = "vaultKonnectGatewayControlPlaneRef"
+)
+
+// IndexOptionsForKongVault returns required Index options for KongVault reconciler.
+func IndexOptionsForKongVault() []ReconciliationIndexOption {
+	return []ReconciliationIndexOption{
+		{
+			IndexObject:  &configurationv1alpha1.KongVault{},
+			IndexField:   IndexFieldKongVaultOnKonnectGatewayControlPlane,
+			ExtractValue: kongVaultReferencesKonnectGatewayControlPlane,
+		},
+	}
+}
+
+func kongVaultReferencesKonnectGatewayControlPlane(object client.Object) []string {
+	vault, ok := object.(*configurationv1alpha1.KongVault)
+	if !ok {
+		return nil
+	}
+
+	return controlPlaneKonnectNamespacedRefAsSlice(vault)
+}

controller/konnect/watch_credentialacl.go

@@ -86,11 +86,8 @@ func kongCredentialACLForKonnectAPIAuthConfiguration(
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef == nil ||
-				cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != auth.GetName() {
+			cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer)
+			if !ok {
 				continue
 			}
 
@@ -149,19 +146,15 @@ func kongCredentialACLForKonnectGatewayControlPlane(
 		if err := cl.List(ctx, &l,
 			// TODO: change this when cross namespace refs are allowed.
 			client.InNamespace(cp.GetNamespace()),
+			client.MatchingFields{
+				IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name,
+			},
 		); err != nil {
 			return nil
 		}
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != cp.GetName() {
-				continue
-			}
-
 			var credList configurationv1alpha1.KongCredentialACLList
 			if err := cl.List(ctx, &credList,
 				client.MatchingFields{

controller/konnect/watch_credentialapikey.go

@@ -86,11 +86,8 @@ func kongCredentialAPIKeyForKonnectAPIAuthConfiguration(
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef == nil ||
-				cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != auth.GetName() {
+			cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer)
+			if !ok {
 				continue
 			}
 
@@ -149,19 +146,15 @@ func kongCredentialAPIKeyForKonnectGatewayControlPlane(
 		if err := cl.List(ctx, &l,
 			// TODO: change this when cross namespace refs are allowed.
 			client.InNamespace(cp.GetNamespace()),
+			client.MatchingFields{
+				IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name,
+			},
 		); err != nil {
 			return nil
 		}
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != cp.GetName() {
-				continue
-			}
-
 			var credList configurationv1alpha1.KongCredentialAPIKeyList
 			if err := cl.List(ctx, &credList,
 				client.MatchingFields{

controller/konnect/watch_credentialbasicauth.go

@@ -86,11 +86,8 @@ func kongCredentialBasicAuthForKonnectAPIAuthConfiguration(
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef == nil ||
-				cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != auth.GetName() {
+			cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer)
+			if !ok {
 				continue
 			}
 
@@ -149,19 +146,15 @@ func kongCredentialBasicAuthForKonnectGatewayControlPlane(
 		if err := cl.List(ctx, &l,
 			// TODO: change this when cross namespace refs are allowed.
 			client.InNamespace(cp.GetNamespace()),
+			client.MatchingFields{
+				IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name,
+			},
 		); err != nil {
 			return nil
 		}
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != cp.GetName() {
-				continue
-			}
-
 			var credList configurationv1alpha1.KongCredentialBasicAuthList
 			if err := cl.List(ctx, &credList,
 				client.MatchingFields{

controller/konnect/watch_credentialhmac.go

@@ -86,11 +86,8 @@ func kongCredentialHMACForKonnectAPIAuthConfiguration(
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef == nil ||
-				cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != auth.GetName() {
+			cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer)
+			if !ok {
 				continue
 			}
 
@@ -149,19 +146,15 @@ func kongCredentialHMACForKonnectGatewayControlPlane(
 		if err := cl.List(ctx, &l,
 			// TODO: change this when cross namespace refs are allowed.
 			client.InNamespace(cp.GetNamespace()),
+			client.MatchingFields{
+				IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name,
+			},
 		); err != nil {
 			return nil
 		}
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != cp.GetName() {
-				continue
-			}
-
 			var credList configurationv1alpha1.KongCredentialHMACList
 			if err := cl.List(ctx, &credList,
 				client.MatchingFields{

controller/konnect/watch_credentialjwt.go

@@ -86,11 +86,8 @@ func kongCredentialJWTForKonnectAPIAuthConfiguration(
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef == nil ||
-				cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != auth.GetName() {
+			cpRef, ok := controlPlaneRefIsKonnectNamespacedRef(&consumer)
+			if !ok {
 				continue
 			}
 
@@ -149,19 +146,15 @@ func kongCredentialJWTForKonnectGatewayControlPlane(
 		if err := cl.List(ctx, &l,
 			// TODO: change this when cross namespace refs are allowed.
 			client.InNamespace(cp.GetNamespace()),
+			client.MatchingFields{
+				IndexFieldKongConsumerOnKonnectGatewayControlPlane: cp.Namespace + "/" + cp.Name,
+			},
 		); err != nil {
 			return nil
 		}
 
 		var ret []reconcile.Request
 		for _, consumer := range l.Items {
-			cpRef := consumer.Spec.ControlPlaneRef
-			if cpRef.Type != configurationv1alpha1.ControlPlaneRefKonnectNamespacedRef ||
-				cpRef.KonnectNamespacedRef == nil ||
-				cpRef.KonnectNamespacedRef.Name != cp.GetName() {
-				continue
-			}
-
 			var credList configurationv1alpha1.KongCredentialJWTList
 			if err := cl.List(ctx, &credList,
 				client.MatchingFields{