diff --git a/api/v1alpha1/dnspolicy_types.go b/api/v1alpha1/dnspolicy_types.go index 91e5985db..c54555cf3 100644 --- a/api/v1alpha1/dnspolicy_types.go +++ b/api/v1alpha1/dnspolicy_types.go @@ -195,6 +195,10 @@ func (p *DNSPolicy) List(ctx context.Context, c client.Client, namespace string) return policies } +func (p *DNSPolicy) TargetProgrammedGatewaysOnly() bool { + return true +} + func (p *DNSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.DirectPolicy } diff --git a/api/v1alpha1/tlspolicy_types.go b/api/v1alpha1/tlspolicy_types.go index 424b1353c..ab1c0b9a7 100644 --- a/api/v1alpha1/tlspolicy_types.go +++ b/api/v1alpha1/tlspolicy_types.go @@ -163,6 +163,10 @@ func (p *TLSPolicy) List(ctx context.Context, c client.Client, namespace string) return policies } +func (p *TLSPolicy) TargetProgrammedGatewaysOnly() bool { + return false +} + func (p *TLSPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.DirectPolicy } diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go index 87be0e2e4..ee206041d 100644 --- a/api/v1beta2/authpolicy_types.go +++ b/api/v1beta2/authpolicy_types.go @@ -355,6 +355,10 @@ func (ap *AuthPolicy) List(ctx context.Context, c client.Client, namespace strin return policies } +func (ap *AuthPolicy) TargetProgrammedGatewaysOnly() bool { + return true +} + func (ap *AuthPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.InheritedPolicy } diff --git a/api/v1beta2/ratelimitpolicy_types.go b/api/v1beta2/ratelimitpolicy_types.go index db0b03a73..b3afe1a04 100644 --- a/api/v1beta2/ratelimitpolicy_types.go +++ b/api/v1beta2/ratelimitpolicy_types.go @@ -288,6 +288,10 @@ func (r *RateLimitPolicy) List(ctx context.Context, c client.Client, namespace s return policies } +func (r *RateLimitPolicy) TargetProgrammedGatewaysOnly() bool { + return true +} + func (r *RateLimitPolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.InheritedPolicy } diff --git a/controllers/authpolicy_controller.go b/controllers/authpolicy_controller.go index d312b09b0..f1f48b4f7 100644 --- a/controllers/authpolicy_controller.go +++ b/controllers/authpolicy_controller.go @@ -65,7 +65,7 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ markedForDeletion := ap.GetDeletionTimestamp() != nil // fetch the target network object - targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace, true) + targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ap.GetTargetRef(), ap.Namespace, ap.TargetProgrammedGatewaysOnly()) if err != nil { if !markedForDeletion { if apierrors.IsNotFound(err) { @@ -186,7 +186,7 @@ func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.A return err } - refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace, true) + refNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), ref.GetTargetRef(), ref.Namespace, ap.TargetProgrammedGatewaysOnly()) if err != nil { return err } diff --git a/controllers/dnspolicy_controller.go b/controllers/dnspolicy_controller.go index a33c5165e..6c80ef23a 100644 --- a/controllers/dnspolicy_controller.go +++ b/controllers/dnspolicy_controller.go @@ -75,7 +75,7 @@ func (r *DNSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( markedForDeletion := dnsPolicy.GetDeletionTimestamp() != nil - targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace, true) + targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), dnsPolicy.GetTargetRef(), dnsPolicy.Namespace, dnsPolicy.TargetProgrammedGatewaysOnly()) if err != nil { if !markedForDeletion { if apierrors.IsNotFound(err) { diff --git a/controllers/ratelimitpolicy_controller.go b/controllers/ratelimitpolicy_controller.go index a87cbb8eb..1cbd2efea 100644 --- a/controllers/ratelimitpolicy_controller.go +++ b/controllers/ratelimitpolicy_controller.go @@ -87,7 +87,7 @@ func (r *RateLimitPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl markedForDeletion := rlp.GetDeletionTimestamp() != nil // fetch the target network object - targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), rlp.GetTargetRef(), rlp.Namespace, true) + targetNetworkObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), rlp.GetTargetRef(), rlp.Namespace, rlp.TargetProgrammedGatewaysOnly()) if err != nil { if !markedForDeletion { if apierrors.IsNotFound(err) { diff --git a/controllers/tlspolicy_controller.go b/controllers/tlspolicy_controller.go index d248f96d7..b0c9080b1 100644 --- a/controllers/tlspolicy_controller.go +++ b/controllers/tlspolicy_controller.go @@ -75,7 +75,7 @@ func (r *TLSPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Request) ( markedForDeletion := tlsPolicy.GetDeletionTimestamp() != nil - targetReferenceObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), tlsPolicy.GetTargetRef(), tlsPolicy.Namespace, false) + targetReferenceObject, err := reconcilers.FetchTargetRefObject(ctx, r.Client(), tlsPolicy.GetTargetRef(), tlsPolicy.Namespace, tlsPolicy.TargetProgrammedGatewaysOnly()) log.V(3).Info("TLSPolicyReconciler targetReferenceObject", "targetReferenceObject", targetReferenceObject) if err != nil { if !markedForDeletion { diff --git a/pkg/library/gatewayapi/topology.go b/pkg/library/gatewayapi/topology.go index 154a9726a..24aa0c46b 100644 --- a/pkg/library/gatewayapi/topology.go +++ b/pkg/library/gatewayapi/topology.go @@ -84,10 +84,11 @@ func (h httpRouteDAGNode) ID() string { } type topologyOptions struct { - gateways []*gatewayapiv1.Gateway - routes []*gatewayapiv1.HTTPRoute - policies []Policy - logger logr.Logger + gateways []*gatewayapiv1.Gateway + routes []*gatewayapiv1.HTTPRoute + policies []Policy + logger logr.Logger + programmedGatewaysOnly bool } // TopologyOpts allows to manipulate topologyOptions. @@ -117,10 +118,17 @@ func WithPolicies(policies []Policy) TopologyOpts { } } +func WithProgrammedGatewaysOnly(programmedGatewaysOnly bool) TopologyOpts { + return func(o *topologyOptions) { + o.programmedGatewaysOnly = programmedGatewaysOnly + } +} + func NewTopology(opts ...TopologyOpts) (*Topology, error) { // defaults o := &topologyOptions{ - logger: logr.Discard(), + logger: logr.Discard(), + programmedGatewaysOnly: true, } for _, opt := range opts { @@ -140,7 +148,7 @@ func NewTopology(opts ...TopologyOpts) (*Topology, error) { graph := dag.NewDAG(typeIndexer) - gatewayDAGNodes := buildGatewayDAGNodes(o.gateways, o.policies) + gatewayDAGNodes := buildGatewayDAGNodes(o.gateways, o.policies, o.programmedGatewaysOnly) routeDAGNodes := buildHTTPRouteDAGNodes(o.routes, o.policies) @@ -199,12 +207,15 @@ func buildDAGEdges(gateways []gatewayDAGNode, routes []httpRouteDAGNode) []edge return edges } -func buildGatewayDAGNodes(gateways []*gatewayapiv1.Gateway, policies []Policy) []gatewayDAGNode { - programmedGateways := utils.Filter(gateways, func(g *gatewayapiv1.Gateway) bool { - return meta.IsStatusConditionTrue(g.Status.Conditions, string(gatewayapiv1.GatewayConditionProgrammed)) - }) +func buildGatewayDAGNodes(gateways []*gatewayapiv1.Gateway, policies []Policy, programmedGatewaysOnly bool) []gatewayDAGNode { + targetedGateways := gateways + if programmedGatewaysOnly { + targetedGateways = utils.Filter(gateways, func(g *gatewayapiv1.Gateway) bool { + return meta.IsStatusConditionTrue(g.Status.Conditions, string(gatewayapiv1.GatewayConditionProgrammed)) + }) + } - return utils.Map(programmedGateways, func(g *gatewayapiv1.Gateway) gatewayDAGNode { + return utils.Map(targetedGateways, func(g *gatewayapiv1.Gateway) gatewayDAGNode { // Compute attached policies attachedPolicies := utils.Filter(policies, func(p Policy) bool { group := p.GetTargetRef().Group diff --git a/pkg/library/gatewayapi/types.go b/pkg/library/gatewayapi/types.go index 80746facb..3088ab68f 100644 --- a/pkg/library/gatewayapi/types.go +++ b/pkg/library/gatewayapi/types.go @@ -26,6 +26,7 @@ type Policy interface { Kind() string BackReferenceAnnotationName() string DirectReferenceAnnotationName() string + TargetProgrammedGatewaysOnly() bool } type PolicyStatus interface { diff --git a/pkg/library/gatewayapi/types_test.go b/pkg/library/gatewayapi/types_test.go index fba01d28f..758125dd6 100644 --- a/pkg/library/gatewayapi/types_test.go +++ b/pkg/library/gatewayapi/types_test.go @@ -60,6 +60,9 @@ func (p *TestPolicy) GetStatus() PolicyStatus { return &p.Status } +func (p *TestPolicy) TargetProgrammedGatewaysOnly() bool { + return true +} func (p *TestPolicy) DeepCopyObject() runtime.Object { if c := p.DeepCopy(); c != nil { return c diff --git a/pkg/library/kuadrant/test_utils.go b/pkg/library/kuadrant/test_utils.go index 30e1ab952..95dd09e2a 100644 --- a/pkg/library/kuadrant/test_utils.go +++ b/pkg/library/kuadrant/test_utils.go @@ -75,6 +75,10 @@ func (_ *FakePolicy) PolicyClass() kuadrantgatewayapi.PolicyClass { return kuadrantgatewayapi.DirectPolicy } +func (p *FakePolicy) TargetProgrammedGatewaysOnly() bool { + return true +} + type FakePolicyStatus struct{} func (s *FakePolicyStatus) GetConditions() []metav1.Condition { diff --git a/pkg/library/mappers/gateway.go b/pkg/library/mappers/gateway.go index ef381547b..e6ef43243 100644 --- a/pkg/library/mappers/gateway.go +++ b/pkg/library/mappers/gateway.go @@ -49,6 +49,7 @@ func (m *gatewayEventMapper) MapToPolicy(ctx context.Context, obj client.Object, kuadrantgatewayapi.WithRoutes(utils.Map(routeList.Items, ptr.To[gatewayapiv1.HTTPRoute])), kuadrantgatewayapi.WithPolicies(policies), kuadrantgatewayapi.WithLogger(logger), + kuadrantgatewayapi.WithProgrammedGatewaysOnly(policyKind.TargetProgrammedGatewaysOnly()), ) if err != nil { logger.V(1).Error(err, "unable to build topology for gateway") diff --git a/tests/common/tlspolicy/tlspolicy_controller_test.go b/tests/common/tlspolicy/tlspolicy_controller_test.go index 1c380ddd0..46da56514 100644 --- a/tests/common/tlspolicy/tlspolicy_controller_test.go +++ b/tests/common/tlspolicy/tlspolicy_controller_test.go @@ -421,12 +421,14 @@ var _ = Describe("TLSPolicy controller", func() { //confirm a certificate has been deleted Eventually(func() error { certificateList := &certmanv1.CertificateList{} - Expect(k8sClient.List(ctx, certificateList, &client.ListOptions{Namespace: testNamespace})).To(BeNil()) + if err := k8sClient.List(ctx, certificateList, &client.ListOptions{Namespace: testNamespace}); err != nil { + return err + } if len(certificateList.Items) != 2 { return fmt.Errorf("expected 2 certificates, found: %v", len(certificateList.Items)) } return nil - }, time.Second*120, time.Second).Should(BeNil()) + }, tests.TimeoutMedium, time.Second).Should(BeNil()) }) It("should delete all tls certificates when tls policy is removed even if gateway is already removed", func() {