From 641f286ac75885459bc492515775299719fa28ba Mon Sep 17 00:00:00 2001 From: Adam Cattermole Date: Fri, 21 Jun 2024 11:39:56 +0100 Subject: [PATCH] Use LocalPolicyTargetReference --- api/v1alpha1/dnspolicy_types.go | 20 ++---- api/v1alpha1/tlspolicy_types.go | 18 ++--- api/v1alpha1/zz_generated.deepcopy.go | 4 +- api/v1beta2/authpolicy_types.go | 14 +--- api/v1beta2/authpolicy_types_test.go | 69 +------------------ api/v1beta2/ratelimitpolicy_types.go | 14 +--- api/v1beta2/ratelimitpolicy_types_test.go | 23 +------ api/v1beta2/zz_generated.deepcopy.go | 4 +- ...adrant-operator.clusterserviceversion.yaml | 2 +- .../manifests/kuadrant.io_authpolicies.yaml | 10 --- bundle/manifests/kuadrant.io_dnspolicies.yaml | 10 --- .../kuadrant.io_ratelimitpolicies.yaml | 10 --- bundle/manifests/kuadrant.io_tlspolicies.yaml | 10 --- .../crd/bases/kuadrant.io_authpolicies.yaml | 10 --- config/crd/bases/kuadrant.io_dnspolicies.yaml | 10 --- .../bases/kuadrant.io_ratelimitpolicies.yaml | 10 --- config/crd/bases/kuadrant.io_tlspolicies.yaml | 10 --- controllers/authpolicy_controller.go | 4 -- .../authpolicy_istio_authorizationpolicy.go | 2 +- .../httprouteparentrefs_eventmapper.go | 8 +-- controllers/ratelimitpolicy_controller.go | 4 -- controllers/target_status_controller.go | 2 +- controllers/tlspolicy_status_test.go | 2 +- doc/reference/authpolicy.md | 2 +- doc/reference/dnspolicy.md | 2 +- doc/reference/ratelimitpolicy.md | 2 +- doc/reference/tlspolicy.md | 2 +- pkg/library/gatewayapi/helper_test.go | 18 +++-- pkg/library/gatewayapi/topology.go | 10 ++- pkg/library/gatewayapi/types.go | 2 +- pkg/library/gatewayapi/types_test.go | 8 +-- pkg/library/gatewayapi/utils.go | 4 +- .../apimachinery_status_conditions_test.go | 4 +- pkg/library/kuadrant/errors.go | 4 +- pkg/library/kuadrant/errors_test.go | 2 +- pkg/library/kuadrant/kuadrant.go | 4 +- pkg/library/kuadrant/kuadrant_test.go | 13 ++-- pkg/library/kuadrant/test_utils.go | 4 +- pkg/library/mappers/policy_to_gateway.go | 8 +-- pkg/library/reconcilers/fetcher.go | 6 +- pkg/library/reconcilers/fetcher_test.go | 7 +- .../authpolicy/authpolicy_controller_test.go | 37 +++------- .../ratelimitpolicy_controller_test.go | 23 ++----- .../target_status_controller_test.go | 67 ++++++++---------- ...icy_controller_authorizationpolicy_test.go | 11 +-- ...dor_cluster_envoyfilter_controller_test.go | 2 +- ...miting_istio_wasmplugin_controller_test.go | 35 +++++----- 47 files changed, 143 insertions(+), 404 deletions(-) diff --git a/api/v1alpha1/dnspolicy_types.go b/api/v1alpha1/dnspolicy_types.go index 7f07e1984..5186e90ba 100644 --- a/api/v1alpha1/dnspolicy_types.go +++ b/api/v1alpha1/dnspolicy_types.go @@ -48,7 +48,7 @@ type DNSPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'" - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"` + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"` // +optional HealthCheck *HealthCheckSpec `json:"healthCheck,omitempty"` @@ -168,7 +168,7 @@ func (p *DNSPolicy) GetRulesHostnames() []string { return make([]string, 0) } -func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (p *DNSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return p.Spec.TargetRef } @@ -201,10 +201,6 @@ func (p *DNSPolicy) Validate() error { return fmt.Errorf("invalid targetRef.Kind %s. The only supported kind is Gateway", p.Spec.TargetRef.Kind) } - if p.Spec.TargetRef.Namespace != nil && string(*p.Spec.TargetRef.Namespace) != p.Namespace { - return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *p.Spec.TargetRef.Namespace) - } - return nil } @@ -267,7 +263,7 @@ func NewDNSPolicy(name, ns string) *DNSPolicy { } } -func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference) *DNSPolicy { +func (p *DNSPolicy) WithTargetRef(targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) *DNSPolicy { p.Spec.TargetRef = targetRef return p } @@ -290,12 +286,10 @@ func (p *DNSPolicy) WithRoutingStrategy(strategy RoutingStrategy) *DNSPolicy { //TargetRef func (p *DNSPolicy) WithTargetGateway(gwName string) *DNSPolicy { - typedNamespace := gatewayapiv1.Namespace(p.GetNamespace()) - return p.WithTargetRef(gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: gatewayapiv1.ObjectName(gwName), - Namespace: &typedNamespace, + return p.WithTargetRef(gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: gatewayapiv1.ObjectName(gwName), }) } diff --git a/api/v1alpha1/tlspolicy_types.go b/api/v1alpha1/tlspolicy_types.go index 43bd2a462..d361ffa6f 100644 --- a/api/v1alpha1/tlspolicy_types.go +++ b/api/v1alpha1/tlspolicy_types.go @@ -40,7 +40,7 @@ type TLSPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'Gateway'" - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"` + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"` CertificateSpec `json:",inline"` } @@ -158,7 +158,7 @@ func (p *TLSPolicy) GetRulesHostnames() []string { return make([]string, 0) } -func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (p *TLSPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return p.Spec.TargetRef } @@ -183,10 +183,6 @@ func (p *TLSPolicy) Validate() error { return fmt.Errorf("invalid targetRef.Kind %s. The only supported kind is Gateway", p.Spec.TargetRef.Kind) } - if p.Spec.TargetRef.Namespace != nil && string(*p.Spec.TargetRef.Namespace) != p.Namespace { - return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *p.Spec.TargetRef.Namespace) - } - return nil } @@ -226,12 +222,10 @@ func NewTLSPolicy(policyName, ns string) *TLSPolicy { } func (p *TLSPolicy) WithTargetGateway(gwName string) *TLSPolicy { - typedNamespace := gatewayapiv1.Namespace(p.GetNamespace()) - p.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: gatewayapiv1.ObjectName(gwName), - Namespace: &typedNamespace, + p.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: gatewayapiv1.ObjectName(gwName), } return p } diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 0b4919cd9..62169d5dd 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -149,7 +149,7 @@ func (in *DNSPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DNSPolicySpec) DeepCopyInto(out *DNSPolicySpec) { *out = *in - in.TargetRef.DeepCopyInto(&out.TargetRef) + out.TargetRef = in.TargetRef if in.HealthCheck != nil { in, out := &in.HealthCheck, &out.HealthCheck *out = new(HealthCheckSpec) @@ -374,7 +374,7 @@ func (in *TLSPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSPolicySpec) DeepCopyInto(out *TLSPolicySpec) { *out = *in - in.TargetRef.DeepCopyInto(&out.TargetRef) + out.TargetRef = in.TargetRef in.CertificateSpec.DeepCopyInto(&out.CertificateSpec) } diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go index eff4ac006..aa181e7eb 100644 --- a/api/v1beta2/authpolicy_types.go +++ b/api/v1beta2/authpolicy_types.go @@ -1,8 +1,6 @@ package v1beta2 import ( - "fmt" - "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" authorinoapi "github.com/kuadrant/authorino/api/v1beta2" @@ -161,7 +159,7 @@ type AuthPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"` + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"` // Defaults define explicit default values for this policy and for policies inheriting this policy. // Defaults are mutually exclusive with implicit defaults defined by AuthPolicyCommonSpec. @@ -271,15 +269,7 @@ func (ap *AuthPolicy) IsAtomicOverride() bool { return ap.Spec.Overrides != nil } -func (ap *AuthPolicy) Validate() error { - if ap.Spec.TargetRef.Namespace != nil && string(*ap.Spec.TargetRef.Namespace) != ap.Namespace { - return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *ap.Spec.TargetRef.Namespace) - } - - return nil -} - -func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (ap *AuthPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return ap.Spec.TargetRef } diff --git a/api/v1beta2/authpolicy_types_test.go b/api/v1beta2/authpolicy_types_test.go index fdc7fea7d..2bc108f51 100644 --- a/api/v1beta2/authpolicy_types_test.go +++ b/api/v1beta2/authpolicy_types_test.go @@ -6,7 +6,6 @@ import ( "reflect" "testing" - authorinoapi "github.com/kuadrant/authorino/api/v1beta2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -71,7 +70,7 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) { Namespace: "my-namespace", }, Spec: AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-route", @@ -213,72 +212,6 @@ func TestAuthPolicyGetRulesHostnames(t *testing.T) { } } -func TestAuthPolicyValidate(t *testing.T) { - testCases := []struct { - name string - policy *AuthPolicy - valid bool - message string - }{ - { - name: "invalid targetRef namespace", - policy: &AuthPolicy{ - ObjectMeta: metav1.ObjectMeta{ - Name: "my-policy", - Namespace: "my-namespace", - }, - Spec: AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: "my-route", - Namespace: ptr.To(gatewayapiv1.Namespace("other-namespace")), - }, - AuthPolicyCommonSpec: AuthPolicyCommonSpec{ - AuthScheme: &AuthSchemeSpec{ - Authentication: map[string]AuthenticationSpec{ - "my-rule": { - AuthenticationSpec: authorinoapi.AuthenticationSpec{ - AuthenticationMethodSpec: authorinoapi.AuthenticationMethodSpec{ - AnonymousAccess: &authorinoapi.AnonymousAccessSpec{}, - }, - }, - CommonAuthRuleSpec: CommonAuthRuleSpec{ - RouteSelectors: []RouteSelector{ - { - Hostnames: []gatewayapiv1.Hostname{"*.foo.io"}, - Matches: []gatewayapiv1.HTTPRouteMatch{ - { - Path: &gatewayapiv1.HTTPPathMatch{ - Value: ptr.To("/foo"), - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - }, - message: "invalid targetRef.Namespace other-namespace. Currently only supporting references to the same namespace", - }, - } - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - result := tc.policy.Validate() - if tc.valid && result != nil { - t.Errorf("Expected policy to be valid, got %t", result) - } - if !tc.valid && result == nil { - t.Error("Expected policy to be invalid, got no validation error") - } - }) - } -} - func testBuildRouteSelector() RouteSelector { return RouteSelector{ Hostnames: []gatewayapiv1.Hostname{"toystore.kuadrant.io"}, diff --git a/api/v1beta2/ratelimitpolicy_types.go b/api/v1beta2/ratelimitpolicy_types.go index 20a0eaa60..2dd2b68c1 100644 --- a/api/v1beta2/ratelimitpolicy_types.go +++ b/api/v1beta2/ratelimitpolicy_types.go @@ -17,8 +17,6 @@ limitations under the License. package v1beta2 import ( - "fmt" - "github.com/go-logr/logr" "github.com/google/go-cmp/cmp" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -128,7 +126,7 @@ type RateLimitPolicySpec struct { // TargetRef identifies an API object to apply policy to. // +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'",message="Invalid targetRef.group. The only supported value is 'gateway.networking.k8s.io'" // +kubebuilder:validation:XValidation:rule="self.kind == 'HTTPRoute' || self.kind == 'Gateway'",message="Invalid targetRef.kind. The only supported values are 'HTTPRoute' and 'Gateway'" - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"` + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"` // Defaults define explicit default values for this policy and for policies inheriting this policy. // Defaults are mutually exclusive with implicit defaults defined by RateLimitPolicyCommonSpec. @@ -216,14 +214,6 @@ type RateLimitPolicy struct { var _ kuadrantgatewayapi.Policy = &RateLimitPolicy{} -func (r *RateLimitPolicy) Validate() error { - if r.Spec.TargetRef.Namespace != nil && string(*r.Spec.TargetRef.Namespace) != r.Namespace { - return fmt.Errorf("invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", *r.Spec.TargetRef.Namespace) - } - - return nil -} - //+kubebuilder:object:root=true // RateLimitPolicyList contains a list of RateLimitPolicy @@ -239,7 +229,7 @@ func (l *RateLimitPolicyList) GetItems() []kuadrant.Policy { }) } -func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (r *RateLimitPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return r.Spec.TargetRef } diff --git a/api/v1beta2/ratelimitpolicy_types_test.go b/api/v1beta2/ratelimitpolicy_types_test.go index 90c6718bd..73605e161 100644 --- a/api/v1beta2/ratelimitpolicy_types_test.go +++ b/api/v1beta2/ratelimitpolicy_types_test.go @@ -3,7 +3,6 @@ package v1beta2 import ( - "strings" "testing" "gotest.tools/assert" @@ -25,7 +24,7 @@ func testBuildBasicRLP(name string, kind gatewayapiv1.Kind, mutateFn func(*RateL Namespace: "testNS", }, Spec: RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: kind, Name: "some-name", @@ -44,26 +43,6 @@ func testBuildBasicHTTPRouteRLP(name string, mutateFn func(*RateLimitPolicy)) *R return testBuildBasicRLP(name, "HTTPRoute", mutateFn) } -// TestRateLimitPolicyValidation calls rlp.Validate() -// for a valid return value. -func TestRateLimitPolicyValidation(t *testing.T) { - name := "httproute-a" - - t.Run("Invalid - Different namespace", func(subT *testing.T) { - rlp := testBuildBasicHTTPRouteRLP(name, func(policy *RateLimitPolicy) { - otherNS := gatewayapiv1.Namespace(policy.GetNamespace() + "other") - policy.Spec.TargetRef.Namespace = &otherNS - }) - err := rlp.Validate() - if err == nil { - subT.Fatal(`rlp.Validate() did not return error and should`) - } - if !strings.Contains(err.Error(), "invalid targetRef.Namespace") { - subT.Fatalf(`rlp.Validate() did not return expected error. Instead: %v`, err) - } - }) -} - func TestRateLimitPolicyListGetItems(t *testing.T) { list := &RateLimitPolicyList{} if len(list.GetItems()) != 0 { diff --git a/api/v1beta2/zz_generated.deepcopy.go b/api/v1beta2/zz_generated.deepcopy.go index 747f6278c..55825b19f 100644 --- a/api/v1beta2/zz_generated.deepcopy.go +++ b/api/v1beta2/zz_generated.deepcopy.go @@ -139,7 +139,7 @@ func (in *AuthPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AuthPolicySpec) DeepCopyInto(out *AuthPolicySpec) { *out = *in - in.TargetRef.DeepCopyInto(&out.TargetRef) + out.TargetRef = in.TargetRef if in.Defaults != nil { in, out := &in.Defaults, &out.Defaults *out = new(AuthPolicyCommonSpec) @@ -475,7 +475,7 @@ func (in *RateLimitPolicyList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RateLimitPolicySpec) DeepCopyInto(out *RateLimitPolicySpec) { *out = *in - in.TargetRef.DeepCopyInto(&out.TargetRef) + out.TargetRef = in.TargetRef if in.Defaults != nil { in, out := &in.Defaults, &out.Defaults *out = new(RateLimitPolicyCommonSpec) diff --git a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml index 0fe72a9f5..d32276b60 100644 --- a/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml +++ b/bundle/manifests/kuadrant-operator.clusterserviceversion.yaml @@ -106,7 +106,7 @@ metadata: capabilities: Basic Install categories: Integration & Delivery containerImage: quay.io/kuadrant/kuadrant-operator:latest - createdAt: "2024-06-11T12:12:14Z" + createdAt: "2024-06-21T10:39:29Z" operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/Kuadrant/kuadrant-operator diff --git a/bundle/manifests/kuadrant.io_authpolicies.yaml b/bundle/manifests/kuadrant.io_authpolicies.yaml index 279333b28..c99d08338 100644 --- a/bundle/manifests/kuadrant.io_authpolicies.yaml +++ b/bundle/manifests/kuadrant.io_authpolicies.yaml @@ -12929,16 +12929,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/bundle/manifests/kuadrant.io_dnspolicies.yaml b/bundle/manifests/kuadrant.io_dnspolicies.yaml index 501699ca2..63e15763d 100644 --- a/bundle/manifests/kuadrant.io_dnspolicies.yaml +++ b/bundle/manifests/kuadrant.io_dnspolicies.yaml @@ -230,16 +230,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml b/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml index 76884d89f..dfa90662a 100644 --- a/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml +++ b/bundle/manifests/kuadrant.io_ratelimitpolicies.yaml @@ -1260,16 +1260,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/bundle/manifests/kuadrant.io_tlspolicies.yaml b/bundle/manifests/kuadrant.io_tlspolicies.yaml index 6121cf16c..7635d670a 100644 --- a/bundle/manifests/kuadrant.io_tlspolicies.yaml +++ b/bundle/manifests/kuadrant.io_tlspolicies.yaml @@ -195,16 +195,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/config/crd/bases/kuadrant.io_authpolicies.yaml b/config/crd/bases/kuadrant.io_authpolicies.yaml index d0ec8389d..bec979ade 100644 --- a/config/crd/bases/kuadrant.io_authpolicies.yaml +++ b/config/crd/bases/kuadrant.io_authpolicies.yaml @@ -12928,16 +12928,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/config/crd/bases/kuadrant.io_dnspolicies.yaml b/config/crd/bases/kuadrant.io_dnspolicies.yaml index 33b2ea0cb..268e18492 100644 --- a/config/crd/bases/kuadrant.io_dnspolicies.yaml +++ b/config/crd/bases/kuadrant.io_dnspolicies.yaml @@ -229,16 +229,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml b/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml index 95cebf811..35a23e824 100644 --- a/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml +++ b/config/crd/bases/kuadrant.io_ratelimitpolicies.yaml @@ -1259,16 +1259,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/config/crd/bases/kuadrant.io_tlspolicies.yaml b/config/crd/bases/kuadrant.io_tlspolicies.yaml index f49c41b8e..a26086554 100644 --- a/config/crd/bases/kuadrant.io_tlspolicies.yaml +++ b/config/crd/bases/kuadrant.io_tlspolicies.yaml @@ -194,16 +194,6 @@ spec: maxLength: 253 minLength: 1 type: string - namespace: - description: |- - Namespace is the namespace of the referent. When unspecified, the local - namespace is inferred. Even when policy targets a resource in a different - namespace, it MUST only apply to traffic originating from the same - namespace as the policy. - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string required: - group - kind diff --git a/controllers/authpolicy_controller.go b/controllers/authpolicy_controller.go index 0907c6019..072488cb3 100644 --- a/controllers/authpolicy_controller.go +++ b/controllers/authpolicy_controller.go @@ -139,10 +139,6 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ // validate performs validation before proceeding with the reconcile loop, returning a common.ErrInvalid on any failing validation func (r *AuthPolicyReconciler) validate(ap *api.AuthPolicy, targetNetworkObject client.Object) error { - if err := ap.Validate(); err != nil { - return kuadrant.NewErrInvalid(ap.Kind(), err) - } - if err := kuadrant.ValidateHierarchicalRules(ap, targetNetworkObject); err != nil { return kuadrant.NewErrInvalid(ap.Kind(), err) } diff --git a/controllers/authpolicy_istio_authorizationpolicy.go b/controllers/authpolicy_istio_authorizationpolicy.go index a713e171c..14ff12b16 100644 --- a/controllers/authpolicy_istio_authorizationpolicy.go +++ b/controllers/authpolicy_istio_authorizationpolicy.go @@ -170,7 +170,7 @@ func (r *AuthPolicyReconciler) istioAuthorizationPolicy(ctx context.Context, ap } // IstioAuthorizationPolicyName generates the name of an AuthorizationPolicy. -func IstioAuthorizationPolicyName(gwName string, targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference) string { +func IstioAuthorizationPolicyName(gwName string, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) string { switch targetRef.Kind { case "Gateway": return fmt.Sprintf("on-%s", gwName) // Without this, IAP will be named: on--using-; diff --git a/controllers/httprouteparentrefs_eventmapper.go b/controllers/httprouteparentrefs_eventmapper.go index d533ea6ce..410b43882 100644 --- a/controllers/httprouteparentrefs_eventmapper.go +++ b/controllers/httprouteparentrefs_eventmapper.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/go-logr/logr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -69,11 +70,8 @@ func (m *HTTPRouteParentRefsEventMapper) mapToPolicyRequest(obj client.Object, p if !kuadrantgatewayapi.IsTargetRefGateway(targetRef) { continue } - targetRefNamespace := targetRef.Namespace - if targetRefNamespace == nil { - ns := gatewayapiv1.Namespace(policy.GetNamespace()) - targetRefNamespace = &ns - } + targetRefNamespace := ptr.To(policy.GetWrappedNamespace()) + if *parentRefNamespace == *targetRefNamespace && parentRef.Name == targetRef.Name { obj, _ := policy.(client.Object) requests = append(requests, reconcile.Request{NamespacedName: client.ObjectKeyFromObject(obj)}) diff --git a/controllers/ratelimitpolicy_controller.go b/controllers/ratelimitpolicy_controller.go index 4e0cfc2e0..658769c6f 100644 --- a/controllers/ratelimitpolicy_controller.go +++ b/controllers/ratelimitpolicy_controller.go @@ -154,10 +154,6 @@ func (r *RateLimitPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl // validate performs validation before proceeding with the reconcile loop, returning a common.ErrInvalid on failing validation func (r *RateLimitPolicyReconciler) validate(rlp *kuadrantv1beta2.RateLimitPolicy, targetNetworkObject client.Object) error { - if err := rlp.Validate(); err != nil { - return kuadrant.NewErrInvalid(rlp.Kind(), err) - } - if err := kuadrant.ValidateHierarchicalRules(rlp, targetNetworkObject); err != nil { return kuadrant.NewErrInvalid(rlp.Kind(), err) } diff --git a/controllers/target_status_controller.go b/controllers/target_status_controller.go index 436da876d..13e37f847 100644 --- a/controllers/target_status_controller.go +++ b/controllers/target_status_controller.go @@ -425,5 +425,5 @@ func PolicyAffectedConditionType(policyKind string) string { func targetRefKey(policy kuadrantgatewayapi.Policy) string { targetRef := policy.GetTargetRef() - return fmt.Sprintf("%s.%s/%s/%s", targetRef.Group, targetRef.Kind, ptr.Deref(targetRef.Namespace, gatewayapiv1.Namespace(policy.GetNamespace())), targetRef.Name) + return fmt.Sprintf("%s.%s/%s/%s", targetRef.Group, targetRef.Kind, gatewayapiv1.Namespace(policy.GetNamespace()), targetRef.Name) } diff --git a/controllers/tlspolicy_status_test.go b/controllers/tlspolicy_status_test.go index 1a6c1c57d..99447fc11 100644 --- a/controllers/tlspolicy_status_test.go +++ b/controllers/tlspolicy_status_test.go @@ -55,7 +55,7 @@ func TestTLSPolicyReconciler_enforcedCondition(t *testing.T) { Name: issuerName, }, }, - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Name: gwName, }, }, diff --git a/doc/reference/authpolicy.md b/doc/reference/authpolicy.md index 033618942..239390671 100644 --- a/doc/reference/authpolicy.md +++ b/doc/reference/authpolicy.md @@ -27,7 +27,7 @@ | **Field** | **Type** | **Required** | **Description** | |------------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `targetRef` | [NamespacedPolicyTargetReference](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.NamespacedPolicyTargetReference) | Yes | Reference to a Kubernetes resource that the policy attaches to | +| `targetRef` | [LocalPolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReference) | Yes | Reference to a Kubernetes resource that the policy attaches to | | `rules` | [AuthScheme](#authscheme) | No | Implicit default authentication/authorization rules | | `routeSelectors` | [][RouteSelector](route-selectors.md#routeselector) | No | List of implicit default selectors of HTTPRouteRules whose matching rules activate the policy. At least one HTTPRouteRule must be selected to activate the policy. If omitted, all HTTPRouteRules of the targeted HTTPRoute activate the policy. Do not use it in policies targeting a Gateway. | | `patterns` | Map | No | Implicit default named patterns of lists of `selector`, `operator` and `value` tuples, to be reused in `when` conditions and pattern-matching authorization rules. | diff --git a/doc/reference/dnspolicy.md b/doc/reference/dnspolicy.md index b6d4cb16a..f778bd28f 100644 --- a/doc/reference/dnspolicy.md +++ b/doc/reference/dnspolicy.md @@ -21,7 +21,7 @@ | **Field** | **Type** | **Required** | **Description** | |-------------------|-----------------------------------------------------------------------------------------------------------------------------------|:----------------------:|---------------------------------------------------------------------------| -| `targetRef` | [Gateway API NamespacedPolicyTargetReference](https://gateway-api.sigs.k8s.io/geps/gep-713) | Yes | Reference to a Kubernetes resource that the policy attaches to | +| `targetRef` | [Gateway API LocalPolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReference) | Yes | Reference to a Kubernetes resource that the policy attaches to | | `healthCheck` | [HealthCheckSpec](#healthcheckspec) | No | HealthCheck spec | | `loadBalancing` | [LoadBalancingSpec](#loadbalancingspec) | Yes(loadbalanced only) | LoadBalancing Spec, required when routingStrategy is "loadbalanced" | | `routingStrategy` | String (immutable) | Yes | **Immutable!** Routing Strategy to use, one of "simple" or "loadbalanced" | diff --git a/doc/reference/ratelimitpolicy.md b/doc/reference/ratelimitpolicy.md index 0967ceb03..6a6c98744 100644 --- a/doc/reference/ratelimitpolicy.md +++ b/doc/reference/ratelimitpolicy.md @@ -20,7 +20,7 @@ | **Field** | **Type** | **Required** | **Description** | |-------------|---------------------------------------------------------------------------------------------------------------------------------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `targetRef` | [NamespacedPolicyTargetReference](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.NamespacedPolicyTargetReference) | Yes | Reference to a Kubernetes resource that the policy attaches to | +| `targetRef` | [LocalPolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReference) | Yes | Reference to a Kubernetes resource that the policy attaches to | | `defaults` | [RateLimitPolicyCommonSpec](#rateLimitPolicyCommonSpec) | No | Default limit definitions. This field is mutually exclusive with the `limits` field | | `overrides` | [RateLimitPolicyCommonSpec](#rateLimitPolicyCommonSpec) | No | Overrides limit definitions. This field is mutually exclusive with the `limits` field and `defaults` field. This field is only allowed for policies targeting `Gateway` in `targetRef.kind` | | `limits` | Map | No | Limit definitions. This field is mutually exclusive with the [`defaults`](#rateLimitPolicyCommonSpec) field | diff --git a/doc/reference/tlspolicy.md b/doc/reference/tlspolicy.md index ecde46f1c..6541a00e3 100644 --- a/doc/reference/tlspolicy.md +++ b/doc/reference/tlspolicy.md @@ -15,7 +15,7 @@ | **Field** | **Type** | **Required** | **Description** | |------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|:------------:|--------------------------------------------------------------------------------------------------------------------------------------------------| -| `targetRef` | [Gateway API NamespacedPolicyTargetReference](https://gateway-api.sigs.k8s.io/geps/gep-713) | Yes | Reference to a Kuberentes resource that the policy attaches to | +| `targetRef` | [Gateway API LocalPolicyTargetReference](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.LocalPolicyTargetReference) | Yes | Reference to a Kuberentes resource that the policy attaches to | | `issuerRef` | [CertManager meta/v1.ObjectReference](https://cert-manager.io/v1.13-docs/reference/api-docs/#meta.cert-manager.io/v1.ObjectReference) | Yes | IssuerRef is a reference to the issuer for the created certificate | | `commonName` | String | No | CommonName is a common name to be used on the created certificate | | `duration` | [Kubernetes meta/v1.Duration](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration) | No | The requested 'duration' (i.e. lifetime) of the created certificate. | diff --git a/pkg/library/gatewayapi/helper_test.go b/pkg/library/gatewayapi/helper_test.go index e9d937893..7458de119 100644 --- a/pkg/library/gatewayapi/helper_test.go +++ b/pkg/library/gatewayapi/helper_test.go @@ -94,11 +94,10 @@ func testBasicGatewayPolicy(name, namespace string, gateway *gatewayapiv1.Gatewa Namespace: namespace, Name: name, }, - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.Group(gatewayapiv1.GroupName), - Kind: gatewayapiv1.Kind("Gateway"), - Namespace: ptr.To(gatewayapiv1.Namespace(gateway.Namespace)), - Name: gatewayapiv1.ObjectName(gateway.Name), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.Group(gatewayapiv1.GroupName), + Kind: gatewayapiv1.Kind("Gateway"), + Name: gatewayapiv1.ObjectName(gateway.Name), }, } } @@ -113,11 +112,10 @@ func testBasicRoutePolicy(name, namespace string, route *gatewayapiv1.HTTPRoute) Namespace: namespace, Name: name, }, - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.Group(gatewayapiv1.GroupName), - Kind: gatewayapiv1.Kind("HTTPRoute"), - Namespace: ptr.To(gatewayapiv1.Namespace(route.Namespace)), - Name: gatewayapiv1.ObjectName(route.Name), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.Group(gatewayapiv1.GroupName), + Kind: gatewayapiv1.Kind("HTTPRoute"), + Name: gatewayapiv1.ObjectName(route.Name), }, } } diff --git a/pkg/library/gatewayapi/topology.go b/pkg/library/gatewayapi/topology.go index 154a9726a..e431af7b2 100644 --- a/pkg/library/gatewayapi/topology.go +++ b/pkg/library/gatewayapi/topology.go @@ -3,10 +3,8 @@ package gatewayapi import ( "errors" "fmt" - "github.com/go-logr/logr" "k8s.io/apimachinery/pkg/api/meta" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -210,12 +208,12 @@ func buildGatewayDAGNodes(gateways []*gatewayapiv1.Gateway, policies []Policy) [ group := p.GetTargetRef().Group kind := p.GetTargetRef().Kind name := p.GetTargetRef().Name - namespace := ptr.Deref(p.GetTargetRef().Namespace, gatewayapiv1.Namespace(p.GetNamespace())) + namespace := p.GetNamespace() return group == gatewayapiv1.GroupName && kind == "Gateway" && name == gatewayapiv1.ObjectName(g.Name) && - namespace == gatewayapiv1.Namespace(g.Namespace) + namespace == g.Namespace }) return gatewayDAGNode{Gateway: g, attachedPolicies: attachedPolicies} }) @@ -228,12 +226,12 @@ func buildHTTPRouteDAGNodes(routes []*gatewayapiv1.HTTPRoute, policies []Policy) group := p.GetTargetRef().Group kind := p.GetTargetRef().Kind name := p.GetTargetRef().Name - namespace := ptr.Deref(p.GetTargetRef().Namespace, gatewayapiv1.Namespace(p.GetNamespace())) + namespace := p.GetNamespace() return group == gatewayapiv1.GroupName && kind == "HTTPRoute" && name == gatewayapiv1.ObjectName(route.Name) && - namespace == gatewayapiv1.Namespace(route.Namespace) + namespace == route.Namespace }) return httpRouteDAGNode{HTTPRoute: route, attachedPolicies: attachedPolicies} }) diff --git a/pkg/library/gatewayapi/types.go b/pkg/library/gatewayapi/types.go index cf02392ce..d234be6ce 100644 --- a/pkg/library/gatewayapi/types.go +++ b/pkg/library/gatewayapi/types.go @@ -18,7 +18,7 @@ const ( type Policy interface { client.Object PolicyClass() PolicyClass - GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference + GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference GetStatus() PolicyStatus } diff --git a/pkg/library/gatewayapi/types_test.go b/pkg/library/gatewayapi/types_test.go index 480ca79c4..989912208 100644 --- a/pkg/library/gatewayapi/types_test.go +++ b/pkg/library/gatewayapi/types_test.go @@ -25,15 +25,15 @@ type TestPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference `json:"targetRef"` - Status FakePolicyStatus `json:"status"` + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference `json:"targetRef"` + Status FakePolicyStatus `json:"status"` } func (p *TestPolicy) PolicyClass() PolicyClass { return DirectPolicy } -func (p *TestPolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (p *TestPolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return p.TargetRef } @@ -269,7 +269,7 @@ func createTestPolicy(name string, creationTime time.Time, mutateFn ...func(p *T func withTargetRefKind(targetRefKind string) func(p *TestPolicy) { return func(p *TestPolicy) { - p.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{Kind: gatewayapiv1.Kind(targetRefKind)} + p.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{Kind: gatewayapiv1.Kind(targetRefKind)} } } diff --git a/pkg/library/gatewayapi/utils.go b/pkg/library/gatewayapi/utils.go index cc3be1c9a..b3819a786 100644 --- a/pkg/library/gatewayapi/utils.go +++ b/pkg/library/gatewayapi/utils.go @@ -17,11 +17,11 @@ import ( "github.com/kuadrant/kuadrant-operator/pkg/library/utils" ) -func IsTargetRefHTTPRoute(targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference) bool { +func IsTargetRefHTTPRoute(targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) bool { return targetRef.Group == (gatewayapiv1.GroupName) && targetRef.Kind == ("HTTPRoute") } -func IsTargetRefGateway(targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference) bool { +func IsTargetRefGateway(targetRef gatewayapiv1alpha2.LocalPolicyTargetReference) bool { return targetRef.Group == (gatewayapiv1.GroupName) && targetRef.Kind == ("Gateway") } diff --git a/pkg/library/kuadrant/apimachinery_status_conditions_test.go b/pkg/library/kuadrant/apimachinery_status_conditions_test.go index cf906b24a..52fa41204 100644 --- a/pkg/library/kuadrant/apimachinery_status_conditions_test.go +++ b/pkg/library/kuadrant/apimachinery_status_conditions_test.go @@ -147,7 +147,7 @@ func TestAcceptedCondition(t *testing.T) { name: "target not found reason", args: args{ policy: &FakePolicy{}, - err: NewErrTargetNotFound("FakePolicy", gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + err: NewErrTargetNotFound("FakePolicy", gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-target-ref", @@ -164,7 +164,7 @@ func TestAcceptedCondition(t *testing.T) { name: "target not found reason with err", args: args{ policy: &FakePolicy{}, - err: NewErrTargetNotFound("FakePolicy", gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + err: NewErrTargetNotFound("FakePolicy", gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-target-ref", diff --git a/pkg/library/kuadrant/errors.go b/pkg/library/kuadrant/errors.go index 70695d96e..e3602f8a8 100644 --- a/pkg/library/kuadrant/errors.go +++ b/pkg/library/kuadrant/errors.go @@ -18,7 +18,7 @@ var _ PolicyError = ErrTargetNotFound{} type ErrTargetNotFound struct { Kind string - TargetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference + TargetRef gatewayapiv1alpha2.LocalPolicyTargetReference Err error } @@ -34,7 +34,7 @@ func (e ErrTargetNotFound) Reason() gatewayapiv1alpha2.PolicyConditionReason { return gatewayapiv1alpha2.PolicyReasonTargetNotFound } -func NewErrTargetNotFound(kind string, targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference, err error) ErrTargetNotFound { +func NewErrTargetNotFound(kind string, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference, err error) ErrTargetNotFound { return ErrTargetNotFound{ Kind: kind, TargetRef: targetRef, diff --git a/pkg/library/kuadrant/errors_test.go b/pkg/library/kuadrant/errors_test.go index 44c5d6dab..88d019ac2 100644 --- a/pkg/library/kuadrant/errors_test.go +++ b/pkg/library/kuadrant/errors_test.go @@ -17,7 +17,7 @@ func TestIsTargetNotFound(t *testing.T) { }{ { name: "err is NewErrTargetNotFound", - err: NewErrTargetNotFound("foo", gatewayapiv1alpha2.NamespacedPolicyTargetReference{}, errors.New("bar")), + err: NewErrTargetNotFound("foo", gatewayapiv1alpha2.LocalPolicyTargetReference{}, errors.New("bar")), want: true, }, { diff --git a/pkg/library/kuadrant/kuadrant.go b/pkg/library/kuadrant/kuadrant.go index 5518ea94c..6d42c86ba 100644 --- a/pkg/library/kuadrant/kuadrant.go +++ b/pkg/library/kuadrant/kuadrant.go @@ -45,12 +45,12 @@ func IsKuadrantManaged(obj client.Object) bool { func GetKuadrantNamespaceFromPolicyTargetRef(ctx context.Context, cli client.Client, policy Policy) (string, error) { targetRef := policy.GetTargetRef() - gwNamespacedName := types.NamespacedName{Namespace: string(ptr.Deref(targetRef.Namespace, policy.GetWrappedNamespace())), Name: string(targetRef.Name)} + gwNamespacedName := types.NamespacedName{Namespace: policy.GetNamespace(), Name: string(targetRef.Name)} if kuadrantgatewayapi.IsTargetRefHTTPRoute(targetRef) { route := &gatewayapiv1.HTTPRoute{} if err := cli.Get( ctx, - types.NamespacedName{Namespace: string(ptr.Deref(targetRef.Namespace, policy.GetWrappedNamespace())), Name: string(targetRef.Name)}, + types.NamespacedName{Namespace: policy.GetNamespace(), Name: string(targetRef.Name)}, route, ); err != nil { return "", err diff --git a/pkg/library/kuadrant/kuadrant_test.go b/pkg/library/kuadrant/kuadrant_test.go index 6aa0ef4f0..2cea354b2 100644 --- a/pkg/library/kuadrant/kuadrant_test.go +++ b/pkg/library/kuadrant/kuadrant_test.go @@ -725,11 +725,10 @@ func TestGetKuadrantNamespaceFromPolicyTargetRef(t *testing.T) { Namespace: "my-ns", }, }, - targetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: "my-httproute", - Namespace: ptr.To[gatewayapiv1.Namespace](gatewayapiv1.Namespace("my-ns")), + targetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "HTTPRoute", + Name: "my-httproute", }, }, "my-ns", @@ -768,7 +767,7 @@ func TestGetKuadrantNamespaceFromPolicyTargetRef(t *testing.T) { Namespace: "my-ns", }, }, - targetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + targetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-httproute", @@ -809,7 +808,7 @@ func TestGetKuadrantNamespaceFromPolicyTargetRef(t *testing.T) { Namespace: "my-ns", }, }, - targetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + targetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-httproute", diff --git a/pkg/library/kuadrant/test_utils.go b/pkg/library/kuadrant/test_utils.go index 44a50c63d..4cf4e5bbb 100644 --- a/pkg/library/kuadrant/test_utils.go +++ b/pkg/library/kuadrant/test_utils.go @@ -34,10 +34,10 @@ const ( type FakePolicy struct { client.Object Hosts []string - targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference + targetRef gatewayapiv1alpha2.LocalPolicyTargetReference } -func (p *FakePolicy) GetTargetRef() gatewayapiv1alpha2.NamespacedPolicyTargetReference { +func (p *FakePolicy) GetTargetRef() gatewayapiv1alpha2.LocalPolicyTargetReference { return p.targetRef } diff --git a/pkg/library/mappers/policy_to_gateway.go b/pkg/library/mappers/policy_to_gateway.go index ba98adaa8..7814848f8 100644 --- a/pkg/library/mappers/policy_to_gateway.go +++ b/pkg/library/mappers/policy_to_gateway.go @@ -6,7 +6,6 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" @@ -35,17 +34,14 @@ func (k *PolicyToParentGatewaysEventMapper) Map(ctx context.Context, obj client. } if kuadrantgatewayapi.IsTargetRefGateway(policy.GetTargetRef()) { - namespace := string(ptr.Deref(policy.GetTargetRef().Namespace, gatewayapiv1.Namespace(policy.GetNamespace()))) - - nn := types.NamespacedName{Name: string(policy.GetTargetRef().Name), Namespace: namespace} + nn := types.NamespacedName{Name: string(policy.GetTargetRef().Name), Namespace: policy.GetNamespace()} logger.V(1).Info("map", " gateway", nn) return []reconcile.Request{{NamespacedName: nn}} } if kuadrantgatewayapi.IsTargetRefHTTPRoute(policy.GetTargetRef()) { - namespace := string(ptr.Deref(policy.GetTargetRef().Namespace, gatewayapiv1.Namespace(policy.GetNamespace()))) - routeKey := client.ObjectKey{Name: string(policy.GetTargetRef().Name), Namespace: namespace} + routeKey := client.ObjectKey{Name: string(policy.GetTargetRef().Name), Namespace: policy.GetNamespace()} route := &gatewayapiv1.HTTPRoute{} if err := k.opts.Client.Get(ctx, routeKey, route); err != nil { if apierrors.IsNotFound(err) { diff --git a/pkg/library/reconcilers/fetcher.go b/pkg/library/reconcilers/fetcher.go index 8cd8caabf..5d890f80c 100644 --- a/pkg/library/reconcilers/fetcher.go +++ b/pkg/library/reconcilers/fetcher.go @@ -13,12 +13,8 @@ import ( ) // FetchTargetRefObject fetches the target reference object and checks the status is valid -func FetchTargetRefObject(ctx context.Context, k8sClient client.Reader, targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference, defaultNs string) (client.Object, error) { +func FetchTargetRefObject(ctx context.Context, k8sClient client.Reader, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference, defaultNs string) (client.Object, error) { ns := defaultNs - if targetRef.Namespace != nil { - ns = string(*targetRef.Namespace) - } - objKey := client.ObjectKey{Name: string(targetRef.Name), Namespace: ns} switch targetRef.Kind { diff --git a/pkg/library/reconcilers/fetcher_test.go b/pkg/library/reconcilers/fetcher_test.go index 076e7c0a3..03ab7fe0e 100644 --- a/pkg/library/reconcilers/fetcher_test.go +++ b/pkg/library/reconcilers/fetcher_test.go @@ -41,13 +41,13 @@ func TestFetchTargetRefObject(t *testing.T) { t.Fatal(err) } - routeTargetRef := gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + routeTargetRef := gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), } - gatewayTargetRef := gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + gatewayTargetRef := gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(gatewayName), @@ -167,8 +167,7 @@ func TestFetchTargetRefObject(t *testing.T) { }) t.Run("unknown network resource", func(subT *testing.T) { - ns := gatewayapiv1.Namespace(namespace) - targetRef := gatewayapiv1alpha2.NamespacedPolicyTargetReference{Kind: "Service", Name: "my-sv", Namespace: &ns} + targetRef := gatewayapiv1alpha2.LocalPolicyTargetReference{Kind: "Service", Name: "my-sv"} clientAPIReader := clientFactory() res, err := FetchTargetRefObject(ctx, clientAPIReader, targetRef, namespace) assert.Error(subT, err, fmt.Sprintf("FetchValidTargetRef: targetRef (%v) to unknown network resource", targetRef)) diff --git a/tests/common/authpolicy/authpolicy_controller_test.go b/tests/common/authpolicy/authpolicy_controller_test.go index 0bd4e1e6b..5bbffea07 100644 --- a/tests/common/authpolicy/authpolicy_controller_test.go +++ b/tests/common/authpolicy/authpolicy_controller_test.go @@ -93,11 +93,10 @@ var _ = Describe("AuthPolicy controller (Serial)", Serial, func() { Namespace: testNamespace, }, Spec: api.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: TestHTTPRouteName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "HTTPRoute", + Name: TestHTTPRouteName, }, Defaults: &api.AuthPolicyCommonSpec{ AuthScheme: testBasicAuthScheme(), @@ -175,11 +174,10 @@ var _ = Describe("AuthPolicy controller", func() { Namespace: testNamespace, }, Spec: api.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: TestHTTPRouteName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "HTTPRoute", + Name: TestHTTPRouteName, }, Defaults: &api.AuthPolicyCommonSpec{ AuthScheme: testBasicAuthScheme(), @@ -1084,21 +1082,6 @@ var _ = Describe("AuthPolicy controller", func() { fmt.Sprintf("AuthPolicy is conflicted by %[1]v/toystore: the gateway.networking.k8s.io/v1, Kind=HTTPRoute target %[1]v/toystore-route is already referenced by policy %[1]v/toystore", testNamespace), )).WithContext(ctx).Should(BeTrue()) }, testTimeOut) - - It("Invalid reason", func(ctx SpecContext) { - otherNamespace := tests.CreateNamespace(ctx, testClient()) - defer tests.DeleteNamespaceCallback(ctx, testClient(), otherNamespace)() - - policy := policyFactory(func(policy *api.AuthPolicy) { - policy.Namespace = otherNamespace // create the policy in a different namespace than the target - policy.Spec.TargetRef.Kind = "Gateway" - policy.Spec.TargetRef.Name = gatewayapiv1.ObjectName(TestGatewayName) - policy.Spec.TargetRef.Namespace = ptr.To(gatewayapiv1.Namespace(testNamespace)) - }) - Expect(k8sClient.Create(ctx, policy)).To(Succeed()) - - Eventually(assertAcceptedCondFalseAndEnforcedCondNil(ctx, policy, string(gatewayapiv1alpha2.PolicyReasonInvalid), fmt.Sprintf("AuthPolicy target is invalid: invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", testNamespace))).WithContext(ctx).Should(BeTrue()) - }, testTimeOut) }) Context("AuthPolicy enforced condition reasons", func() { @@ -1423,7 +1406,7 @@ var _ = Describe("AuthPolicy CEL Validations", func() { Namespace: testNamespace, }, Spec: api.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-target", @@ -1582,7 +1565,7 @@ var _ = Describe("AuthPolicy CEL Validations", func() { Namespace: testNamespace, }, Spec: api.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: "my-gw", diff --git a/tests/common/ratelimitpolicy/ratelimitpolicy_controller_test.go b/tests/common/ratelimitpolicy/ratelimitpolicy_controller_test.go index c48d4c0be..904514b87 100644 --- a/tests/common/ratelimitpolicy/ratelimitpolicy_controller_test.go +++ b/tests/common/ratelimitpolicy/ratelimitpolicy_controller_test.go @@ -51,7 +51,7 @@ var _ = Describe("RateLimitPolicy controller (Serial)", Serial, func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -171,7 +171,7 @@ var _ = Describe("RateLimitPolicy controller", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -313,7 +313,7 @@ var _ = Describe("RateLimitPolicy controller", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.Group("gateway.networking.k8s.io"), Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -846,21 +846,6 @@ var _ = Describe("RateLimitPolicy controller", func() { fmt.Sprintf("RateLimitPolicy is conflicted by %[1]v/toystore-rlp: the gateway.networking.k8s.io/v1, Kind=HTTPRoute target %[1]v/toystore-route is already referenced by policy %[1]v/toystore-rlp", testNamespace)), ).WithContext(ctx).Should(Succeed()) }, testTimeOut) - - It("Invalid reason", func(ctx SpecContext) { - otherNamespace := tests.CreateNamespace(ctx, testClient()) - defer tests.DeleteNamespaceCallback(ctx, testClient(), otherNamespace)() - - policy := policyFactory(func(policy *kuadrantv1beta2.RateLimitPolicy) { - policy.Namespace = otherNamespace // create the policy in a different namespace than the target - policy.Spec.TargetRef.Kind = "Gateway" - policy.Spec.TargetRef.Name = gatewayapiv1.ObjectName(gateway.Name) - policy.Spec.TargetRef.Namespace = ptr.To(gatewayapiv1.Namespace(testNamespace)) - }) - Expect(k8sClient.Create(ctx, policy)).To(Succeed()) - - Eventually(assertAcceptedConditionFalse(ctx, policy, string(gatewayapiv1alpha2.PolicyReasonInvalid), fmt.Sprintf("RateLimitPolicy target is invalid: invalid targetRef.Namespace %s. Currently only supporting references to the same namespace", testNamespace))).WithContext(ctx).Should(Succeed()) - }, testTimeOut) }) Context("When RLP switches target from one HTTPRoute to another HTTPRoute", func() { @@ -1446,7 +1431,7 @@ var _ = Describe("RateLimitPolicy CEL Validations", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: "my-target", diff --git a/tests/common/targetstatus/target_status_controller_test.go b/tests/common/targetstatus/target_status_controller_test.go index 73c62be71..90aa83804 100644 --- a/tests/common/targetstatus/target_status_controller_test.go +++ b/tests/common/targetstatus/target_status_controller_test.go @@ -115,7 +115,7 @@ var _ = Describe("Target status reconciler", func() { return condition.Status == metav1.ConditionFalse && strings.Contains(condition.Message, policyKey.String()) } - targetsAffected := func(ctx context.Context, policyKey client.ObjectKey, conditionType string, targetRef gatewayapiv1alpha2.NamespacedPolicyTargetReference, routeNames ...string) bool { + targetsAffected := func(ctx context.Context, policyKey client.ObjectKey, conditionType string, targetRef gatewayapiv1alpha2.LocalPolicyTargetReference, routeNames ...string) bool { switch string(targetRef.Kind) { case "Gateway": if !gatewayAffected(ctx, string(targetRef.Name), conditionType, policyKey) { @@ -149,11 +149,10 @@ var _ = Describe("Target status reconciler", func() { Namespace: testNamespace, }, Spec: v1beta2.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: TestHTTPRouteName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "HTTPRoute", + Name: TestHTTPRouteName, }, Defaults: &v1beta2.AuthPolicyCommonSpec{ AuthScheme: &v1beta2.AuthSchemeSpec{ @@ -255,11 +254,10 @@ var _ = Describe("Target status reconciler", func() { It("adds PolicyAffected status condition to the targeted gateway and routes", func(ctx SpecContext) { policy := policyFactory(func(policy *v1beta2.AuthPolicy) { policy.Name = "gateway-auth" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, policy)).To(Succeed()) @@ -269,11 +267,10 @@ var _ = Describe("Target status reconciler", func() { It("removes PolicyAffected status condition from the targeted gateway and routes when the policy is deleted", func(ctx SpecContext) { policy := policyFactory(func(policy *v1beta2.AuthPolicy) { policy.Name = "gateway-auth" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, policy)).To(Succeed()) @@ -309,11 +306,10 @@ var _ = Describe("Target status reconciler", func() { gatewayPolicy := policyFactory(func(policy *v1beta2.AuthPolicy) { policy.Name = "gateway-auth" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, gatewayPolicy)).To(Succeed()) @@ -345,7 +341,7 @@ var _ = Describe("Target status reconciler", func() { Namespace: testNamespace, }, Spec: v1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(TestHTTPRouteName), @@ -408,11 +404,10 @@ var _ = Describe("Target status reconciler", func() { It("adds PolicyAffected status condition to the targeted gateway and routes", func(ctx SpecContext) { policy := policyFactory(func(policy *v1beta2.RateLimitPolicy) { policy.Name = "gateway-rlp" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, policy)).To(Succeed()) @@ -422,11 +417,10 @@ var _ = Describe("Target status reconciler", func() { It("removes PolicyAffected status condition from the targeted gateway and routes when the policy is deleted", func(ctx SpecContext) { policy := policyFactory(func(policy *v1beta2.RateLimitPolicy) { policy.Name = "gateway-rlp" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, policy)).To(Succeed()) @@ -462,11 +456,10 @@ var _ = Describe("Target status reconciler", func() { gatewayPolicy := policyFactory(func(policy *v1beta2.RateLimitPolicy) { policy.Name = "gateway-rlp" - policy.Spec.TargetRef = gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "Gateway", - Name: TestGatewayName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + policy.Spec.TargetRef = gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "Gateway", + Name: TestGatewayName, } }) Expect(k8sClient.Create(ctx, gatewayPolicy)).To(Succeed()) diff --git a/tests/istio/authpolicy_controller_authorizationpolicy_test.go b/tests/istio/authpolicy_controller_authorizationpolicy_test.go index e4c1b7e63..d903fb13b 100644 --- a/tests/istio/authpolicy_controller_authorizationpolicy_test.go +++ b/tests/istio/authpolicy_controller_authorizationpolicy_test.go @@ -65,11 +65,10 @@ var _ = Describe("AuthPolicy controller managing authorization policy", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.AuthPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ - Group: gatewayapiv1.GroupName, - Kind: "HTTPRoute", - Name: TestHTTPRouteName, - Namespace: ptr.To(gatewayapiv1.Namespace(testNamespace)), + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Group: gatewayapiv1.GroupName, + Kind: "HTTPRoute", + Name: TestHTTPRouteName, }, Defaults: &kuadrantv1beta2.AuthPolicyCommonSpec{ AuthScheme: testBasicAuthScheme(), @@ -125,6 +124,7 @@ var _ = Describe("AuthPolicy controller managing authorization policy", func() { }).WithContext(ctx).Should(BeTrue()) // has the correct target ref + Expect(iap.Spec.TargetRef).To(Not(BeNil())) Expect(iap.Spec.TargetRef.Group).To(Equal("gateway.networking.k8s.io")) Expect(iap.Spec.TargetRef.Kind).To(Equal("Gateway")) Expect(iap.Spec.TargetRef.Name).To(Equal(TestGatewayName)) @@ -174,6 +174,7 @@ var _ = Describe("AuthPolicy controller managing authorization policy", func() { }).WithContext(ctx).Should(BeTrue()) // has the correct target ref + Expect(iap.Spec.TargetRef).To(Not(BeNil())) Expect(iap.Spec.TargetRef.Group).To(Equal("gateway.networking.k8s.io")) Expect(iap.Spec.TargetRef.Kind).To(Equal("Gateway")) Expect(iap.Spec.TargetRef.Name).To(Equal(TestGatewayName)) diff --git a/tests/istio/limitador_cluster_envoyfilter_controller_test.go b/tests/istio/limitador_cluster_envoyfilter_controller_test.go index 545204eca..3de996083 100644 --- a/tests/istio/limitador_cluster_envoyfilter_controller_test.go +++ b/tests/istio/limitador_cluster_envoyfilter_controller_test.go @@ -89,7 +89,7 @@ var _ = Describe("Limitador Cluster EnvoyFilter controller", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), diff --git a/tests/istio/rate_limiting_istio_wasmplugin_controller_test.go b/tests/istio/rate_limiting_istio_wasmplugin_controller_test.go index 0ea2995ba..482d39d70 100644 --- a/tests/istio/rate_limiting_istio_wasmplugin_controller_test.go +++ b/tests/istio/rate_limiting_istio_wasmplugin_controller_test.go @@ -88,7 +88,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -121,6 +121,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { // must exist Expect(err).ToNot(HaveOccurred()) // has the correct target ref + Expect(existingWasmPlugin.Spec.TargetRef).To(Not(BeNil())) Expect(existingWasmPlugin.Spec.TargetRef.Group).To(Equal("gateway.networking.k8s.io")) Expect(existingWasmPlugin.Spec.TargetRef.Kind).To(Equal("Gateway")) Expect(existingWasmPlugin.Spec.TargetRef.Name).To(Equal(gateway.Name)) @@ -215,7 +216,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { Namespace: testNamespace, }, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -395,7 +396,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -495,7 +496,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -563,7 +564,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -637,7 +638,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpAName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -689,7 +690,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpBName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeCName), @@ -835,7 +836,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -1044,7 +1045,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -1341,7 +1342,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeAName), @@ -1576,7 +1577,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlp1Name, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -1680,7 +1681,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlp2Name, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeAName), @@ -1839,7 +1840,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlp1Name, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -1870,7 +1871,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlp2Name, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeAName), @@ -2127,7 +2128,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: rlpName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName), @@ -2284,7 +2285,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: gwRLPName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "Gateway", Name: gatewayapiv1.ObjectName(TestGatewayName), @@ -2325,7 +2326,7 @@ var _ = Describe("Rate Limiting WasmPlugin controller", func() { }, ObjectMeta: metav1.ObjectMeta{Name: routeRLPName, Namespace: testNamespace}, Spec: kuadrantv1beta2.RateLimitPolicySpec{ - TargetRef: gatewayapiv1alpha2.NamespacedPolicyTargetReference{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReference{ Group: gatewayapiv1.GroupName, Kind: "HTTPRoute", Name: gatewayapiv1.ObjectName(routeName),