feat: auth policy enforced condition

Kuadrant · Jan 31, 2024 · 7904b26 · 7904b26
1 parent c0c178f
commit 7904b26
Show file tree

Hide file tree

Showing 3 changed files with 66 additions and 6 deletions.
diff --git a/controllers/authpolicy_status.go b/controllers/authpolicy_status.go
@@ -77,21 +77,28 @@ func (r *AuthPolicyReconciler) calculateStatus(ap *api.AuthPolicy, specErr error
 		ObservedGeneration: ap.Status.ObservedGeneration,
 	}
 
-	availableCond := r.acceptedCondition(ap, specErr, authConfigReady)
-
+	availableCond := r.acceptedCondition(ap, specErr)
 	meta.SetStatusCondition(&newStatus.Conditions, *availableCond)
 
+	enforcedCond := r.enforcedCondition(ap, authConfigReady)
+	meta.SetStatusCondition(&newStatus.Conditions, *enforcedCond)
+
 	return newStatus
 }
 
-func (r *AuthPolicyReconciler) acceptedCondition(policy common.KuadrantPolicy, specErr error, authConfigReady bool) *metav1.Condition {
+func (r *AuthPolicyReconciler) acceptedCondition(policy common.KuadrantPolicy, specErr error) *metav1.Condition {
 	cond := common.AcceptedCondition(policy, specErr)
 
+	return cond
+}
+
+func (r *AuthPolicyReconciler) enforcedCondition(policy common.KuadrantPolicy, authConfigReady bool) *metav1.Condition {
+	var err common.PolicyError
 	if !authConfigReady {
-		cond.Status = metav1.ConditionFalse
-		cond.Reason = "AuthSchemeNotReady"
-		cond.Message = "AuthScheme is not ready yet" // TODO(rahul): need to take care if status change is delayed.
+		err = common.NewErrUnknown(policy.Kind(), fmt.Errorf("AuthScheme is not ready yet"))
 	}
 
+	cond := common.EnforcedCondition(policy, err)
+
 	return cond
 }
diff --git a/pkg/common/apimachinery_status_conditions.go b/pkg/common/apimachinery_status_conditions.go
@@ -11,6 +11,12 @@ import (
 	gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
 )
 
+const (
+	PolicyConditionEnforced gatewayapiv1alpha2.PolicyConditionType = "Enforced"
+
+	PolicyReasonEnforced gatewayapiv1alpha2.PolicyConditionReason = "Enforced"
+)
+
 // ConditionMarshal marshals the set of conditions as a JSON array, sorted by condition type.
 func ConditionMarshal(conditions []metav1.Condition) ([]byte, error) {
 	condCopy := slices.Clone(conditions)
@@ -44,3 +50,28 @@ func AcceptedCondition(policy KuadrantPolicy, err error) *metav1.Condition {
 
 	return cond
 }
+
+// EnforcedCondition returns an enforced conditions with common reasons for a kuadrant policy
+func EnforcedCondition(policy KuadrantPolicy, err error) *metav1.Condition {
+	// Enforced
+	cond := &metav1.Condition{
+		Type:    string(PolicyConditionEnforced),
+		Status:  metav1.ConditionTrue,
+		Reason:  string(PolicyReasonEnforced),
+		Message: fmt.Sprintf("%s has been successfully enforced", policy.Kind()),
+	}
+	if err == nil {
+		return cond
+	}
+
+	cond.Status = metav1.ConditionFalse
+	cond.Message = err.Error()
+	cond.Reason = "ReconciliationError"
+
+	var policyErr PolicyError
+	if errors.As(err, &policyErr) {
+		cond.Reason = string(policyErr.Reason())
+	}
+
+	return cond
+}
diff --git a/pkg/common/errors.go b/pkg/common/errors.go
@@ -85,3 +85,25 @@ func NewErrConflict(kind string, nameNamespace string, err error) ErrConflict {
 		Err:           err,
 	}
 }
+
+var _ PolicyError = ErrUnknown{}
+
+type ErrUnknown struct {
+	Kind string
+	Err  error
+}
+
+func (e ErrUnknown) Error() string {
+	return fmt.Sprintf("%s has encountered some issues: %s", e.Kind, e.Err.Error())
+}
+
+func (e ErrUnknown) Reason() gatewayapiv1alpha2.PolicyConditionReason {
+	return "Unknown"
+}
+
+func NewErrUnknown(kind string, err error) ErrUnknown {
+	return ErrUnknown{
+		Kind: kind,
+		Err:  err,
+	}
+}