diff --git a/controllers/authpolicy_status.go b/controllers/authpolicy_status.go index 3c36e5d9c..fd5ed151b 100644 --- a/controllers/authpolicy_status.go +++ b/controllers/authpolicy_status.go @@ -77,21 +77,28 @@ func (r *AuthPolicyReconciler) calculateStatus(ap *api.AuthPolicy, specErr error ObservedGeneration: ap.Status.ObservedGeneration, } - availableCond := r.acceptedCondition(ap, specErr, authConfigReady) - + availableCond := r.acceptedCondition(ap, specErr) meta.SetStatusCondition(&newStatus.Conditions, *availableCond) + enforcedCond := r.enforcedCondition(ap, authConfigReady) + meta.SetStatusCondition(&newStatus.Conditions, *enforcedCond) + return newStatus } -func (r *AuthPolicyReconciler) acceptedCondition(policy common.KuadrantPolicy, specErr error, authConfigReady bool) *metav1.Condition { +func (r *AuthPolicyReconciler) acceptedCondition(policy common.KuadrantPolicy, specErr error) *metav1.Condition { cond := common.AcceptedCondition(policy, specErr) + return cond +} + +func (r *AuthPolicyReconciler) enforcedCondition(policy common.KuadrantPolicy, authConfigReady bool) *metav1.Condition { + var err common.PolicyError if !authConfigReady { - cond.Status = metav1.ConditionFalse - cond.Reason = "AuthSchemeNotReady" - cond.Message = "AuthScheme is not ready yet" // TODO(rahul): need to take care if status change is delayed. + err = common.NewErrUnknown(policy.Kind(), fmt.Errorf("AuthScheme is not ready yet")) } + cond := common.EnforcedCondition(policy, err) + return cond } diff --git a/pkg/common/apimachinery_status_conditions.go b/pkg/common/apimachinery_status_conditions.go index eeef51c0e..f9560df0f 100644 --- a/pkg/common/apimachinery_status_conditions.go +++ b/pkg/common/apimachinery_status_conditions.go @@ -11,6 +11,12 @@ import ( gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) +const ( + PolicyConditionEnforced gatewayapiv1alpha2.PolicyConditionType = "Enforced" + + PolicyReasonEnforced gatewayapiv1alpha2.PolicyConditionReason = "Enforced" +) + // ConditionMarshal marshals the set of conditions as a JSON array, sorted by condition type. func ConditionMarshal(conditions []metav1.Condition) ([]byte, error) { condCopy := slices.Clone(conditions) @@ -44,3 +50,28 @@ func AcceptedCondition(policy KuadrantPolicy, err error) *metav1.Condition { return cond } + +// EnforcedCondition returns an enforced conditions with common reasons for a kuadrant policy +func EnforcedCondition(policy KuadrantPolicy, err error) *metav1.Condition { + // Enforced + cond := &metav1.Condition{ + Type: string(PolicyConditionEnforced), + Status: metav1.ConditionTrue, + Reason: string(PolicyReasonEnforced), + Message: fmt.Sprintf("%s has been successfully enforced", policy.Kind()), + } + if err == nil { + return cond + } + + cond.Status = metav1.ConditionFalse + cond.Message = err.Error() + cond.Reason = "ReconciliationError" + + var policyErr PolicyError + if errors.As(err, &policyErr) { + cond.Reason = string(policyErr.Reason()) + } + + return cond +} diff --git a/pkg/common/errors.go b/pkg/common/errors.go index 2d0e7df78..df91dc254 100644 --- a/pkg/common/errors.go +++ b/pkg/common/errors.go @@ -85,3 +85,25 @@ func NewErrConflict(kind string, nameNamespace string, err error) ErrConflict { Err: err, } } + +var _ PolicyError = ErrUnknown{} + +type ErrUnknown struct { + Kind string + Err error +} + +func (e ErrUnknown) Error() string { + return fmt.Sprintf("%s has encountered some issues: %s", e.Kind, e.Err.Error()) +} + +func (e ErrUnknown) Reason() gatewayapiv1alpha2.PolicyConditionReason { + return "Unknown" +} + +func NewErrUnknown(kind string, err error) ErrUnknown { + return ErrUnknown{ + Kind: kind, + Err: err, + } +}