From eb0788d14004f69510cbc8093d2d7bd9a2880304 Mon Sep 17 00:00:00 2001 From: KevFan Date: Mon, 11 Nov 2024 11:57:09 +0000 Subject: [PATCH] feat: gateway api detection on kuadrant and policy status Signed-off-by: KevFan --- controllers/auth_policies_validator.go | 7 +- controllers/data_plane_policies_workflow.go | 6 +- controllers/dns_workflow.go | 4 +- controllers/dnspolicies_validator.go | 8 +- controllers/kuadrant_status_updater.go | 18 ++- controllers/ratelimit_policies_validator.go | 7 +- controllers/state_of_the_world.go | 24 ++-- controllers/tls_workflow.go | 4 +- controllers/tlspolicies_validator.go | 47 ++++---- tests/bare_k8s/kuadrant_controller_test.go | 119 +++++++++++++++++++- 10 files changed, 194 insertions(+), 50 deletions(-) diff --git a/controllers/auth_policies_validator.go b/controllers/auth_policies_validator.go index 58e54cd9f..2de5372dc 100644 --- a/controllers/auth_policies_validator.go +++ b/controllers/auth_policies_validator.go @@ -12,10 +12,11 @@ import ( "k8s.io/utils/ptr" kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" - kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" + "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" ) type AuthPolicyValidator struct { + isGatewayAPIInstalled bool isAuthorinoOperatorInstalled bool } @@ -43,6 +44,10 @@ func (r *AuthPolicyValidator) Validate(ctx context.Context, _ []controller.Resou defer logger.V(1).Info("finished validating auth policies") state.Store(StateAuthPolicyValid, lo.SliceToMap(policies, func(policy machinery.Policy) (string, error) { + if !r.isGatewayAPIInstalled { + return policy.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Gateway API") + } + if !r.isAuthorinoOperatorInstalled { return policy.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Authorino Operator") } diff --git a/controllers/data_plane_policies_workflow.go b/controllers/data_plane_policies_workflow.go index bacd138b4..3c094cf6d 100644 --- a/controllers/data_plane_policies_workflow.go +++ b/controllers/data_plane_policies_workflow.go @@ -54,11 +54,11 @@ var ( //+kubebuilder:rbac:groups=kuadrant.io,resources=ratelimitpolicies/status,verbs=get;update;patch //+kubebuilder:rbac:groups=kuadrant.io,resources=ratelimitpolicies/finalizers,verbs=update -func NewDataPlanePoliciesWorkflow(client *dynamic.DynamicClient, isIstioInstalled, isEnvoyGatewayInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *controller.Workflow { +func NewDataPlanePoliciesWorkflow(client *dynamic.DynamicClient, isGatewayAPInstalled, isIstioInstalled, isEnvoyGatewayInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *controller.Workflow { dataPlanePoliciesValidation := &controller.Workflow{ Tasks: []controller.ReconcileFunc{ - (&AuthPolicyValidator{isAuthorinoOperatorInstalled: isAuthorinoOperatorInstalled}).Subscription().Reconcile, - (&RateLimitPolicyValidator{isLimitadorOperatorInstalled: isLimitadorOperatorInstalled}).Subscription().Reconcile, + (&AuthPolicyValidator{isGatewayAPIInstalled: isGatewayAPInstalled, isAuthorinoOperatorInstalled: isAuthorinoOperatorInstalled}).Subscription().Reconcile, + (&RateLimitPolicyValidator{isGatewayAPIInstalled: isGatewayAPInstalled, isLimitadorOperatorInstalled: isLimitadorOperatorInstalled}).Subscription().Reconcile, }, } diff --git a/controllers/dns_workflow.go b/controllers/dns_workflow.go index d8333c366..ca618bb77 100644 --- a/controllers/dns_workflow.go +++ b/controllers/dns_workflow.go @@ -46,9 +46,9 @@ var ( //+kubebuilder:rbac:groups=kuadrant.io,resources=dnsrecords,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=kuadrant.io,resources=dnsrecords/status,verbs=get -func NewDNSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isDNSOperatorInstalled bool) *controller.Workflow { +func NewDNSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isGatewayAPIInstalled, isDNSOperatorInstalled bool) *controller.Workflow { return &controller.Workflow{ - Precondition: NewDNSPoliciesValidator(isDNSOperatorInstalled).Subscription().Reconcile, + Precondition: NewDNSPoliciesValidator(isGatewayAPIInstalled, isDNSOperatorInstalled).Subscription().Reconcile, Tasks: []controller.ReconcileFunc{ NewEffectiveDNSPoliciesReconciler(client, scheme).Subscription().Reconcile, }, diff --git a/controllers/dnspolicies_validator.go b/controllers/dnspolicies_validator.go index 261a2ff56..20321f0de 100644 --- a/controllers/dnspolicies_validator.go +++ b/controllers/dnspolicies_validator.go @@ -18,13 +18,15 @@ import ( "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" ) -func NewDNSPoliciesValidator(isDNSOperatorInstalled bool) *DNSPoliciesValidator { +func NewDNSPoliciesValidator(isGatewayAPIInstalled, isDNSOperatorInstalled bool) *DNSPoliciesValidator { return &DNSPoliciesValidator{ + isGatewayAPIInstalled: isGatewayAPIInstalled, isDNSOperatorInstalled: isDNSOperatorInstalled, } } type DNSPoliciesValidator struct { + isGatewayAPIInstalled bool isDNSOperatorInstalled bool } @@ -49,6 +51,10 @@ func (r *DNSPoliciesValidator) validate(ctx context.Context, _ []controller.Reso logger.V(1).Info("validating dns policies", "policies", len(policies)) state.Store(StateDNSPolicyAcceptedKey, lo.SliceToMap(policies, func(p machinery.Policy) (string, error) { + if !r.isGatewayAPIInstalled { + return p.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Gateway API") + } + if !r.isDNSOperatorInstalled { return p.GetLocator(), kuadrant.NewErrDependencyNotInstalled("DNS Operator") } diff --git a/controllers/kuadrant_status_updater.go b/controllers/kuadrant_status_updater.go index ad1906227..66f37e8de 100644 --- a/controllers/kuadrant_status_updater.go +++ b/controllers/kuadrant_status_updater.go @@ -28,13 +28,20 @@ const ( type KuadrantStatusUpdater struct { Client *dynamic.DynamicClient + isGatwayAPIInstalled bool HasGateway bool isLimitadorOperatorInstalled bool isAuthorinoOperatorInstalled bool } -func NewKuadrantStatusUpdater(client *dynamic.DynamicClient, isIstioInstalled, isEnvoyGatewayInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *KuadrantStatusUpdater { - return &KuadrantStatusUpdater{Client: client, HasGateway: isIstioInstalled || isEnvoyGatewayInstalled, isLimitadorOperatorInstalled: isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled: isAuthorinoOperatorInstalled} +func NewKuadrantStatusUpdater(client *dynamic.DynamicClient, isGatewayAPIInstalled, isGatewayProviderInstalled, isLimitadorOperatorInstalled, isAuthorinoOperatorInstalled bool) *KuadrantStatusUpdater { + return &KuadrantStatusUpdater{ + Client: client, + isGatwayAPIInstalled: isGatewayAPIInstalled, + HasGateway: isGatewayProviderInstalled, + isLimitadorOperatorInstalled: isLimitadorOperatorInstalled, + isAuthorinoOperatorInstalled: isAuthorinoOperatorInstalled, + } } func (r *KuadrantStatusUpdater) Subscription() *controller.Subscription { @@ -122,6 +129,13 @@ func (r *KuadrantStatusUpdater) readyCondition(topology *machinery.Topology, log Message: "Kuadrant is ready", } + if !r.isGatwayAPIInstalled { + cond.Status = metav1.ConditionFalse + cond.Reason = "GatewayAPI" + cond.Message = kuadrant.NewErrDependencyNotInstalled("Gateway API").Error() + return cond + } + if !r.HasGateway { cond.Status = metav1.ConditionFalse cond.Reason = "GatewayAPIProviderNotFound" diff --git a/controllers/ratelimit_policies_validator.go b/controllers/ratelimit_policies_validator.go index b502013a5..f648b649e 100644 --- a/controllers/ratelimit_policies_validator.go +++ b/controllers/ratelimit_policies_validator.go @@ -12,11 +12,12 @@ import ( "k8s.io/utils/ptr" kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" - kuadrant "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" + "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" ) type RateLimitPolicyValidator struct { isLimitadorOperatorInstalled bool + isGatewayAPIInstalled bool } // RateLimitPolicyValidator subscribes to events with potential to flip the validity of rate limit policies @@ -43,6 +44,10 @@ func (r *RateLimitPolicyValidator) Validate(ctx context.Context, _ []controller. defer logger.V(1).Info("finished validating rate limit policies") state.Store(StateRateLimitPolicyValid, lo.SliceToMap(policies, func(policy machinery.Policy) (string, error) { + if !r.isGatewayAPIInstalled { + return policy.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Gateway API") + } + if !r.isLimitadorOperatorInstalled { return policy.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Limitador Operator") } diff --git a/controllers/state_of_the_world.go b/controllers/state_of_the_world.go index 9f793e8a1..1fd9e9aec 100644 --- a/controllers/state_of_the_world.go +++ b/controllers/state_of_the_world.go @@ -392,16 +392,20 @@ func (b *BootOptionsBuilder) getAuthorinoOperatorOptions() []controller.Controll return opts } +func (b *BootOptionsBuilder) isGatewayProviderInstalled() bool { + return b.isIstioInstalled || b.isEnvoyGatewayInstalled +} + func (b *BootOptionsBuilder) Reconciler() controller.ReconcileFunc { mainWorkflow := &controller.Workflow{ Precondition: initWorkflow(b.client).Run, Tasks: []controller.ReconcileFunc{ - NewDNSWorkflow(b.client, b.manager.GetScheme(), b.isDNSOperatorInstalled).Run, - NewTLSWorkflow(b.client, b.manager.GetScheme(), b.isCertManagerInstalled).Run, - NewDataPlanePoliciesWorkflow(b.client, b.isIstioInstalled, b.isEnvoyGatewayInstalled, b.isLimitadorOperatorInstalled, b.isAuthorinoOperatorInstalled).Run, - NewKuadrantStatusUpdater(b.client, b.isIstioInstalled, b.isEnvoyGatewayInstalled, b.isLimitadorOperatorInstalled, b.isAuthorinoOperatorInstalled).Subscription().Reconcile, + NewDNSWorkflow(b.client, b.manager.GetScheme(), b.isGatewayAPIInstalled, b.isDNSOperatorInstalled).Run, + NewTLSWorkflow(b.client, b.manager.GetScheme(), b.isGatewayAPIInstalled, b.isCertManagerInstalled).Run, + NewDataPlanePoliciesWorkflow(b.client, b.isGatewayAPIInstalled, b.isIstioInstalled, b.isEnvoyGatewayInstalled, b.isLimitadorOperatorInstalled, b.isAuthorinoOperatorInstalled).Run, + NewKuadrantStatusUpdater(b.client, b.isGatewayAPIInstalled, b.isGatewayProviderInstalled(), b.isLimitadorOperatorInstalled, b.isAuthorinoOperatorInstalled).Subscription().Reconcile, }, - Postcondition: finalStepsWorkflow(b.client, b.isIstioInstalled, b.isGatewayAPIInstalled).Run, + Postcondition: finalStepsWorkflow(b.client, b.isGatewayAPIInstalled, b.isIstioInstalled, b.isEnvoyGatewayInstalled).Run, } if b.isConsolePluginInstalled { @@ -495,12 +499,16 @@ func initWorkflow(client *dynamic.DynamicClient) *controller.Workflow { } } -func finalStepsWorkflow(client *dynamic.DynamicClient, isIstioInstalled, isEnvoyGatewayInstalled bool) *controller.Workflow { +func finalStepsWorkflow(client *dynamic.DynamicClient, isGatewayAPIInstalled, isIstioInstalled, isEnvoyGatewayInstalled bool) *controller.Workflow { workflow := &controller.Workflow{ - Tasks: []controller.ReconcileFunc{ + Tasks: []controller.ReconcileFunc{}, + } + + if isGatewayAPIInstalled { + workflow.Tasks = append(workflow.Tasks, NewGatewayPolicyDiscoverabilityReconciler(client).Subscription().Reconcile, NewHTTPRoutePolicyDiscoverabilityReconciler(client).Subscription().Reconcile, - }, + ) } if isIstioInstalled { diff --git a/controllers/tls_workflow.go b/controllers/tls_workflow.go index df25b3290..2d1aad82f 100644 --- a/controllers/tls_workflow.go +++ b/controllers/tls_workflow.go @@ -40,9 +40,9 @@ var ( //+kubebuilder:rbac:groups="cert-manager.io",resources=clusterissuers,verbs=get;list;watch; //+kubebuilder:rbac:groups="cert-manager.io",resources=certificates,verbs=get;list;watch;create;update;patch;delete -func NewTLSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isCertManagerInstalled bool) *controller.Workflow { +func NewTLSWorkflow(client *dynamic.DynamicClient, scheme *runtime.Scheme, isGatewayAPIInstalled, isCertManagerInstalled bool) *controller.Workflow { return &controller.Workflow{ - Precondition: NewTLSPoliciesValidator(isCertManagerInstalled).Subscription().Reconcile, + Precondition: NewTLSPoliciesValidator(isGatewayAPIInstalled, isCertManagerInstalled).Subscription().Reconcile, Tasks: []controller.ReconcileFunc{ NewEffectiveTLSPoliciesReconciler(client, scheme).Subscription().Reconcile, }, diff --git a/controllers/tlspolicies_validator.go b/controllers/tlspolicies_validator.go index 61e0df16c..630e86d2c 100644 --- a/controllers/tlspolicies_validator.go +++ b/controllers/tlspolicies_validator.go @@ -19,13 +19,15 @@ import ( "github.com/kuadrant/kuadrant-operator/pkg/kuadrant" ) -func NewTLSPoliciesValidator(isCertManagerInstalled bool) *TLSPoliciesValidator { +func NewTLSPoliciesValidator(isGatewayAPIInstalled, isCertManagerInstalled bool) *TLSPoliciesValidator { return &TLSPoliciesValidator{ + isGatewayAPIInstalled: isGatewayAPIInstalled, isCertManagerInstalled: isCertManagerInstalled, } } type TLSPoliciesValidator struct { + isGatewayAPIInstalled bool isCertManagerInstalled bool } @@ -42,53 +44,46 @@ func (t *TLSPoliciesValidator) Subscription() *controller.Subscription { } } -func (t *TLSPoliciesValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, s *sync.Map) error { +func (t *TLSPoliciesValidator) Validate(ctx context.Context, _ []controller.ResourceEvent, topology *machinery.Topology, _ error, state *sync.Map) error { logger := controller.LoggerFromContext(ctx).WithName("TLSPoliciesValidator").WithName("Validate") policies := lo.Filter(topology.Policies().Items(), filterForTLSPolicies) + logger.V(1).Info("validating tls policies", "policies", len(policies)) - isPolicyValidErrorMap := make(map[string]error, len(policies)) - - for _, policy := range policies { - p := policy.(*kuadrantv1.TLSPolicy) - if p.DeletionTimestamp != nil { - logger.V(1).Info("tls policy is marked for deletion, skipping", "name", p.Name, "namespace", p.Namespace) - continue + state.Store(TLSPolicyAcceptedKey, lo.SliceToMap(policies, func(p machinery.Policy) (string, error) { + if !t.isGatewayAPIInstalled { + return p.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Gateway API") } if !t.isCertManagerInstalled { - isPolicyValidErrorMap[p.GetLocator()] = kuadrant.NewErrDependencyNotInstalled("Cert Manager") - continue + return p.GetLocator(), kuadrant.NewErrDependencyNotInstalled("Cert Manager") } + policy := p.(*kuadrantv1.TLSPolicy) // Validate target ref - if err := t.isTargetRefsFound(topology, p); err != nil { - isPolicyValidErrorMap[p.GetLocator()] = err - continue + if err := t.isTargetRefsFound(topology, policy); err != nil { + return p.GetLocator(), err } // Validate if there's a conflicting policy - if err := t.isConflict(policies, p); err != nil { - isPolicyValidErrorMap[p.GetLocator()] = err - continue + if err := t.isConflict(policies, policy); err != nil { + return p.GetLocator(), err } // Validate IssuerRef kind is correct - if err := t.isValidIssuerKind(p); err != nil { - isPolicyValidErrorMap[p.GetLocator()] = err - continue + if err := t.isValidIssuerKind(policy); err != nil { + return p.GetLocator(), err } // Validate Issuer is present on cluster through the topology - if err := t.isIssuerFound(topology, p); err != nil { - isPolicyValidErrorMap[p.GetLocator()] = err - continue + if err := t.isIssuerFound(topology, policy); err != nil { + return p.GetLocator(), err } - isPolicyValidErrorMap[p.GetLocator()] = nil - } + return p.GetLocator(), nil + })) - s.Store(TLSPolicyAcceptedKey, isPolicyValidErrorMap) + logger.V(1).Info("finished validating tls policies") return nil } diff --git a/tests/bare_k8s/kuadrant_controller_test.go b/tests/bare_k8s/kuadrant_controller_test.go index b9cf6461c..164195352 100644 --- a/tests/bare_k8s/kuadrant_controller_test.go +++ b/tests/bare_k8s/kuadrant_controller_test.go @@ -5,18 +5,22 @@ package bare_k8s_test import ( "time" + kuadrantdnsv1alpha1 "github.com/kuadrant/dns-operator/api/v1alpha1" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapiv1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapiv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + kuadrantv1 "github.com/kuadrant/kuadrant-operator/api/v1" kuadrantv1beta1 "github.com/kuadrant/kuadrant-operator/api/v1beta1" "github.com/kuadrant/kuadrant-operator/controllers" "github.com/kuadrant/kuadrant-operator/tests" ) -var _ = Describe("Controller", func() { +var _ = Describe("Kuadrant controller is disabled", func() { var ( testNamespace string testTimeOut = SpecTimeout(15 * time.Second) @@ -32,7 +36,7 @@ var _ = Describe("Controller", func() { }, afterEachTimeOut) Context("when default kuadrant CR is created", func() { - It("Status is populated with missing GatewayProvide", func(ctx SpecContext) { + It("Status is populated with missing Gateway API", func(ctx SpecContext) { kuadrantCR := &kuadrantv1beta1.Kuadrant{ TypeMeta: metav1.TypeMeta{ Kind: "Kuadrant", @@ -51,8 +55,115 @@ var _ = Describe("Controller", func() { cond := meta.FindStatusCondition(kuadrantCR.Status.Conditions, controllers.ReadyConditionType) g.Expect(cond).ToNot(BeNil()) g.Expect(cond.Status).To(Equal(metav1.ConditionFalse)) - g.Expect(cond.Reason).To(Equal("GatewayAPIProviderNotFound")) - g.Expect(cond.Message).To(Equal("GatewayAPI provider not found")) + g.Expect(cond.Reason).To(Equal("GatewayAPI")) + g.Expect(cond.Message).To(Equal("Gateway API is not installed, please restart pod once dependency has been installed")) + }).WithContext(ctx).Should(Succeed()) + }, testTimeOut) + }) + + Context("when dns policy is created", func() { + It("Status is populated with missing Gateway API", func(ctx SpecContext) { + policy := kuadrantv1.NewDNSPolicy("dns", testNamespace).WithTargetGateway("test") + policy.Spec.ProviderRefs = append(policy.Spec.ProviderRefs, kuadrantdnsv1alpha1.ProviderRef{ + Name: "dnsProviderSecret", + }) + Expect(testClient().Create(ctx, policy)).To(Succeed()) + + Eventually(func(g Gomega) { + err := testClient().Get(ctx, client.ObjectKeyFromObject(policy), policy) + g.Expect(err).ToNot(HaveOccurred()) + + cond := meta.FindStatusCondition(policy.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)) + g.Expect(cond).ToNot(BeNil()) + g.Expect(cond.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(cond.Reason).To(Equal("MissingDependency")) + g.Expect(cond.Message).To(Equal("Gateway API is not installed, please restart pod once dependency has been installed")) + }).WithContext(ctx).Should(Succeed()) + }, testTimeOut) + }) + + Context("when tls policy is created", func() { + It("Status is populated with missing Gateway API", func(ctx SpecContext) { + policy := kuadrantv1.NewTLSPolicy("tls", testNamespace). + WithTargetGateway("test") + + Expect(testClient().Create(ctx, policy)).To(Succeed()) + + Eventually(func(g Gomega) { + err := testClient().Get(ctx, client.ObjectKeyFromObject(policy), policy) + g.Expect(err).ToNot(HaveOccurred()) + + cond := meta.FindStatusCondition(policy.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)) + g.Expect(cond).ToNot(BeNil()) + g.Expect(cond.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(cond.Reason).To(Equal("MissingDependency")) + g.Expect(cond.Message).To(Equal("Gateway API is not installed, please restart pod once dependency has been installed")) + }).WithContext(ctx).Should(Succeed()) + }, testTimeOut) + }) + + Context("when rate limit policy is created", func() { + It("Status is populated with missing Gateway API", func(ctx SpecContext) { + policy := &kuadrantv1.RateLimitPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "rlp", + Namespace: testNamespace, + }, + Spec: kuadrantv1.RateLimitPolicySpec{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Kind: "Gateway", + Group: gatewayapiv1.GroupName, + Name: "test", + }, + }, + }, + } + + Expect(testClient().Create(ctx, policy)).To(Succeed()) + + Eventually(func(g Gomega) { + err := testClient().Get(ctx, client.ObjectKeyFromObject(policy), policy) + g.Expect(err).ToNot(HaveOccurred()) + + cond := meta.FindStatusCondition(policy.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)) + g.Expect(cond).ToNot(BeNil()) + g.Expect(cond.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(cond.Reason).To(Equal("MissingDependency")) + g.Expect(cond.Message).To(Equal("Gateway API is not installed, please restart pod once dependency has been installed")) + }).WithContext(ctx).Should(Succeed()) + }, testTimeOut) + }) + + Context("when auth policy is created", func() { + It("Status is populated with missing Gateway API", func(ctx SpecContext) { + policy := &kuadrantv1.AuthPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "auth", + Namespace: testNamespace, + }, + Spec: kuadrantv1.AuthPolicySpec{ + TargetRef: gatewayapiv1alpha2.LocalPolicyTargetReferenceWithSectionName{ + LocalPolicyTargetReference: gatewayapiv1alpha2.LocalPolicyTargetReference{ + Kind: "Gateway", + Group: gatewayapiv1.GroupName, + Name: "test", + }, + }, + }, + } + + Expect(testClient().Create(ctx, policy)).To(Succeed()) + + Eventually(func(g Gomega) { + err := testClient().Get(ctx, client.ObjectKeyFromObject(policy), policy) + g.Expect(err).ToNot(HaveOccurred()) + + cond := meta.FindStatusCondition(policy.Status.Conditions, string(gatewayapiv1alpha2.PolicyConditionAccepted)) + g.Expect(cond).ToNot(BeNil()) + g.Expect(cond.Status).To(Equal(metav1.ConditionFalse)) + g.Expect(cond.Reason).To(Equal("MissingDependency")) + g.Expect(cond.Message).To(Equal("Gateway API is not installed, please restart pod once dependency has been installed")) }).WithContext(ctx).Should(Succeed()) }, testTimeOut) })