feat: accepted policy status condition (#347)

* feat: rlp accepted condition * feat: rlp target not found reason * feat: rlp invalid reason * feat: rlp conflicted reason * feat: auth policy accepted condition * feat: auth policy invalid reason * feat: auth policy conflict reason * test: rlp accepted reason conditions * feat: auth policy target not found reason * test: auth policy accepted condition reasons integration tests * refactor: use common acception condition function instead * refactor: integration test policy factory mutateFn * refactor: interface for standard policy errors
Kuadrant · Jan 9, 2024 · ed590ec · ed590ec
1 parent 94683a2
commit ed590ec
Show file tree

Hide file tree

Showing 17 changed files with 926 additions and 864 deletions.
diff --git a/api/v1beta2/authpolicy_types.go b/api/v1beta2/authpolicy_types.go
@@ -197,6 +197,8 @@ func (s *AuthPolicyStatus) Equals(other *AuthPolicyStatus, logger logr.Logger) b
 	return true
 }
 
+var _ common.KuadrantPolicy = &AuthPolicy{}
+
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct"
@@ -277,6 +279,10 @@ func (ap *AuthPolicy) GetRulesHostnames() (ruleHosts []string) {
 	return
 }
 
+func (ap *AuthPolicy) Kind() string {
+	return ap.TypeMeta.Kind
+}
+
 //+kubebuilder:object:root=true
 
 // AuthPolicyList contains a list of AuthPolicy

diff --git a/api/v1beta2/ratelimitpolicy_types.go b/api/v1beta2/ratelimitpolicy_types.go
@@ -163,6 +163,8 @@ func (s *RateLimitPolicyStatus) Equals(other *RateLimitPolicyStatus, logger logr
 	return true
 }
 
+var _ common.KuadrantPolicy = &RateLimitPolicy{}
+
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
 // +kubebuilder:metadata:labels="gateway.networking.k8s.io/policy=direct"
@@ -240,6 +242,10 @@ func (r *RateLimitPolicy) GetRulesHostnames() (ruleHosts []string) {
 	return
 }
 
+func (r *RateLimitPolicy) Kind() string {
+	return r.TypeMeta.Kind
+}
+
 func init() {
 	SchemeBuilder.Register(&RateLimitPolicy{}, &RateLimitPolicyList{})
 }
diff --git a/controllers/authpolicy_controller.go b/controllers/authpolicy_controller.go
@@ -67,7 +67,7 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ
 				if delResErr == nil {
 					delResErr = err
 				}
-				return r.reconcileStatus(ctx, ap, delResErr)
+				return r.reconcileStatus(ctx, ap, common.NewErrTargetNotFound(ap.Kind(), ap.GetTargetRef(), delResErr))
 			}
 			return ctrl.Result{}, err
 		}
@@ -130,13 +130,21 @@ func (r *AuthPolicyReconciler) Reconcile(eventCtx context.Context, req ctrl.Requ
 	return ctrl.Result{}, nil
 }
 
-func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.AuthPolicy, targetNetworkObject client.Object) error {
-	// validate
+// validate performs validation before proceeding with the reconcile loop, returning a common.ErrInvalid on any failing validation
+func (r *AuthPolicyReconciler) validate(ap *api.AuthPolicy, targetNetworkObject client.Object) error {
 	if err := ap.Validate(); err != nil {
-		return err
+		return common.NewErrInvalid(ap.Kind(), err)
 	}
 
 	if err := common.ValidateHierarchicalRules(ap, targetNetworkObject); err != nil {
+		return common.NewErrInvalid(ap.Kind(), err)
+	}
+
+	return nil
+}
+
+func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.AuthPolicy, targetNetworkObject client.Object) error {
+	if err := r.validate(ap, targetNetworkObject); err != nil {
 		return err
 	}
 
@@ -159,7 +167,7 @@ func (r *AuthPolicyReconciler) reconcileResources(ctx context.Context, ap *api.A
 		return err
 	}
 
-	// set annotation of policies afftecting the gateway - should be the last step, only when all the reconciliation steps succeed
+	// set annotation of policies affecting the gateway - should be the last step, only when all the reconciliation steps succeed
 	return r.ReconcileGatewayPolicyReferences(ctx, ap, gatewayDiffObj)
 }
 
@@ -181,13 +189,13 @@ func (r *AuthPolicyReconciler) deleteResources(ctx context.Context, ap *api.Auth
 		}
 	}
 
-	// update annotation of policies afftecting the gateway
+	// update annotation of policies affecting the gateway
 	return r.ReconcileGatewayPolicyReferences(ctx, ap, gatewayDiffObj)
 }
 
 // Ensures only one RLP targets the network resource
-func (r *AuthPolicyReconciler) reconcileNetworkResourceDirectBackReference(ctx context.Context, ap *api.AuthPolicy, targetNetworkObject client.Object) error {
-	return r.ReconcileTargetBackReference(ctx, client.ObjectKeyFromObject(ap), targetNetworkObject, common.AuthPolicyBackRefAnnotation)
+func (r *AuthPolicyReconciler) reconcileNetworkResourceDirectBackReference(ctx context.Context, ap common.KuadrantPolicy, targetNetworkObject client.Object) error {
+	return r.ReconcileTargetBackReference(ctx, ap, targetNetworkObject, common.AuthPolicyBackRefAnnotation)
 }
 
 func (r *AuthPolicyReconciler) deleteNetworkResourceDirectBackReference(ctx context.Context, targetNetworkObject client.Object) error {